I am currently looking for an answer, why setns() into mount namespace does not work for multithreaded processes. I understand why setns() does not allow for user namespaces, and that is clearly noted in the man page:
A multithreaded process may not change user namespace with setns().It is not permitted to use setns() to reenter the caller'scurrent user namespace. This prevents a caller that hasdropped capabilities from regaining those capabilities viaa call to setns().
However, this is not explained for the mount namespace:
A process may not be reassociated with a new mount namespace if it is multithreaded.
I tried the following Golang code from Calling setns from Go returns EINVAL for mnt namespace and same output is generated. Also, why is it OK for network namespace or any other namespace to have setns() working without problems?
My sources are: