diff --git a/configs/validate/config.go b/configs/validate/config.go
index 710794bf..98926dd2 100644
--- a/configs/validate/config.go
+++ b/configs/validate/config.go
@@ -2,6 +2,7 @@ package validate
 
 import (
 	"fmt"
+	"os"
 	"path/filepath"
 
 	"github.com/docker/libcontainer/configs"
@@ -31,6 +32,9 @@ func (v *ConfigValidator) Validate(config *configs.Config) error {
 	if err := v.security(config); err != nil {
 		return err
 	}
+	if err := v.usernamespace(config); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -74,3 +78,16 @@ func (v *ConfigValidator) security(config *configs.Config) error {
 	}
 	return nil
 }
+
+func (v *ConfigValidator) usernamespace(config *configs.Config) error {
+	if config.Namespaces.Contains(configs.NEWUSER) {
+		if _, err := os.Stat("/proc/self/ns/user"); os.IsNotExist(err) {
+			return fmt.Errorf("USER namespaces aren't enabled in the kernel")
+		}
+	} else {
+		if config.UidMappings != nil || config.GidMappings != nil {
+			return fmt.Errorf("User namespace mappings specified, but USER namespace isn't enabled in the config")
+		}
+	}
+	return nil
+}