It occurs to me that this could be used to make fakeroot a lot less ugly internally. It
wouldn't need to mess around transforming paths anymore, just union-mount something writable
over / in a per-process cloned namespace, fake out permissions checks, and Bob's your uncle :)
no harm can be done should the code 'overwrite' /etc/shadow or 'delete' /usr, because trusted
code could inspect the writable union target post-'make install' and transfer only those parts
which look acceptable onto the underlying filesystem(s).