docs: document optional "CAP_" prefix for capabilities

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 4e58c29513bd0e37b1a58c980593cddb5ab69c5d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 3d74f7ab489eeb6cfb28d3520d0046b7371c705b
Component: cli

Author: thaJeztah

components/cli/docs/reference/run.md

@@ -1332,13 +1332,21 @@ The next table shows the capabilities which are not granted by default and may b
 
 Further reference information is available on the [capabilities(7) - Linux man page](http://man7.org/linux/man-pages/man7/capabilities.7.html)
 
-Both flags support the value `ALL`, so if the
-operator wants to have all capabilities but `MKNOD` they could use:
+Both flags support the value `ALL`, so to allow a container to use all capabilities
+except for `MKNOD`:
 
 ```bash
 $ docker run --cap-add=ALL --cap-drop=MKNOD ...
 ```
 
+The `--cap-add` and `--cap-drop` flags accept capabilities to be specified with
+a `CAP_` prefix. The following examples are therefore equivalent:
+
+```bash
+$ docker run --cap-add=SYS_ADMIN ...
+$ docker run --cap-add=CAP_SYS_ADMIN ...
+```
+
 For interacting with the network stack, instead of using `--privileged` they
 should use `--cap-add=NET_ADMIN` to modify the network interfaces.