I’ve decided it’s time to consolidate my myriad SBCs down to a single platform (actually, my wife has decided this for me ).
I’d like to containerise everything on this one box to keep it all isolated. Writing Dockerfiles to migrate my other services (OpenVPN, bind, etc) has been easy. I left the LibreELEC box until last because I knew it would be the most difficult.
I’d prefer to run LE inside a container and not use it as the ‘host’ OS. Some of the other containers contain sensitive information and if a vulnerability in LE exposed them, that would be... bad. Running LE in its own container means I can drop most capabilities and re-map the root user to something less privileged.
I realise I can just run Kodi itself in a container (there are already a few working examples, using both GBM and X11), but doing that means I lose all the optimisations that make LibreELEC so great.
So... has anyone looked at running LE inside a container before? Are there any blockers that make this impossible?