diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go
index 8785d65700f..684d3080ddf 100644
--- a/libcontainer/process_linux.go
+++ b/libcontainer/process_linux.go
@@ -144,6 +144,14 @@ func (p *setnsProcess) start() (retErr error) {
 			}
 		}
 	}
+	// Reset the inherited cpu affinity. Old kernels do that automatically, but
+	// new kernels remember the affinity that was set before the cgroup move.
+	// This is undesirable, because it inherits the systemd affinity when the container
+	// should really move to the container space cpus.
+	if err := unix.SchedSetaffinity(p.pid(), &unix.CPUSet{}); err != nil && err != unix.EINVAL && err != unix.ENODEV {
+		return fmt.Errorf("error resetting pid %d affinity: %w", p.pid(), err)
+	}
+
 	if p.intelRdtPath != "" {
 		// if Intel RDT "resource control" filesystem path exists
 		_, err := os.Stat(p.intelRdtPath)
@@ -419,6 +427,14 @@ func (p *initProcess) start() (retErr error) {
 	if err := p.manager.Apply(p.pid()); err != nil {
 		return fmt.Errorf("unable to apply cgroup configuration: %w", err)
 	}
+
+	// Reset the inherited cpu affinity. Old kernels do that automatically, but
+	// new kernels remember the affinity that was set before the cgroup move.
+	// This is undesirable, because it inherits the systemd affinity when the container
+	// should really move to the container space cpus.
+	if err := unix.SchedSetaffinity(p.pid(), &unix.CPUSet{}); err != nil && err != unix.EINVAL && err != unix.ENODEV {
+		return fmt.Errorf("error resetting pid %d affinity: %w", p.pid(), err)
+	}
 	if p.intelRdtManager != nil {
 		if err := p.intelRdtManager.Apply(p.pid()); err != nil {
 			return fmt.Errorf("unable to apply Intel RDT configuration: %w", err)