diff --git a/task/buildah-oci-ta/0.1/README.md b/task/buildah-oci-ta/0.1/README.md
index 6df7de9dfe..1532ef1682 100644
--- a/task/buildah-oci-ta/0.1/README.md
+++ b/task/buildah-oci-ta/0.1/README.md
@@ -11,6 +11,7 @@ When prefetch-dependencies task was activated it is using its artifacts to run b
 |BUILD_ARGS|Array of --build-arg values ("arg=value" strings)|[]|false|
 |BUILD_ARGS_FILE|Path to a file with build arguments, see https://www.mankier.com/1/buildah-build#--build-arg-file|""|false|
 |CACHI2_ARTIFACT|The Trusted Artifact URI pointing to the artifact with the prefetched dependencies.|""|false|
+|CAP_SYS_ADMIN|Determines if buildah should be invoked with --cap-add SYS_ADMIN|false|false|
 |COMMIT_SHA|The image is built from this commit.|""|false|
 |CONTEXT|Path to the directory to use as context.|.|false|
 |DOCKERFILE|Path to the Dockerfile to build.|./Dockerfile|false|
diff --git a/task/buildah-oci-ta/0.1/buildah-oci-ta.yaml b/task/buildah-oci-ta/0.1/buildah-oci-ta.yaml
index 65f856fa65..d0e98a673d 100644
--- a/task/buildah-oci-ta/0.1/buildah-oci-ta.yaml
+++ b/task/buildah-oci-ta/0.1/buildah-oci-ta.yaml
@@ -29,6 +29,11 @@ spec:
         the prefetched dependencies.
       type: string
       default: ""
+    - name: CAP_SYS_ADMIN
+      description: Determines if buildah should be invoked with --cap-add
+        SYS_ADMIN
+      type: string
+      default: "false"
     - name: COMMIT_SHA
       description: The image is built from this commit.
       type: string
@@ -139,6 +144,8 @@ spec:
         value: oci
       - name: BUILD_ARGS_FILE
         value: $(params.BUILD_ARGS_FILE)
+      - name: CAP_SYS_ADMIN
+        value: $(params.CAP_SYS_ADMIN)
       - name: CONTEXT
         value: $(params.CONTEXT)
       - name: DOCKERFILE
@@ -252,6 +259,10 @@ spec:
           BUILDAH_ARGS+=("--target=${TARGET_STAGE}")
         fi
 
+        if [ -n "${CAP_SYS_ADMIN}" ]; then
+          BUILDAH_ARGS+=("--cap-add=SYS_ADMIN")
+        fi
+
         if [ -n "${BUILD_ARGS_FILE}" ]; then
           BUILDAH_ARGS+=("--build-arg-file=$(pwd)/$SOURCE_CODE_DIR/${BUILD_ARGS_FILE}")
         fi
diff --git a/task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml b/task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml
index f1ef631b12..587a3fea0a 100644
--- a/task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml
+++ b/task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml
@@ -29,6 +29,10 @@ spec:
       dependencies.
     name: CACHI2_ARTIFACT
     type: string
+  - default: "false"
+    description: Determines if buildah should be invoked with --cap-add SYS_ADMIN
+    name: CAP_SYS_ADMIN
+    type: string
   - default: ""
     description: The image is built from this commit.
     name: COMMIT_SHA
@@ -123,6 +127,8 @@ spec:
       value: oci
     - name: BUILD_ARGS_FILE
       value: $(params.BUILD_ARGS_FILE)
+    - name: CAP_SYS_ADMIN
+      value: $(params.CAP_SYS_ADMIN)
     - name: CONTEXT
       value: $(params.CONTEXT)
     - name: DOCKERFILE
@@ -274,6 +280,10 @@ spec:
         BUILDAH_ARGS+=("--target=${TARGET_STAGE}")
       fi
 
+      if [ -n "${CAP_SYS_ADMIN}" ]; then
+        BUILDAH_ARGS+=("--cap-add=SYS_ADMIN")
+      fi
+
       if [ -n "${BUILD_ARGS_FILE}" ]; then
         BUILDAH_ARGS+=("--build-arg-file=$(pwd)/$SOURCE_CODE_DIR/${BUILD_ARGS_FILE}")
       fi
@@ -360,6 +370,7 @@ spec:
       ssh $SSH_ARGS "$SSH_HOST" $PORT_FORWARD podman  run $PODMAN_PORT_FORWARD \
        -e BUILDAH_FORMAT="$BUILDAH_FORMAT" \
        -e BUILD_ARGS_FILE="$BUILD_ARGS_FILE" \
+       -e CAP_SYS_ADMIN="$CAP_SYS_ADMIN" \
        -e CONTEXT="$CONTEXT" \
        -e DOCKERFILE="$DOCKERFILE" \
        -e ENTITLEMENT_SECRET="$ENTITLEMENT_SECRET" \
diff --git a/task/buildah-remote/0.1/buildah-remote.yaml b/task/buildah-remote/0.1/buildah-remote.yaml
index 31e7b33ea8..62fa928a2d 100644
--- a/task/buildah-remote/0.1/buildah-remote.yaml
+++ b/task/buildah-remote/0.1/buildah-remote.yaml
@@ -95,6 +95,10 @@ spec:
       data.
     name: caTrustConfigMapKey
     type: string
+  - default: "false"
+    description: Determines if buildah should be invoked with --cap-add SYS_ADMIN
+    name: CAP_SYS_ADMIN
+    type: string
   - description: The platform to build on
     name: PLATFORM
     type: string
@@ -144,6 +148,8 @@ spec:
       value: $(params.ENTITLEMENT_SECRET)
     - name: BUILD_ARGS_FILE
       value: $(params.BUILD_ARGS_FILE)
+    - name: CAP_SYS_ADMIN
+      value: $(params.CAP_SYS_ADMIN)
     - name: BUILDER_IMAGE
       value: quay.io/redhat-appstudio/buildah:v1.31.0@sha256:34f12c7b72ec2c28f1ded0c494b428df4791c909f1f174dd21b8ed6a57cf5ddb
     volumeMounts:
@@ -266,6 +272,10 @@ spec:
         BUILDAH_ARGS+=("--target=${TARGET_STAGE}")
       fi
 
+      if [ -n "${CAP_SYS_ADMIN}" ]; then
+        BUILDAH_ARGS+=("--cap-add=SYS_ADMIN")
+      fi
+
       if [ -n "${BUILD_ARGS_FILE}" ]; then
         BUILDAH_ARGS+=("--build-arg-file=$(pwd)/$SOURCE_CODE_DIR/${BUILD_ARGS_FILE}")
       fi
@@ -365,6 +375,7 @@ spec:
        -e PARAM_BUILDER_IMAGE="$PARAM_BUILDER_IMAGE" \
        -e ENTITLEMENT_SECRET="$ENTITLEMENT_SECRET" \
        -e BUILD_ARGS_FILE="$BUILD_ARGS_FILE" \
+       -e CAP_SYS_ADMIN="$CAP_SYS_ADMIN" \
        -e COMMIT_SHA="$COMMIT_SHA" \
        -v "$BUILD_DIR/workspaces/source:$(workspaces.source.path):Z" \
        -v "$BUILD_DIR/volumes/shared:/shared:Z" \
diff --git a/task/buildah/0.1/README.md b/task/buildah/0.1/README.md
index dde307fe08..7e7591e3b7 100644
--- a/task/buildah/0.1/README.md
+++ b/task/buildah/0.1/README.md
@@ -25,6 +25,7 @@ When prefetch-dependencies task was activated it is using its artifacts to run b
 |ENTITLEMENT_SECRET|Name of secret which contains the entitlement certificates|etc-pki-entitlement|false|
 |BUILD_ARGS|Array of --build-arg values ("arg=value" strings)|[]|false|
 |BUILD_ARGS_FILE|Path to a file with build arguments, see https://www.mankier.com/1/buildah-build#--build-arg-file|""|false|
+|CAP_SYS_ADMIN|Determines if buildah should be invoked with --cap-add SYS_ADMIN. May be forbidden by the SecurityContextConstraints.|"false"|false|
 
 ## Results
 |name|description|
diff --git a/task/buildah/0.1/buildah.yaml b/task/buildah/0.1/buildah.yaml
index 781f4e1dcf..c795b34d35 100644
--- a/task/buildah/0.1/buildah.yaml
+++ b/task/buildah/0.1/buildah.yaml
@@ -87,6 +87,10 @@ spec:
     type: string
     description: The name of the key in the ConfigMap that contains the CA bundle data.
     default: ca-bundle.crt
+  - name: CAP_SYS_ADMIN
+    description: Determines if buildah should be invoked with --cap-add SYS_ADMIN
+    type: string
+    default: "false"
 
   results:
   - description: Digest of the image just built
@@ -135,6 +139,8 @@ spec:
       value: $(params.ENTITLEMENT_SECRET)
     - name: BUILD_ARGS_FILE
       value: $(params.BUILD_ARGS_FILE)
+    - name: CAP_SYS_ADMIN
+      value: $(params.CAP_SYS_ADMIN)
 
   steps:
   - image: quay.io/redhat-appstudio/buildah:v1.31.0@sha256:34f12c7b72ec2c28f1ded0c494b428df4791c909f1f174dd21b8ed6a57cf5ddb
@@ -215,6 +221,10 @@ spec:
         BUILDAH_ARGS+=("--target=${TARGET_STAGE}")
       fi
 
+      if [ -n "${CAP_SYS_ADMIN}" ]; then
+        BUILDAH_ARGS+=("--cap-add=SYS_ADMIN")
+      fi
+
       if [ -n "${BUILD_ARGS_FILE}" ]; then
         BUILDAH_ARGS+=("--build-arg-file=$(pwd)/$SOURCE_CODE_DIR/${BUILD_ARGS_FILE}")
       fi