Assume you have a chroot environment where you need a resource - an application or a library - which resides on the host (external to the chroot).
Which are the security implications (if any) of performing a mount --bind (from the host to the chroot) on that resource rather than installing it on the chroot - i.e. via an apt-get install -?
As I see it both a mount --bind of a directory and a hard link of a file share the same security problem: files in the chroot end up being the same (that is, pointing to the same inode) than files outside the chroot. So if the chroot user finds a way to modify these files inside the chroot they've essentially found a way to modify your files.
This may or may not be a serious security issue depending on the environment you're setting up, but you have to take it into account when making this choice.
