On Thu, Mar 21, 2024 at 10:21 PM Alexey Tikhonov <atikhono(a)redhat.com>
wrote:
It's been awhile but... quite a lot of work has been done:
see
https://github.com/SSSD/sssd/issues/5443#issuecomment-2013505460 for
the list
and TODO list in the description of
https://github.com/SSSD/sssd/pull/7193
for remaining bits.
Upcoming sssd-2.10 should be capable of running in an unprivileged
container without user-ns support (i.e. still OCP, but Kubernetes already
has this feature).
I could also build a general purpose SSSD container image, but I would
need to understand requirements / typical use cases and see an interest /
demand for this.
Very impressive work!
Not sure if there could be a use case for *generic* container. At least in
my use case we add client applications inside the same container, which
makes it non-generic. But surely it would be of great value to have an
*example* on how to configure and run sssd within a non-root container for
this kind of purpose.
--
Tero