ensure you have following in your sysctl :
kernel.unprivileged_userns_clone = 1
kernel.apparmor_restrict_unprivileged_userns = 0
ensure you have following in your sysctl :
kernel.unprivileged_userns_clone = 1
kernel.apparmor_restrict_unprivileged_userns = 0