From a4952d1f246f0fb62578e79071aae70f16e8e95b Mon Sep 17 00:00:00 2001
From: Sven Dowideit <SvenDowideit@docker.com>
Date: Fri, 5 Dec 2014 16:30:47 +1000
Subject: [PATCH] add --cap-add=NET_ADMIN to make a new network device

inspired by #9452

Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@docker.com> (github: SvenDowideit)

Signed-off-by: Sven Dowideit <SvenDowideit@docker.com>
Upstream-commit: c5e525eb4c45cc7c2c7479d5b8599d9e3cadcfe6
Component: cli
---
 components/cli/docs/sources/reference/run.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/components/cli/docs/sources/reference/run.md b/components/cli/docs/sources/reference/run.md
index 9c26ec7fa6..65cf21f510 100644
--- a/components/cli/docs/sources/reference/run.md
+++ b/components/cli/docs/sources/reference/run.md
@@ -360,6 +360,10 @@ operator wants to have all capabilities but `MKNOD` they could use:
 For interacting with the network stack, instead of using `--privileged` they
 should use `--cap-add=NET_ADMIN` to modify the network interfaces.
 
+    $ docker run -t -i --rm  ubuntu:14.04 ip link add dummy0 type dummy
+    RTNETLINK answers: Operation not permitted
+    $ docker run -t -i --rm --cap-add=NET_ADMIN ubuntu:14.04 ip link add dummy0 type dummy
+
 If the Docker daemon was started using the `lxc` exec-driver
 (`docker -d --exec-driver=lxc`) then the operator can also specify LXC options
 using one or more `--lxc-conf` parameters. These can be new parameters or