How to Avoid Copying Large Folders When Creating a chroot Sandbox Using Symlinks, Hard Links, or Bind Mount?

Is it possible to use symbolic links, hard links, or bind mount to reference these directories from the host system within the chroot environment?

• symbolic links cannot point outside of the chroot environment, so these are not an option.

• hard links can only be made to files, not do directories, so these aren't an option if your goal is to expose entire directory trees. Additionally, hardlinks can only point to other files in the same filesystem, which means if your chroot environment is not on the same filesystem as the target files you can't use hardlinks.

That leaves bind mounts, which don't suffer from any of the above problems, and are probably the only reasonable choice.

• Performance & Security -- I have never performed an analysis of my own, but bind mounts are used extensively across containerization platforms (docker, kubernetes, etc). That suggests they are fine on both fronts.

• Compatibility -- bind mounts are linux-only. There are no compatibility issues for applications running on Linux; they can't tell whether or not a given access is through a bind mount or a regular mount.

• Ease of setup -- they're pretty easy, but they do require root permissions to configure, unlike creating symlinks and hard links.

Slightly tangential to your question, you should check out the systemd-nspawn tool, which is a bit like a "super chroot", and has command line options to set up bind mounts for you automatically.