diff --git a/pkgs/by-name/bunpen/rt/ext/unshare.ha b/pkgs/by-name/bunpen/rt/ext/unshare.ha
index ddd87d28c..b342d7dca 100644
--- a/pkgs/by-name/bunpen/rt/ext/unshare.ha
+++ b/pkgs/by-name/bunpen/rt/ext/unshare.ha
@@ -1,6 +1,9 @@
 // vim: set shiftwidth=2 :
 use rt;
 
+// hare defines this for riscv and aarch64, but not x86
+// const __NR_pidfd_open: u64 = 434;
+
 // for use with `setns`, `unshare`, `clone` syscalls
 export type clone_flag = enum u64 {
   // new time namespace. calling process is NOT moved into the namespace.
@@ -34,10 +37,19 @@ export type clone_flag = enum u64 {
 // union of `clone_flag`
 export type clone_flags = u64;
 
-// export fn setns(ns_fd: i32, nstype: i32) (rt::errno | u64) = {
-//   return syscall(rt::SYS_setns, ns_fd: u64, nstype: u64);
-// };
-
 export fn unshare(flags: clone_flags) (void | rt::errno) = {
   return syscall_0_on_success(rt::SYS_unshare, flags);
 };
+
+// // ns_fd can come from `open("/proc/$PID/ns/<ns>")` OR
+// // `pidfd_open(PID, flags)`
+// export fn setns(ns_fd: u64, nstype: clone_flags) (rt::errno | void) = {
+//   return syscall_0_on_success(rt::SYS_setns, ns_fd: u64, nstype: u64);
+// };
+//
+// // return a file descriptor that represents the PID namespace of the given process.
+// // this can be used with `setns`.
+// // the CLOSE_ON_EXEC flag is implicitly set.
+// export fn pidfd_open(pid: rt::pid_t, flags: u64 = 0) (rt::errno | u64) = {
+//   return syscall(__NR_pidfd_open, pid: u64, flags);
+// };