On recent 2.6 kernels, it's possible to make "private" mounts. It seems like this functionality has been enhanced by the "Shared subtrees" patch. See http://lwn.net/Articles/159077/ for more information.
http://lwn.net/Articles/158401/ also talks about this.
Some clarification: This bug should not be seen as a solution for bug 2573. In fact, "private" mounts are very much "normal" mounts as long as you use a single namespace for all processes. Thus, even "private" mounts shows up the the "mount" output. So, this bug is really about "Polyinstantiated Directories" (PI). This means that you have have "virtual" directory paths which means different things in different sessions. This is just like H: meaning different things in different WTS sessions. In addition to the links mentioned, this URL is also good: http://www.coker.com.au/selinux/talks/sage-2006/PolyInstantiatedDirectories.html We could have a lot of benefits from using PI. The most straightforward use would probably be to setup, say, /var/opt/thinlinc/session to "point to" /var/opt/thinlinc/sessions/$USER/$SESSION. You could say that this is another solution for "Context-Dependent Path Names" (http://mirror.centos.org/centos/4/docs/html/rh-gfs-en-6.1/s1-manage-pathnames.html) or unfs3:s "tagged files". The effect would be that a user could always access his local drive mounts at /var/opt/thinlinc/session/drives, always access the serial port device at /var/opt/thinlinc/session/dev/ttyS0 etc. Convenient. This would be a good solution for bug 2549. Linux has supported PI for a long time, since it supports different namespaces for different processes. A new namespace for a user can be setup with these commands: # mkdir /var/opt/thinlinc/sessions/astrand/1/fsroot # mount --rbind / /var/opt/thinlinc/sessions/astrand/1/fsroot # mount --bind /var/opt/thinlinc/sessions/astrand/1 /var/opt/thinlinc/sessions/astrand/1/fsroot/var/opt/thinlinc/sessions/astrand/current/ # chroot /var/opt/thinlinc/sessions/astrand/1/fsroot (Unmounting is a little bit tricky, though; you must unmount all fsroot stuff found in /proc/mounts.) This should work on Linux 2.4.0 and later. Please note that with this solution, new mounts will not be automatically visible in the users namespace. This might be an advantage or disadvantage. With Linux 2.6.15 and later, you can instead do: # mount --bind / / # 1 per machine # mount --make-shared / # 1 per machine # mkdir /var/opt/thinlinc/sessions/astrand/1/fsroot # mount --bind / /var/opt/thinlinc/sessions/astrand/1/fsroot # mount --make-slave /var/opt/thinlinc/sessions/astrand/1/fsroot # mount --bind /var/opt/thinlinc/sessions/astrand/1 /var/opt/thinlinc/sessions/astrand/1/fsroot/var/opt/thinlinc/sessions/astrand/current/ # chroot /var/opt/thinlinc/sessions/astrand/1/fsroot Implementing this in ThinLinc should proably be done during implementation of bug 357. This means having a root process staying around for the duration of the user session. It can unmount the user namespace when xinit is finished. See also article 309174 in komintern.
The general issue here is that many parts of a ThinLinc session are set up using a path that is specific for each specific session. This can cause issue, primarily when trying to have configuration that is stable between different sessions. As an example is the path for the local drives, which we are currently trying to handle by putting a symlink in the users home directory and updating that symlink with the latest session. Polyinstantiated directories could be a solution to this, but is not the only possibility.
