Debian does this in the default installation, it uses capabilities I believe, not chroot, but the result is that there is a "white list" for directories where Redis can write, which are just /etc/redis/... to rewrite the config, and the dir where Redis persists.
