diff --git a/dockerfiles/tumbleweed.docker b/dockerfiles/tumbleweed.docker
index 7139d1616d2d270177bb4558da2a29b1db7bf45b..e44655d4efc75d05a96e57f586458df80171d0b7 100644
--- a/dockerfiles/tumbleweed.docker
+++ b/dockerfiles/tumbleweed.docker
@@ -6,10 +6,8 @@ RUN zypper refresh && \
     zypper up -y && \
     zypper dup -y --force-resolution --allow-vendor-change && \
     zypper install -y lsb-release wget sudo tar gzip && \
-    zypper install -y gcc-c++ cmake valgrind cppcheck lcov doxygen procmail make git gdb meson ninja && \
-    zypper install -y libboost_*-devel && \
+    zypper install -y gcc-c++ cmake valgrind cppcheck lcov doxygen procmail make  gdb meson ninja && \
     zypper install -y libxml++26-devel && \
-    zypper install -y libqt5-qtbase-devel && \
     zypper install -y python3-devel python3-numpy-devel && \
     zypper install -y ncurses-devel && \
     zypper install -y clang && \
@@ -18,7 +16,7 @@ RUN zypper refresh && \
     zypper install -y graphviz && \
     zypper install -y kernel-devel && \
     zypper install -y kernel-default-devel && \
-    zypper install -y hdf5-devel rpcbind libtirpc-devel openldap2-devel zeromq-devel libnsl-devel && \
+    zypper install -y hdf5-devel libtirpc-devel openldap2-devel zeromq-devel libnsl-devel && \
     zypper install -y gsl-devel && \
     zypper install -y libpqxx-devel && \
     zypper install -y netcat-openbsd && \
@@ -27,15 +25,12 @@ RUN zypper refresh && \
     zypper install -y python3-pytest && \
     zypper install -y perl-JSON && \
     zypper install -y diffutils && \
-    useradd -u 30996 msk_jenkins && \
     ln -sfn /usr/lib64/libzmq.so.5 /usr/lib64/libzmq.so.3
 
-RUN echo "Defaults set_home" >> /etc/sudoers && \
-    git config --system http.proxy http://xfelproxy.desy.de:3128 && \
-    git config --system https.proxy http://xfelproxy.desy.de:3128
-
 # NOTE: This last line (symlink for libzmq.so.3) is a hack for a bug in DOOCS serverlib, which has the version number hardcoded.
 
+# NOTE: Die to a bug (?), several packets cannot be added here, and commands not executed. They need --security-opt seccomp:unconfined, which is only avaible when running containers, not when creating images. There will be a post-processing step for the generated image in tumbleweed.modify_image.sh
+
 ADD lcov-to-cobertura-xml /common/lcov_cobertura-1.6
 ADD tumbleweed_proxy /etc/sysconfig/proxy
 
diff --git a/dockerfiles/tumbleweed.modify_image.sh b/dockerfiles/tumbleweed.modify_image.sh
new file mode 100755
index 0000000000000000000000000000000000000000..53f2aa05f0c8da6b991e685057d0421f8b6edc4d
--- /dev/null
+++ b/dockerfiles/tumbleweed.modify_image.sh
@@ -0,0 +1,22 @@
+#/bin/bash
+
+# Unfortunately some of the package installations on tumbleweed require the
+# --security-opt seccomp:unconfined flag, which is not available when building an image. So here is the work-around:
+
+# Create a container with the required flag and start it
+docker create -i --security-opt seccomp:unconfined --name tumbleweed_updater tumbleweed
+docker start tumbleweed_updater
+
+# Execute the required commands in the container
+docker exec tumbleweed_updater zypper -n install git libboost_*-devel libqt5-qtbase-devel rpcbind
+docker exec tumbleweed_updater useradd -u 30996 msk_jenkins
+docker exec tumbleweed_updater echo "Defaults set_home" >> /etc/sudoers
+docker exec tumbleweed_updater git config --system http.proxy http://xfelproxy.desy.de:3128 
+docker exec tumbleweed_updater git config --system https.proxy http://xfelproxy.desy.de:3128
+
+# Stop the container and commit the changes to the image
+docker stop tumbleweed_updater
+docker commit tumbleweed_updater tumbleweed
+
+# Finally remove the container
+docker container rm tumbleweed_updater