Any threats from isolated subdomain (controlled by hacker)?
Based on the few details of this setup and some guess work what you might use this setup for the following problems come to mind:
- with local privilege escalation exploit one might break out of the chroot and affect other users on this system.
- if used in a web context it is possible to set/override cookies into the others domain and thus change the behavior of the application
- similar other restrictions on the main site (like content security policy, CORS...) can be too lax in include the subdomain which might be used in attacks.
- depending on the CA and the control the user has over the domain (can change web sites, email...) it might be possible that the user can get a SSL certificate for the subdomain and also for the upper domain too.
Yes.
Although we don't know all the details about the OS you are using or about the different software's you use the potential attack is a Privilege Escalation that can be done. The attacker (in this case the person you gave a user to) can manipulate exploits found in your server to escalate his user and gain access to unwanted privileges and escape the "jailed directory".
You can view here a few examples of privilege escalation.