diff --git a/include/security.h b/include/security.h
index 43bfb4529..b21c8d9d2 100644
--- a/include/security.h
+++ b/include/security.h
@@ -8,5 +8,6 @@ extern int restrict_uid(unsigned int uid, unsigned int gid);
 extern bool may_dump(struct proc_status_creds *);
 extern bool may_restore(struct _CredsEntry *);
 extern bool cr_user_is_root(void);
+extern int cr_fchown(int fd);
 
 #endif /* __CR_SECURITY_H__ */
diff --git a/security.c b/security.c
index 5189846d9..693c575f2 100644
--- a/security.c
+++ b/security.c
@@ -169,3 +169,16 @@ bool may_restore(CredsEntry *creds)
 		check_groups(creds->groups, creds->n_groups) &&
 		check_caps(creds->cap_inh, creds->cap_eff, creds->cap_prm);
 }
+
+int cr_fchown(int fd)
+{
+	if (cr_user_is_root())
+		return 0;
+
+	if (fchown(fd, cr_uid, cr_gid)) {
+		pr_perror("Can't chown to (%u,%u)", cr_uid, cr_gid);
+		return -1;
+	}
+
+	return 0;
+}