diff --git a/integration/dockerfiles/Dockerfile_test_issue_1837 b/integration/dockerfiles/Dockerfile_test_issue_1837
new file mode 100644
index 0000000000..fcee686822
--- /dev/null
+++ b/integration/dockerfiles/Dockerfile_test_issue_1837
@@ -0,0 +1,6 @@
+FROM registry.access.redhat.com/ubi8/ubi:8.2 AS BASE
+# Install ping
+RUN yum --disableplugin=subscription-manager install -y iputils
+
+FROM BASE
+RUN set -e && [ ! -z "$(getcap /usr/bin/ping)" ] || exit 1
\ No newline at end of file
diff --git a/pkg/util/tar_util.go b/pkg/util/tar_util.go
index ba9dc8738c..ca6ce929ce 100644
--- a/pkg/util/tar_util.go
+++ b/pkg/util/tar_util.go
@@ -30,6 +30,7 @@ import (
 
 	"github.com/GoogleContainerTools/kaniko/pkg/config"
 	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/system"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -76,6 +77,10 @@ func (t *Tar) AddFileToTar(p string) error {
 	if err != nil {
 		return err
 	}
+	err = readSecurityXattrToTarHeader(p, hdr)
+	if err != nil {
+		return err
+	}
 
 	if p == config.RootDir {
 		// allow entry for / to preserve permission changes etc. (currently ignored anyway by Docker runtime)
@@ -116,6 +121,23 @@ func (t *Tar) AddFileToTar(p string) error {
 	return nil
 }
 
+// readSecurityXattrToTarHeader reads security.capability
+// xattrs from filesystem to a tar header
+func readSecurityXattrToTarHeader(path string, hdr *tar.Header) error {
+	if hdr.Xattrs == nil {
+		hdr.Xattrs = make(map[string]string)
+	}
+	xattr := "security.capability"
+	capability, err := system.Lgetxattr(path, xattr)
+	if err != nil && !errors.Is(err, syscall.EOPNOTSUPP) && err != system.ErrNotSupportedPlatform {
+		return errors.Wrapf(err, "failed to read %q attribute from %q", xattr, path)
+	}
+	if capability != nil {
+		hdr.Xattrs[xattr] = string(capability)
+	}
+	return nil
+}
+
 func (t *Tar) Whiteout(p string) error {
 	dir := filepath.Dir(p)
 	name := ".wh." + filepath.Base(p)