What platform is this? Is it still
```
The container is executed in OpenShift cluster which does not allow
running as root inside container.
```
as in your original email in this thread?
JFTR: Openshift should eventually get
https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/127-...
(i.e. 'user namespaces' support) so that pod fully restricted in the host
namespace can be run fully unrestricted in the container user-ns (including
running with uid=0 in container namespace while uid!=0 in host namespace).
Having said that, and taking into account 'user-ns' support isn't
available yet, you might want to try builds from
https://copr.fedorainfracloud.org/coprs/g/sssd/nightly/ : currently
Fedora rawhide, Centos-stream 9 and Rhel 9 packages there are built
'--with-sssd-user=sssd' and main SSSD process can be run directly under
'sssd' user.
Since you don't need Kerberos / handle keytabs and user TGTs, it should
work out of the box.
Your feedback and observations are welcome.
Hi Alexey,
I tried and it did work. Do you have a plan for a release schedule for the
feature?
Yes, it is still OpenShift. We are aware of user namespaces eventually
coming too, but regardless it's cool to see non-root support in SSSD. Thank
you for your work.
--
Tero