Loopback mount @TBROOT@/lib/geni-lib directory read-only in the jail. This way we don't have to copy geni-lib stuff into the base jail and worry about multiple versions. The version mounted in the jail can either be the standard version or a dev-tree version depending on which copy of the script is run. Create per-instance snapshots of the base jail rather than having one "current" snapshot that all instances used. Not as efficient, but allows us to update the base (e.g., with security fixes) without needing to remember to create a new "current" snapshot! Add -C option to just create a jail instance without running anything in it. Then you can use "jexec" to test stuff in the jail. Use the new -R option afterward to remove the instance. Try to sanitize the environment passed to the command script. We cannot just give it a "clean" environment because genilib passes stuff via the environment. So we get rid of SUDO_* and SSH_* and set the assorted USER* variables correctly. This may have to be refined depending on how much geni-lib scripts expect from the environment.