On Thu, Apr 1, 2021 at 6:06 PM David Mather <davidmather(a)live.ie> wrote:
We are also trying to run as a non-root user with minimal
capabilities in
production. Has anymore work been done on this since?
It's been awhile but... quite a lot of work has been done:
see
https://github.com/SSSD/sssd/issues/5443#issuecomment-2013505460 for
the list
and TODO list in the description of
https://github.com/SSSD/sssd/pull/7193
for remaining bits.
Upcoming sssd-2.10 should be capable of running in an unprivileged
container without user-ns support (i.e. still OCP, but Kubernetes already
has this feature).
I could also build a general purpose SSSD container image, but I would need
to understand requirements / typical use cases and see an interest / demand
for this.