diff --git a/cluster/saltbase/pillar/privilege.sls b/cluster/saltbase/pillar/privilege.sls
new file mode 100644
index 00000000000..a007a410d27
--- /dev/null
+++ b/cluster/saltbase/pillar/privilege.sls
@@ -0,0 +1,2 @@
+# If true, allow privileged containers to be created by API
+allow_privileged: false
diff --git a/cluster/saltbase/pillar/top.sls b/cluster/saltbase/pillar/top.sls
index 463168c7233..c50c4f4725d 100644
--- a/cluster/saltbase/pillar/top.sls
+++ b/cluster/saltbase/pillar/top.sls
@@ -2,3 +2,4 @@ base:
   '*':
     - mine
     - common
+    - privilege
diff --git a/cluster/saltbase/salt/apiserver/default b/cluster/saltbase/salt/apiserver/default
index 43fad7b141d..2ce80f8e617 100644
--- a/cluster/saltbase/salt/apiserver/default
+++ b/cluster/saltbase/salt/apiserver/default
@@ -52,4 +52,4 @@
 {% endif %}
 {% endif %}
 
-DAEMON_ARGS="{{daemon_args}} {{address}} {{machines}} {{etcd_servers}} {{ minion_regexp }} {{ cloud_provider }}"
+DAEMON_ARGS="{{daemon_args}} {{address}} {{machines}} {{etcd_servers}} {{ minion_regexp }} {{ cloud_provider }} --allow_privileged {{pillars['allow_privileged']}}"
diff --git a/cluster/saltbase/salt/kubelet/default b/cluster/saltbase/salt/kubelet/default
index c5395c42db2..3048a077128 100644
--- a/cluster/saltbase/salt/kubelet/default
+++ b/cluster/saltbase/salt/kubelet/default
@@ -16,4 +16,5 @@
   {% set hostname_override = " -hostname_override=" + grains.minion_ip %}
 {% endif %}
 
-DAEMON_ARGS="{{daemon_args}} {{etcd_servers}} {{hostname_override}} {{address}} {{config}}"
+
+DAEMON_ARGS="{{daemon_args}} {{etcd_servers}} {{hostname_override}} {{address}} {{config}} --allow_privileged {{pillars['allow_privileged']}}"