diff --git a/docs/reference/run.md b/docs/reference/run.md
index e992d15ee6..0ea20a3d65 100644
--- a/docs/reference/run.md
+++ b/docs/reference/run.md
@@ -1249,12 +1249,12 @@ by default a container is not allowed to access any devices, but a
 "privileged" container is given access to all devices (see
 the documentation on [cgroups devices](https://www.kernel.org/doc/Documentation/cgroup-v1/devices.txt)).
 
-When the operator executes `docker run --privileged`, Docker will enable
-access to all devices on the host as well as set some configuration
-in AppArmor or SELinux to allow the container nearly all the same access to the
-host as processes running outside containers on the host. Additional
-information about running with `--privileged` is available on the
-[Docker Blog](https://blog.docker.com/2013/09/docker-can-now-run-within-docker/).
+The --privileged flag gives all capabilities to the container. When the operator
+executes `docker run --privileged`, Docker will enable access to all devices on
+the host as well as set some configuration in AppArmor or SELinux to allow the
+container nearly all the same access to the host as processes running outside
+containers on the host. Additional information about running with `--privileged`
+is available on the [Docker Blog](https://blog.docker.com/2013/09/docker-can-now-run-within-docker/).
 
 If you want to limit access to a specific device or devices you can use
 the `--device` flag. It allows you to specify one or more devices that