oniux leverage unprivileged user namespaces to setup namespaces without the need for root access. Sadly that feature is disabled on recent Ubuntu. Supporting environment without unprivileged user namespaces is still work in progress.
This is a common pattern amongst container and container-adjacent technologies to hide/modify a file as perceived from inside without actually modifying (or even having the permission to modify) that file from the outside. In oniux’s case, the specific paths that are shadowed that way are /etc/resolv.conf and the procfs. You can see that by running something like diff <(mount | sort) <(oniux mount | sort) (assuming oniux works for you).