There are 8 Linux namespaces which isolates PIDs, Network, Users, etc. https://man7.org/linux/man-pages/man7/namespaces.7.html
It allows a namespaced process to have independent PIDs, network devices, users, etc. They are kernel resources but only visible within one specific namespace.
They are guaranteed to not affect other namespaces.
However I heard that BPF code is not. Once injected in one namespace it has access to everything.
Is there a need for BPF namespace?