Why doesn't this work?
$ unshare -rm mount --bind / /mnt
mount: /mnt: wrong fs type, bad option, bad superblock on /, missing codepage or helper program, or other error.
These work ok:
$ unshare -rm mount --bind /tmp /mnt
$ unshare -rm mount --bind /root /mnt
$
$ uname -r # Linux kernel version
4.17.3-200.fc28.x86_64
The difference is that / has child mounts. Inside a user namespace, you are not allowed to separate inherited mounts from their child mounts. A more obvious example is that you are not allowed to umount /proc. Otherwise, it could suddenly grant you access to files that were hidden underneath other mounts. Overmounts are sometimes used deliberately as a security measure.
You are allowed to create a recursive bind mount instead, which preserves all the sub-mounts:
$ unshare -rm mount --rbind / /mnt
--rbind works, it sadly doesn't help with overlay mounts where you may want the rootfs and all of its child mounts, but overlayfs to catch any writes: mount -t overlay overlay -o lowerdir=/,upperdir=/var/tmp/x1/u,workdir=/var/tmp/x1/w /var/tmp/x1/m