From all the namespaces specified in the container spec, youki only sets the user and pid namespaces.
Other namespace, like the nerwork namespace, are ignored.

See containerd/runwasi#364 and this slack thread for context.

Thanks for creating the issue. Why did they think that? I think youki apply the rest of the namespace here:

You are 100% correct.
Youki is setting the network namespace, but for some reason it's not taking effect.
It might be related to what point in the container lifecycle the call is done, maybe the runwasi shim needs to create the container earlier.
I need to dig dipper into this.

Pods share a network namespace among the containers, right? If it is right, perhaps runwasi is responsible for creating a network namespace for a pod. But I'm not sure...