Run OpenWrt 22.03 in systemd-nspawn container

Issue

The dnsmasq can’t start to running.

Why? The ujail is enabled by default on OpenWrt 22.03, and no privilege to do some jail operation in systemd-nspawn container. e.g. mount /tmp/xxx to /dev/log

How to fix

0x1. Uninstall procd-ujail and procd-seccomp

opkg remove procd-ujail
opkg remove procd-seccomp

0x2. Fix dnsmasq service script

/etc/init.d/dnsmasq:

[ -x /sbin/ujail -a -e /etc/capabilities/ntpd.json ] && {
	procd_add_jail dnsmasq ubus log
	procd_add_jail_mount $CONFIGFILE $DHCPBOGUSHOSTNAMEFILE $DHCPSCRIPT $DHCPSCRIPT_DEPENDS
	procd_add_jail_mount $EXTRA_MOUNT $RFC6761FILE $TRUSTANCHORSFILE
	procd_add_jail_mount $dnsmasqconffile $dnsmasqconfdir $resolvdir $user_dhcpscript
	procd_add_jail_mount /etc/passwd /etc/group /etc/TZ /etc/hosts /etc/ethers
	procd_add_jail_mount_rw /var/run/dnsmasq/ $leasefile
	case "$logfacility" in */*)
		[ ! -e "$logfacility" ] && touch "$logfacility"
		procd_add_jail_mount_rw "$logfacility"
	esac
}