!50 Run: add linux capability for run command

Merge pull request !50 from holyfei/master

!50 Run: add linux capability for run command
Merge pull request !50 from holyfei/master
df2c1730 · openeuler-ci-bot · Gitee · bccd9c07 · de9b6731 · df2c1730
10 changed file
--- a/api/services/control.pb.go
+++ b/api/services/control.pb.go
@@ -75,7 +75,9 @@ type BuildRequest struct {
 	// encryptKey is key to encrypt items in buildArgs
 	EncryptKey string `protobuf:"bytes,10,opt,name=encryptKey,proto3" json:"encryptKey,omitempty"`
 	// additionalTag is the tag applied to the built image
-	AdditionalTag        string   `protobuf:"bytes,11,opt,name=additionalTag,proto3" json:"additionalTag,omitempty"`
+	AdditionalTag string `protobuf:"bytes,11,opt,name=additionalTag,proto3" json:"additionalTag,omitempty"`
+	// capAddList indicates Linux capabilities for RUN command
+	CapAddList           []string `protobuf:"bytes,12,rep,name=capAddList,proto3" json:"capAddList,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -182,6 +184,13 @@ func (m *BuildRequest) GetAdditionalTag() string {
 	return ""
 }

+func (m *BuildRequest) GetCapAddList() []string {
+	if m != nil {
+		return m.CapAddList
+	}
+	return nil
+}
+
 type ImportRequest struct {
 	// reference is reference of the import image
 	Reference string `protobuf:"bytes,1,opt,name=reference,proto3" json:"reference,omitempty"`
@@ -1524,94 +1533,95 @@ func init() {
 func init() { proto.RegisterFile("api/services/control.proto", fileDescriptor_d71ef680555cb937) }

 var fileDescriptor_d71ef680555cb937 = []byte{
-	// 1391 bytes of a gzipped FileDescriptorProto
+	// 1403 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x56, 0x6d, 0x6f, 0xdb, 0xb6,
-	0x13, 0xff, 0xcb, 0x72, 0xec, 0xe4, 0x64, 0xbb, 0x01, 0xff, 0x45, 0x26, 0xb8, 0x69, 0xeb, 0x69,
+	0x13, 0xff, 0xcb, 0x72, 0x9c, 0xe4, 0xe4, 0xa4, 0x01, 0xff, 0x45, 0x26, 0xb8, 0x69, 0xeb, 0x69,
 	0xc5, 0xe0, 0x75, 0x80, 0x93, 0x66, 0x7d, 0xb1, 0x0e, 0xeb, 0xb0, 0x3c, 0xb4, 0x9d, 0xd7, 0xd6,
-	0xc1, 0x14, 0xaf, 0x7b, 0x59, 0xb0, 0x36, 0xa3, 0x10, 0x91, 0x44, 0x8d, 0xa4, 0xd2, 0x7a, 0xfb,
-	0x1a, 0x7b, 0x33, 0x60, 0xfb, 0x44, 0xfb, 0x02, 0xfb, 0x1e, 0xfb, 0x02, 0x03, 0x29, 0xea, 0xc1,
-	0x96, 0xd3, 0xee, 0x1d, 0xef, 0x77, 0x77, 0xe4, 0x3d, 0xf1, 0xee, 0xa0, 0x8f, 0x13, 0xba, 0x27,
-	0x08, 0xbf, 0xa2, 0x33, 0x22, 0xf6, 0x66, 0x2c, 0x96, 0x9c, 0x85, 0xa3, 0x84, 0x33, 0xc9, 0x50,
-	0x8f, 0x8a, 0x34, 0xc4, 0xa3, 0x37, 0x29, 0x0d, 0xe7, 0xa3, 0xab, 0x07, 0xfd, 0x5b, 0x01, 0x63,
-	0x41, 0x48, 0xf6, 0x34, 0xf7, 0x4d, 0x7a, 0xbe, 0x47, 0xa2, 0x44, 0x2e, 0x32, 0xe1, 0xfe, 0xdd,
-	0x55, 0xa6, 0xa4, 0x11, 0x11, 0x12, 0x47, 0x49, 0x26, 0xe0, 0xfd, 0xd3, 0x80, 0xce, 0x91, 0xba,
-	0xca, 0x27, 0x3f, 0xa7, 0x44, 0x48, 0xb4, 0x0b, 0x5b, 0xfa, 0xea, 0xe9, 0x22, 0x21, 0xae, 0x35,
-	0xb0, 0x86, 0x5b, 0x7e, 0x09, 0x20, 0x17, 0xda, 0x9a, 0x18, 0x9f, 0xb8, 0x0d, 0xcd, 0xcb, 0x49,
-	0x74, 0x07, 0x40, 0xd9, 0x49, 0xde, 0xc9, 0x13, 0xca, 0x5d, 0x5b, 0x33, 0x2b, 0x08, 0x1a, 0x80,
-	0x73, 0x4e, 0x43, 0x72, 0xac, 0x90, 0x58, 0xba, 0x4d, 0x2d, 0x50, 0x85, 0xd0, 0x0e, 0xb4, 0x58,
-	0x2a, 0x93, 0x54, 0xba, 0x1b, 0x9a, 0x69, 0xa8, 0xc2, 0xa2, 0x43, 0x1e, 0x08, 0xb7, 0x35, 0xb0,
-	0x0b, 0x8b, 0x14, 0x80, 0x6e, 0xc2, 0x46, 0xc2, 0xd9, 0xbb, 0x85, 0xdb, 0x1e, 0x58, 0xc3, 0x4d,
-	0x3f, 0x23, 0x94, 0x9d, 0x94, 0xce, 0xd5, 0xed, 0xee, 0x66, 0x66, 0xa7, 0x21, 0xd1, 0x63, 0x70,
-	0xb4, 0xf2, 0x99, 0xc4, 0x92, 0xce, 0xdc, 0xad, 0x81, 0x35, 0x74, 0x0e, 0x6e, 0x8d, 0x96, 0x83,
-	0x3a, 0x3a, 0x2a, 0x45, 0xfc, 0xaa, 0xbc, 0x72, 0x93, 0xc4, 0x33, 0xbe, 0x48, 0xe4, 0x73, 0xb2,
-	0x70, 0x21, 0x73, 0xb3, 0x44, 0xd0, 0x3d, 0xe8, 0xe2, 0xf9, 0x9c, 0x4a, 0xca, 0x62, 0x1c, 0x4e,
-	0x71, 0xe0, 0x3a, 0x5a, 0x64, 0x19, 0xf4, 0x0e, 0xa1, 0x3b, 0x8e, 0x12, 0xc6, 0x65, 0x25, 0xea,
-	0x9c, 0x9c, 0x13, 0x4e, 0xe2, 0x59, 0x11, 0xf5, 0x02, 0x40, 0x08, 0x9a, 0x73, 0x2c, 0xb1, 0x0e,
-	0x79, 0xc7, 0xd7, 0x67, 0xcf, 0x83, 0x5e, 0x7e, 0x85, 0x48, 0x58, 0x2c, 0x08, 0xda, 0x06, 0x3b,
-	0x64, 0x81, 0xd1, 0x56, 0x47, 0xef, 0x19, 0x38, 0x15, 0x47, 0xd0, 0x97, 0x79, 0x6a, 0x69, 0x94,
-	0x3d, 0xe2, 0x1c, 0xf4, 0x47, 0x59, 0x81, 0x8c, 0xf2, 0x02, 0x19, 0x4d, 0xf3, 0x02, 0xf1, 0x4b,
-	0x61, 0xef, 0x31, 0x74, 0x4d, 0x91, 0x98, 0xb7, 0x54, 0x7c, 0x23, 0x1c, 0x90, 0xf1, 0x89, 0x79,
-	0x2f, 0x27, 0xd7, 0xda, 0xfa, 0x19, 0x74, 0x95, 0x09, 0xa9, 0xc8, 0xdd, 0xad, 0x94, 0x91, 0xb5,
-	0x54, 0x46, 0xde, 0x7d, 0xe8, 0xe5, 0xa2, 0xe5, 0x53, 0x33, 0x53, 0x34, 0x46, 0xd6, 0x90, 0xde,
-	0xe7, 0xe0, 0xbc, 0xa0, 0xa2, 0x1a, 0x43, 0x6d, 0xc4, 0x04, 0x47, 0x45, 0x0c, 0x0b, 0xc0, 0x7b,
-	0x08, 0x30, 0xc5, 0x41, 0x2e, 0x7b, 0x13, 0x36, 0x34, 0xcb, 0xc8, 0x65, 0x84, 0x8a, 0xa0, 0xc4,
-	0x81, 0xa9, 0x6c, 0x75, 0xf4, 0xfe, 0xb2, 0xa0, 0x93, 0xbd, 0x61, 0xac, 0xf9, 0x06, 0x5a, 0x5a,
-	0x56, 0xb8, 0xd6, 0xc0, 0x1e, 0x3a, 0x07, 0x9f, 0xae, 0x56, 0x4e, 0x55, 0x7a, 0x34, 0xd6, 0x41,
-	0x89, 0xcf, 0x99, 0x6f, 0xb4, 0xfa, 0xbf, 0xc2, 0x56, 0x01, 0xaa, 0x62, 0xe2, 0x24, 0x61, 0x82,
-	0x4a, 0xc6, 0x17, 0xc6, 0x94, 0x0a, 0x52, 0xb7, 0x07, 0xf5, 0xa0, 0x41, 0xe7, 0xe6, 0x77, 0x35,
-	0xe8, 0x5c, 0x07, 0x87, 0x13, 0x2c, 0xc9, 0xdc, 0xfc, 0xa8, 0x9c, 0x54, 0x79, 0x10, 0xf4, 0x17,
-	0x62, 0xfe, 0x92, 0x3e, 0x7b, 0x7f, 0x5a, 0x70, 0xe3, 0x15, 0xe1, 0x82, 0xb2, 0xb8, 0x1a, 0xde,
-	0xab, 0x0c, 0xca, 0xc3, 0x6b, 0x48, 0x15, 0xcf, 0x80, 0x19, 0x71, 0x63, 0x43, 0x09, 0x68, 0x2e,
-	0x95, 0xc7, 0x2c, 0x8a, 0xa8, 0x34, 0x06, 0x95, 0x40, 0xd9, 0x45, 0x54, 0xa9, 0x35, 0xab, 0x5d,
-	0x84, 0x46, 0x44, 0xff, 0x74, 0x71, 0xc8, 0x67, 0x17, 0xc5, 0x4f, 0xd7, 0x94, 0xf7, 0x03, 0x74,
-	0x7d, 0x12, 0xb1, 0x2b, 0x52, 0xa9, 0x93, 0xb2, 0xcc, 0xec, 0x6a, 0x99, 0x6d, 0x83, 0x8d, 0xc3,
-	0x50, 0x9b, 0xb5, 0xe9, 0xab, 0x63, 0xd6, 0x08, 0xd2, 0x98, 0x68, 0x63, 0x74, 0x23, 0x48, 0x63,
-	0x95, 0xf6, 0x5e, 0x7e, 0xa5, 0x71, 0xd8, 0x83, 0x4e, 0x88, 0x17, 0x84, 0xbf, 0x24, 0x42, 0x94,
-	0x15, 0xb0, 0x84, 0x79, 0x7f, 0x58, 0xf0, 0xff, 0xef, 0x08, 0x0e, 0xe5, 0xc5, 0xf1, 0x05, 0x99,
-	0x5d, 0x16, 0xba, 0x63, 0x68, 0x09, 0x5d, 0x9d, 0x5a, 0xab, 0x77, 0xf0, 0x60, 0x35, 0xfb, 0x6b,
-	0x94, 0x46, 0x67, 0xaa, 0x8f, 0xc7, 0x81, 0x29, 0x6b, 0x73, 0x81, 0xf7, 0x15, 0x74, 0x97, 0x18,
-	0xc8, 0x81, 0xf6, 0x8f, 0x93, 0xe7, 0x93, 0xd3, 0x9f, 0x26, 0xdb, 0xff, 0x53, 0xc4, 0xd9, 0x13,
-	0xff, 0xd5, 0x78, 0xf2, 0x6c, 0xdb, 0x42, 0x37, 0xc0, 0x99, 0x9c, 0x4e, 0x5f, 0xe7, 0x40, 0xc3,
-	0x4b, 0xa0, 0xf3, 0x82, 0x05, 0x34, 0xce, 0xc3, 0xb4, 0x03, 0x2d, 0x35, 0x2c, 0x08, 0x37, 0xce,
-	0x18, 0x0a, 0xf5, 0x61, 0x33, 0x15, 0x84, 0xc7, 0xea, 0x43, 0x64, 0x09, 0x2c, 0x68, 0xc5, 0x4b,
-	0xb0, 0x10, 0x6f, 0x19, 0xcf, 0xeb, 0xa9, 0xa0, 0x55, 0x70, 0x2f, 0xc9, 0xc2, 0xe4, 0x4d, 0x1d,
-	0xd5, 0x0f, 0x36, 0x2f, 0x7e, 0xf0, 0x57, 0x3e, 0xd2, 0xa2, 0x2c, 0x95, 0x1f, 0xb2, 0xae, 0x96,
-	0x42, 0x6f, 0x08, 0xbd, 0x5c, 0xd5, 0x3c, 0xb3, 0x03, 0x2d, 0x4e, 0x44, 0x1a, 0xe6, 0xaf, 0x18,
-	0xca, 0xfb, 0x18, 0x9c, 0x17, 0x0c, 0x17, 0x43, 0x0b, 0x41, 0x33, 0xc1, 0xf2, 0xc2, 0x08, 0xe9,
-	0xb3, 0x37, 0x50, 0x41, 0xc2, 0xf3, 0xf7, 0xb4, 0xc7, 0x53, 0x70, 0xce, 0x70, 0x59, 0x6c, 0xeb,
-	0x7b, 0x42, 0x7e, 0x75, 0xa3, 0xbc, 0x5a, 0x7b, 0x84, 0xaf, 0x54, 0x55, 0xda, 0xc6, 0x23, 0x4d,
-	0x79, 0x0f, 0xa1, 0x93, 0x5d, 0x68, 0x9e, 0xcc, 0x7b, 0xa1, 0x55, 0xf6, 0xc2, 0xdc, 0x8c, 0x46,
-	0x69, 0xc6, 0x02, 0xda, 0x2f, 0x49, 0x74, 0xa2, 0x98, 0x7d, 0xd8, 0x8c, 0x48, 0x34, 0x65, 0x12,
-	0x87, 0x5a, 0xc9, 0xf6, 0x0b, 0x5a, 0x45, 0x3c, 0x22, 0xd1, 0x53, 0x4e, 0xb2, 0x5c, 0xda, 0x7e,
-	0x4e, 0xaa, 0xcf, 0x26, 0xde, 0xe2, 0x24, 0x53, 0xb3, 0x35, 0xaf, 0x04, 0xd4, 0x9d, 0x8a, 0xd0,
-	0x8a, 0xcd, 0xec, 0xce, 0x9c, 0xf6, 0x5e, 0x83, 0x73, 0x26, 0x19, 0xc7, 0x01, 0xd1, 0xcf, 0xdf,
-	0x83, 0xae, 0x30, 0x24, 0xa7, 0x65, 0xc2, 0x96, 0x41, 0x74, 0x1f, 0xb6, 0x0d, 0x70, 0x84, 0x67,
-	0x97, 0x34, 0x0e, 0x9e, 0x0a, 0xe3, 0x4e, 0x0d, 0xf7, 0x7e, 0xb3, 0xa0, 0xe3, 0x93, 0x80, 0x0a,
-	0xc9, 0x17, 0xfa, 0x89, 0xfb, 0xb0, 0xcd, 0x33, 0x9a, 0x12, 0x71, 0x46, 0xb0, 0x6a, 0x02, 0xd9,
-	0xd7, 0xae, 0xe1, 0x68, 0x04, 0xa8, 0xc4, 0xc6, 0xb1, 0x20, 0xb3, 0x94, 0x2b, 0xe7, 0x95, 0xf4,
-	0x1a, 0x0e, 0x1a, 0xc2, 0x8d, 0x12, 0x3d, 0x0a, 0xd9, 0xec, 0xd2, 0xb5, 0xb5, 0xf0, 0x2a, 0xec,
-	0xfd, 0xdd, 0x80, 0x8e, 0x6e, 0xcb, 0x79, 0xa6, 0x1e, 0xe8, 0xe0, 0x2a, 0xc8, 0x0c, 0xc6, 0x8f,
-	0x56, 0x7f, 0xb6, 0x49, 0x91, 0x9f, 0xcb, 0xa9, 0x45, 0xc2, 0xb8, 0xab, 0xd5, 0x1a, 0xeb, 0x17,
-	0x89, 0x4a, 0x78, 0xfd, 0xaa, 0x3c, 0xfa, 0x16, 0x3a, 0xc6, 0xaa, 0x85, 0xd6, 0xb7, 0xb5, 0xfe,
-	0xee, 0xaa, 0x7e, 0x35, 0x78, 0xfe, 0x92, 0x86, 0x4a, 0xac, 0xaa, 0x28, 0x9f, 0xb1, 0x7c, 0x9d,
-	0x2a, 0x68, 0x55, 0x2c, 0x3c, 0x8d, 0x35, 0x2b, 0x6b, 0xb1, 0x39, 0xa9, 0x66, 0xce, 0xe9, 0xf1,
-	0xd8, 0x4f, 0x63, 0xb5, 0x09, 0xba, 0xad, 0x6c, 0xe6, 0x94, 0x88, 0xe2, 0xeb, 0xc7, 0x09, 0x9f,
-	0xa4, 0x91, 0x5e, 0xaa, 0x6c, 0xbf, 0x82, 0x28, 0x7e, 0xc0, 0x7c, 0x96, 0x4a, 0x1a, 0x13, 0xa1,
-	0x97, 0x2b, 0xdb, 0xaf, 0x20, 0x07, 0xbf, 0xb7, 0xa1, 0x7d, 0x9c, 0x2d, 0xac, 0xe8, 0x29, 0x6c,
-	0xe8, 0xb5, 0x01, 0xed, 0xae, 0xdd, 0xaf, 0xcc, 0xc7, 0xeb, 0xdf, 0xbe, 0x86, 0x9b, 0xe5, 0x66,
-	0xdf, 0x52, 0x6d, 0xd7, 0x34, 0xc9, 0xdb, 0xf5, 0xf8, 0x56, 0xf6, 0x8a, 0xfe, 0x9d, 0xeb, 0xd8,
-	0xc5, 0x55, 0x87, 0xd0, 0x54, 0x13, 0x1a, 0xdd, 0x5a, 0x3f, 0xb7, 0xb3, 0x6b, 0x76, 0xdf, 0x37,
-	0xd4, 0xd1, 0x11, 0xb4, 0xf3, 0x21, 0xb8, 0x53, 0x5b, 0x9f, 0x9e, 0xa8, 0xe5, 0xbb, 0x7f, 0x77,
-	0xf5, 0x82, 0xd5, 0xa9, 0x3b, 0x86, 0x56, 0x36, 0x96, 0xea, 0x1e, 0x2d, 0x4d, 0xc0, 0xba, 0x47,
-	0xcb, 0xd3, 0x6c, 0xdf, 0x42, 0xdf, 0x83, 0x53, 0x99, 0x3a, 0xd7, 0x9a, 0xf4, 0xc9, 0x7f, 0x18,
-	0x55, 0xe8, 0x04, 0x36, 0x74, 0x9b, 0xaf, 0x27, 0xac, 0x3a, 0x6f, 0xea, 0x09, 0x5b, 0x9e, 0x0d,
-	0xcf, 0xa0, 0x95, 0xb5, 0x71, 0xb4, 0x4e, 0xb0, 0x9c, 0x0c, 0x75, 0xe7, 0x56, 0xba, 0xff, 0x31,
-	0x34, 0x55, 0x0b, 0x5f, 0x93, 0xac, 0xb2, 0xf7, 0xaf, 0x49, 0x56, 0xa5, 0xeb, 0xef, 0x5b, 0xe8,
-	0x39, 0xb4, 0xb2, 0x45, 0xb9, 0x6e, 0xcd, 0xd2, 0x0e, 0x5e, 0xb7, 0x66, 0x79, 0xbf, 0x1e, 0x5a,
-	0xfb, 0x16, 0x7a, 0x04, 0xf6, 0x14, 0x07, 0xa8, 0xbf, 0x2a, 0x5a, 0xae, 0x96, 0xfd, 0x6b, 0x12,
-	0xa0, 0x9c, 0x51, 0xc3, 0xa1, 0xee, 0x4c, 0x65, 0x06, 0xd5, 0x9d, 0xa9, 0xce, 0x93, 0x7d, 0x0b,
-	0x7d, 0x0d, 0x4d, 0xfd, 0xf7, 0xaf, 0xcb, 0x72, 0x4d, 0xbf, 0xda, 0xe5, 0xde, 0xb4, 0xb4, 0xf4,
-	0x17, 0xff, 0x06, 0x00, 0x00, 0xff, 0xff, 0x0c, 0x91, 0x25, 0xc2, 0x5f, 0x0e, 0x00, 0x00,
+	0xc1, 0x94, 0xac, 0x7b, 0x59, 0xb0, 0x36, 0xa3, 0x10, 0x91, 0x44, 0x8d, 0xa4, 0xd2, 0x7a, 0xfb,
+	0x18, 0xdb, 0x9b, 0x01, 0xdb, 0x27, 0xda, 0x17, 0xd8, 0xc7, 0x19, 0x48, 0x91, 0x92, 0x6c, 0x39,
+	0xed, 0xde, 0xf1, 0x7e, 0x77, 0x47, 0xde, 0x13, 0xef, 0x0e, 0x7a, 0x38, 0xa3, 0xbb, 0x82, 0xf0,
+	0x2b, 0x3a, 0x21, 0x62, 0x77, 0xc2, 0x52, 0xc9, 0x59, 0x3c, 0xcc, 0x38, 0x93, 0x0c, 0x6d, 0x52,
+	0x91, 0xc7, 0x78, 0xf8, 0x26, 0xa7, 0xf1, 0x74, 0x78, 0xf5, 0xa0, 0x77, 0x2b, 0x62, 0x2c, 0x8a,
+	0xc9, 0xae, 0xe6, 0xbe, 0xc9, 0xcf, 0x77, 0x49, 0x92, 0xc9, 0x59, 0x21, 0xdc, 0xbb, 0xbb, 0xc8,
+	0x94, 0x34, 0x21, 0x42, 0xe2, 0x24, 0x2b, 0x04, 0x82, 0xdf, 0x5c, 0xe8, 0x1e, 0xaa, 0xab, 0x42,
+	0xf2, 0x73, 0x4e, 0x84, 0x44, 0x3b, 0xb0, 0xae, 0xaf, 0x3e, 0x9b, 0x65, 0xc4, 0x77, 0xfa, 0xce,
+	0x60, 0x3d, 0xac, 0x00, 0xe4, 0xc3, 0xaa, 0x26, 0x46, 0xc7, 0x7e, 0x4b, 0xf3, 0x2c, 0x89, 0xee,
+	0x00, 0x28, 0x3b, 0xc9, 0x3b, 0x79, 0x4c, 0xb9, 0xef, 0x6a, 0x66, 0x0d, 0x41, 0x7d, 0xf0, 0xce,
+	0x69, 0x4c, 0x8e, 0x14, 0x92, 0x4a, 0xbf, 0xad, 0x05, 0xea, 0x10, 0xda, 0x86, 0x0e, 0xcb, 0x65,
+	0x96, 0x4b, 0x7f, 0x45, 0x33, 0x0d, 0x55, 0x5a, 0x74, 0xc0, 0x23, 0xe1, 0x77, 0xfa, 0x6e, 0x69,
+	0x91, 0x02, 0xd0, 0x4d, 0x58, 0xc9, 0x38, 0x7b, 0x37, 0xf3, 0x57, 0xfb, 0xce, 0x60, 0x2d, 0x2c,
+	0x08, 0x65, 0x27, 0xa5, 0x53, 0x75, 0xbb, 0xbf, 0x56, 0xd8, 0x69, 0x48, 0xf4, 0x18, 0x3c, 0xad,
+	0x7c, 0x2a, 0xb1, 0xa4, 0x13, 0x7f, 0xbd, 0xef, 0x0c, 0xbc, 0xfd, 0x5b, 0xc3, 0xf9, 0xa0, 0x0e,
+	0x0f, 0x2b, 0x91, 0xb0, 0x2e, 0xaf, 0xdc, 0x24, 0xe9, 0x84, 0xcf, 0x32, 0xf9, 0x9c, 0xcc, 0x7c,
+	0x28, 0xdc, 0xac, 0x10, 0x74, 0x0f, 0x36, 0xf0, 0x74, 0x4a, 0x25, 0x65, 0x29, 0x8e, 0xcf, 0x70,
+	0xe4, 0x7b, 0x5a, 0x64, 0x1e, 0xd4, 0xc1, 0xc2, 0xd9, 0xc1, 0x74, 0xfa, 0x82, 0x0a, 0xe9, 0x77,
+	0xb5, 0x4f, 0x35, 0x24, 0x38, 0x80, 0x8d, 0x51, 0x92, 0x31, 0x2e, 0x6b, 0x59, 0xe1, 0xe4, 0x9c,
+	0x70, 0x92, 0x4e, 0xca, 0xac, 0x94, 0x00, 0x42, 0xd0, 0x9e, 0x62, 0x89, 0x75, 0x4a, 0xba, 0xa1,
+	0x3e, 0x07, 0x01, 0x6c, 0xda, 0x2b, 0x44, 0xc6, 0x52, 0x41, 0xd0, 0x16, 0xb8, 0x31, 0x8b, 0x8c,
+	0xb6, 0x3a, 0x06, 0xcf, 0xc0, 0xab, 0x39, 0x8a, 0xbe, 0xb4, 0xa9, 0xa7, 0x49, 0xf1, 0x88, 0xb7,
+	0xdf, 0x1b, 0x16, 0x05, 0x34, 0xb4, 0x05, 0x34, 0x3c, 0xb3, 0x05, 0x14, 0x56, 0xc2, 0xc1, 0x63,
+	0xd8, 0x30, 0x45, 0x64, 0xde, 0x52, 0xf1, 0x4f, 0x70, 0x44, 0x46, 0xc7, 0xe6, 0x3d, 0x4b, 0x2e,
+	0xb5, 0xf5, 0x33, 0xd8, 0x50, 0x26, 0xe4, 0xc2, 0xba, 0x5b, 0x2b, 0x33, 0x67, 0xae, 0xcc, 0x82,
+	0xfb, 0xb0, 0x69, 0x45, 0xab, 0xa7, 0x26, 0xa6, 0xa8, 0x8c, 0xac, 0x21, 0x83, 0xcf, 0xc1, 0x53,
+	0xd1, 0xac, 0xc5, 0x50, 0x1b, 0x31, 0xc6, 0x49, 0x19, 0xc3, 0x12, 0x08, 0x1e, 0x02, 0x9c, 0xe1,
+	0xc8, 0xca, 0xde, 0x84, 0x15, 0xcd, 0x32, 0x72, 0x05, 0xa1, 0x22, 0x28, 0x71, 0x64, 0x2a, 0x5f,
+	0x1d, 0x83, 0xbf, 0x1d, 0xe8, 0x16, 0x6f, 0x18, 0x6b, 0xbe, 0x81, 0x8e, 0x96, 0x15, 0xbe, 0xd3,
+	0x77, 0x07, 0xde, 0xfe, 0xa7, 0x8b, 0x95, 0x55, 0x97, 0x1e, 0x8e, 0x74, 0x50, 0xd2, 0x73, 0x16,
+	0x1a, 0xad, 0xde, 0xaf, 0xb0, 0x5e, 0x82, 0xaa, 0x4c, 0x38, 0xc9, 0x98, 0xa0, 0x92, 0xf1, 0x99,
+	0x31, 0xa5, 0x86, 0x34, 0xed, 0x41, 0x9b, 0xd0, 0xa2, 0x53, 0xf3, 0xfb, 0x5a, 0x74, 0xaa, 0x83,
+	0xc3, 0x09, 0x96, 0x64, 0x6a, 0x7e, 0x9c, 0x25, 0x55, 0x1e, 0x04, 0xfd, 0x85, 0x98, 0xbf, 0xa6,
+	0xcf, 0xc1, 0x5f, 0x0e, 0xdc, 0x78, 0x45, 0xb8, 0xa0, 0x2c, 0xad, 0x87, 0xf7, 0xaa, 0x80, 0x6c,
+	0x78, 0x0d, 0xa9, 0xe2, 0x19, 0x31, 0x23, 0x6e, 0x6c, 0xa8, 0x00, 0xcd, 0xa5, 0xf2, 0x88, 0x25,
+	0x09, 0x95, 0xc6, 0xa0, 0x0a, 0xa8, 0xba, 0x8c, 0x2a, 0xb5, 0x76, 0xbd, 0xcb, 0xd0, 0x84, 0xe8,
+	0x4e, 0x20, 0x0e, 0xf8, 0xe4, 0xa2, 0xec, 0x04, 0x9a, 0x0a, 0x7e, 0x80, 0x8d, 0x90, 0x24, 0xec,
+	0x8a, 0xd4, 0xea, 0xa4, 0x2a, 0x33, 0xb7, 0x5e, 0x66, 0x5b, 0xe0, 0xe2, 0x38, 0xd6, 0x66, 0xad,
+	0x85, 0xea, 0x58, 0x34, 0x8a, 0x3c, 0x25, 0xda, 0x18, 0xdd, 0x28, 0xf2, 0x54, 0xa5, 0x7d, 0xd3,
+	0x5e, 0x69, 0x1c, 0x0e, 0xa0, 0x1b, 0xe3, 0x19, 0xe1, 0x2f, 0x89, 0x10, 0x55, 0x05, 0xcc, 0x61,
+	0xc1, 0x9f, 0x0e, 0xfc, 0xff, 0x3b, 0x82, 0x63, 0x79, 0x71, 0x74, 0x41, 0x26, 0x97, 0xa5, 0xee,
+	0x08, 0x3a, 0x42, 0x57, 0xa7, 0xd6, 0xda, 0xdc, 0x7f, 0xb0, 0x98, 0xfd, 0x25, 0x4a, 0xc3, 0x53,
+	0xd5, 0xe7, 0xd3, 0xc8, 0x94, 0xb5, 0xb9, 0x20, 0xf8, 0x0a, 0x36, 0xe6, 0x18, 0xc8, 0x83, 0xd5,
+	0x1f, 0xc7, 0xcf, 0xc7, 0x27, 0x3f, 0x8d, 0xb7, 0xfe, 0xa7, 0x88, 0xd3, 0x27, 0xe1, 0xab, 0xd1,
+	0xf8, 0xd9, 0x96, 0x83, 0x6e, 0x80, 0x37, 0x3e, 0x39, 0x7b, 0x6d, 0x81, 0x56, 0x90, 0x41, 0xf7,
+	0x05, 0x8b, 0x68, 0x6a, 0xc3, 0xb4, 0x0d, 0x1d, 0x35, 0x4c, 0x08, 0x37, 0xce, 0x18, 0x0a, 0xf5,
+	0x60, 0x2d, 0x17, 0x84, 0xa7, 0xea, 0x43, 0x14, 0x09, 0x2c, 0x69, 0xc5, 0xcb, 0xb0, 0x10, 0x6f,
+	0x19, 0xb7, 0xf5, 0x54, 0xd2, 0x2a, 0xb8, 0x97, 0x64, 0x66, 0xf2, 0xa6, 0x8e, 0xea, 0x07, 0x9b,
+	0x17, 0x3f, 0xf8, 0x2b, 0x1f, 0x69, 0x51, 0x96, 0xcb, 0x0f, 0x59, 0xd7, 0x48, 0x61, 0x30, 0x80,
+	0x4d, 0xab, 0x6a, 0x9e, 0xd9, 0x86, 0x0e, 0x27, 0x22, 0x8f, 0xed, 0x2b, 0x86, 0x0a, 0x3e, 0x06,
+	0xef, 0x05, 0xc3, 0xe5, 0x50, 0x43, 0xd0, 0xce, 0xb0, 0xbc, 0x30, 0x42, 0xfa, 0x1c, 0xf4, 0x55,
+	0x90, 0xf0, 0xf4, 0x3d, 0xed, 0xf1, 0x04, 0xbc, 0x53, 0x5c, 0x15, 0xdb, 0xf2, 0x9e, 0x60, 0xaf,
+	0x6e, 0x55, 0x57, 0x6b, 0x8f, 0xf0, 0x95, 0xaa, 0x4a, 0xd7, 0x78, 0xa4, 0xa9, 0xe0, 0x21, 0x74,
+	0x8b, 0x0b, 0xcd, 0x93, 0xb6, 0x17, 0x3a, 0x55, 0x2f, 0xb4, 0x66, 0xb4, 0x2a, 0x33, 0x66, 0xb0,
+	0xfa, 0x92, 0x24, 0xc7, 0x8a, 0xd9, 0x83, 0xb5, 0x84, 0x24, 0x67, 0x4c, 0xe2, 0x58, 0x2b, 0xb9,
+	0x61, 0x49, 0xab, 0x88, 0x27, 0x24, 0x79, 0xca, 0x49, 0x91, 0x4b, 0x37, 0xb4, 0xa4, 0xfa, 0x6c,
+	0xe2, 0x2d, 0xce, 0x0a, 0x35, 0x57, 0xf3, 0x2a, 0x40, 0xdd, 0xa9, 0x08, 0xad, 0xd8, 0x2e, 0xee,
+	0xb4, 0x74, 0xf0, 0x1a, 0xbc, 0x53, 0xc9, 0x38, 0x8e, 0x88, 0x7e, 0xfe, 0x1e, 0x6c, 0x08, 0x43,
+	0x72, 0x5a, 0x25, 0x6c, 0x1e, 0x44, 0xf7, 0x61, 0xcb, 0x00, 0x87, 0x78, 0x72, 0x49, 0xd3, 0xe8,
+	0xa9, 0x30, 0xee, 0x34, 0xf0, 0xe0, 0x77, 0x07, 0xba, 0x21, 0x89, 0xa8, 0x90, 0x7c, 0xa6, 0x9f,
+	0xb8, 0x0f, 0x5b, 0xbc, 0xa0, 0x29, 0x11, 0xa7, 0x04, 0xab, 0x26, 0x50, 0x7c, 0xed, 0x06, 0x8e,
+	0x86, 0x80, 0x2a, 0x6c, 0x94, 0x0a, 0x32, 0xc9, 0xb9, 0x72, 0x5e, 0x49, 0x2f, 0xe1, 0xa0, 0x01,
+	0xdc, 0xa8, 0xd0, 0xc3, 0x98, 0x4d, 0x2e, 0x7d, 0x57, 0x0b, 0x2f, 0xc2, 0xc1, 0x3f, 0x2d, 0xe8,
+	0xea, 0xb6, 0x6c, 0x33, 0xf5, 0x40, 0x07, 0x57, 0x41, 0x66, 0x30, 0x7e, 0xb4, 0xf8, 0xb3, 0x4d,
+	0x8a, 0x42, 0x2b, 0xa7, 0x16, 0x0d, 0xe3, 0xae, 0x56, 0x6b, 0x2d, 0x5f, 0x34, 0x6a, 0xe1, 0x0d,
+	0xeb, 0xf2, 0xe8, 0x5b, 0xe8, 0x1a, 0xab, 0x66, 0x5a, 0xdf, 0xd5, 0xfa, 0x3b, 0x8b, 0xfa, 0xf5,
+	0xe0, 0x85, 0x73, 0x1a, 0x2a, 0xb1, 0xaa, 0xa2, 0x42, 0xc6, 0xec, 0xba, 0x55, 0xd2, 0xaa, 0x58,
+	0x78, 0x9e, 0x6a, 0x56, 0xd1, 0x62, 0x2d, 0xa9, 0x66, 0xce, 0xc9, 0xd1, 0x28, 0xcc, 0x53, 0xb5,
+	0x29, 0xfa, 0x9d, 0x62, 0xe6, 0x54, 0x88, 0xe2, 0xeb, 0xc7, 0x09, 0x1f, 0xe7, 0x89, 0x5e, 0xba,
+	0xdc, 0xb0, 0x86, 0x28, 0x7e, 0xc4, 0x42, 0x96, 0x4b, 0x9a, 0x12, 0xa1, 0x97, 0x2f, 0x37, 0xac,
+	0x21, 0xfb, 0x7f, 0xac, 0xc2, 0xea, 0x51, 0xb1, 0xd0, 0xa2, 0xa7, 0xb0, 0xa2, 0xd7, 0x06, 0xb4,
+	0xb3, 0x74, 0xff, 0x32, 0x1f, 0xaf, 0x77, 0xfb, 0x1a, 0x6e, 0x91, 0x9b, 0x3d, 0x47, 0xb5, 0x5d,
+	0xd3, 0x24, 0x6f, 0x37, 0xe3, 0x5b, 0xdb, 0x2b, 0x7a, 0x77, 0xae, 0x63, 0x97, 0x57, 0x1d, 0x40,
+	0x5b, 0x4d, 0x68, 0x74, 0x6b, 0xf9, 0xdc, 0x2e, 0xae, 0xd9, 0x79, 0xdf, 0x50, 0x47, 0x87, 0xb0,
+	0x6a, 0x87, 0xe0, 0x76, 0x63, 0x7d, 0x7a, 0xa2, 0x96, 0xf3, 0xde, 0xdd, 0xc5, 0x0b, 0x16, 0xa7,
+	0xee, 0x08, 0x3a, 0xc5, 0x58, 0x6a, 0x7a, 0x34, 0x37, 0x01, 0x9b, 0x1e, 0xcd, 0x4f, 0xb3, 0x3d,
+	0x07, 0x7d, 0x0f, 0x5e, 0x6d, 0xea, 0x5c, 0x6b, 0xd2, 0x27, 0xff, 0x61, 0x54, 0xa1, 0x63, 0x58,
+	0xd1, 0x6d, 0xbe, 0x99, 0xb0, 0xfa, 0xbc, 0x69, 0x26, 0x6c, 0x7e, 0x36, 0x3c, 0x83, 0x4e, 0xd1,
+	0xc6, 0xd1, 0x32, 0xc1, 0x6a, 0x32, 0x34, 0x9d, 0x5b, 0xe8, 0xfe, 0x47, 0xd0, 0x56, 0x2d, 0x7c,
+	0x49, 0xb2, 0xaa, 0xde, 0xbf, 0x24, 0x59, 0xb5, 0xae, 0xbf, 0xe7, 0xa0, 0xe7, 0xd0, 0x29, 0x16,
+	0xe5, 0xa6, 0x35, 0x73, 0x3b, 0x78, 0xd3, 0x9a, 0xf9, 0xfd, 0x7a, 0xe0, 0xec, 0x39, 0xe8, 0x11,
+	0xb8, 0x6a, 0xbf, 0xef, 0x2d, 0x8a, 0x56, 0xab, 0x65, 0xef, 0x9a, 0x04, 0x28, 0x67, 0xd4, 0x70,
+	0x68, 0x3a, 0x53, 0x9b, 0x41, 0x4d, 0x67, 0xea, 0xf3, 0x64, 0xcf, 0x41, 0x5f, 0x43, 0x5b, 0xff,
+	0xfd, 0xeb, 0xb2, 0xdc, 0xd0, 0xaf, 0x77, 0xb9, 0x37, 0x1d, 0x2d, 0xfd, 0xc5, 0xbf, 0x01, 0x00,
+	0x00, 0xff, 0xff, 0x85, 0xc5, 0x39, 0xca, 0x7f, 0x0e, 0x00, 0x00,
 }

 // Reference imports to suppress errors if they are not otherwise used.

--- a/api/services/control.proto
+++ b/api/services/control.proto
@@ -69,6 +69,8 @@ message BuildRequest {
    string encryptKey = 10;
    // additionalTag is the tag applied to the built image
    string additionalTag = 11;
+    // capAddList indicates Linux capabilities for RUN command
+    repeated string capAddList = 12;
 }

 message ImportRequest {

--- a/builder/dockerfile/builder.go
+++ b/builder/dockerfile/builder.go
@@ -49,6 +49,7 @@ type BuildOptions struct {
 	File          string
 	Iidfile       string
 	Output        []string
+	CapAddList    []string
 	ProxyFlag     bool
 	Tag           string
 	AdditionalTag string
@@ -98,10 +99,17 @@ func NewBuilder(ctx context.Context, store store.Store, req *pb.BuildRequest, ru
 		return nil, errors.Wrap(err, "parse build-arg failed")
 	}

+	for _, c := range req.GetCapAddList() {
+		if !util.CheckCap(c) {
+			return nil, errors.Errorf("cap %v is invalid", c)
+		}
+	}
+
 	b.buildOpts = BuildOptions{
 		ContextDir: req.GetContextDir(),
 		File:       req.GetFileContent(),
 		BuildArgs:  args,
+		CapAddList: req.GetCapAddList(),
 		ProxyFlag:  req.GetProxy(),
 		Iidfile:    req.GetIidfile(),
 	}

--- a/builder/dockerfile/run.go
+++ b/builder/dockerfile/run.go
@@ -131,6 +131,13 @@ func (c *cmdBuilder) setupRuntimeSpec(command []string) (*specs.Spec, error) {
 		g.AddLinuxReadonlyPaths(rp)
 	}

+	// add capability
+	for _, cap := range c.stage.builder.buildOpts.CapAddList {
+		if aerr := g.AddProcessCapability(cap); aerr != nil {
+			return nil, errors.Wrapf(aerr, "runner: add process capability %v failed", cap)
+		}
+	}
+
 	return g.Config, nil
 }


--- a/builder/dockerfile/run_test.go
+++ b/builder/dockerfile/run_test.go
@@ -130,7 +130,8 @@ func TestSetupRuntimeSpec(t *testing.T) {
 	sb := &stageBuilder{
 		builder: &Builder{
 			buildOpts: BuildOptions{
-				ProxyFlag: true,
+				ProxyFlag:  true,
+				CapAddList: []string{"CAP_SYS_ADMIN", "CAP_SYS_PTRACE"},
 			},
 		},
 		mountpoint: "/isulatest/mountpoint",
@@ -167,6 +168,84 @@ func TestSetupRuntimeSpec(t *testing.T) {
 	assert.Equal(t, spec.Linux.ReadonlyPaths[0], "/proc/asound")
 }

+func TestSetupRuntimeSpecWithCaps(t *testing.T) {
+	sb := &stageBuilder{
+		builder: &Builder{
+			buildOpts: BuildOptions{},
+		},
+		docker: &docker.Image{
+			V1Image: docker.V1Image{
+				Config: &docker.Config{},
+			},
+		},
+	}
+	cb := newCmdBuilder(context.Background(), &parser.Line{}, sb, nil, nil)
+
+	tests := []struct {
+		name    string
+		caps    []string
+		isErr   bool
+	}{
+		{
+			name: "1 cap null",
+			caps: []string{},
+		},
+		{
+			name: "2 cap valid 1",
+			caps: []string{"CAP_SYS_ADMIN"},
+		},
+		{
+			name: "3 cap valid 2",
+			caps: []string{"CAP_SYS_ADMIN", "CAP_CHOWN"},
+		},
+		{
+			name:  "4 cap invalid 1",
+			caps:  []string{"CAP_weeq", "CAP_CHOWN"},
+			isErr: true,
+		},
+		{
+			name:  "5 cap invalid 2",
+			caps:  []string{"CAP_ffffff", "CAP_CHOWNkkkk123"},
+			isErr: true,
+		},
+		{
+			name:  "6 cap invalid 3",
+			caps:  []string{"CAP_SYS_ADMINsss", "CAP_CHOWN123"},
+			isErr: true,
+		},
+		{
+			name:  "7 cap invalid 4",
+			caps:  []string{"12345"},
+			isErr: true,
+		},
+		{
+			name:  "8 cap invalid 5",
+			caps:  []string{"cap_sys"},
+			isErr: true,
+		},
+		{
+			name:  "9 cap invalid 6",
+			caps:  []string{"sys_admin"},
+			isErr: true,
+		},
+		{
+			name:  "10 cap invalid 7",
+			caps:  []string{"  "},
+			isErr: true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			cb.stage.builder.buildOpts.CapAddList = tt.caps
+			_, err := cb.setupRuntimeSpec(nil)
+			if tt.isErr {
+				assert.ErrorContains(t, err, "failed")
+			}
+		})
+	}
+}
+
 func contains(envs []string, env string) bool {
 	for _, i := range envs {
 		if i == env {

--- a/cmd/cli/build.go
+++ b/cmd/cli/build.go
@@ -44,6 +44,7 @@ type buildOptions struct {
 	file          string
 	output        string
 	buildArgs     []string
+	capAddList    []string
 	encryptKey    string
 	contextDir    string
 	buildID       string
@@ -110,6 +111,7 @@ func NewBuildCmd() *cobra.Command {
 	buildCmd.PersistentFlags().BoolVarP(&buildOpts.proxyFlag, "proxy", "", true, "Inherit proxy environment variables from host")
 	buildCmd.PersistentFlags().VarP(&buildOpts.buildStatic, "build-static", "", "Static build with the given option")
 	buildCmd.PersistentFlags().StringArrayVar(&buildOpts.buildArgs, "build-arg", []string{}, "Arguments used during build time")
+	buildCmd.PersistentFlags().StringArrayVar(&buildOpts.capAddList, "cap-add", []string{}, "Add Linux capabilities for RUN command")
 	buildCmd.PersistentFlags().StringVar(&buildOpts.imageIDFile, "iidfile", "", "Write image ID to the file")
 	buildCmd.PersistentFlags().StringVarP(&buildOpts.additionalTag, "tag", "", "", "Add tag to the built image")

@@ -271,6 +273,12 @@ func runBuild(ctx context.Context, cli Cli) (string, error) {
 		imageIDFilePath string
 	)

+	for _, c := range buildOpts.capAddList {
+		if !util.CheckCap(c) {
+			return "", errors.Errorf("cap %v is invalid", c)
+		}
+	}
+
 	if dest, isIsulad, err = checkAndProcessOutput(); err != nil {
 		return "", err
 	}
@@ -295,6 +303,7 @@ func runBuild(ctx context.Context, cli Cli) (string, error) {
 		BuildType:     constant.BuildContainerImageType,
 		BuildID:       buildOpts.buildID,
 		BuildArgs:     buildOpts.buildArgs,
+		CapAddList:    buildOpts.capAddList,
 		EncryptKey:    buildOpts.encryptKey,
 		ContextDir:    buildOpts.contextDir,
 		FileContent:   content,

--- a/cmd/cli/build_test.go
+++ b/cmd/cli/build_test.go
@@ -559,3 +559,60 @@ func TestGetAbsPath(t *testing.T) {
 		})
 	}
 }
+
+func TestRunBuildWithCap(t *testing.T) {
+	tests := []struct {
+		name    string
+		caps    []string
+		isErr   bool
+		wantErr bool
+	}{
+		{
+			name: "1 cap null",
+			caps: []string{},
+		},
+		{
+			name: "2 cap valid 1",
+			caps: []string{"CAP_SYS_ADMIN"},
+		},
+		{
+			name: "3 cap valid 2",
+			caps: []string{"CAP_SYS_ADMIN", "CAP_CHOWN"},
+		},
+		{
+			name:  "4 cap invalid 1",
+			caps:  []string{"CAP_SYS_ADMINsss", "CAP_CHOWN"},
+			isErr: true,
+		},
+		{
+			name:  "5 cap invalid 2",
+			caps:  []string{"CAP_SY2123", "CAP_CHOWN"},
+			isErr: true,
+		},
+		{
+			name:  "6 cap invalid 3",
+			caps:  []string{"CAP_SYS_ADMINsss", "CAP_CHOWN123"},
+			isErr: true,
+		},
+	}
+	dockerfile := `
+		FROM busybox:latest
+		RUN echo hello world
+		`
+	tmpDir := fs.NewDir(t, t.Name(), fs.WithFile("Dockerfile", dockerfile))
+	defer tmpDir.Remove()
+	buildOpts.file = tmpDir.Join("Dockerfile")
+	mockBuild := newMockDaemon()
+	ctx := context.Background()
+	cli := newMockClient(&mockGrpcClient{imageBuildFunc: mockBuild.build})
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			buildOpts.capAddList = tt.caps
+			_, err := runBuild(ctx, &cli)
+			if tt.isErr {
+				assert.ErrorContains(t, err, "is invalid")
+			}
+		})
+	}
+}
--- a/cmd/cli/save_test.go
+++ b/cmd/cli/save_test.go
@@ -55,11 +55,11 @@ func TestRunSave(t *testing.T) {
 			wantErr: true,
 		},
 		{
-			name:    "TC3 - normal case with relative path",
-			path:    fmt.Sprintf("./%s", tmpDir.Path()),
-			args:    []string{"testImage"},
+			name: "TC3 - normal case with relative path",
+			path: fmt.Sprintf("./%s", tmpDir.Path()),
+			args: []string{"testImage"},
 			// err here because cli will try to remove saved tar and it found there is no file to remove
-			wantErr: true,
+			wantErr:   true,
 			errString: "save image failed",
 		},
 		{

--- a/doc/usage.md
+++ b/doc/usage.md
@@ -14,6 +14,7 @@
            * [-o, --output](#-o---output)
            * [--proxy](#--proxy)
            * [--tag](#--tag)
+            * [--cap-add](#--cap-add)
        * [Viewing a Local Persistent Image](#viewing-a-local-persistent-image)
        * [Importing a Base Image from a Tarball](#importing-a-base-image-from-a-tarball)
        * [Saving a Local Persistent Image](#saving-a-local-persistent-image)
@@ -111,6 +112,7 @@ The build contains the following flags:
 - -o, --output: string, specifies the image export mode and path
 - --proxy: bool, which inherits the proxy environment variable on the host side. The default value is true
 - --tag: string, add tag to the built image
+- --cap-add: string slice, which is added in RUN command during the build process

 #### --build-arg

@@ -215,6 +217,14 @@ Usage:

 `isula-build ctr-img build --tag busybox:latest`

+#### --cap-add
+
+add Linux capabilities for RUN command
+
+Usage:
+
+`isula-build ctr-img build --cap-add CAP_SYS_ADMIN `
+
 ### Viewing a Local Persistent Image

 We can run the images command to view the image stored locally.

--- a/util/caps.go
+++ b/util/caps.go
+// Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+// isula-build licensed under the Mulan PSL v2.
+// You can use this software according to the terms and conditions of the Mulan PSL v2.
+// You may obtain a copy of Mulan PSL v2 at:
+//     http://license.coscl.org.cn/MulanPSL2
+// THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+// PURPOSE.
+// See the Mulan PSL v2 for more details.
+// Author: Feiyu Yang
+// Create: 2020-08-15
+// Description: This file provides check func for linux capability.
+
+package util
+
+import (
+	"strings"
+
+	"github.com/syndtr/gocapability/capability"
+)
+
+var caps map[string]capability.Cap
+
+func init() {
+	caps = make(map[string]capability.Cap)
+	for _, c := range capability.List() {
+		caps["CAP_"+strings.ToUpper(c.String())] = c
+	}
+}
+
+// CheckCap checks if cap is valid
+func CheckCap(c string) bool {
+	_, ok := caps[c]
+	return ok
+}