-It starts a "subhost" with a dedicated network namespace, and the
-mount and pid namespaces separated from the main host by means of
-_unshare_, and the subhost root file system may be set up as an
-overlay of the main host filesystem, for keeping the subhost services
-distinctly separate from the main host.
-
-A subhost is started by nominating its _configuration file_ on the
-command line for *overlay-boot*. This is a plain text file with a
-small collection of "variables" that tell how the subhost is set up.
-*overlay-boot* spawns a subprocess that invokes a command shell within
-an chroot into "unshared" subhost root filesystem, all similar to the
-bootup of any odd computer, and therafter the subhost "runs" in the
-way of a virtual machine or container environment.
-
-The administrator may "enter" the subhost execution environment to
-perform adminstrative tasks by means of *overlay-go*, which starts an
-interactive shell within the subhost namespaces. The subhost may also
-be set up with users and an _sshd_ service as needed.
+The script starts a "subhost" whose root filesystem is an overlay on
+the main host filesystem, and with separate mount, network and pid
+namespaces. In effect the default use case is merely an administrative
+sandboxing that is pre-populated with a copy of the overlaid
+filesystem.
+
+Each subhost is defined by means of a configuration file, __conf__,
+that is a simple text file with small collection of "variables"
+telling how the subhost is set up. *overlay-boot* spawns a subprocess
+that performs the boot-up of the "subhost" as an init script that ends
+with a pid 1 +reaper+ that simply "reaps" any terminated child
+processes.
+
+An administrator may "enter" the subhost execution environment to
+perform adminstrative tasks by means of *overlay-go*, which uses
++chroot+ to start an interactive shell within the subhost namespaces.
+Such a shell however is not a child of the subhost +pid 1+ and it
+would normally only be used initially for configuring the subhost's
+network, and set up network based services, such as _sshd_, for
+subsequent access.