diff --git a/docs/CONTAINER_INTERFACE.md b/docs/CONTAINER_INTERFACE.md
index cb7719557fd..72f6f4dc7ec 100644
--- a/docs/CONTAINER_INTERFACE.md
+++ b/docs/CONTAINER_INTERFACE.md
@@ -403,9 +403,9 @@ its user to 2 (to effectively disallow `fork()`ing) you cannot run more than
 one Avahi instance on the entire system...
 
 People have been asking to be able to run systemd without `CAP_SYS_ADMIN` and
-`CAP_SYS_MKNOD` in the container. This is now supported to some level in
+`CAP_MKNOD` in the container. This is now supported to some level in
 systemd, but we recommend against it (see above). If `CAP_SYS_ADMIN` and
-`CAP_SYS_MKNOD` are missing from the container systemd will now gracefully turn
+`CAP_MKNOD` are missing from the container systemd will now gracefully turn
 off `PrivateTmp=`, `PrivateNetwork=`, `ProtectHome=`, `ProtectSystem=` and
 others, because those capabilities are required to implement these options. The
 services using these settings (which include many of systemd's own) will hence