Comment by zamalek

It is possible, but I suspect my solution may be novel (I got nothing so I continued banging my head against the wall until I figured it out): https://github.com/nickelpack/nck/blob/main/crates/nck-sandb.... The trick is to put everything in a tmpfs, then lazy umount when done. Overlayfs might also be able to pull it off with uid= (I'm not sure if it actually supports it).

Container runtimes, apparently, usually have a setuid helper that deals with this stuff. You could also have PID 1 in the namespace clean things up.

That being said, you'll likely run into more problems with root and apparmor etc. Setuid is probably unavoidable for secure sandboxes.