I'm trying to set up a linux container with isolated mount namespace using unshare tool from util-linux package :
% sudo unshare -m -f /bin/bash
So I'm expecting that bash will be launched in a namespace, where the mount namespace, i.e. filesystems, will be completely isolated form the host one, however I still can modify the host FS (create/delete files on the host FS). What am I doing wrong here?
A mount namespace only creates a separate mount tree by copying the parent tree.
You still have to remount the file systems as read-only, unmount them, mount a tmpfs over them or pivot_root into a clean tree to prevent access. Switching to an umapped user via user namespaces can help to some extent but it won't prevent access to world-readable/writable files.
If you need to setup more complex namespace environments - containers basically - you can use firejail or runc to automate those tasks based on configuration files. systemd-nspawn provides some intermediate featureset between accessing the primitives directly, as unshare does, and container runtimes.
I assume that mount namespace is isolated because mount/unmount in the namespace does not have impact on the host FS. So I think modifying FS is another issue, probably related to userns, but not fully sure about this.