WIP: NewPid2

Take advantage of [1] to avoid crashing with:

  container_linux.go:348: starting container process caused "open /proc/9976/status: no such file or directory"

[1]: syndtr/gocapability#14

Signed-off-by: W. Trevor King <[email protected]>

Author: wking

libcontainer/capabilities_linux.go

@@ -71,7 +71,7 @@ func newContainerCapList(capConfig *configs.Capabilities) (*containerCapabilitie
 		}
 		ambient = append(ambient, v)
 	}
-	pid, err := capability.NewPid(0)
+	pid, err := capability.NewPid2(0)
 	if err != nil {
 		return nil, err
 	}

libcontainer/container_linux.go

@@ -1804,10 +1804,14 @@ func (c *linuxContainer) bootstrapData(cloneFlags uintptr, nsMaps map[configs.Na
 			// The following only applies if we are root.
 			if !c.config.Rootless {
 				// check if we have CAP_SETGID to setgroup properly
-				pid, err := capability.NewPid(0)
+				pid, err := capability.NewPid2(0)
 				if err != nil {
 					return nil, err
 				}
+				err = pid.Load()
+				if err != nil && !os.IsNotExist(err) {
+					return nil, err
+				}
 				if !pid.Get(capability.EFFECTIVE, capability.CAP_SETGID) {
 					r.AddData(&Boolmsg{
 						Type:  SetgroupAttr,