Merge pull request #1724 from wking/no-pid-for-capability-lookup

libcontainer/capabilities_linux: Drop os.Getpid() call

libcontainer/capabilities_linux.go

@@ -4,7 +4,6 @@ package libcontainer
 
 import (
 	"fmt"
-	"os"
 	"strings"
 
 	"github.com/opencontainers/runc/libcontainer/configs"
@@ -72,7 +71,7 @@ func newContainerCapList(capConfig *configs.Capabilities) (*containerCapabilitie
 		}
 		ambient = append(ambient, v)
 	}
-	pid, err := capability.NewPid(os.Getpid())
+	pid, err := capability.NewPid(0)
 	if err != nil {
 		return nil, err
 	}

libcontainer/container_linux.go

@@ -1804,7 +1804,7 @@ func (c *linuxContainer) bootstrapData(cloneFlags uintptr, nsMaps map[configs.Na
 			// The following only applies if we are root.
 			if !c.config.Rootless {
 				// check if we have CAP_SETGID to setgroup properly
-				pid, err := capability.NewPid(os.Getpid())
+				pid, err := capability.NewPid(0)
 				if err != nil {
 					return nil, err
 				}