diff --git a/pkg/server/container_start.go b/pkg/server/container_start.go
index 0a4ecf2d2..42c8eea33 100644
--- a/pkg/server/container_start.go
+++ b/pkg/server/container_start.go
@@ -467,14 +467,15 @@ func setOCICapabilities(g *generate.Generator, capabilities *runtime.Capability,
 		return nil
 	}
 
+	// Capabilities in CRI doesn't have `CAP_` prefix, so add it.
 	for _, c := range capabilities.GetAddCapabilities() {
-		if err := g.AddProcessCapability(c); err != nil {
+		if err := g.AddProcessCapability("CAP_" + c); err != nil {
 			return err
 		}
 	}
 
 	for _, c := range capabilities.GetDropCapabilities() {
-		if err := g.DropProcessCapability(c); err != nil {
+		if err := g.DropProcessCapability("CAP_" + c); err != nil {
 			return err
 		}
 	}
diff --git a/pkg/server/container_start_test.go b/pkg/server/container_start_test.go
index 101cfceb7..6fbf0dc63 100644
--- a/pkg/server/container_start_test.go
+++ b/pkg/server/container_start_test.go
@@ -77,8 +77,8 @@ func getStartContainerTestData() (*runtime.ContainerConfig, *runtime.PodSandboxC
 			},
 			SecurityContext: &runtime.LinuxContainerSecurityContext{
 				Capabilities: &runtime.Capability{
-					AddCapabilities:  []string{"CAP_SYS_ADMIN"},
-					DropCapabilities: []string{"CAP_CHOWN"},
+					AddCapabilities:  []string{"SYS_ADMIN"},
+					DropCapabilities: []string{"CHOWN"},
 				},
 				SupplementalGroups: []int64{1111, 2222},
 			},