What causes `newuidmap` to be dissallowed in new user namespace?

I expected

uid=0(root) gid=0(root) groups=0(root)

to be the output of both

$ rootlesskit id

$ unshare -U bash -c 'newuidmap $$ 0 '"$(id -u)"' 1; id'

however the somewhat more verbose -x command

$ unshare -U bash -xc 'newuidmap $$ 0 '"$(id -u)"' 1; id'

yields instaed

+ newuidmap 41372 0 1000 1
newuidmap: uid range 0-1) -> [1000-1001) not allowed
+ id
uid=65534(nobody) gid=65534(nobody) groups=65534(nobody)

Why makes newuidmap think that mapping a user's uid to 0 in an new user namespace would be dissallowed? My understanding of info contained in [man 7 user_namespaces is that any user (assuming CONFIG_USER_NS_UNPRIVILEGED is configured) can do an unshare or clone in order to create a new user namespace (setting the flag CLONE_NEWUSER). Now I now that the main "additional value" of newuidmap is to map the ranges specified in /etc/subuid however, I strace the working rootlesskit shows:

[pid 35921] execve("/usr/bin/newuidmap", ["newuidmap", "35909", "0", "1000", "1", "1", "200000", "65536"], 0xc000002480 /* 44 vars */ 
[....]
[pid 35921] openat(3, "uid_map", O_WRONLY) = 5
[pid 35921] write(5, "0 1000 1\n1 200000 65536\n", 24) = 24

eventually Also of course it is totally possible to do the mapping even without newuidmap

[user1@host tmp]$ cat > unshare.c 
#include 
#include 
#include 
#include 
#include 

int main(int argc, char* argv[])
{
    int fd_uidmap;
    char mapping;
    sprintf(mapping,"0 %ld 1\n",(unsigned int) geteuid());
    if (unshare(CLONE_NEWUSER) == -1)
    {
        puts("error\n");
        exit(1);
    }
    fd_uidmap = open("/proc/self/uid_map",O_RDWR,NULL);
    write(fd_uidmap,mapping,strlen(mapping));
    close(fd_uidmap);
    execvp(argv[1] , argv+1);
    return 0;
}
EOF
[user1@host tmp]$ gcc unshare.c -o unshare
[user1@host tmp]$ ./unshare id
uid=0(root) gid=65534(nobody) groups=65534(nobody)