diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
index f2779c6..1ee3992 100644
--- a/fs/proc/proc_sysctl.c
+++ b/fs/proc/proc_sysctl.c
@@ -521,8 +521,13 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf,
 	dput(filp->f_path.dentry);
 	if (!gr_acl_handle_open(filp->f_path.dentry, filp->f_path.mnt, op))
 		goto out;
-	if (write && !capable(CAP_SYS_ADMIN))
-		goto out;
+	if (write) {
+		if (current->nsproxy->net_ns != table->extra2) {
+			if (!capable(CAP_SYS_ADMIN))
+				goto out;
+		} else if (!nsown_capable(CAP_SYS_ADMIN))
+			goto out;
+	}
 #endif
 
 	/* careful: calling conventions are nasty here */