CVE-2023-32233 mitigation
https://seclists.org/oss-sec/2023/q2/133
fixed in 6.4-rc1, backported in 6.1.27, but no stable kernel yet:
https://security-tracker.debian.org/tracker/CVE-2023-32233
disabled userns on affected boxes for now (probetelemetry-01.torproject.org,tb-build-[01,04-05].torproject.org) and notified users.
/cc @shelikhoo @richard @boklm