http://www.netfort.gr.jp/~dancer/diary/200309.html.ja

chroot内部で /usr/sbin/policy-rc.d というスクリプトを作成して． エラーコード101を返すようにしたらデーモンがchroot内部で走らなくなる

/usr/share/doc/sysv-rc/README.policy-rc.d.gz
http://people.debian.org/~hmh/invokerc.d-policyrc.d-specification.txt

Most Debian systems will not have this script as the need for a policy layer
is not very common. Most people using chroot jails just need an one-line
script which returns an exit status of 101 as the jailed
/usr/sbin/policy-rc.d script.

The /usr/sbin/policy-rc.d file *must* be managed through the alternatives
system (/usr/sbin/update-alternatives) by any packages providing it.
(中略)
101 - action forbidden by policy

めも、未検証