libcontainer: remove extra CAP_SETGID check for SetgroupAttr

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-05-22 15:56:01 +09:00 · 2018-05-22 15:56:01 +09:00 · c93815738a
parent cdb7f23d21
commit c93815738a
1 changed files with 4 additions and 12 deletions
--- a/libcontainer/container_linux.go
+++ b/libcontainer/container_linux.go
@ -28,7 +28,6 @@ import (

 	"github.com/golang/protobuf/proto"
 	"github.com/sirupsen/logrus"
-	"github.com/syndtr/gocapability/capability"
 	"github.com/vishvananda/netlink/nl"
 	"golang.org/x/sys/unix"
 )
@ -1798,17 +1797,10 @@ func (c *linuxContainer) bootstrapData(cloneFlags uintptr, nsMaps map[configs.Na
 				})
 			}
 			if requiresRootOrMappingTool(c.config) {
-				// check if we have CAP_SETGID to setgroup properly
-				pid, err := capability.NewPid(0)
-				if err != nil {
-					return nil, err
-				}
-				if !pid.Get(capability.EFFECTIVE, capability.CAP_SETGID) {
-					r.AddData(&Boolmsg{
-						Type:  SetgroupAttr,
-						Value: true,
-					})
-				}
+				r.AddData(&Boolmsg{
+					Type:  SetgroupAttr,
+					Value: true,
+				})
 			}
 		}
 	}