Greetings folks - All of the namespace work "should" be in the next release of Docker(1.5?). This would enable ~feature parity to bare metal on the slave, but it may require some command line magic to enable super privileged containers to behave as expected.
This means you should be able to enable *namespace features when running mesos-slave from a container. 1 open question I still haven't figured out, is if there is kernel namespace api compatibility across major release versions. I know it's stable going forwards, but I haven't compared EL6 vs. EL7 kernel api to see if there are changes in namespaces. -- Cheers, Timothy St. Clair Red Hat Inc.
