Why do PIDs need to be virtualized? Each process can retain its globally-unique PID. From the
point of view of a process in a cgroup, processes that aren't in that particular group just
don't exist. Any new process would get a free entry in the global PID list. Granted, that
doesn't allow each namespace to have its PID 1, but is that a big deal?