On Thu, Apr 1, 2021 at 6:06 PM David Mather <[email protected]> wrote:
> We are also trying to run as a non-root user with minimal capabilities in > production. Has anymore work been done on this since? > It's been awhile but... quite a lot of work has been done: see https://github.com/SSSD/sssd/issues/5443#issuecomment-2013505460 for the list and TODO list in the description of https://github.com/SSSD/sssd/pull/7193 for remaining bits. Upcoming sssd-2.10 should be capable of running in an unprivileged container without user-ns support (i.e. still OCP, but Kubernetes already has this feature). I could also build a general purpose SSSD container image, but I would need to understand requirements / typical use cases and see an interest / demand for this.
-- _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
