Looks like this is a bit trickier than I'd hoped.

Globally disabling origin checking (as above) ought to do the trick, but if full root access isn't needed inside the chroot, it should suffice to:

a) install the chroot scripts from a package, requesting the needed credentials to set up the bind mounts etc.
b) relinquish those credentials when it comes time to actually start the chroot

Something such as /usr/bin/aegis-exec -c -a CAP::sys_chroot /bin/chroot /path/to/jail /sbin/capsh --caps='' -- -c '/path/to/payload' ought to work (this requires libcap2-bin inside the jail)

Also, @z720 - rainisto's suggestion only works if Aegis is "unsealed", which isn't the case on a fully booted system. It should be possible to change this, but that requires a kernel module that no one has put together yet for current kernel versions.