host: rpi3+ with debian buster, Kernel 4.19.0-6-arm64, plain LXC
The host itself shall only serve as platform for several LXC-Containers whereof the very first shall be OpwenWRT to build up the router for the virtual container network.
The decision for LXC was made as it looks like the overhead is, in comparism to qemu or KVM, extremely small.
OpenWRT-Container build on 19.07.0-rc1
default-rootfs.tar root.ext4.gz root.squashfs were all mounted and copied into the rootfs
The container was started as root and looks fine -so far. (network restart was successful, luci seems to be there)
The Problem: NO NETWORK - BUT;
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1
lxc.net.0.type = veth
lxc.net.0.hwaddr = 00:16:3e:06:f8:f4
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.rootfs.path = dir:/var/lib/lxc/OpenWRT/rootfs
lxc.mount.auto = proc:mixed sys:ro cgroup:mixed
lxc.include = /etc/lxc/default.conf
lxc.include = /usr/share/lxc/config/common.conf
lxc.include = /usr/share/lxc/config/userns.conf
lxc.tty.max = 4
lxc.uts.name = OpenWRT
lxc.arch = linux64
lxc.pty.max = 1024
lxcbr0 is up and working like a charm
veth6RTPX2 for Container OpenWRT is up and looks fine
AND the containers eth0 looks OK and got the HWADDR of the config file
eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
link/ether 00:16:3e:06:f8:f4 brd ff:ff:ff:ff:ff:ff
I am a bit confused about the eth0@if8 param "master"
Could this be an information that the container is unpriviliged and ought to be run as user master?
If so, is there a way to run OpenWRT as privileged as the host system will be hardened in production.
Thank's for any help