Provide option to disable user namespaces

usr/lib/sysctl.d/990-security-misc.conf

@@ -93,11 +93,16 @@ kernel.sysrq=0
 ## User namespaces aim to improve sandboxing and accessibility for unprivileged users.
 ## Unprivileged user namespaces pose substantial privilege escalation risks.
 ## Restricting may lead to breakages in numerous software packages.
+## Uncomment the second sysctl to entirely disable user namespaces.
 ##
 ## https://madaidans-insecurities.github.io/linux.html#kernel
 ## https://github.com/a13xp0p0v/kernel-hardening-checker#questions-and-answers
 ##
+## KSPP=partial
+## KSPP sets the stricter sysctl user.max_user_namespaces=0.
+##
 kernel.unprivileged_userns_clone=0
+#user.max_user_namespaces=0
 
 ## Restricts kernel profiling to users with CAP_PERFMON.
 ## The performance events system should not be accessible by unprivileged users.