Updated test to check for `exec --privileged` side-effects

Also improving documentation for same feature as part of
docker/docker#14113 docs review.

Signed-off-by: Tim Dettrick <t.dettrick@uq.edu.au>

docs/reference/commandline/exec.md

@@ -17,7 +17,7 @@ weight=1
 
       -d, --detach=false         Detached mode: run command in the background
       -i, --interactive=false    Keep STDIN open even if not attached
-      --privileged=false         Give extended privileges to the command
+      --privileged=false         Give extended Linux capabilities to the command
       -t, --tty=false            Allocate a pseudo-TTY
       -u, --user=                Username or UID (format: <name|uid>[:<group|gid>])
 
@@ -53,4 +53,3 @@ This will create a new file `/tmp/execWorks` inside the running container
     $ docker exec -it ubuntu_bash bash
 
 This will create a new Bash session in the container `ubuntu_bash`.
-

man/docker-exec.1.md

@@ -35,11 +35,12 @@ container is unpaused, and then run
    Keep STDIN open even if not attached. The default is *false*.
 
 **--privileged**=*true*|*false*
-   Give extended privileges to the process to run in a running container. The default is *false*.
+   Give the process extended [Linux capabilities](http://man7.org/linux/man-pages/man7/capabilities.7.html)
+when running in a container. The default is *false*.
 
-   By default, the process run by docker exec in a running container
-have the same capabilities of the container. By setting --privileged will give
-all the capabilities to the process.
+   Without this flag, the process run by `docker exec` in a running container has
+the same capabilities as the container, which may be limited. Set
+`--privileged` to give all capabilities to the process.
 
 **-t**, **--tty**=*true*|*false*
    Allocate a pseudo-TTY. The default is *false*.