Ping not working in a new C container

I've been working on writing my own Linux container from scratch in C. I've borrowed code from several places and put up a basic version with **namespaces** & **cgroups**. Basically, I **clone** a new process with all the **CLONE_NEW*** flags to create new namespaces for the **clone'ed** process. I also set up UID mapping by inserting **0 0 1000** into the **uid_map** and **gid_map** files. I want to ensure that the *root* inside the container is mapped to the *root* outside. For the filesystem, I am using a base image of **stretch** created with **debootstrap**. Now, I am trying to set up the network connectivity from inside the container. I used this script to setup the interface inside the container. This script creates a new network-namespace of its own. I edited it slightly to mount the net-namespace of the created process onto the newly created net-namespace via the script.

mount --bind /proc/$PID/ns/net /var/run/netns/demo

I can just get into the new network namespace as follows:

ip netns exec ${NS} /bin/bash --rcfile  \"")

and successfully ping outside. But from the bash shell when I get inside the clone'ed process by default I am unable to PING. I get the error:

ping: socket: Operation not permitted

I've tried setting up capabilities: **cap_net_raw** and **cap_net_admin** I would like some guidance.