Right, but "unprivileged user namespaces" are disabled in many contexts, because they've been a source of many vulnerabilities due to code originally thought to only be reachable by root anyway.
Archlinux has user namespaces disabled, docker does not use them by default and does not allow them inside containers by default, on Ubuntu I make sure to disable kernel.unprivileged_userns_clone on all the servers I deploy to, etc.
Archlinux has user namespaces disabled, docker does not use them by default and does not allow them inside containers by default, on Ubuntu I make sure to disable kernel.unprivileged_userns_clone on all the servers I deploy to, etc.