diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index b237959c74975037437f1606ab0027d49b183c4d..2c49355d16c2279ab89b76cfb532867e604f5c11 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -2134,6 +2134,9 @@ static int rtnl_newlink(struct sk_buff *skb, struct nlmsghdr *nlh)
 				err =  -EINVAL;
 				goto out;
 			}
+			err = -EPERM;
+			if (!netlink_ns_capable(skb, link_net->user_ns, CAP_NET_ADMIN))
+				goto out;
 		}
 
 		dev = rtnl_create_link(link_net ? : dest_net, ifname,