OpenWRT other uses (container idea for expanding functionality)

Recently I have been putting some thought into OpenWRT as a base OS for devices that are not necessarily network related. For instance, OpenWRT could run things like Pi hole or it could run a display. I remember seeing a community post taking about how OpenWRT is going to start packaging display packages and I thought I would share my ideas.

I personal think that OpenWRT is poorly suited for a server OS as the system is built to be pretty small and not bloated. Running LXC or docker containers is not useful in my opinion. Also packaging big display software like Chromium is probably not feasible. I think it would be fine to package some basic software like a video player but chances are there will always be something that someone is missing.

Here is what I suggest instead. Under Linux is completely possible to do nested containers. I think it would be cool to use something like bubblewrap to create a chroot like environment where something like a Debian install can live and run. You could setup a base image on removable storage and then have a service that just starts systemd in a bubblewrap container. If more functionality is needed the container could be granted NET_ADMIN which would allow it to manage things like VPN connections. For digital signage you could passthough the GPU and input devices so that that software in the container would be able to run something like a desktop.

The advantage of this is that the guest system would be separated from the base OpenWRT system. This would be good from both a security and manageability perspective.You could run Docker in the guest system and then setup extra software like VPN clients. I think this is a much better design than trying to run individual containers on the host. OpenWRT is build to be lean and if you start bloating it you might as well use something more trandional. One serious downside is that many of the common router CPU architectures are not supported by the more mainstream Linux distros. There are translation layers and emulators but they perform poorly.

I'm not a OpenWRT packager or developer so my ideas hold little wait. However, I though it might be worth sharing.

Like ujail?

I'm no expert with it but I think starting with adding 'network namespaces' is just a super obvious next step with an obviously valuable practical use.
After that you could add 'container space' or whatever, basically the same except it has it's own processes/binaries etc ie you can ssh into it, run programs etc as well as having network features to configure.

I'm not interested in arguing about it though, I can set up multiple openwrt containers myself with Arch Linux or Armbian (with systemd-nspawn) as the host on a few devices. I do want to try to get that setup working on a Dynalink DL-WRX36 where it just boots Arch Linux off USB and then I run at least 2 Openwrt containers. Anyway, yeah I think it would make sense and be good for the project to have network namespaces but you know that's always the feeling with the internet where if you say you like something or want something, some very rational and logical person appears and it's pff ok then. I think we should fix a driver that's never getitng fixed because it's deliberately not getting fixed instead, then nothing happens either way.

Same concept

Bubblewrap is a little more secure and modern but the underlying idea of creating a separate system that shares the kernel is the same mostly.

whi did not you start with the essence?