Comment 3 for bug 1511216

I do not think container will support this. Every network namespace needs to be bounded to /var/run/netns. Since a container will have a different mount namespace than the host, so the host will be not able to see the network namespace created inside the container. You can verify this by checking the permission of the network namespace under /var/run/netns/<network namespace name> or /run/netns/<network namespace name>

you can also compare the output of the output of "mount" between container and host: network namespace is not visible to host if it is created in the container. - Hui