diff --git a/cluster/gce/addons/podsecuritypolicies/unprivileged-addon.yaml b/cluster/gce/addons/podsecuritypolicies/unprivileged-addon.yaml
index a35258a348e..85a49532883 100644
--- a/cluster/gce/addons/podsecuritypolicies/unprivileged-addon.yaml
+++ b/cluster/gce/addons/podsecuritypolicies/unprivileged-addon.yaml
@@ -19,6 +19,22 @@ metadata:
 spec:
   privileged: false
   allowPrivilegeEscalation: false
+  # The docker default set of capabilities
+  allowedCapabilities:
+  - SETPCAP
+  - MKNOD
+  - AUDIT_WRITE
+  - CHOWN
+  - NET_RAW
+  - DAC_OVERRIDE
+  - FOWNER
+  - FSETID
+  - KILL
+  - SETGID
+  - SETUID
+  - NET_BIND_SERVICE
+  - SYS_CHROOT
+  - SETFCAP
   volumes:
   - 'emptyDir'
   - 'configMap'