--- a/grsecurity/grsec_tpe.c
+++ b/grsecurity/grsec_tpe.c
@@ -25,8 +25,11 @@
 		return 0;
 	}
 #ifdef CONFIG_GRKERNSEC_TPE_ALL
-	if (current->uid && grsec_enable_tpe && grsec_enable_tpe_all &&
-	    ((inode->i_uid && (inode->i_uid != current->uid)) ||
+	if (current->uid && (grsec_enable_tpe && grsec_enable_tpe_all
+#ifdef CONFIG_GRKERNSEC_TPE_INVERT
+	    && !in_group_p(grsec_tpe_gid)
+#endif
+	    ) && ((inode->i_uid && (inode->i_uid != current->uid)) ||
 	     (inode->i_mode & S_IWGRP) || (inode->i_mode & S_IWOTH))) {
 		gr_log_fs_generic(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, file->f_dentry, file->f_vfsmnt);
 		return 0;