unprivileged_userns_apparmor_policy - what does it do?

I am developing some AppArmor profiles, and came across the kernel flag unprivileged_userns_apparmor_policy, but I cannot find any documentation about it. Does anyone know what it does? I wonder if it might be helpful to me because I am writing AppArmor policies for apps that can use unprivileged user namespaces and I don't want those apps to be able to use a mount namespace to get around the AppArmor profile's file permission restrictions.