Add CAP_KILL to unprivileged containers

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)

daemon/execdriver/native/template/default_template.go

@@ -21,6 +21,7 @@ func New() *libcontainer.Container {
 			"SETPCAP",
 			"NET_BIND_SERVICE",
 			"SYS_CHROOT",
+			"KILL",
 		},
 		Namespaces: map[string]bool{
 			"NEWNS":  true,