diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix
index 09a1dd54333..c771a4ed328 100644
--- a/nixos/modules/profiles/hardened.nix
+++ b/nixos/modules/profiles/hardened.nix
@@ -21,8 +21,6 @@ with lib;
 
   security.lockKernelModules = mkDefault true;
 
-  security.allowUserNamespaces = mkDefault false;
-
   security.protectKernelImage = mkDefault true;
 
   security.allowSimultaneousMultithreading = mkDefault false;
diff --git a/nixos/tests/hardened.nix b/nixos/tests/hardened.nix
index cbf76f9e558..21bc9308aaa 100644
--- a/nixos/tests/hardened.nix
+++ b/nixos/tests/hardened.nix
@@ -76,7 +76,8 @@ import ./make-test.nix ({ pkgs, ...} : {
 
       # Test userns
       subtest "userns", sub {
-          $machine->fail("unshare --user");
+          $machine->succeed("unshare --user true");
+          $machine->fail("su -l alice -c 'unshare --user true'");
       };
 
       # Test dmesg restriction