diff -NurpP --minimal linux-4.9.195-vs2.3.9.8/fs/super.c linux-4.9.195-vs2.3.9.9/fs/super.c
--- linux-4.9.195-vs2.3.9.8/fs/super.c	2019-02-22 08:37:55.333056020 +0000
+++ linux-4.9.195-vs2.3.9.9/fs/super.c	2019-10-13 10:11:07.125382902 +0000
@@ -484,7 +484,7 @@ struct super_block *sget_userns(struct f
 
 	if (!(flags & (MS_KERNMOUNT|MS_SUBMOUNT)) &&
 	    !(type->fs_flags & FS_USERNS_MOUNT) &&
-	    !capable(CAP_SYS_ADMIN))
+	    !vx_capable(CAP_SYS_ADMIN, VXC_SECURE_MOUNT))
 		return ERR_PTR(-EPERM);
 retry:
 	spin_lock(&sb_lock);
@@ -565,7 +565,8 @@ struct super_block *sget(struct file_sys
 		user_ns = &init_user_ns;
 
 	/* Ensure the requestor has permissions over the target filesystem */
-	if (!(flags & (MS_KERNMOUNT|MS_SUBMOUNT)) && !ns_capable(user_ns, CAP_SYS_ADMIN))
+	if (!(flags & (MS_KERNMOUNT|MS_SUBMOUNT)) &&
+	    !vx_ns_capable(user_ns, CAP_SYS_ADMIN, VXC_SECURE_MOUNT))
 		return ERR_PTR(-EPERM);
 
 	return sget_userns(type, test, set, flags, user_ns, data);