ntp supports the -i <chroot jail>. The ntpd ebuilds should have a config script to set this up for the user. Should depend on cap USE flag to enable a drop in privledges.
*** This bug has been marked as a duplicate of 89459 ***