> > > What platform is this? Is it still > ``` > The container is executed in OpenShift cluster which does not allow > running as root inside container. > ``` > as in your original email in this thread? > > JFTR: Openshift should eventually get > https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/127-user-namespaces/README.md > (i.e. 'user namespaces' support) so that pod fully restricted in the host > namespace can be run fully unrestricted in the container user-ns (including > running with uid=0 in container namespace while uid!=0 in host namespace). > > Having said that, and taking into account 'user-ns' support isn't > available yet, you might want to try builds from > https://copr.fedorainfracloud.org/coprs/g/sssd/nightly/ : currently > Fedora rawhide, Centos-stream 9 and Rhel 9 packages there are built > '--with-sssd-user=sssd' and main SSSD process can be run directly under > 'sssd' user. > > Since you don't need Kerberos / handle keytabs and user TGTs, it should > work out of the box. > > Your feedback and observations are welcome. > > Hi Alexey,
I tried and it did work. Do you have a plan for a release schedule for the feature? Yes, it is still OpenShift. We are aware of user namespaces eventually coming too, but regardless it's cool to see non-root support in SSSD. Thank you for your work. -- Tero
-- _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue