Docker pihole & gentoo pi64

Please follow the below template, it will help us to help you!

Expected Behaviour:

[functioning admin page no lighttp error]

Actual Behaviour:

_[2019-12-02 12:25:12: (server.c.970) couldn’t get ‘max filedescriptors’ Operation not permitted

Stopping lighttpd

ghttpd: no process found]_

Debug Token:

[https://tricorder.pi-hole.net/5r98xdq248]

here is link to working pihole docker in Manjaro arm on same pi4

Debug Token:

[https://tricorder.pi-hole.net/k1vr9gkenh]

Is SELinux enabled on the Gentoo install?

no I check the status and its disabled
selinuxenabled
if [ $? -ne 0 ]
then
echo “DISABLED”
else
echo “ENABLED”
fi

I believe the issue is actually port 80 not working/blocked between gentoo pi64 (sakaki) host and docker containers

A blocked port wouldn’t cause a lack of permissions error though.

here is my docker info
docker info
Client:
Debug Mode: false

Server:
Containers: 3
Running: 2
Paused: 0
Stopped: 1
Images: 4
Server Version: 19.03.4
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339
runc version:
init version: fec3683b971d9c3ef73f284f176672c44b448662
Security Options:
seccomp
Profile: default
Kernel Version: 4.19.86-v8-5a3f41938f71-p4-bis+
Operating System: Gentoo/Linux
OSType: linux
Architecture: aarch64
CPUs: 4
Total Memory: 3.666GiB
Name: pi64
ID: xxx
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false

WARNING: No swap limit support
WARNING: No cpu cfs quota support
WARNING: No cpu cfs period support

I have confirmed behaviour from other uses, its not a port related issue as docker is forwarding 80 to host correctly.
maybe its privilege related as mentioned by the maintainer for gentoo pi 64
https://www.raspberrypi.org/forums/viewtopic.php?f=54&t=188448&start=375#p1577365

I can post permissions ls -all from the pihole folder

I would suggest contacting the creator of the Gentoo 64 on RPi image. This is a problem with that specific image and works in all other supported distros.

I have enabled privilege mode for pihole in portainer and it is now accessible (web gui) not sure if that is safe practice though

Hi just a quick reply:
Same issue with Fedora 30 (arm64 - RPi3B+) and I assume 31 with the last OS update (kernel 5.5).
Identical error message.
Your fix has worked here too (–priviledged) . Agree about this being somewhat unsafe.
It may be possible to sort through the various --cap-add options to find the right one.
I think Fedora is a “supported distro” so in theory its “just” a matter of the devs loading it up and updating to the latest to reproduce this issue.
I also have the s6 issue where it loops forever (commonly caused by --dns 127.0.0.1 not being present) now.
Pretty sure it was the last OS update that caused these issues (however I only update this machine every couple of months).
BTW I gave up on the Gentoo Sakaki image and went over to the James A Chamber’s Ubuntu arm64 image on the RPi4B units - very happy with it.

Replying to my own reply:
I’ve have to abandon 4.3.2-1_aarch64. It loops forever and won’t startup lighttpd. Complete fail now with the latest update of Fedora 30.
4.3.1-4_aarch64 runs OK, but with the --priviledged noted above.
Hope this helps someone as we were down here for while.

for anyone interested in some details, this should be fixing the issue. by the way, none of the --add-cap capabilities help, not even --add-cap=ALL, you really have to stick with privileged mode for now.
EDIT: I'm using pihole on manjaro aarch64

The issue is related to privileged mode, check this article to find how to fix it: NoSoloHacking.info