Comment 4 for bug 1624675

Zygmunt, what you suggested in comment #3 is a different feature (per-snap network namespaces). This bug is about having an interface that allows a snap to manage network namespaces for the system and for other snaps to use. As such, let's keep snaps in the global network namespace and focus on letting snaps add, remove and attach to network namespaces via the 'ip netns' command (the standard tool for managing network namespaces). In that light, preliminary testing shows that using the bidirectional mount work you did for /media for /run/netns works.

As for per-snap namespaces, I'd rather not go that route until we have a clear need since it will immensely complicate network management, snap connections and general integration of snaps into the system. We'll have fine-grained network mediation in AppArmor in the fullness of time and between that feature and fixing this bug, that should cover pretty much everything we need for network mediation of snaps while still having them properly integrate into the system. If there are use cases beyond those that require per-snap network namespaces, we can investigate them when they arise and build on what we learn here.