The kernel doesn’t let you attach to a mount namespace without also attaching to the owning user namespace.