diff --git a/infra/azure/azure-pipelines.yml b/infra/azure/azure-pipelines.yml
index 8b915b4cef6f6eddeba0b97f3264b41509ee81d5..584cabecd632c6f600fccfbbeaab23c6fbf42ae5 100644
--- a/infra/azure/azure-pipelines.yml
+++ b/infra/azure/azure-pipelines.yml
@@ -9,7 +9,7 @@ variables:
   ansible_version: "-core >=2.16,<2.17"
   ansible_latest: "-core"
   ansible_minimum: "-core <2.16"
-  distros: "fedora-latest,c9s,fedora-rawhide"
+  distros: "fedora-latest,c9s,c10s,fedora-rawhide"
 
 stages:
 
diff --git a/infra/azure/build-containers.yml b/infra/azure/build-containers.yml
index 8f6b57d8ef561ce0b4192db16919588a6a92e984..ec9b0b3bb26169c7d599c408da8a752b5da77efb 100644
--- a/infra/azure/build-containers.yml
+++ b/infra/azure/build-containers.yml
@@ -12,7 +12,7 @@ trigger: none
 pool:
   vmImage: 'ubuntu-24.04'
 
-variables: { distros: "fedora-latest,fedora-rawhide,c9s" }
+variables: { distros: "fedora-latest,fedora-rawhide,c9s,c10s" }
 
 stages:
 
diff --git a/infra/azure/nightly.yml b/infra/azure/nightly.yml
index ded58778516e7b397ae984b06a2352db4609499c..2790199eb24b03e1e0ddf1cc974c9ff282c46a37 100644
--- a/infra/azure/nightly.yml
+++ b/infra/azure/nightly.yml
@@ -14,8 +14,8 @@ pool:
 
 variables:
   # We need to have two sets, as c8s is not supported by all ansible versions
-  recent_distros: "fedora-latest,fedora-rawhide,c9s"
-  distros: "fedora-latest,fedora-rawhide,c9s,c8s"
+  recent_distros: "fedora-latest,fedora-rawhide,c10s,c9s"
+  distros: "fedora-latest,fedora-rawhide,c10s,c9s,c8s"
   ansible_latest: "-core"
   ansible_minimum: "-core <2.16"
   ansible_version: "-core >=2.16,<2.17"
diff --git a/infra/azure/pr-pipeline.yml b/infra/azure/pr-pipeline.yml
index ea89f321cf20629883a3ba31f020e99585d724c1..648a554ec305bf97e6b5c4853f96e3a92dc462da 100644
--- a/infra/azure/pr-pipeline.yml
+++ b/infra/azure/pr-pipeline.yml
@@ -6,7 +6,7 @@ pool:
   vmImage: 'ubuntu-20.04'
 
 variables:
-  distros: "fedora-latest,c9s,c8s,fedora-rawhide"
+  distros: "fedora-latest,c10s,c9s,c8s,fedora-rawhide"
   ansible_version: "-core >=2.15,<2.16"
 
 stages:
diff --git a/infra/azure/templates/build_container.yml b/infra/azure/templates/build_container.yml
index e3c2bdea575f38cac9bb155d72e41ddf057108fe..12f0b45030777f9e8caf2bba24e613f7e61a3c3a 100644
--- a/infra/azure/templates/build_container.yml
+++ b/infra/azure/templates/build_container.yml
@@ -23,7 +23,7 @@ jobs:
   - script: ansible-galaxy collection install containers.podman
     displayName: Install Ansible Galaxy collections
 
-  - script: infra/image/build.sh -p -s ${{ parameters.distro }}
+  - script: infra/image/build.sh -s ${{ parameters.distro }}
     displayName: Build ${{ parameters.distro }} base image
     env:
       ANSIBLE_ROLES_PATH: "${PWD}/roles"
diff --git a/infra/azure/templates/variables_c10s.yaml b/infra/azure/templates/variables_c10s.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..8fdc2819b6e9f1f26c91549f52682e23b2a0c184
--- /dev/null
+++ b/infra/azure/templates/variables_c10s.yaml
@@ -0,0 +1,21 @@
+#
+# Variables must be defined as comma separated lists.
+# For easier management of items to enable/disable,
+# use one test/module on each line, followed by a comma.
+#
+# Example:
+#
+# ipa_disabled_modules: >-
+#   dnsconfig,
+#   group,
+#   hostgroup
+#
+# If no variables are set, set "empty: true" as at least
+# one item is needed in the set.
+---
+variables:
+  empty: true
+#   ipa_enabled_modules: >-
+#   ipa_enabled_tests: >-
+#   ipa_disabled_modules: >-
+#   ipa_disabled_tests: >-
diff --git a/infra/image/build.sh b/infra/image/build.sh
index 5e3418c8d5e3e6cb8a09ddb2da1aefddb5ebede6..71679238ca089f8a1d9ab4667d890edc90018601 100755
--- a/infra/image/build.sh
+++ b/infra/image/build.sh
@@ -15,7 +15,7 @@ valid_distro() {
 usage() {
     local prog="${0##*/}"
     cat << EOF
-usage: ${prog} [-h] [-p] [-n HOSTNAME] [-s] distro
+usage: ${prog} [-h] [-n HOSTNAME] [-s] distro
     ${prog} build a container image to test ansible-freeipa.
 EOF
 }
@@ -41,14 +41,14 @@ cpus="2"
 memory="3g"
 quayname="quay.io/ansible-freeipa/upstream-tests"
 deploy_server="N"
-privileged=""
+deploy_capabilities="SYS_ADMIN,SYSLOG"
+capabilities=""
 
-while getopts ":hn:ps" option
+while getopts ":hn:s" option
 do
     case "${option}" in
         h) help && exit 0 ;;
         n) hostname="${OPTARG}" ;;
-        p) privileged="privileged" ;;
         s) deploy_server="Y" ;;
         *) die -u "Invalid option: ${option}" ;;
     esac
@@ -66,6 +66,8 @@ container_check
 
 if [ "${deploy_server}" == "Y" ]
 then
+    capabilities="${deploy_capabilities}"
+
     [ -n "$(command -v "ansible-playbook")" ] || die "ansible-playbook is required to install FreeIPA."
 
     deploy_playbook="${TOPDIR}/playbooks/install-server.yml"
@@ -89,7 +91,7 @@ container_create "${name}" "${tag}" \
     "hostname=${hostname}" \
     "memory=${memory}" \
     "cpus=${cpus}" \
-    "${privileged}"
+    "${capabilities:+capabilities=$capabilities}"
 container_commit "${name}" "${quayname}:${tag}"
 
 if [ "${deploy_server}" == "Y" ]
diff --git a/infra/image/dockerfile/c10s b/infra/image/dockerfile/c10s
index 969e8f6dd057144d2a9c51806064575ad56b24cf..247fce17397c56df35b17d68fae12c2da781fe76 100644
--- a/infra/image/dockerfile/c10s
+++ b/infra/image/dockerfile/c10s
@@ -13,12 +13,6 @@ dnf --assumeyes install \
     hostname; \
 rm -rf /var/cache/dnf/;
 
-# Prepare for basic ipa-server-install in container
-# Address failing nis-domainname.service in the ipa-client-install step
-RUN mv /usr/bin/nisdomainname /usr/bin/nisdomainname.orig
-ADD utils/hostnamectl-wrapper /usr/bin/nisdomainname
-RUN chmod a+rx /usr/bin/nisdomainname
-
 RUN (cd /lib/systemd/system/; \
     if [ -e dbus-broker.service ] && [ ! -e dbus.service ]; then \
        ln -s dbus-broker.service dbus.service; \
diff --git a/infra/image/shcontainer b/infra/image/shcontainer
index 8b736ce51b2ed4e2946856b4048ab5d77d6a57a3..a2d36c65c2e06aaa7e88fc34d52809e423b26270 100644
--- a/infra/image/shcontainer
+++ b/infra/image/shcontainer
@@ -18,7 +18,7 @@ container_create() {
             hostname=*) extra_opts+=("--${opt}") ;;
             cpus=*) extra_opts+=("--${opt}") ;;
             memory=*) extra_opts+=("--${opt}") ;;
-            privileged) extra_opts+=("--${opt}") ;;
+            capabilities=*) extra_opts+=("--cap-add=${opt##*=}") ;;
             *) log error "container_create: Invalid option: ${opt}" ;;
         esac
     done
diff --git a/infra/image/utils/hostnamectl-wrapper b/infra/image/utils/hostnamectl-wrapper
deleted file mode 100644
index 19e6f8d95af2cf091c098b0720b2bd9341837206..0000000000000000000000000000000000000000
--- a/infra/image/utils/hostnamectl-wrapper
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash -eu
-
-if setpriv --dump | grep -q sys_admin ; then
-	if [[ "$( basename $0 )" =~ "domainname" ]] ; then
-		/usr/bin/hostname -y "$@"
-	else
-		$0.orig "$@"
-	fi
-else
-	echo "Skipping invocation of $0 $@ in unprivileged container." >&2
-	exit
-fi