If you don't need it (rootless containers), you can disable unprivileged userns to block these two:
echo 1 | sudo tee /proc/sys/kernel/apparmor_restrict_unprivileged_userns
If you don't need it (rootless containers), you can disable unprivileged userns to block these two:
echo 1 | sudo tee /proc/sys/kernel/apparmor_restrict_unprivileged_userns