diff --git a/components/cli/docs/reference/commandline/login.md b/components/cli/docs/reference/commandline/login.md
index 9d47ad3b9d..3ebeec3d41 100644
--- a/components/cli/docs/reference/commandline/login.md
+++ b/components/cli/docs/reference/commandline/login.md
@@ -60,7 +60,7 @@ $ cat ~/my_password.txt | docker login --username foo --password-stdin
 `docker login` requires user to use `sudo` or be `root`, except when:
 
 1.  connecting to a remote daemon, such as a `docker-machine` provisioned `docker engine`.
-2.  user is added to the `docker` group.  This will impact the security of your system; the `docker` group is `root` equivalent.  See [Docker Daemon Attack Surface](https://docs.docker.com/security/security/#docker-daemon-attack-surface) for details.
+2.  user is added to the `docker` group.  This will impact the security of your system; the `docker` group is `root` equivalent.  See [Docker Daemon Attack Surface](https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface) for details.
 
 You can log into any public or private repository for which you have
 credentials.  When you log in, the command stores credentials in
diff --git a/components/cli/docs/reference/run.md b/components/cli/docs/reference/run.md
index 66bd878b19..b65504b62b 100644
--- a/components/cli/docs/reference/run.md
+++ b/components/cli/docs/reference/run.md
@@ -1198,8 +1198,8 @@ The next table shows the capabilities which are not granted by default and may b
 | SYS_TIME        | Set system clock (settimeofday(2), stime(2), adjtimex(2)); set real-time (hardware) clock.                      |
 | SYS_TTY_CONFIG  | Use vhangup(2); employ various privileged ioctl(2) operations on virtual terminals.                             |
 | AUDIT_CONTROL   | Enable and disable kernel auditing; change auditing filter rules; retrieve auditing status and filtering rules. |
-| MAC_OVERRIDE    | Allow MAC configuration or state changes. Implemented for the Smack LSM.                                        |
-| MAC_ADMIN       | Override Mandatory Access Control (MAC). Implemented for the Smack Linux Security Module (LSM).                 |
+| MAC_ADMIN       | Allow MAC configuration or state changes. Implemented for the Smack LSM.                                        |
+| MAC_OVERRIDE    | Override Mandatory Access Control (MAC). Implemented for the Smack Linux Security Module (LSM).                 |
 | NET_ADMIN       | Perform various network-related operations.                                                                     |
 | SYSLOG          | Perform privileged syslog(2) operations.                                                                        |
 | DAC_READ_SEARCH | Bypass file read permission checks and directory read and execute permission checks.                            |