diff --git a/daemon/oci_linux_test.go b/daemon/oci_linux_test.go
index 796842c7ce..890875af87 100644
--- a/daemon/oci_linux_test.go
+++ b/daemon/oci_linux_test.go
@@ -15,6 +15,7 @@ import (
 	"github.com/docker/libnetwork"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/skip"
 )
 
 func setupFakeDaemon(t *testing.T, c *container.Container) *Daemon {
@@ -62,6 +63,7 @@ func cleanupFakeContainer(c *container.Container) {
 // in "Duplicate mount point" error from the engine.
 // https://github.com/moby/moby/issues/35455
 func TestTmpfsDevShmNoDupMount(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	c := &container.Container{
 		ShmPath: "foobar", // non-empty, for c.IpcMounts() to work
 		HostConfig: &containertypes.HostConfig{
@@ -84,6 +86,7 @@ func TestTmpfsDevShmNoDupMount(t *testing.T) {
 // the resulting /dev/shm mount is NOT made read-only.
 // https://github.com/moby/moby/issues/36503
 func TestIpcPrivateVsReadonly(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	c := &container.Container{
 		HostConfig: &containertypes.HostConfig{
 			IpcMode:        containertypes.IpcMode("private"),
@@ -108,6 +111,7 @@ func TestIpcPrivateVsReadonly(t *testing.T) {
 // TestSysctlOverride ensures that any implicit sysctls (such as
 // Config.Domainname) are overridden by an explicit sysctl in the HostConfig.
 func TestSysctlOverride(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	c := &container.Container{
 		Config: &containertypes.Config{
 			Hostname:   "foobar",
@@ -149,6 +153,7 @@ func TestSysctlOverride(t *testing.T) {
 // TestSysctlOverrideHost ensures that any implicit network sysctls are not set
 // with host networking
 func TestSysctlOverrideHost(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	c := &container.Container{
 		Config: &containertypes.Config{},
 		HostConfig: &containertypes.HostConfig{
diff --git a/pkg/chrootarchive/archive_unix_test.go b/pkg/chrootarchive/archive_unix_test.go
index f7b99e3306..f9bf815ec8 100644
--- a/pkg/chrootarchive/archive_unix_test.go
+++ b/pkg/chrootarchive/archive_unix_test.go
@@ -16,6 +16,7 @@ import (
 	"github.com/docker/docker/pkg/archive"
 	"golang.org/x/sys/unix"
 	"gotest.tools/v3/assert"
+	"gotest.tools/v3/skip"
 )
 
 // Test for CVE-2018-15664
@@ -23,6 +24,7 @@ import (
 // some path outside of a container's rootfs that we do not copy data to a
 // container path that will actually overwrite data on the host
 func TestUntarWithMaliciousSymlinks(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	dir, err := ioutil.TempDir("", t.Name())
 	assert.NilError(t, err)
 	defer os.RemoveAll(dir)
@@ -84,6 +86,7 @@ func TestUntarWithMaliciousSymlinks(t *testing.T) {
 // some path outside of a container's rootfs that we do not unwittingly leak
 // host data into the archive.
 func TestTarWithMaliciousSymlinks(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	dir, err := ioutil.TempDir("", t.Name())
 	assert.NilError(t, err)
 	// defer os.RemoveAll(dir)
diff --git a/plugin/manager_linux_test.go b/plugin/manager_linux_test.go
index d874ef29dc..84c17f9f29 100644
--- a/plugin/manager_linux_test.go
+++ b/plugin/manager_linux_test.go
@@ -175,6 +175,7 @@ func (e *executorWithRunning) Signal(id string, signal int) error {
 }
 
 func TestPluginAlreadyRunningOnStartup(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	t.Parallel()
 
 	root, err := ioutil.TempDir("", t.Name())