Pi-hole runs on podman


I managed to get pi-hole running in podman today. I don't think it will work with podman less than version 2.0.0 and podman-compose less than 0.1.7dev. This is way I'm using today:

$ podman-compose version
using podman version: podman version 2.0.0
podman-composer version  0.1.7dev
podman --version
podman version 2.0.0

$ uname -rsvm
Linux 5.7.2-2-ARCH #1 SMP Tue Jun 16 12:48:51 UTC 2020 aarch64

The lighttpd fails to start with the example docker-compose.yml file on the docker hub page for pihole

sudo: getrlimit: Operation not permitted
[...skip ahead...]
2020-06-21 19:30:49: (server.c.970) couldn't get 'max filedescriptors' Operation not permitted 
Stopping lighttpd

Adding privileged: true to the docker-compose.yml appears to be one way to get lighttpd to start. This issue was reported by docker users so it does not appear to be specific to podman.

I think that there should be a way to make it work with fewer added capabilities than the set which is added when --privileged is used but I have not figured out which one are needed. I tried adding just --cap-add SYS_RESOURCE but that wasn't enough.

Does anyone have the minimum set of capabilities required to get the container to start?