libcontainer: remove extra CAP_SETGID check for SetgroupAttr

Signed-off-by: Akihiro Suda <[email protected]>
opencontainers · May 24, 2018 · c938157 · c938157
1 parent cdb7f23
commit c938157
Showing 1 changed file with 4 additions and 12 deletions.
diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go
@@ -28,7 +28,6 @@ import (
 
 	"github.com/golang/protobuf/proto"
 	"github.com/sirupsen/logrus"
-	"github.com/syndtr/gocapability/capability"
 	"github.com/vishvananda/netlink/nl"
 	"golang.org/x/sys/unix"
 )
@@ -1798,17 +1797,10 @@ func (c *linuxContainer) bootstrapData(cloneFlags uintptr, nsMaps map[configs.Na
 				})
 			}
 			if requiresRootOrMappingTool(c.config) {
-				// check if we have CAP_SETGID to setgroup properly
-				pid, err := capability.NewPid(0)
-				if err != nil {
-					return nil, err
-				}
-				if !pid.Get(capability.EFFECTIVE, capability.CAP_SETGID) {
-					r.AddData(&Boolmsg{
-						Type:  SetgroupAttr,
-						Value: true,
-					})
-				}
+				r.AddData(&Boolmsg{
+					Type:  SetgroupAttr,
+					Value: true,
+				})
 			}
 		}
 	}