diff --git a/lib/ansible/modules/cloud/docker/docker.py b/lib/ansible/modules/cloud/docker/docker.py
index 09f428140b..32840a913e 100644
--- a/lib/ansible/modules/cloud/docker/docker.py
+++ b/lib/ansible/modules/cloud/docker/docker.py
@@ -297,7 +297,19 @@ options:
     required: false
     default: null
     version_added: "2.0"
-
+  cap_add:
+    description:
+      - Add capabilities for the container. Requires docker-py >= 0.5.0.
+    required: false
+    default: false
+    version_added: "2.0"
+  cap_drop:
+    description:
+      - Drop capabilities for the container. Requires docker-py >= 0.5.0.
+    required: false
+    default: false
+    aliases: []
+    version_added: "2.0"
 author:
     - "Cove Schneider (@cove)"
     - "Joshua Conner (@joshuaconner)"
@@ -556,6 +568,8 @@ class DockerManager(object):
             'log_driver': ((1, 2, 0), '1.18'),
             'host_config': ((0, 7, 0), '1.15'),
             'cpu_set': ((0, 6, 0), '1.14'),
+            'cap_add': ((0, 5, 0), '1.14'),
+            'cap_drop': ((0, 5, 0), '1.14'),
             # Clientside only
             'insecure_registry': ((0, 5, 0), '0.0')
             }
@@ -1326,7 +1340,8 @@ class DockerManager(object):
 
         optionals = {}
         for optional_param in ('dns', 'volumes_from', 'restart_policy',
-                'restart_policy_retry', 'pid', 'extra_hosts', 'log_driver'):
+                'restart_policy_retry', 'pid', 'extra_hosts', 'log_driver',
+                'cap_add', 'cap_drop'):
             optionals[optional_param] = self.module.params.get(optional_param)
 
         if optionals['dns'] is not None:
@@ -1361,6 +1376,14 @@ class DockerManager(object):
             log_config.type = optionals['log_driver']
             params['log_config'] = log_config
 
+        if optionals['cap_add'] is not None:
+            self.ensure_capability('cap_add')
+            params['cap_add'] = optionals['cap_add']
+
+        if optionals['cap_drop'] is not None:
+            self.ensure_capability('cap_drop')
+            params['cap_drop'] = optionals['cap_drop']
+
         return docker.utils.create_host_config(**params)
 
     def create_containers(self, count=1):
@@ -1626,6 +1649,8 @@ def main():
             insecure_registry = dict(default=False, type='bool'),
             log_driver      = dict(default=None, choices=['json-file', 'none', 'syslog']),
             cpu_set         = dict(default=None),
+            cap_add         = dict(default=None, type='list'),
+            cap_drop        = dict(default=None, type='list'),
         ),
         required_together = (
             ['tls_client_cert', 'tls_client_key'],