diff --git a/.cirrus.yml b/.cirrus.yml
index c7ed5027a3..bad3a12b45 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -68,6 +68,27 @@ task:
   build_script: |
     make -C scripts/ci vagrant-fedora-rawhide
 
+task:
+  name: Vagrant Fedora based test (non-root)
+  environment:
+    HOME: "/root"
+    CIRRUS_WORKING_DIR: "/tmp/criu"
+
+  compute_engine_instance:
+    image_project: cirrus-images
+    image: family/docker-kvm
+    platform: linux
+    cpu: 4
+    memory: 16G
+    nested_virtualization: true
+
+  setup_script: |
+    scripts/ci/apt-install make gcc pkg-config git perl-modules iproute2 kmod wget cpu-checker
+    sudo kvm-ok
+    ln -sf /usr/include/google/protobuf/descriptor.proto images/google/protobuf/descriptor.proto
+  build_script: |
+    make -C scripts/ci vagrant-fedora-non-root
+
 task:
   name: CentOS Stream 8 based test
   environment:
diff --git a/scripts/ci/Makefile b/scripts/ci/Makefile
index 3a1634fb8b..30dd9ebeb8 100644
--- a/scripts/ci/Makefile
+++ b/scripts/ci/Makefile
@@ -97,7 +97,10 @@ vagrant-fedora-no-vdso: setup-vagrant
 vagrant-fedora-rawhide: setup-vagrant
 	./vagrant.sh fedora-rawhide
 
-.PHONY: setup-vagrant vagrant-fedora-no-vdso vagrant-fedora-rawhide
+vagrant-fedora-non-root: setup-vagrant
+	./vagrant.sh fedora-non-root
+
+.PHONY: setup-vagrant vagrant-fedora-no-vdso vagrant-fedora-rawhide vagrant-fedora-non-root
 
 %:
 	$(MAKE) -C ../build $@$(target-suffix)
diff --git a/scripts/ci/vagrant.sh b/scripts/ci/vagrant.sh
index af0f7335ad..e23486f29e 100755
--- a/scripts/ci/vagrant.sh
+++ b/scripts/ci/vagrant.sh
@@ -68,4 +68,16 @@ fedora-rawhide() {
 	ssh default 'cd /vagrant; tar xf criu.tar; cd criu; sudo -E make -C scripts/ci fedora-rawhide CONTAINER_RUNTIME=podman BUILD_OPTIONS="--security-opt seccomp=unconfined"'
 }
 
+fedora-non-root() {
+	ssh default uname -a
+	ssh default 'cd /vagrant; tar xf criu.tar; cd criu; make -j 4'
+	# Setting the capability should be the only line needed to run as non-root on Fedora
+	# In other environments either set /proc/sys/kernel/yama/ptrace_scope to 0 or grant cap_sys_ptrace to criu
+	ssh default 'sudo setcap cap_checkpoint_restore+eip /vagrant/criu/criu/criu'
+	# Run it once as non-root
+	ssh default 'cd /vagrant/criu; criu/criu check --unprivileged; ./test/zdtm.py run -t zdtm/static/env00 -t zdtm/static/pthread00 -f h --rootless'
+	# Run it as root with '--rootless'
+	ssh default 'cd /vagrant/criu; sudo ./test/zdtm.py run -t zdtm/static/env00 -t zdtm/static/pthread00 -f h; sudo chmod 777 test/dump/zdtm/static/{env00,pthread00}; sudo ./test/zdtm.py run -t zdtm/static/env00 -t zdtm/static/pthread00 -f h --rootless'
+}
+
 $1