diff --git a/src/app/rpmostree-compose-builtin-tree.c b/src/app/rpmostree-compose-builtin-tree.c
index ecdd6bc3..5ea1cbe3 100644
--- a/src/app/rpmostree-compose-builtin-tree.c
+++ b/src/app/rpmostree-compose-builtin-tree.c
@@ -31,6 +31,7 @@
 
 #include "rpmostree-compose-builtins.h"
 #include "rpmostree-util.h"
+#include "rpmostree-bwrap.h"
 #include "rpmostree-core.h"
 #include "rpmostree-json-parsing.h"
 #include "rpmostree-postprocess.h"
@@ -629,6 +630,11 @@ rpmostree_compose_builtin_tree (int             argc,
                    "compose tree must presently be run as uid 0 (root)");
       goto out;
     }
+  /* Test whether or not bwrap is going to work - we will fail inside e.g. a Docker
+   * container without --privileged or userns exposed.
+   */
+  if (!rpmostree_bwrap_selftest (error))
+    goto out;
 
   repo_path = g_file_new_for_path (opt_repo);
   repo = self->repo = ostree_repo_new (repo_path);
diff --git a/src/libpriv/rpmostree-bwrap.c b/src/libpriv/rpmostree-bwrap.c
index 29f79d3a..bd7c7939 100644
--- a/src/libpriv/rpmostree-bwrap.c
+++ b/src/libpriv/rpmostree-bwrap.c
@@ -107,3 +107,32 @@ rpmostree_run_sync_fchdir_setup (char **argv_array, GSpawnFlags flags,
 
   return TRUE;
 }
+
+/* Execute /bin/true inside a bwrap container on the host */
+gboolean
+rpmostree_bwrap_selftest (GError **error)
+{
+  glnx_fd_close int host_root_dfd = -1;
+  g_autoptr(GPtrArray) bwrap_argv = NULL;
+
+  if (!glnx_opendirat (AT_FDCWD, "/", TRUE, &host_root_dfd, error))
+    return FALSE;
+
+  bwrap_argv = rpmostree_bwrap_base_argv_new_for_rootfs (host_root_dfd, error);
+  if (!bwrap_argv)
+    return FALSE;
+
+  rpmostree_ptrarray_append_strdup (bwrap_argv,
+                                    "--ro-bind", "usr", "/usr",
+                                    NULL);
+  g_ptr_array_add (bwrap_argv, g_strdup ("true"));
+  g_ptr_array_add (bwrap_argv, NULL);
+  if (!rpmostree_run_sync_fchdir_setup ((char**)bwrap_argv->pdata, G_SPAWN_SEARCH_PATH,
+                                        host_root_dfd, error))
+    {
+      g_prefix_error (error, "bwrap test failed, see https://github.com/projectatomic/rpm-ostree/pull/429: ");
+      return FALSE;
+    }
+
+  return TRUE;
+}
diff --git a/src/libpriv/rpmostree-bwrap.h b/src/libpriv/rpmostree-bwrap.h
index fbf21133..b4bb88c9 100644
--- a/src/libpriv/rpmostree-bwrap.h
+++ b/src/libpriv/rpmostree-bwrap.h
@@ -30,3 +30,5 @@ void rpmostree_ptrarray_append_strdup (GPtrArray *argv_array, ...) G_GNUC_NULL_T
 
 gboolean rpmostree_run_sync_fchdir_setup (char **argv_array, GSpawnFlags flags,
                                           int rootfs_fd, GError **error);
+
+gboolean rpmostree_bwrap_selftest (GError **error);