Ensure that sandboxed code cannot create new user namespaces

User namespaces are a huge attack surface, so disallow creating new
ones.

runtime/init-container/src/init.c

@@ -2096,6 +2096,7 @@ int main(int argc, char **argv) {
     block_signals();
     if (do_sandbox) {
         write_sys("/proc/sys/net/ipv4/ip_unprivileged_port_start", 0);
+        write_sys("/proc/sys/user/max_user_namespaces", 1);
         get_namespace_fd();
     }
     setup_sigfd();