diff --git a/README.md b/README.md
index 96564dc..95a0323 100644
--- a/README.md
+++ b/README.md
@@ -58,3 +58,13 @@ agent-sandbox --ro ~/.aws -- claude --dangerously-skip-permissions
 agent-sandbox --setenv DATABASE_URL=postgres://localhost/dev -- claude
 agent-sandbox --unsetenv HTTP_PROXY -- claude
 ```
+
+## Ubuntu 23.10+: AppArmor unprivileged userns restrictions
+
+Ubuntu 23.10 and later ship with `kernel.apparmor_restrict_unprivileged_userns=1`, which blocks `bwrap` from creating user namespaces and causes failures like `bwrap: setting up uid map: Permission denied`. Ubuntu does not enable a profile for `bwrap` by default, but the `apparmor-profiles` package ships an opt-in `bwrap-userns-restrict` profile that grants the necessary access while still preventing `bwrap` from being used to bypass the userns restriction generally:
+
+```bash
+sudo apt install apparmor-profiles
+sudo ln -s /usr/share/apparmor/extra-profiles/bwrap-userns-restrict /etc/apparmor.d/
+sudo apparmor_parser -r /etc/apparmor.d/bwrap-userns-restrict
+```