diff --git a/mmdebstrap b/mmdebstrap
index 47f0cb5..f20551a 100755
--- a/mmdebstrap
+++ b/mmdebstrap
@@ -304,7 +304,8 @@ sub shellescape {
 }
 
 sub test_unshare_userns {
-    my $verbose = shift;
+    my $verbose      = shift;
+    my $unshare_fail = shift;
     if ($EFFECTIVE_USER_ID == 0) {
         my $msg = "cannot unshare user namespace when executing as root";
         if ($verbose) {
@@ -345,7 +346,11 @@ sub test_unshare_userns {
         if (($? >> 8) == 127) {
             my $msg = "cannot find newuidmap";
             if ($verbose) {
-                warning $msg;
+                if ($unshare_fail) {
+                    error $msg;
+                } else {
+                    warning $msg;
+                }
             } else {
                 debug $msg;
             }
@@ -4811,7 +4816,7 @@ sub main() {
         }
         # ...or we are not root and then we need to be able to unshare the user
         # namespace.
-        if ($EFFECTIVE_USER_ID != 0 && !test_unshare_userns(1)) {
+        if ($EFFECTIVE_USER_ID != 0 && !test_unshare_userns(1, 1)) {
             my $procfile = '/proc/sys/kernel/unprivileged_userns_clone';
             open(my $fh, '<', $procfile)
               or error "failed to open $procfile: $!";