Comment 13 for bug 1401148

so I think it's some systemd handling which does that. LXC unshares the mnt namespace which gets it a copy of the host's, then it's doing some magic (rprivate I believe) to get things working under systemd, then mounts what it needs, unmounts everything else and pivot_root.

lxc itself has no code to deal with /run/netns, so it's not special casing it.