Comment 2 for bug 1572648

Recently we needed to allow a process to bind to a socket in the privilege rage 1-1024, it either requires root priv for this process or you can add capability net_bind_service to the container where this process runs. With Docker version 1.10 and higher, adding capabilities gets blocked by default to actually enable it you need to change default security profile. This is done by using security option for docker container. Please let me know if you have more questions.
Serguei