[Vulnerability] Three bypasses of Ubuntu's unprivileged user namespace restrictions

Ubuntu 23.10 introduced unprivileged user namespace restrictions (the
sysctl kernel.apparmor_restrict_unprivileged_userns) and Ubuntu 24.04
enabled them by default. From Alex Murray’s excellent blog post at

https://www.qualys.com/2025/three-bypasses-of-Ubuntu-unprivileged-user-namespace-restrictions.txt