detect-virt: install with fs caps by default to allow unprivileged access

Makefile.am

@@ -1403,6 +1403,12 @@ systemd_detect_virt_SOURCES = \
 systemd_detect_virt_LDADD = \
 	libsystemd-shared.la
 
+systemd-detect-virt-install-hook:
+	$(SETCAP) cap_dac_override,cap_sys_ptrace=ep $(DESTDIR)$(bindir)/systemd-detect-virt ||:
+
+INSTALL_EXEC_HOOKS += \
+	systemd-detect-virt-install-hook
+
 # ------------------------------------------------------------------------------
 systemd_delta_SOURCES = \
 	src/delta/delta.c

configure.ac

@@ -67,6 +67,8 @@ AC_PATH_PROG([XSLTPROC], [xsltproc])
 AC_PATH_PROG([QUOTAON], [quotaon], [/sbin/quotaon])
 AC_PATH_PROG([QUOTACHECK], [quotacheck], [/sbin/quotacheck])
 
+AC_PATH_PROG([SETCAP], [setcap], [/sbin/setcap])
+
 # gtkdocize greps for '^GTK_DOC_CHECK', so it needs to be on its own line
 m4_ifdef([GTK_DOC_CHECK], [
 GTK_DOC_CHECK([1.18],[--flavour no-tmpl])

src/shared/virt.c

@@ -159,10 +159,10 @@ int detect_container(const char **id) {
         /* Unfortunately many of these operations require root access
          * in one way or another */
 
-        if (geteuid() != 0)
-                return -EPERM;
-
-        if (running_in_chroot() > 0) {
+        r = running_in_chroot();
+        if (r < 0)
+                return r;
+        if (r > 0) {
 
                 if (id)
                         *id = "chroot";