diff --git a/lib/libsys/chroot.2 b/lib/libsys/chroot.2
--- a/lib/libsys/chroot.2
+++ b/lib/libsys/chroot.2
@@ -61,10 +61,10 @@
 .Fn chroot
 has no effect on the process's current directory.
 .Pp
-This call is restricted to the super-user, unless the
+This call is restricted to the super-user if the
 .Ql security.bsd.unprivileged_chroot
-sysctl variable is set to 1
-and the process has enabled the
+sysctl variable is set to 0.
+Unprivileged use requires that the process has enabled the
 .Dv PROC_NO_NEW_PRIVS_CTL
 .Xr procctl 2 .
 .Pp
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -967,7 +967,7 @@
 	return (0);
 }
 
-static int unprivileged_chroot = 0;
+static int unprivileged_chroot = 1;
 SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_chroot, CTLFLAG_RW,
     &unprivileged_chroot, 0,
     "Unprivileged processes can use chroot(2)");