Linux actually has private namespaces, its just off by default. There
is a flag to clone which can be used to establish new processes in
private namespaces (CLONENS or some such thng).
Primary downside is that its superuser only -- but you could get
around it with setuid or custom kernel.
-eric