diff --git a/man/bootctl.xml b/man/bootctl.xml
index f1968a0ba7..729183ad2c 100644
--- a/man/bootctl.xml
+++ b/man/bootctl.xml
@@ -424,8 +424,9 @@
         <term><option>--graceful</option></term>
         <listitem><para>Ignore failure when the EFI System Partition cannot be found, when EFI variables
         cannot be written, or a different or newer boot loader is already installed. Currently only applies
-        to <command>is-installed</command>, <command>update</command>, and <command>random-seed</command>
-        verbs.</para>
+        to <command>is-installed</command>, <command>update</command>, <command>random-seed</command> and
+        <command>install</command> verbs. Since version v258, it is implicitly enabled when running inside a
+        chroot.</para>
 
         <xi:include href="version-info.xml" xpointer="v244"/></listitem>
       </varlistentry>
diff --git a/src/bootctl/bootctl.c b/src/bootctl/bootctl.c
index 0bd7aa2e41..1235f524b9 100644
--- a/src/bootctl/bootctl.c
+++ b/src/bootctl/bootctl.c
@@ -37,6 +37,7 @@
 #include "varlink-io.systemd.BootControl.h"
 #include "varlink-util.h"
 #include "verbs.h"
+#include "virt.h"
 
 /* EFI_BOOT_OPTION_DESCRIPTION_MAX sets the maximum length for the boot option description
  * stored in NVRAM. The UEFI spec does not specify a minimum or maximum length for this
@@ -641,6 +642,11 @@ static int parse_argv(int argc, char *argv[]) {
         if (arg_secure_boot_auto_enroll && !arg_private_key)
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Secure boot auto-enrollment requested but no private key provided");
 
+        if (!arg_graceful && running_in_chroot() > 0) {
+                log_full(arg_quiet ? LOG_DEBUG : LOG_INFO, "Running in a chroot, enabling --graceful.");
+                arg_graceful = true;
+        }
+
         r = sd_varlink_invocation(SD_VARLINK_ALLOW_ACCEPT);
         if (r < 0)
                 return log_error_errno(r, "Failed to check if invoked in Varlink mode: %m");