Hi folks,
I'd like to run OpenWRT in an LXD container, and I wonder if it can be kept up to date by just upgrading packages with opkg (or soon apk). As the kernel is updated through the underlying Linux host, is there any reason to do the usual <backup config/upgrade/restore config> process ?
Thanks
Just opkg/apk. Great choice btw.
Running OpenWrt in a container is not a supported process, it does not work and tears open serious security issues.
You can run OpenWrt on the bare iron or under virtualization (kvm, virtualbox, hyper-v, parallels, vmware, …) though.
OpenWrt in unprivileged lxc container just works. Can you explain more on the security?
Except that it doesn't, the details have been laid out multiple times, as evidenced by the forum search.
Yes, you do get a glimpse of the webinterface, but the actual functionality is broken and insecure.
Please, can you give some specific links to this evidence ?
I have the feeling that running the only external access to my home network in an unprivileged container has some more security barriers than running it on the host itself...
And my searches around this on the forum were unsuccessful...
Is there a way to upgrade everything at once with opkg ?
I run in an unprivileged LXC on proxmox with 2 vNIC, and it's been reliable and problem free for me. Updating it to a new major version is the only issue I've faced to-date. There's a couple threads that say we shouldn't be updating packages with opkg even, instead waiting for new OpenWRT releases. I donno, I've been problem free so far...but I also have the ability to snapshot my instance before running an upgrade.
Anyway, you can't upgrade a lxc container using the 'firmware upgrades' - it needs to be reinstalled.
The way I did so was