diff --git a/.github/workflows/nightly.yaml b/.github/workflows/nightly.yaml
index a85f14f59..310aec769 100644
--- a/.github/workflows/nightly.yaml
+++ b/.github/workflows/nightly.yaml
@@ -166,6 +166,7 @@ jobs:
       - uses: ./.github/actions/clean-runner
       - name: Build image
         run: |
+          sudo ./scripts/enable_userns.sh
           make docker-image
 
   kind-setup:
diff --git a/scripts/enable_userns.sh b/scripts/enable_userns.sh
new file mode 100755
index 000000000..96a77cee9
--- /dev/null
+++ b/scripts/enable_userns.sh
@@ -0,0 +1,11 @@
+#!/bin/sh -xe
+
+# enable user namespaces
+sysctl -w kernel.apparmor_restrict_unprivileged_io_uring=0
+sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0
+sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
+sysctl -w kernel.apparmor_restrict_unprivileged_userns_complain=0
+sysctl -w kernel.apparmor_restrict_unprivileged_userns_force=0
+sysctl -w kernel.unprivileged_bpf_disabled=2
+sysctl -w kernel.unprivileged_userns_apparmor_policy=0
+sysctl -w kernel.unprivileged_userns_clone=1