Comment 9 for bug 1666566

16:39 < stgraber> nacc: it's attempting to set fs capabilities, that's not
                  supported inside user namespaces by the kernel
16:40 < stgraber> nacc: most other packages fallback to setuid when that
                  happens (ping for example)
16:40 < stgraber> we also have a kernel fix for this but it's not been merged
                  mainline yet
16:42 < stgraber> hallyn wrote the patch and has been trying to get it merged
                  upstream for a while now