On Tue, Apr 9, 2024 at 1:34 PM Alexey Tikhonov wrote:
> On Mon, Apr 8, 2024 at 9:22 PM Tero Saarni wrote:
>
>> Actually, I did not use the packages. I compiled myself from github
>> master.
>>
>
> What ./configure options do you use?
>
>
Right, I had a dependency todards systemd regardless of
On Mon, Apr 8, 2024 at 9:22 PM Tero Saarni wrote:
> On Mon, Apr 8, 2024 at 10:10 PM Alexey Tikhonov
> wrote:
>
>>
>> Out of curiosity: I realized that 'sssd/nightly' packages are built with
>> 'systemd' support and thus 'Requires:" it. How did you work around this?
>> I have another PR -
On Mon, Apr 8, 2024 at 10:10 PM Alexey Tikhonov wrote:
>
> Out of curiosity: I realized that 'sssd/nightly' packages are built with
> 'systemd' support and thus 'Requires:" it. How did you work around this?
> I have another PR - https://github.com/SSSD/sssd/pull/7262 - that I use
> as a
Hi Tero,
On Mon, Apr 8, 2024 at 8:13 PM Tero Saarni wrote:
>
> Having said that, and taking into account 'user-ns' support isn't
>> available yet, you might want to try builds from
>> https://copr.fedorainfracloud.org/coprs/g/sssd/nightly/ : currently
>> Fedora rawhide, Centos-stream 9 and Rhel
>
>
> What platform is this? Is it still
> ```
> The container is executed in OpenShift cluster which does not allow
> running as root inside container.
> ```
> as in your original email in this thread?
>
> JFTR: Openshift should eventually get
>
On Fri, Mar 22, 2024 at 5:03 PM Tero Saarni wrote:
> On Fri, Mar 22, 2024 at 3:46 PM Alexey Tikhonov
> wrote:
>
>> Is this a "single UID" container (i.e. SSSD and client apps run under the
>> same UID within container namespace)?
>> What do you use as an entry point of the container / how do
On Fri, Mar 22, 2024 at 3:46 PM Alexey Tikhonov wrote:
> Is this a "single UID" container (i.e. SSSD and client apps run under the
> same UID within container namespace)?
> What do you use as an entry point of the container / how do you manage
> (start of) multiple processes?
>
> What
On Thu, Mar 21, 2024 at 10:04 PM Tero Saarni wrote:
> On Thu, Mar 21, 2024 at 10:21 PM Alexey Tikhonov
> wrote:
>
>> It's been awhile but... quite a lot of work has been done:
>> see https://github.com/SSSD/sssd/issues/5443#issuecomment-2013505460 for
>> the list
>> and TODO list in the
On Thu, Mar 21, 2024 at 10:21 PM Alexey Tikhonov
wrote:
> It's been awhile but... quite a lot of work has been done:
> see https://github.com/SSSD/sssd/issues/5443#issuecomment-2013505460 for
> the list
> and TODO list in the description of https://github.com/SSSD/sssd/pull/7193
> for remaining
On Thu, Apr 1, 2021 at 6:06 PM David Mather wrote:
> We are also trying to run as a non-root user with minimal capabilities in
> production. Has anymore work been done on this since?
>
It's been awhile but... quite a lot of work has been done:
see
Hi David,
Plan for the full support of SSSD running as a non-root user is in scope of
interest of the SSSD dev team.
I can't provide you a precise time frame for this but some preparation
already started.
This transition is not trivial as by design SSSD was alway running as a
root.
Keep in mind
We are also trying to run as a non-root user with minimal capabilities in
production. Has anymore work been done on this since?
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to
On (01/12/20 08:59), Tero Saarni wrote:
> Lukas Slebodnik wrote:
>> There is a way how to run sssd as non-root but /usr/sbin/sssd still require
>> bunch of linux capabilities to achieve that.
>
>One more question, which I should have mentioned in my previous reply.
>
>Since there are few places
Lukas Slebodnik wrote:
> There is a way how to run sssd as non-root but /usr/sbin/sssd still require
> bunch of linux capabilities to achieve that.
One more question, which I should have mentioned in my previous reply.
Since there are few places in the code that check explicitly for root and
Lukas Slebodnik wrote:
> There is a way how to run sssd as non-root but /usr/sbin/sssd still require
> bunch of linux capabilities to achieve that.
Thank you for very detailed response!
--
Tero
___
sssd-users mailing list --
On (26/11/20 16:21), Tero Saarni wrote:
>Hi,
>
>I'm trying to run SSSD inside docker container without root user. The
>container is executed in OpenShift cluster which does not allow running as root
>inside container.
>
>SSSD requires root and checks for this specifically.
>
>Is there any
> Does it mean your application is run within the same container as sssd?
> If this is the case, this might be not the best idea, as due to caching in
> every instance (and other reasons) this might turn out to be a very "heavy"
> solution...
Yes the application runs in the same container as
On Thu, Nov 26, 2020 at 5:52 PM Tero Saarni wrote:
>
> > Could you please describe your use case in greater details?
> >
> > Who is the consumer of services provided by sssd? What backends (data
> > sources) do you plan to use?
>
> Thank you for your response.
>
> The consumer is a custom
> Could you please describe your use case in greater details?
>
> Who is the consumer of services provided by sssd? What backends (data
> sources) do you plan to use?
Thank you for your response.
The consumer is a custom (existing) application that depends on PAM libraries.
The data source
Hi,
On Thu, Nov 26, 2020 at 5:24 PM Tero Saarni wrote:
> Hi,
>
> I'm trying to run SSSD inside docker container
Could you please describe your use case in greater details?
Who is the consumer of services provided by sssd? What backends (data
sources) do you plan to use?
> without root
20 matches
Mail list logo
