fix failing services when run as a container
Via podman (both privileged/unprivileged), default capabilities:
$ podman run --rm -ti quay.io/fedora/fedora-bootc:41 /sbin/init systemd.journald.forward_to_console=1
...
[225851.285550] (emd-oomd)[78]: systemd-oomd.service: ProtectHostname=yes is configured, but UTS namespace setup is prohibited (container manager?), ignoring namespace setup.
[225851.285720] (resolved)[79]: systemd-resolved.service: Failed to keep CAP_SYS_ADMIN: Operation not permitted
[225851.285768] (resolved)[79]: systemd-resolved.service: Failed at step USER spawning /usr/lib/systemd/systemd-resolved: Operation not permitted
[225851.285878] (emd-oomd)[78]: systemd-oomd.service: Failed to keep CAP_SYS_ADMIN: Operation not permitted
[225851.285941] (emd-oomd)[78]: systemd-oomd.service: Failed at step USER spawning /usr/lib/systemd/systemd-oomd: Operation not permitted
...
etc. I think for some of these we may need to add ConditionVirtualization=!container
...or maybe we change our default.target
in this scenario.