As mentioned in #19, chroot-ing in the initrd prevents the use of user namespaces in appliances.
Looking in how othrs, they tend to mostly use switch_root, which does the equivalent of a mount --move before the chroot. IIUC correctly, this makes the new root the "real" root of the mount namespace, and then the chroot makes it reality for init as well.
As mentioned in #19, chroot-ing in the initrd prevents the use of user namespaces in appliances.
Looking in how othrs, they tend to mostly use switch_root, which does the equivalent of a
mount --movebefore the chroot. IIUC correctly, this makes the new root the "real" root of the mount namespace, and then the chroot makes it reality for init as well.