diff --git a/docs/reference/run.md b/docs/reference/run.md index 375c0c1538..82bffc1537 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1220,6 +1220,10 @@ since Docker 1.12. In Docker 1.10 and 1.11 this did not happen and it may be nec to use a custom seccomp profile or use `--security-opt seccomp=unconfined` when adding capabilities. +It is only possible to grant capabilities to a container running as a user other than `root` +on a system with a Linux kernel version of 4.3 or later, as this requires "ambient capabilities" +to be granted. These will be added if the kernel allows it from Docker version 1.13. + ## Logging drivers (--log-driver) The container can have a different logging driver than the Docker daemon. Use