Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

run as network client without extra privileges #72

Open
tomdavidson opened this issue Dec 15, 2020 · 0 comments
Open

run as network client without extra privileges #72

tomdavidson opened this issue Dec 15, 2020 · 0 comments

Comments

@tomdavidson
Copy link

tomdavidson commented Dec 15, 2020
edited
Loading

Hi, Im attempting to use OpenWRT as a lightweight server rather than a router. I don't think I should need NET_ADMIN or other privileges to run the OpenWRT docker service as a network client. Any direction?

$ docker run --rm -it --name ow-dev td7x/openwrt /bin/ash
Failed to resize receive buffer: Operation not permitted
/etc/preinit: line 6: can't create /sys/devices/system/cpu/microcode/reload: Read-only file system
ip: RTNETLINK answers: Operation not permitted
Press the [f] key and hit [enter] to enter failsafe mode
Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level
ip: can't send flush request: Operation not permitted
ip: SIOCSIFFLAGS: Operation not permitted

/etc/config/dhcp

...
config dhcp lan
  option interface	lan
  option ignore	1

/etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config include
        option path '/etc/firewall.user'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan'

/etc/config/network

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config interface 'lan'
    option ifname 'eth0'
    option proto 'dhcp'

I also get the following in the build:

validation failed
Failed to connect to ubus
Failed to connect to ubus
Warning: Failed to connect to ubus
Warning: Unable to locate ipset utility, disabling ipset support
Warning: Section @zone[0] (lan) cannot resolve device of network 'lan'
Warning: Section @zone[1] (wan) cannot resolve device of network 'wan'
Warning: Section @zone[1] (wan) cannot resolve device of network 'wan6'
 * Set tcp_ecn to off
   ! Unable to write value: Read-only file system
 * Set tcp_syncookies to on
   ! Unable to write value: Read-only file system
 * Set tcp_window_scaling to on
   ! Unable to write value: Read-only file system
 * Running script '/etc/firewall.user'
Failed to connect to ubus
Failed to connect to ubus

Dockerfile
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tomdavidson