I tried to create a restricted user "steve". Steve should only have access to
his home folder /home/steve. I followed the following guides:

Restrict SFTP users to home folder
https://bensmann.no/restrict-sftp-users-to-home-folder/

Trying to use jail users to home directories
http://www.linuxquestions.org/questions/linux-security-4/trying-to-use-jail-users-to-home-directories-913610/

With some openSUSE specifics this was:

1) Modification of /etc/ssh/sshd_config:
LogLevel DEBUG3

[...]
Match Group sftponly
    ChrootDirectory %h
    ForceCommand /usr/lib/ssh/sftp-server
    AllowTcpForwarding no

2) User setup for "steve"
   $ useradd -m steve
   $ passwd steve
   $ groupadd sftponly
   $ usermod steve -g sftponly
   $ usermod steve -s /bin/false
   $ usermod steve -d /mnt/steve

3) Bind mount for /home/steve

   $ mount --rbind /home/steve /mnt/steve
   $ mount -o remount,nodev,nosuid /mnt/steve/

Steve can not access SFTP anyway (error "Write failed: Broken pipe").

Systemd journal shows:
Feb 04 17:46:03 cecilia sshd[14357]: debug1: SELinux support disabled
Feb 04 17:46:03 cecilia sshd[14357]: debug1: PAM: establishing credentials
Feb 04 17:46:03 cecilia sshd[14357]: debug3: safely_chroot: checking '/'
Feb 04 17:46:03 cecilia sshd[14357]: debug3: safely_chroot: checking '/mnt/'
Feb 04 17:46:03 cecilia sshd[14357]: debug3: safely_chroot: checking
'/mnt/steve'
Feb 04 17:46:03 cecilia sshd[14357]: fatal: chroot into directory without nodev
and either noexec or nosuid

But "nodev" and "nosuid" is set for mount /mnt/steve:
$ mount
[...]
/dev/sda3 on / type ext4 (rw,relatime,errors=remount-ro,data=ordered)
[...]
/dev/sda3 on /mnt/steve type ext4
(rw,nosuid,nodev,relatime,errors=remount-ro,data=ordered)
[...]

Debugging shows, that function "test_nosuid" will probably only check "/"-mount
(without nosuid, nodev), but not "/mnt/steve". Unfortunately there is no
debuginfo package for openssh-6.6p1-5.3.1.x86_64 so that debugging is not
comfortable.