Buster + very old PH version v5.3.1 still using init.d:
pi@ph5a:~ $ getpcaps $(pidof -s pihole-FTL)
cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_nice+ep
After updating and now using the /etc/systemd unit instead:
pi@ph5a:~ $ getpcaps $(pidof -s pihole-FTL)
cap_chown,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_sys_nice+eip
Bullseye + not so old PH version v5.12.2 still using init.d:
pi@ph5b:~ $ getpcaps $(pidof -s pihole-FTL)
cap_chown,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_sys_nice=ep
And below is yours for Buster that we modified to use init.d:
root@Pi-Hole:~# getpcaps $(pidof -s pihole-FTL)
cap_chown,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_sys_nice+ep
I havent figured out what those eip flags at the end mean and if they matter... yet:
pi@ph5a:~ $ man getpcaps
[..]
Each clause consists of a list of comma-separated capability names
(or the word `all'), followed by an action-list. An action-list
consists of a sequence of operator flag pairs. Legal operators
are: `=', '+', and `-'. Legal flags are: `e', `i', and `p'.
These flags are case-sensitive and specify the Effective,
Inheritable and Permitted sets respectively.