diff --git a/kernel/core_hook.c b/kernel/core_hook.c
index 43056e46..e3ffa820 100644
--- a/kernel/core_hook.c
+++ b/kernel/core_hook.c
@@ -521,13 +521,15 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old)
 #endif
 	}
 
+	// check old process's selinux context, if it is not zygote, ignore it!
+	// because some su apps may setuid to untrusted_app but they are in global mount namespace
+	// when we umount for such process, that is a disaster!
 	bool is_zygote_child = is_zygote(old->security);
 	if (!is_zygote_child) {
 		pr_info("handle umount ignore non zygote child: %d\n",
 			current->pid);
 		return 0;
 	}
-
 #ifdef CONFIG_KSU_DEBUG
 	// umount the target mnt
 	pr_info("handle umount for uid: %d, pid: %d\n", new_uid.val,
diff --git a/kernel/sucompat.c b/kernel/sucompat.c
index ca1d379d..5849aaf3 100644
--- a/kernel/sucompat.c
+++ b/kernel/sucompat.c
@@ -362,5 +362,3 @@ void ksu_sucompat_exit()
 	unregister_kprobe(&pts_unix98_lookup_kp);
 #endif
 }
-
-