@pitti: yes this intended. At this stage we are essentially enumerating the known users of unprivileged user namespaces. We can ship the profile for you or you are welcome to ship it.
In the future this is going to gradually tighten, some of the "unconfined" profiles will be developed into real profiles, unconfined (including these profiles) will get tied into integrity checks, or require user exceptions in the security center, etc.
@pitti: yes this intended. At this stage we are essentially enumerating the known users of unprivileged user namespaces. We can ship the profile for you or you are welcome to ship it.
In the future this is going to gradually tighten, some of the "unconfined" profiles will be developed into real profiles, unconfined (including these profiles) will get tied into integrity checks, or require user exceptions in the security center, etc.