I can not tell you how to do it, but namespaces is the way to go. These are new-ish. the Linux kernel supports them, and I think I heard that they are in some other kernels.
en.wikipedia.org/wiki/Cgroups#Namespace_isolation on Linux Kernel there are namespaces, you can hide mounts and other resources. It is often used with cgroups to create light weight virtual machines (Then all OSes use same kernel). But could also be used for what you are trying to do.
Be careful, when I played with them, I needed root privileges to use them (this is not strictly true see capabilities — fine grained privileges, to do what traditionally required root). Therefore any tool that you create should drop these privileges/capabilities when it has done setting up the namespace.