diff --git a/docs/features/configuration.md b/docs/features/configuration.md
index ee5b6a4d69..23209b1ebc 100644
--- a/docs/features/configuration.md
+++ b/docs/features/configuration.md
@@ -53,6 +53,7 @@ but does not allow starting privileged containers, you can turn off the Ryuk con
 1. You can specify the connection timeout for Ryuk by setting the `TESTCONTAINERS_RYUK_CONNECTION_TIMEOUT` **environment variable**, or the `ryuk.connection.timeout` **property**. The default value is 1 minute.
 1. You can specify the reconnection timeout for Ryuk by setting the `TESTCONTAINERS_RYUK_RECONNECTION_TIMEOUT` **environment variable**, or the `ryuk.reconnection.timeout` **property**. The default value is 10 seconds.
 1. You can configure Ryuk to run in verbose mode by setting any of the `ryuk.verbose` **property** or the `TESTCONTAINERS_RYUK_VERBOSE` **environment variable**. The default value is `false`.
+1. You can configure which container user namespace to use for the Ryuk container by setting the `TESTCONTAINERS_RYUK_CONTAINER_USER_NAMESPACE` **environment variable**, or the `ryuk.container.user.namespace` **property**.
 
 !!!info
     For more information about Ryuk, see [Garbage Collector](garbage_collector.md).
diff --git a/internal/config/config.go b/internal/config/config.go
index a172fa3a16..cefa295b89 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -65,6 +65,11 @@ type Config struct {
 	//
 	// Environment variable: TESTCONTAINERS_RYUK_CONTAINER_PRIVILEGED
 	RyukPrivileged bool `properties:"ryuk.container.privileged,default=false"`
+  
+  // RyukUserNamespace is the container user namespace used to run the Garbage Collector container.
+  //
+  // Environment variable: TESTCONTAINERS_RYUK_CONTAINER_USER_NAMESPACE
+  RyukUserNamespace string `properties:"ryuk.container.user.namespace,default="`
 
 	// RyukReconnectionTimeout is the time to wait before attempting to reconnect to the Garbage Collector container.
 	//
@@ -126,6 +131,11 @@ func read() Config {
 			config.RyukPrivileged = ryukPrivilegedEnv == "true"
 		}
 
+		ryukUserNamespaceEnv := os.Getenv("TESTCONTAINERS_RYUK_CONTAINER_USER_NAMESPACE")
+		if ryukUserNamespaceEnv != "" {
+			config.RyukUserNamespace = ryukUserNamespaceEnv
+		}
+
 		ryukVerboseEnv := os.Getenv("TESTCONTAINERS_RYUK_VERBOSE")
 		if parseBool(ryukVerboseEnv) {
 			config.RyukVerbose = ryukVerboseEnv == "true"
diff --git a/reaper.go b/reaper.go
index c41520b5b7..76bf8a8979 100644
--- a/reaper.go
+++ b/reaper.go
@@ -252,6 +252,7 @@ func newReaper(ctx context.Context, sessionID string, provider ReaperProvider) (
 		WaitingFor:   wait.ForListeningPort(listeningPort),
 		Name:         reaperContainerNameFromSessionID(sessionID),
 		HostConfigModifier: func(hc *container.HostConfig) {
+			hc.UsernsMode = container.UsernsMode(tcConfig.RyukUserNamespace)
 			hc.AutoRemove = true
 			hc.Binds = []string{dockerHostMount + ":/var/run/docker.sock"}
 			hc.NetworkMode = Bridge