diff --git a/README.md b/README.md
index 55f6485..a187056 100644
--- a/README.md
+++ b/README.md
@@ -36,8 +36,8 @@ space, user space, core dumps, and swap space.
 - Entirely disable the SysRq key so that the Secure Attention Key (SAK)
   can no longer be utilized. See [documentation](https://www.kicksecure.com/wiki/SysRq).
 
-- Provide the option to disable unprivileged user namespaces as they can lead to
-  substantial privilege escalation.
+- Restrict user namespaces to `CAP_SYS_ADMIN` as they can lead to substantial
+  privilege escalation.
 
 - Restrict kernel profiling and the performance events system to `CAP_PERFMON`.
 
diff --git a/usr/lib/sysctl.d/990-security-misc.conf b/usr/lib/sysctl.d/990-security-misc.conf
index ef550e4..b68f833 100644
--- a/usr/lib/sysctl.d/990-security-misc.conf
+++ b/usr/lib/sysctl.d/990-security-misc.conf
@@ -92,14 +92,12 @@ kernel.sysrq=0
 ## Restrict user namespaces to users with CAP_SYS_ADMIN.
 ## User namespaces aim to improve sandboxing and accessibility for unprivileged users.
 ## Unprivileged user namespaces pose substantial privilege escalation risks.
-## Restricting is known to cause breakages across numerous software packages.
+## Restricting may lead to breakages in numerous software packages.
 ##
 ## https://madaidans-insecurities.github.io/linux.html#kernel
 ## https://github.com/a13xp0p0v/kernel-hardening-checker#questions-and-answers
 ##
-## Unprivileged user namespaces are currently enabled.
-##
-#kernel.unprivileged_userns_clone=0
+kernel.unprivileged_userns_clone=0
 
 ## Restricts kernel profiling to users with CAP_PERFMON.
 ## The performance events system should not be accessible by unprivileged users.