libct: fix Caps inheritance

For all other properties that are available in both Config and Process,
the merging is performed by newInitConfig.

Let's do the same for Capabilities for the sake of code uniformity.

Also, thanks to the previous commit, we no longer have to make sure we
do not call capabilities.New(nil).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

libcontainer/container_linux.go

@@ -691,7 +691,7 @@ func (c *Container) newInitConfig(process *Process) *initConfig {
 		User:             process.User,
 		AdditionalGroups: process.AdditionalGroups,
 		Cwd:              process.Cwd,
-		Capabilities:     process.Capabilities,
+		Capabilities:     c.config.Capabilities,
 		PassedFilesCount: len(process.ExtraFiles),
 		ContainerID:      c.ID(),
 		NoNewPrivileges:  c.config.NoNewPrivileges,
@@ -707,6 +707,9 @@ func (c *Container) newInitConfig(process *Process) *initConfig {
 
 	// Overwrite config properties with ones from process.
 
+	if process.Capabilities != nil {
+		cfg.Capabilities = process.Capabilities
+	}
 	if process.NoNewPrivileges != nil {
 		cfg.NoNewPrivileges = *process.NoNewPrivileges
 	}

libcontainer/init_linux.go

@@ -330,13 +330,7 @@ func finalizeNamespace(config *initConfig, addHome bool) error {
 		}
 	}
 
-	caps := &configs.Capabilities{}
-	if config.Capabilities != nil {
-		caps = config.Capabilities
-	} else if config.Config.Capabilities != nil {
-		caps = config.Config.Capabilities
-	}
-	w, err := capabilities.New(caps)
+	w, err := capabilities.New(config.Capabilities)
 	if err != nil {
 		return err
 	}