diff --git a/doc/operation.rst b/doc/operation.rst
index dec7c96cc7fd9d87677989b1c93c271ed8107e22..fd0d587c597896d2f8548b0dd5046aa976ea2b82 100644
--- a/doc/operation.rst
+++ b/doc/operation.rst
@@ -1113,11 +1113,13 @@ Pre-requisites
   And insert these lines::
 
     [Service]
-    CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_RESOURCE
-    AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_RESOURCE
+    CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SYS_RESOURCE
+    AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SYS_RESOURCE
 
   The `CAP_SYS_RESOURCE` is needed on Linux < 5.11.
 
+  All the capabilities are dropped upon the service is started.
+
 Optimizations
 -------------