Support for CAP_AUDIT_READ kernel capability

Solution Verified - Updated -


  • Running container on RHEL7 server gives below error:
# docker run -ti --rm --cap-add AUDIT_READ rhel7 /bin/sh
/usr/bin/docker-latest: Error response from daemon: linux spec capabilities: Unknown capability to add: "CAP_AUDIT_READ"


  • Red Hat Enterprise Linux 7
  • Software requiring CAP_AUDIT_READ such as Docker 1.12 or Elastic Search

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In