Currently the Fedora base image is shipped with sssd-client, I think we could easily drop that package from the base image.
Thoughts ?
[cverna@localhost] [master] $ podman run -it --rm quay.io/fedora/fedora:latest [root@72dc12ae8894 /]# dnf remove sssd-client Dependencies resolved. ============================================================================================================================== Package Architecture Version Repository Size ============================================================================================================================== Removing: sssd-client x86_64 2.4.0-2.fc33 @koji-override-0 270 k Removing unused dependencies: libsss_idmap x86_64 2.4.0-2.fc33 @koji-override-0 78 k libsss_nss_idmap x86_64 2.4.0-2.fc33 @koji-override-0 87 k Transaction Summary ============================================================================================================================== Remove 3 Packages Freed space: 435 k Is this ok [y/N]:
It's useful for having host users available in the container, but I'm not sure how many non-toolbox users do that.
For the toolbox we could make sure that this package is installed there, or it could just be a package you install in your toolbox like other tools.
+1 for this one from me. We don't want host users accidentally leaking inside container images via sssd and toolbox images can explicitly install that if needed.
Made the Change proposal for F35 : https://fedoraproject.org/wiki/Changes/SmallerContainerBase
Login to comment on this ticket.