I successfully ran the openwrt container using podman, but I'm not sure if any other patches are needed for openwrt.
This is the log.
Do I need to make alterations to OpenWRT similar to those found in the source code within this repository?
I have compiled the rootfs of OpenWrt myself and, following the instructions provided in this guide, imported the rootfs as a podman image. To ensure persistent configuration, I copied the etc folder from the rootfs to $XDG_CONFIG_HOME, and assured that the owner of the etc folder is root:root. I utilized macvlan for the container's network interface, and after running the container, it functioned as expected. Please bear in mind to enable promiscuous mode for the network interface on the host, and do not overlook enabling the network interface. Below are some of the commands I used:
sudo podman network create -d macvlan --ipam-driver=none -o parent=enp5s0f0 wan
sudo podman network create -d macvlan --ipam-driver=none -o parent=br0 lan
sudo podman run --name openwrt -d --network lan --network wan -v $XDG_CONFIG_HOME/openwrt:/etc --privileged openwrt /sbin/init
However, running with full privileges clearly poses significant risks. In addition, the subsequent commands seem unable to enable the normal functioning of PPPoE and DHCP. Consequently, I am interested in understanding the additional steps required to ensure that the OpenWrt container can operate with minimal privileges.
sudo podman run -d --name openwrt --network lan --network wan --cap-add NET_ADMIN --cap-add NET_RAW --sysctl net.netfilter.nf_conntrack_acct=1 --sysctl net.ipv4.ip_forward=1 --sysctl net.ipv6.conf.all.disable_ipv6=0 --sysctl net.ipv6.conf.all.forwarding=1 -v $XDG_CONFIG_HOME/openwrt:/etc openwrt /sbin/init
As you've previously been advised, running OpenWRT as a container is not a supported configuration. You are going to find it difficult to get it to operate as intended, and there's going to be a very limited (or no) group of individuals who may have run a similar setup and be able to assist. By all means keep trying it, just be aware you're unlikely to be able to get much support with it.
Just out of curiosity, what's your idea behind putting OpenWRT in a container?
I thought about this too, because it would make it easier to update it. And even more so, rollback in case of an error.
But besides that, I was asking myself, if the purpose of a container is to run an app or a service, then running a whole OS, is kind of against its purpose.
Instead, wouldn't it make more sense to have one (or more, if one wants to split everything up) router container, that receives the physical hardware via passthrough, plus virtual networks, and then runs the necessary services - and just them!
Naively thinking, that should be routing (iptables?), firewall (iptables?), DHCP (dnsmasq) and DNS (dnsmasq). Everything else that you could install in OpenWRT is something, that you should actually run a separate container for.
And like the previous post listed, Debian seems like a good choice for the host OS. Though I'm also looking at immutable ones like CoreOS or Flatcar Linux, to keep the host as simple as possible.
Due to the high coupling of these tasks in routers, separation can be very cumbersome. For example, if you want ddns to directly obtain addresses from network interfaces, sometimes mapping interfaces is required, or some services themselves need to modify DHCP or firewalls, more adjustments need to be made. In contrast, running openwrt directly in a container is much more convenient.
Although it was a long time ago, I may have been inspired by the past lxc/lxd. At that time, I thought it was possible to run openwrt in a container, but there was a considerable lack of guidance, so I put it on hold for a long time. These days, I have seen someone successfully running openwrt in a container, so I have started doing so.
What are your goals for doing this? Development? Learning and experimentation?
I/we ask because there's not a clear benefit from an administrative perspective for running OpenWrt in a container. There is a clear benefit for running in a virtual machine (hence my guide and others like it on the Wiki) but running OpenWrt in a container, (even with --net=host) obviates very complex networking requirements for the host that are so obtuse they qualify as academic and non-practical.
But running OpenWRT in LXD/Incus is running it in a container. I have been doing so for years on many machines and it has been extremely light on resources, fully-featured and flawless.
And contrary to what has been said here, networking is quite easy (in LXD, probably not so easy in docker). You just pass-through one NIC to the container (the one that goes to the internet), and setup a software bridge on the host for Openwrt<->LAN communication.