Package Details: pi-hole-ftl 5.25.2-2

Git Clone URL: https://aur.archlinux.org/pi-hole-ftl.git (read-only, click to copy)
Package Base: pi-hole-ftl
Description: The Pi-hole FTL engine
Upstream URL: https://github.com/pi-hole/FTL
Licenses: EUPL-1.2
Conflicts: dnsmasq
Provides: dnsmasq
Submitter: max.bra
Maintainer: max.bra (graysky)
Last Packager: max.bra
Votes: 58
Popularity: 2.55
First Submitted: 2017-05-07 15:23 (UTC)
Last Updated: 2024-08-10 09:53 (UTC)

Required by (65)

Sources (6)

Pinned Comments

max.bra commented on 2018-02-09 16:46 (UTC) (edited on 2019-10-18 23:13 (UTC) by max.bra)

ArchLinux Pi-hole is not officially supported by Pi-hole project. In case of bugs and malfunctions please DO NOT file a report upstream.

First of all check if the wiki (https://wiki.archlinux.org/index.php/Pi-hole) can help then ask here for assistance and tips.
When it will be excluded that the problem does not depend on ArchLinux we will file a bug upstream.

Latest Comments

« First ‹ Previous 1 .. 3 4 5 6 7 8 9 10 11 12 13 .. 44 Next › Last »

max.bra commented on 2022-01-02 23:09 (UTC) (edited on 2022-01-02 23:10 (UTC) by max.bra)

no, i missed https://github.com/pi-hole/pi-hole/commit/a1ee7d92a9b2c3535b228d7af88990a0bd84250c#diff-9145b80c4d37b5798da3f3abbe7404f68b96963007340e4095524141efffd6bc because i have no warning at all...

Mettacrawer commented on 2022-01-02 19:53 (UTC) (edited on 2022-01-02 19:54 (UTC) by Mettacrawer)

I put another round of updates on (ran "yay -Suy" again) and I'm able to start pihole-FTL.service without using setcap on /usr/bin/pihole-FTL (I used "setcap -r /usr/bin/pihole-FTL"). I still get warnings about two capabilities missing.

$ journalctl -b -0 -u pihole-FTL | grep CAP
Jan 02 14:35:37 example.com pihole-FTL[846]: [2022-01-02 14:35:36.996 846M] WARNING: Required Linux capability CAP_IPC_LOCK not available
Jan 02 14:35:37 example.com pihole-FTL[846]: [2022-01-02 14:35:36.996 846M] WARNING: Required Linux capability CAP_CHOWN not available

Is there a reason /usr/lib/systemd/system/pihole-FTL.service does not contain CAP_IPC_LOCK and CAP_CHOWN?

max.bra commented on 2021-12-30 18:38 (UTC)

very same

Mettacrawer commented on 2021-12-30 18:11 (UTC)

Which version of systemd are you running? I'm using systemd 249.7-2.

max.bra commented on 2021-12-27 20:13 (UTC)

mmh, untouched service here and no problem at all.
the first thing that came to my mind is to try to use, if possible, another kernel but if you can manually set the capabilities it doesn't make sense... I'm a bit lost...

Mettacrawer commented on 2021-12-27 19:10 (UTC)

Does PermissionsStartOnly still work? It's been deprecated since systemd 240 (Dec 2018). I mentioned before that I'm using systemd 249.7-2.

https://superuser.com/questions/1504114/permissionsstartonly-alternative-in-systemd

Mettacrawer commented on 2021-12-25 20:24 (UTC)

Yes, it was working fine before the update to FTL v5.12.1. The kernel is from Feb 28, 2021. "can that kernel have capabilities disabled?" -- I don't know what you mean (or how to check for it). The pi-hole is not in any sort of container, it is on bare metal.

max.bra commented on 2021-12-25 20:14 (UTC) (edited on 2021-12-25 20:26 (UTC) by max.bra)

deleted last post: wait... systemd cannot set capabilities but you can manually?!
have your journal nothing relevant when you start FTL by systemctl?

Mettacrawer commented on 2021-12-25 19:10 (UTC) (edited on 2021-12-25 21:30 (UTC) by Mettacrawer)

Arch Linux ARM

$ uname -srvmpio
Linux 5.11.2-1-ARCH #1 SMP PREEMPT Sun Feb 28 22:03:25 UTC 2021 armv7l unknown unknown GNU/Linux
$ yay -Q systemd
systemd 249.7-2
$ cat /usr/lib/systemd/system/pihole-FTL.service
[Unit]
Description=Pi-hole FTLDNS engine
After=network.target

[Service]
User=pihole
Group=pihole
PIDFile=/run/pihole-ftl/pihole-FTL.pid
ExecStartPre=/bin/chown -R pihole:pihole /etc/pihole
ExecStartPre=-/bin/chown root:root /etc/pihole/logrotate
ExecStart=/usr/bin/pihole-FTL no-daemon
ExecReload=/bin/kill -USR1 $MAINPID
Restart=on-failure
TimeoutStopSec=5s
PermissionsStartOnly=true
AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_NICE

[Install]
WantedBy=multi-user.target

Reproducing:

I reset all the capabilities I had added the pihole-FTL binary.

$ sudo setcap all= /usr/bin/pihole-FTL
$ sudo getcap /usr/bin/pihole-FTL
/usr/bin/pihole-FTL =

I restarted pihole-FTL.service and it crashes

$ sudo systemctl restart pihole-FTL.service

$ sudo systemctl status pihole-FTL.service 
x pihole-FTL.service - Pi-hole FTLDNS engine
     Loaded: loaded (/usr/lib/systemd/system/pihole-FTL.service; disabled; vendor preset: disabled)
     Active: failed (Result: exit-code) since Sat 2021-12-25 14:00:53 EST; 1s ago
    Process: 2161 ExecStartPre=/bin/chown -R pihole:pihole /etc/pihole (code=exited, status=0/SUCCESS)
    Process: 2162 ExecStartPre=/bin/chown root:root /etc/pihole/logrotate (code=exited, status=0/SUCCESS)
    Process: 2163 ExecStart=/usr/bin/pihole-FTL no-daemon (code=exited, status=2)
   Main PID: 2163 (code=exited, status=2)
        CPU: 503ms

Dec 25 14:00:53 example.com pihole-FTL[2163]: [2021-12-25 14:00:53.547 2163M] WARNING: Required Linux capability CAP_CHOWN not available
Dec 25 14:00:53 example.com pihole-FTL[2163]: [2021-12-25 14:00:53.554 2163M] FATAL ERROR in dnsmasq core: failed to bind DHCP server socket: Permission denied
Dec 25 14:00:53 example.com pihole-FTL[2163]: [2021-12-25 14:00:53.572 2163M] ########## FTL terminated after 495ms  (code 1)! ##########
Dec 25 14:00:53 example.com systemd[1]: pihole-FTL.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Dec 25 14:00:53 example.com systemd[1]: pihole-FTL.service: Failed with result 'exit-code'.
Dec 25 14:00:53 example.com systemd[1]: pihole-FTL.service: Scheduled restart job, restart counter is at 5.
Dec 25 14:00:53 example.com systemd[1]: Stopped Pi-hole FTLDNS engine.
Dec 25 14:00:53 example.com systemd[1]: pihole-FTL.service: Start request repeated too quickly.
Dec 25 14:00:53 example.com systemd[1]: pihole-FTL.service: Failed with result 'exit-code'.
Dec 25 14:00:53 example.com systemd[1]: Failed to start Pi-hole FTLDNS engine.

Once I assigned the capabilities to the binary again it was ok.

$ sudo setcap cap_net_admin,cap_net_bind_service,cap_net_raw,cap_sys_nice,cap_chown,cap_ipc_lock=ep /usr/bin/pihole-FTL
$ sudo systemctl restart pihole-FTL.service
$ sudo systemctl status pihole-FTL.service 
* pihole-FTL.service - Pi-hole FTLDNS engine
     Loaded: loaded (/usr/lib/systemd/system/pihole-FTL.service; disabled; vendor preset: disabled)
     Active: active (running) since Sat 2021-12-25 14:02:00 EST; 4s ago
    Process: 2175 ExecStartPre=/bin/chown -R pihole:pihole /etc/pihole (code=exited, status=0/SUCCESS)
    Process: 2176 ExecStartPre=/bin/chown root:root /etc/pihole/logrotate (code=exited, status=0/SUCCESS)
   Main PID: 2177 (pihole-FTL)
      Tasks: 7 (limit: 2218)
     Memory: 4.8M
        CPU: 587ms
     CGroup: /system.slice/pihole-FTL.service
             `-2177 /usr/bin/pihole-FTL no-daemon

Dec 25 14:02:01 example.com pihole-FTL[2177]: [2021-12-25 14:02:01.082 2177M]    PIHOLE_PTR: internal PTR generation enabled (pi.hole)
Dec 25 14:02:01 example.com pihole-FTL[2177]: [2021-12-25 14:02:01.082 2177M]    ADDR2LINE: Enabled
Dec 25 14:02:01 example.com pihole-FTL[2177]: [2021-12-25 14:02:01.082 2177M]    REPLY_WHEN_BUSY: Permit queries when the database is busy
Dec 25 14:02:01 example.com pihole-FTL[2177]: [2021-12-25 14:02:01.082 2177M]    BLOCK_TTL: 2 seconds
Dec 25 14:02:01 example.com pihole-FTL[2177]: [2021-12-25 14:02:01.082 2177M]    BLOCK_ICLOUD_PR: Enabled
Dec 25 14:02:01 example.com pihole-FTL[2177]: [2021-12-25 14:02:01.082 2177M]    CHECK_LOAD: Enabled
Dec 25 14:02:01 example.com pihole-FTL[2177]: [2021-12-25 14:02:01.082 2177M]    CHECK_SHMEM: Warning if shared-memory usage exceeds 90%
Dec 25 14:02:01 example.com pihole-FTL[2177]: [2021-12-25 14:02:01.082 2177M]    CHECK_DISK: Warning if certain disk usage exceeds 90%
Dec 25 14:02:01 example.com pihole-FTL[2177]: [2021-12-25 14:02:01.083 2177M] Finished config file parsing