namespaces.conf looks really interesting. We can give users their own view of certain directories. e.g. we can add/tmp /tmp-inst/ level root,adm
Which would show all users (except root and adm) only their own private /tmp which is really a copy of /tmp-inst/ that is mounted over /tmp for that user.
I can't seem to enable the pam_namespace module to use this though.
Needs research how to use this.