How can I mount in Linux a filesystem for one process or user only

Here is how to enable per user mount namespaces in Ubuntu 12.10 using pam_namespace:

Edit /etc/security/namespace.conf

Uncomment the last lines. For safety, add your current user to the list of exclusions.

/tmp     /tmp-inst/            level      root,adm,myuser
/var/tmp /var/tmp/tmp-inst/     level      root,adm,myuser

Edit /etc/security/namespace.init and change #!/bin/sh -p to #!/bin/bash --noprofile or to #!/bin/sh This is because sh is actually dash.

For testing edit /etc/pam.d/su and append at the end of file:

session required pam_namespace.so

Test on a test user:

su - testuser

As test user run:

echo diff '<(sort /proc/'$$'/mounts) <(sort /proc/mounts)'

This will generate a command like:

diff <(sort /proc/31987/mounts) <(sort /proc/mounts)

Run the generated diff from test user shell and from root. From the test user you will have no output, but from the root you will see something like:

4,7d3
< /dev/sda1 /tmp ext4 rw,relatime,errors=remount-ro,data=ordered 0 0
< /dev/sda1 /tmp/tmp-inst ext4 rw,relatime,errors=remount-ro,data=ordered 0 0
< /dev/sda1 /var/tmp ext4 rw,relatime,errors=remount-ro,data=ordered 0 0
< /dev/sda1 /var/tmp/tmp-inst ext4 rw,relatime,errors=remount-ro,data=ordered 0 0

The test_user /tmp folder will be mapped as /tmp/tmp-inst/test_user and it will be accessible only to this user.

Why not just mount at ~/specificmountpoint. Set the permissions accordingly. Every user will have the same (almost) mout point.

It looks like nowadays it's possible:

1. You should create new User Namespace, which gives your process root permissions and all capabilities (only inside that namespace).
2. You should create new Mount Namespace, to isolate mounts inside your namespace from global mounts.
3. Mount what you need.
4. Drop privileges back to normal user and run your application.

At least, in theory. Check this article for more details: http://lwn.net/Articles/531114/