This was a comment from a Linux security professional on LinkedIn:
I'm not sure whether this is already on your todo list, where are you detaching yourself from the host filesystem? I see only the creation of a new mount namespace and usage of chroot(). This is a possible security vulnerability since these operations can be undone within the container. I suggest either using pivot_root() or a MS_MOVE and then completely unmounting the old tree.
This was a comment from a Linux security professional on LinkedIn: