diff --git a/src/syscall/exec_linux_test.go b/src/syscall/exec_linux_test.go
index cca3812a9e..6d31941184 100644
--- a/src/syscall/exec_linux_test.go
+++ b/src/syscall/exec_linux_test.go
@@ -15,6 +15,17 @@ import (
 	"testing"
 )
 
+// Check if we are in a chroot by checking if the inode of / is
+// different from 2 (there is no better test available to non-root on
+// linux).
+func isChrooted(t *testing.T) bool {
+	root, err := os.Stat("/")
+	if err != nil {
+		t.Fatalf("cannot stat /: %v", err)
+	}
+	return root.Sys().(*syscall.Stat_t).Ino != 2
+}
+
 func whoamiCmd(t *testing.T, uid, gid int, setgroups bool) *exec.Cmd {
 	if _, err := os.Stat("/proc/self/ns/user"); err != nil {
 		if os.IsNotExist(err) {
@@ -22,6 +33,12 @@ func whoamiCmd(t *testing.T, uid, gid int, setgroups bool) *exec.Cmd {
 		}
 		t.Fatalf("Failed to stat /proc/self/ns/user: %v", err)
 	}
+	if isChrooted(t) {
+		// create_user_ns in the kernel (see
+		// https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/kernel/user_namespace.c)
+		// forbids the creation of user namespaces when chrooted.
+		t.Skip("cannot create user namespaces when chrooted")
+	}
 	// On some systems, there is a sysctl setting.
 	if os.Getuid() != 0 {
 		data, errRead := ioutil.ReadFile("/proc/sys/kernel/unprivileged_userns_clone")