Looks very nice!

One thing: the "Handle exceptions of setuid() and setgid()" commit message caught my eye, so I took a look:

  if (setuid(uid) < 0) { 
          fprintf(stderr, "Unable to set process user ID"); 
  }

You probably want to add an exit() here, as well as to the preceeding setgid() call. Also, the earlier initgroups() can fail, too, so its result should also be checked.

While we are doing this...

    #define APP_TIMEOUT (2000000L) /* 2 seconds */
    ...
    usleep(APP_TIMEOUT);

usleep limits its argument's range to values from 0 to 1000000 and is considered obsolete. Please use nanosleep instead.

Thank you, applied :)

Looks like a '\n' is missing there.

Cool! Namespace are a powerful but not very well known feature of Linux.

Well, unless you count docker, rkt, and the whole linux containers thing.

There are a number of consumers of namespaces, particularly of late, but they've been around (depending on which type) for years at this point, and many users (or even admins) have little knowledge of their existence or usage unless it comes time to deploy $CONTAINER and their platform does not have them enabled.