when processing /lib/namespace, the hostowner's factotum
may be visible after connection, meaning that #s/boot is
mounted as the hostowner (!) rather than the connecting
user.  so create a new connection to factotum as the new
user before calling newns.

Reference: /n/atom/patch/applied2013/sshserver
Date: Fri Nov 15 20:18:13 CET 2013
Signed-off-by: quanstro@quanstro.net

--- /sys/src/cmd/ssh2/sshsession.c	Fri Nov 15 20:15:13 2013
+++ /sys/src/cmd/ssh2/sshsession.c	Fri Nov 15 20:15:13 2013
@@ -119,6 +119,10 @@
 					uname = strdup(p);
 				}
 				if (!tflag) {
+					/* get a link to factotum as new user */
+					fd = open("/srv/factotum", ORDWR);
+					if(fd >= 0)
+						mount(fd, -1, "/mnt", MREPL, "");
 					if (newns(p, nsfile) < 0)
 						fprint(errfd, "newns failed: %r\n");
 				}