diff --git a/parser/capability.h b/parser/capability.h
index 7cb5a2f89..7d1b7a291 100644
--- a/parser/capability.h
+++ b/parser/capability.h
@@ -42,6 +42,7 @@ void capabilities_init(void);
 void __debug_capabilities(uint64_t capset, const char *name);
 bool add_cap_feature_mask(struct aa_features *features, capability_flags flags);
 void clear_cap_flag(capability_flags flags);
-
+int capability_backmap(unsigned int cap);
+bool capability_in_kernel(unsigned int cap);
 
 #endif /* __AA_CAPABILITY_H */
diff --git a/parser/parser_misc.c b/parser/parser_misc.c
index 39cb1aae8..5b81add54 100644
--- a/parser/parser_misc.c
+++ b/parser/parser_misc.c
@@ -220,6 +220,21 @@ struct capability_table *find_cap_entry_by_name(const char *name)
 	return NULL;
 }
 
+struct capability_table *find_cap_entry_by_num(unsigned int cap)
+{
+	int i;
+
+	for (i = 0; cap_table[i].name; i++) {
+		PDEBUG("Checking %d %d\n",  cap, cap_table[i].cap);
+		if (cap == cap_table[i].cap) {
+			PDEBUG("Found %d %d\n", cap, cap_table[i].cap);
+			return &cap_table[i];
+		}
+	}
+
+	return NULL;
+}
+
 /* don't mark up str with \0 */
 static const char *strn_token(const char *str, size_t &len)
 {
@@ -343,16 +358,37 @@ int name_to_capability(const char *cap)
 
 const char *capability_to_name(unsigned int cap)
 {
-	int i;
+	struct capability_table *ent;
 
-	for (i = 0; cap_table[i].name; i++) {
-		if (cap_table[i].cap == cap)
-			return cap_table[i].name;
-	}
+	ent = find_cap_entry_by_num(cap);
+	if (ent)
+		return ent->name;
 
 	return "invalid-capability";
 }
 
+int capability_backmap(unsigned int cap)
+{
+	struct capability_table *ent;
+
+	ent = find_cap_entry_by_num(cap);
+	if (ent)
+		return ent->backmap;
+
+	return NO_BACKMAP_CAP;
+}
+
+bool capability_in_kernel(unsigned int cap)
+{
+	struct capability_table *ent;
+
+	ent = find_cap_entry_by_num(cap);
+	if (ent)
+		return ent->flags & CAPFLAG_KERNEL_FEATURE;
+
+	return false;
+}
+
 void __debug_capabilities(uint64_t capset, const char *name)
 {
 	unsigned int i;
diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y
index d4904e1b2..7a8c2cac7 100644
--- a/parser/parser_yacc.y
+++ b/parser/parser_yacc.y
@@ -1605,10 +1605,15 @@ capability:	TOK_CAPABILITY caps TOK_END_OF_RULE
 caps: { /* nothing */ $$ = 0; }
 	| caps TOK_ID
 	{
-		int cap = name_to_capability($2);
+		int backmap, cap = name_to_capability($2);
 		if (cap == -1)
 			yyerror(_("Invalid capability %s."), $2);
 		free($2);
+		backmap = capability_backmap(cap);
+		if (backmap != NO_BACKMAP_CAP && !capability_in_kernel(cap)) {
+			/* TODO: special backmap warning */
+			cap = backmap;
+		}
 		$$ = $1 | CAP_TO_MASK(cap);
 	}