Sed: couldn't open temporary file /etc/pihole/sed***

Help docker
1

Hi all -

I have a working pihole implementation in docker on Mac, but every time the container restarts or gravity is updated, I receive a dozen or so permission denied errors for temporary files with the path in the subject line. I didn't realize this was going on for some time and found I had 50k or so of these temporary empty files that I had to delete manually.

Here is my debug token.

Here is an example of the files created and the permissions that pihole is setting when creating them.
All of the files below were created by pihole, but the ones starting with sed* are set with permissions that cannot be opened (or I'm guessing deleted) by pihole.

----------    1 jason  staff     0B Sep 24 10:51 sedzZvoL2
----------    1 jason  staff     0B Sep 24 10:51 sedzkX1br
----------    1 jason  staff     0B Sep 24 10:59 sedzlewDu
----------    1 jason  staff     0B Sep 24 10:51 sedzwKwnZ
-rw-r--r--@   1 jason  staff   274B Sep 24 10:59 setupVars.conf

Lastly, here are the errors I see in the live logs:

09/24/2023 10:59:57 AM
sed: couldn't open temporary file /etc/pihole/sedXgYw8T: Permission denied
09/24/2023 10:59:57 AM
sed: couldn't open temporary file /etc/pihole/sedUDFPk6: Permission denied
09/24/2023 10:59:57 AM
sed: couldn't open temporary file /etc/pihole/sedGMq4Mk: Permission denied
09/24/2023 10:59:57 AM
sed: couldn't open temporary file /etc/pihole/sedxq2nRB: Permission denied
09/24/2023 10:59:57 AM
sed: couldn't open temporary file /etc/pihole/sed3FmY4N: Permission denied

The one effect I can observe that this this has on my implementation is that my pihole will not work upon reboot until I manually go into DNS settings and save the page without making any changes. This results in a handful of additional sed files being created, but also makes name resolution work for the pihole.

PS: there's a related thread here, but in this case the files were being created in the dnsmasq.d folder, which is not the case for me. I tried the solution there which was to start with a new volume mount in a different filesystem location and the errors still occurred.

PPS: I tried changing dnsmasq_user in my environment variables from pihole to root to see if it made a difference and it does not.

Thanks for reviewing!

2

Are you using a volume (actually a bind mount) for /etc/pihole?

3

Thank you very much for replying @rdwebdesign.

Yes, these are my bind mounts. Please let me know what you think the problem is. The permissions of the files I showed in the original post are inside of the /etc/pihole bind mount where pihole creates some files with correct permissions and the others (the sed*** files) with no permissions.

       - '/Users/jason/pihole/etc:/etc/pihole/'
       - '/Users/jason/pihole/etc/hosts:/etc/hosts'
       - '/Users/jason/pihole/dnsmasq.d/03-custom-dns.conf:/etc/dnsmasq.d/03-custom-dns.conf'

the 03-custom-dns contains a wildcard domain entry for my site:

address=/example.com/192.168.2.197
dns-forward-max=1024
4

I'm not a Docker or sed expert, but I tried to find what is the issue.
Maybe someone with more knowledge on these fields could correct me if I'm wrong.

Apparently there is a problem between sed 4.7 and the filesystem used by Docker Desktop (MacOS and Windows).

Pi-hole image uses sed 4.7 (from Debian Bullseye).
Some sed versions (>= 4.2.1 and < 4.8) have a problem with temporary files permissions in some filesystems.

You are using a bind mount to your MacOS filesystem (I think Docker Desktop uses overlay2 storage driver in this case), causing the sed problem.

There is no permission issue on the files, but in some cases sed is creating temporary files with invalid permissions.

The issue was fixed in sed 4.8 Bug fixes (details), but older versions won't be able to handle temporary files.

I think the solution here is to use a named docker volume.

3 Likes
5

This solved it @rdwebdesign , thank you again for so quickly responding and pointing me in the right direction!

1 Like