diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go
index 12e219179d3..c9e74188e2b 100644
--- a/libcontainer/container_linux.go
+++ b/libcontainer/container_linux.go
@@ -691,7 +691,7 @@ func (c *Container) newInitConfig(process *Process) *initConfig {
 		User:             process.User,
 		AdditionalGroups: process.AdditionalGroups,
 		Cwd:              process.Cwd,
-		Capabilities:     process.Capabilities,
+		Capabilities:     c.config.Capabilities,
 		PassedFilesCount: len(process.ExtraFiles),
 		ContainerID:      c.ID(),
 		NoNewPrivileges:  c.config.NoNewPrivileges,
@@ -707,6 +707,9 @@ func (c *Container) newInitConfig(process *Process) *initConfig {
 
 	// Overwrite config properties with ones from process.
 
+	if process.Capabilities != nil {
+		cfg.Capabilities = process.Capabilities
+	}
 	if process.NoNewPrivileges != nil {
 		cfg.NoNewPrivileges = *process.NoNewPrivileges
 	}
diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go
index b9b8bb9c1c0..dbe2d50658d 100644
--- a/libcontainer/init_linux.go
+++ b/libcontainer/init_linux.go
@@ -330,13 +330,7 @@ func finalizeNamespace(config *initConfig, addHome bool) error {
 		}
 	}
 
-	caps := &configs.Capabilities{}
-	if config.Capabilities != nil {
-		caps = config.Capabilities
-	} else if config.Config.Capabilities != nil {
-		caps = config.Config.Capabilities
-	}
-	w, err := capabilities.New(caps)
+	w, err := capabilities.New(config.Capabilities)
 	if err != nil {
 		return err
 	}