From 884a5ffbdf2c12b873fb9662dbc21029d859efb2 Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Wed, 16 Sep 2020 15:46:09 +0200
Subject: [PATCH] docs: document CAP_AUDIT_READ

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 docs/reference/run.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/reference/run.md b/docs/reference/run.md
index ab86ad1381..6294f531fe 100644
--- a/docs/reference/run.md
+++ b/docs/reference/run.md
@@ -1307,6 +1307,7 @@ The next table shows the capabilities which are not granted by default and may b
 | Capability Key  | Capability Description                                                                                          |
 |:----------------|:----------------------------------------------------------------------------------------------------------------|
 | AUDIT_CONTROL   | Enable and disable kernel auditing; change auditing filter rules; retrieve auditing status and filtering rules. |
+| AUDIT_READ      | Allow reading audit messages from the kernel.                                                                   |
 | BLOCK_SUSPEND   | Employ features that can block system suspend.                                                                  |
 | DAC_READ_SEARCH | Bypass file read permission checks and directory read and execute permission checks.                            |
 | IPC_LOCK        | Lock memory (mlock(2), mlockall(2), mmap(2), shmctl(2)).                                                        |