Comment 2 for bug 1778286

Installing the LXD snap from edge channel (for fscaps support), on the current 4.4 kernel:

root@djanet:~# lxc launch ubuntu-daily:cosmic c1
To start your first container, try: lxc launch ubuntu:18.04

Creating c1
Starting c1
root@djanet:~# lxc exec c1 -- setcap cap_net_raw+ep /usr/bin/mtr-packet
Failed to set capabilities on file `/usr/bin/mtr-packet' (Operation not permitted)
The value of the capability argument is not permitted for a file. Or the file is not a regular (non-symlink) file

As expected on that kernel, the caps were lost when the container got uid shifted and manually setting the caps from within the container fails.

After switching to 4.4.0-132:

root@djanet:~# lxc exec c1 -- setcap cap_net_raw+ep /usr/bin/mtr-packet
root@djanet:~# lxc exec c1 -- getcap /usr/bin/mtr-packet
/usr/bin/mtr-packet = cap_net_raw+ep