@@ -78,6 +78,10 @@ func (daemon *Daemon) SystemInfo() (*types.Info, error) {

 	if selinuxEnabled() {

 		securityOptions = append(securityOptions, "selinux")

 	}

+	uid, gid := daemon.GetRemappedUIDGID()

+	if uid != 0 || gid != 0 {

+		securityOptions = append(securityOptions, "userns")

+	}

 	v := &types.Info{

 		ID:                 daemon.ID,

@@ -161,7 +161,7 @@ This section lists each version from latest to oldest.  Each listing includes a

 * `POST /networks/prune` prunes unused networks.

 * Every API response now includes a `Docker-Experimental` header specifying if experimental features are enabled (value can be `true` or `false`).

 * The `hostConfig` option now accepts the fields `CpuRealtimePeriod` and `CpuRtRuntime` to allocate cpu runtime to rt tasks when `CONFIG_RT_GROUP_SCHED` is enabled in the kernel.

-

+* The `SecurityOptions` field within the `GET /info` response now includes `userns` if user namespaces are enabled in the daemon.

 ### v1.24 API changes

@@ -2507,7 +2507,8 @@ Display system-wide information

         "SecurityOptions": [

             "apparmor",

             "seccomp",

-            "selinux"

+            "selinux",

+            "userns"

         ],

         "ServerVersion": "1.9.0",

         "SwapLimit": false,

@@ -986,6 +986,11 @@ If you have a group that doesn't match the username, you may provide the `gid`

 or group name as well; otherwise the username will be used as the group name

 when querying the system for the subordinate group ID range.

+The output of `docker info` can be used to determine if the daemon is running

+with user namespaces enabled or not. If the daemon is configured with user

+namespaces, the Security Options entry in the response will list "userns" as

+one of the enabled security features.

+

 ### Detailed information on `subuid`/`subgid` ranges

 Given potential advanced use of the subordinate ID ranges by power users, the