diff --git a/Dockerfile b/Dockerfile
index d8a3533..3b5754d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -5,8 +5,9 @@ RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o /go/bin/ping_expo
 
 FROM alpine:latest
 ENV CONFIG_FILE "/config/config.yml"
-RUN apk --no-cache add ca-certificates
+RUN apk --no-cache add ca-certificates libcap
 WORKDIR /app
 COPY --from=builder /go/bin/ping_exporter .
+RUN setcap cap_net_raw+ep /app/ping_exporter
 CMD ./ping_exporter --config.path $CONFIG_FILE
 EXPOSE 9427
diff --git a/README.md b/README.md
index aba4919..daf4c5f 100644
--- a/README.md
+++ b/README.md
@@ -146,6 +146,8 @@ On Linux systems `CAP_NET_RAW` is required to run `ping_exporter` as unprivilige
 # setcap cap_net_raw+ep /path/to/ping_exporter
 ```
 
+When run through a rootless Docker implementation on Linux, the flag `--cap-add=CAP_NET_RAW` should be added to the `docker run` invocation.
+
 ### Docker
 
 https://hub.docker.com/r/czerwonk/ping_exporter