diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -411,8 +411,9 @@
 {
 	if (r->from_type == RULE_UID && r->f_uid == cred->cr_uid)
 		return (true);
-	if (r->from_type == RULE_GID && r->f_gid == cred->cr_gid)
+	if (r->from_type == RULE_GID && groupmember(r->f_gid, cred))
 		return (true);
+
 	return (false);
 }
 
@@ -516,7 +517,7 @@
 			}
 		}
 		if (r->from_type == RULE_GID) {
-			if (cred->cr_gid != r->f_gid)
+			if (!groupmember(r->f_gid, cred))
 				continue;
 			if (r->to_type == RULE_ANY) {
 				error = 0;