diff --git a/internal/cri/server/service.go b/internal/cri/server/service.go
index b4e3ff0f9..37d66f07e 100644
--- a/internal/cri/server/service.go
+++ b/internal/cri/server/service.go
@@ -156,6 +156,8 @@ type criService struct {
 	sandboxService sandboxService
 	// runtimeHandlers contains runtime handler info
 	runtimeHandlers []*runtime.RuntimeHandler
+	// runtimeFeatures container runtime features info
+	runtimeFeatures *runtime.RuntimeFeatures
 }
 
 type CRIServiceOptions struct {
@@ -244,6 +246,10 @@ func NewCRIService(options *CRIServiceOptions) (CRIService, runtime.RuntimeServi
 		return nil, nil, fmt.Errorf("failed to introspect runtime handlers: %w", err)
 	}
 
+	c.runtimeFeatures = &runtime.RuntimeFeatures{
+		SupplementalGroupsPolicy: true,
+	}
+
 	return c, c, nil
 }
 
diff --git a/internal/cri/server/status.go b/internal/cri/server/status.go
index fa327ad86..4c47d1d2b 100644
--- a/internal/cri/server/status.go
+++ b/internal/cri/server/status.go
@@ -58,6 +58,7 @@ func (c *criService) Status(ctx context.Context, r *runtime.StatusRequest) (*run
 			networkCondition,
 		}},
 		RuntimeHandlers: c.runtimeHandlers,
+		Features:        c.runtimeFeatures,
 	}
 	if r.Verbose {
 		configByt, err := json.Marshal(c.config)