diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -982,13 +982,16 @@
 	error = priv_check(td, PRIV_VFS_CHROOT);
 	if (error != 0) {
 		p = td->td_proc;
-		PROC_LOCK(p);
-		if (unprivileged_chroot == 0 ||
-		    (p->p_flag2 & P2_NO_NEW_PRIVS) == 0) {
-			PROC_UNLOCK(p);
+		if (unprivileged_chroot == 0) {
+			error = EXTERROR(EPERM,
+			    "need security.bsd.unprivileged_chroot");
+			goto e_vunlock;
+		}
+		if (p->p_flag2 & P2_NO_NEW_PRIVS) == 0) {
+			error = EXTERROR(EPERM,
+			    "P2_NO_NEW_PRIVS not enabled");
 			goto e_vunlock;
 		}
-		PROC_UNLOCK(p);
 	}
 
 	error = change_dir(vp, td);