diff --git a/integration/dockerfiles/Dockerfile_test_issue_1837 b/integration/dockerfiles/Dockerfile_test_issue_1837
new file mode 100644
index 0000000000..1f6b066a23
--- /dev/null
+++ b/integration/dockerfiles/Dockerfile_test_issue_1837
@@ -0,0 +1,6 @@
+FROM registry.access.redhat.com/ubi8/ubi:8.2 AS BASE
+# Install ping
+RUN yum --disableplugin=subscription-manager install -y iputils
+
+FROM BASE
+RUN set -e && [ ! -z "$(getcap /bin/ping)" ] || exit 1
\ No newline at end of file
diff --git a/pkg/util/fs_util.go b/pkg/util/fs_util.go
index d5b472559f..7b3110b3da 100644
--- a/pkg/util/fs_util.go
+++ b/pkg/util/fs_util.go
@@ -334,6 +334,10 @@ func ExtractFile(dest string, hdr *tar.Header, tr io.Reader) error {
 			return err
 		}
 
+		if err = writeSecurityXattrToToFile(path, hdr); err != nil {
+			return err
+		}
+
 		if err = setFileTimes(path, hdr.AccessTime, hdr.ModTime); err != nil {
 			return err
 		}
diff --git a/pkg/util/tar_util.go b/pkg/util/tar_util.go
index ba9dc8738c..3a87fc32df 100644
--- a/pkg/util/tar_util.go
+++ b/pkg/util/tar_util.go
@@ -30,6 +30,7 @@ import (
 
 	"github.com/GoogleContainerTools/kaniko/pkg/config"
 	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/system"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -76,6 +77,10 @@ func (t *Tar) AddFileToTar(p string) error {
 	if err != nil {
 		return err
 	}
+	err = readSecurityXattrToTarHeader(p, hdr)
+	if err != nil {
+		return err
+	}
 
 	if p == config.RootDir {
 		// allow entry for / to preserve permission changes etc. (currently ignored anyway by Docker runtime)
@@ -116,6 +121,41 @@ func (t *Tar) AddFileToTar(p string) error {
 	return nil
 }
 
+const (
+	securityCapabilityXattr = "security.capability"
+)
+
+// writeSecurityXattrToTarHeader writes security.capability
+// xattrs from a a tar header to filesystem
+func writeSecurityXattrToToFile(path string, hdr *tar.Header) error {
+	if hdr.Xattrs == nil {
+		hdr.Xattrs = make(map[string]string)
+	}
+	if capability, ok := hdr.Xattrs[securityCapabilityXattr]; ok {
+		err := system.Lsetxattr(path, securityCapabilityXattr, []byte(capability), 0)
+		if err != nil && !errors.Is(err, syscall.EOPNOTSUPP) && err != system.ErrNotSupportedPlatform {
+			return errors.Wrapf(err, "failed to write %q attribute to %q", securityCapabilityXattr, path)
+		}
+	}
+	return nil
+}
+
+// readSecurityXattrToTarHeader reads security.capability
+// xattrs from filesystem to a tar header
+func readSecurityXattrToTarHeader(path string, hdr *tar.Header) error {
+	if hdr.Xattrs == nil {
+		hdr.Xattrs = make(map[string]string)
+	}
+	capability, err := system.Lgetxattr(path, securityCapabilityXattr)
+	if err != nil && !errors.Is(err, syscall.EOPNOTSUPP) && err != system.ErrNotSupportedPlatform {
+		return errors.Wrapf(err, "failed to read %q attribute from %q", securityCapabilityXattr, path)
+	}
+	if capability != nil {
+		hdr.Xattrs[securityCapabilityXattr] = string(capability)
+	}
+	return nil
+}
+
 func (t *Tar) Whiteout(p string) error {
 	dir := filepath.Dir(p)
 	name := ".wh." + filepath.Base(p)