PiHole-FTL Lost Connection to API

Wow, I feel stupid. I had

proc /proc proc defaults,hidepid=2 0 0

in /etc/fstab to prevent users from seeing other users' processes. Removed it, and everything is working again.

Okay, this very special kind of strange behavior is of course something that our code cannot be hardened against, properly. Glad you sorted it out!

I have encountered the exact same issue while doing some general hardening on my PiHole. In /etc/fstab I amended this line for proc:

proc            /proc           proc    defaults,hidepid=2       0       0

After a reboot this stops 'pi', or any other users, from seeing processes they don't own just fine (good!).

All of the services are running just fine (lighttpd + dnsmasq + pihole-FTL), confirmed with "sudo service x status", but I get "lost connection to API" and "FTL Offline" in the web interface (which I access only with SSH tunnel).

Pi-Hole v3.3
AdminLTW v3.3
FTL v3.0

Running on Raspbian 9.3 stretch.

I then tried this config:

proc            /proc           proc    defaults,hidepid=1,gid=33       0       0

And everything works just fine now - 33 is the gid of the www-data user.

Info:

Would still like to use "proc /proc proc defaults,hidepid=2 0 0".

I've got some digging to do in the php code, I can't think why there would be a dependency on the php web server needing to see the pihole-FTL process (I guess it has to just be for sanity checking).

edit: Found it AdminLTE/header.php at 31dddd8a06064617c301894a470121a7262f45b4 · pi-hole/AdminLTE · GitHub

This section:

function pidofFTL()
{
return shell_exec("pidof pihole-FTL");
}
$FTLpid = intval(pidofFTL());
$FTL = ($FTLpid !== 0 ? true : false);

In these files:
scripts/pi-hole/php/FTL.php
scripts/pi-hole/php/header.php

If you replace:
shell_exec("pidof pihole-FTL");

with this:
shell_exec("cat /var/run/pihole-FTL.pid");

Then everything seems to work fine with all processes hidden. I will continue to test.

We might want to do this, yes. Did you find anything unusual?

However,

file_get_contents("/var/run/pihole-FTL.pid");

seems better than

shell_exec("cat /var/run/pihole-FTL.pid");

You are absolutely right, this did occur to me about an hour later haha. The less shell_exec the better imho.

function pidofFTL()
{
    return file_get_contents("/var/run/pihole-FTL.pid");
}

Nothing unusual to report so far, will leave it sit for a couple of days.