Comment 3 for bug 1654676

may_access_netns(pid) only checks whether the ruid has read access to /proc/$pid/ns/net. However, being able to open that special file does not imply any kind of privilege over the target namespace, it just implies privilege over the process that is inside the namespace. To test this, you can e.g. run the following command as a normal user:

    strace cat /proc/$$/ns/net 2>&1 | grep open.*ns/net

Have you tried running the commands from my bug report?