diff --git a/dangerzone/container.py b/dangerzone/container.py
index 7323fc1..4a67857 100644
--- a/dangerzone/container.py
+++ b/dangerzone/container.py
@@ -82,6 +82,8 @@ def convert(input_filename, output_filename, ocr_lang, stdout_callback):
         platform_args = []
         security_args = ["--security-opt", "no-new-privileges"]
 
+    # drop all linux kernel capabilities
+    security_args += ["--cap-drop", "all"]
 
 
     # Convert document to pixels