It's showing that dnsmasq isn't running - confirmed with systemctl status dnsmasq
So I start the service and try to access the webpage
I get a page with the words - Lost connection to API in the 4 boxes up the top and FTL offline in the status box.
The FTL service is running, so I restarted it.
Showing the status of the FTL service gives me the following:
I note the line - Oct 08 00:13:19 dnsfilter pihole-FTL[5317]: dnsmasq: failed to create listening socket for port 53: Permission denied
I'm running it in a lxc container and it's been working fine up to this update.
root@dnsfilter:~# netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471'
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
I have now stopped the dnsmasq service and restarted FTL, but still getting the same error when looking at the status of FTL
Oct 08 10:08:54 dnsfilter pihole-FTL[7716]: dnsmasq: failed to create listening socket for port 53: Permission denied
After a bit more investigation, it was found the user pihole does not have enough privileges to start FTL.
The command: setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN+eip /usr/bin/pihole-FTL
Gave an error:
Failed to set capabilities on file `/usr/bin/pihole-FTL' (Invalid argument)
The value of the capability argument is not permitted for a file. Or the file is not a regular (non-symlink) file
It may be because it's within a LXC container, but changing the /etc/init.d/pihole-FTL file from
su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER"
to
/usr/bin/pihole-FTL
looks to have resolved it.
Is there a fallback to using the setcap command for containers that could be setup? I know it was designed for Pi's, but many of us are running this on normal servers since it's so good.
Your environment might not support Linux capabilities, so the recommended fix is to remove the setcap line and run Pi-hole as root (you did this second part with your changes).