diff --git a/cmd/hepto.go b/cmd/hepto.go
index bceea92877e14af4ab1e5848ee1b8c3c8c1bcbdc..1044f73d6666ddcd843d264a1cd149a5867076cd 100644
--- a/cmd/hepto.go
+++ b/cmd/hepto.go
@@ -29,9 +29,9 @@ func main() {
 		// mount with very simple very formatted arguments in that order:
 		//   mount -t tmpfs -o size=1234 /src /dst
 		err = unix.Mount(os.Args[5], os.Args[6], os.Args[2], 0, os.Args[4])
-  } else if bin == "umount" {
-    // Same for umount
-    err = unix.Unmount(os.Args[1], 0)
+	} else if bin == "umount" {
+		// Same for umount
+		err = unix.Unmount(os.Args[1], 0)
 	} else if bin == "containerd" || (len(os.Args) > 1 && os.Args[1] == "publish") {
 		// Containerd is also available under hepto name, guess based on
 		// call arguments
diff --git a/cmd/hepto/defaults.go b/cmd/hepto/defaults.go
index d2a0aefbc0a29e02c61368df4ec6972a81b98904..c3c3a312797d7c848ec1a028e435189b5ee1bb03 100644
--- a/cmd/hepto/defaults.go
+++ b/cmd/hepto/defaults.go
@@ -37,7 +37,9 @@ var additionalCapabilities = []string{
 	"CAP_MKNOD",
 	"CAP_AUDIT_WRITE",
 	"CAP_SETFCAP",
-	"CAP_FSETID",
+	// Required for some services including Cilium
+	"CAP_IPC_LOCK",
+	"CAP_SYS_MODULE",
 }
 
 // Required devices for kubernetes