How to force rpm-ostree to remove/overlay protected packages

I want to remove at least sudo, but I get a message that it’s protected. With dnf I can do dnf remove --setopt protected_packages= but I can’t find similar options with rpm-ostree. Is it not possible to remove protected packages with rpm-ostree yet?

Why would you wish to remove sudo???

That allows a standard user to perform admin tasks without logging in as root and is a necessary part of the system administration.

In general the protected packages are ‘protected’ for a reason. The system needs them to remain intact for normal operation. Removing or corrupting them is likely to totally break ones system.

Because it’s security theater and extra overhead my users don’t need. If I need to perform root operations I will switch to vt. Sudo seems too controversial, what about gnome-shell then? It shouldn’t matter.

And despite that, I’ve been able to remove protected packages with careful excludes and noautoremove without issue on normal Fedora.

You can remove it by editing or removing the associated files in /etc/dnf/protected.d

You will also have to remove sudo-python-plugin

I was able to do this in a Silverblue VM, but did not do a lot of testing afterwards so I’m not 100% sure it does not break anything else.