diff --git a/Dockerfile.fedora-rawhide b/Dockerfile.fedora-rawhide
index 9e9d720d..bfb9169e 100644
--- a/Dockerfile.fedora-rawhide
+++ b/Dockerfile.fedora-rawhide
@@ -19,6 +19,11 @@ RUN dnf upgrade -y --setopt=install_weak_deps=False \
 # var-lib-nfs-rpc_pipefs.mount would run (and fail) nondeterministically
 RUN systemctl mask rpc-gssd.service
 
+# Stop the sssd.service from changing the /etc/sssd symlink
+COPY patches/sssd-avoid-chown-chmod.conf /usr/lib/systemd/system/sssd.service.d/avoid-chown-chmod.conf
+RUN mkdir /usr/lib/systemd/system/sssd.service.d \
+	&& ( echo '[Service]' ; echo 'ExecStartPre=' ; sed '/ExecStartPre/!d; s/-R/-R -H/g' /usr/lib/systemd/system/sssd.service ) > /usr/lib/systemd/system/sssd.service.d/avoid-chown-chmod-on-image.conf
+
 # Container image which runs systemd
 # debug: RUN test -f /etc/machine-id && ! test -s /etc/machine-id
 # debug: RUN test "$container" = oci