Description:
------------
Current chroot implementation was okay to use years ago, even if it had its own drawbacks.

Things are changing, and it'd be awesome to have linux mount namespaces for the isolation (and maybe some other namespaces).

https://github.com/containers/bubblewrap is a nice example.

By using mount namespace + pivot_root after (https://linux.die.net/man/8/pivot_root, mntent.h include from glibc) full paths wouldn't change for the applications, as user homedir (for example /home/user), could be still mounted as /home/user in linux namespace).

In addition to this, /etc/passwd could store just the user details needed.

clone() with CLONE_NEWNS would need to be used instead of fork(): https://linux.die.net/man/2/clone

getpid() would need to be replaced with syscall(__NR_getpid) where it's used, because old glibc wrapper for getpid() returns a cached pid invalidated only by fork() calls.

It'd be nice to have it as extensive as https://github.com/containers/bubblewrap/blob/master/demos/bubblewrap-shell.sh example (so that users could specify the environment needed), but a basic implementation would still be way better to have than the current chroot option.