> you can't detach your username from a process, nor the network ns... etc, etc, etc.

Sure looks like it works?

  $ unshare -i -n -p -u -T -r -f
  # ls
  # id
  gid=0(root) groups=0(root),65534(nogroup)
  # ip -br a
  lo               DOWN

> yeah you can do some smaller fakechroot and maybe some bind mounts... if you call that a "container" good for you.

Why are you being condescending about what constitutes a container?