Is it possible to use a veth created in a user namespace as a regular user in a practical way?

[This question](https://unix.stackexchange.com/questions/396175/how-do-i-connect-a-veth-device-inside-an-anonymous-network-namespace-to-one-ou) hints that it is possible to create a veth (which normally requires root) from inside a user and network namespace, and indeed:

user@host$ unshare --user --net -r =bash
root@namespace# ip link add veth0 type veth peer name veth0 netns 1
root@namespace# ip link
1: lo:  mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: veth0@if3:  mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 4a:b9:93:89:bd:d1 brd ff:ff:ff:ff:ff:ff link-netnsid 0

The other end of the veth does appear on the host:

user@host$ ip link
...
3: veth0@if2:  mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 62:02:c7:8c:58:77 brd ff:ff:ff:ff:ff:ff link-netnsid 0

Unfortunately, it does not seem possible to use it in a practical way as a regular user, because any modification requires root, including bringing the interface up:

user@host$ ip link set veth0 up
RTNETLINK answers: Operation not permitted

Is this actually possible, and did I miss something? Container technologies like Podman makes use of custom usermode TCP/IP stacks ([slirp4netns](https://github.com/rootless-containers/slirp4netns) or [passt/pasta](https://passt.top/passt/about/)) when run in rootless mode, which work _in addition_ to the normal kernel networking stack. Is there a documented reason why using (if yes) or developing (if no) such a feature was not pursued while developing those alternative stacks?