Restrict file system access through a view. Idea that the complete
file system is pruned through a separate set of permissions for
subprocesses. More expressive than a single chroot()
call.
Execution time limits for subprocesses---currently not done.