V5.0 Docker, Whitelist domain, writing to readonly database

Running the most recent official V5.0 docker container.
When i try to add domains to the WhiteList, I get the below error.
I tried to chmod/chown the gravity.db and 777 on dirs/.db didn't solve the readonly error.
Still have 100gb free on my disk, so its no diskspace issue.
Tried a "pihole -r" and also "pihole -g -r" and a complety new config.
removed the gravity.db file, nothing seems to help/fix this.

Through Portainer here some commands and there output;

root@pihole:/# ls -all /etc/pihole/
total 9880
drwxrwxr-x+ 3 pihole pihole    4096 May 12 14:32 .
drwxrwxr-x  1 root   root      4096 May 12 13:41 ..
-rw-r--r--+ 1 root   root        14 May 12 13:41 GitHubVersions
-rw-r--r--+ 1 root   root       596 May 12 13:41 dns-servers.conf
-rw-rw-r--+ 1 pihole pihole 5087232 May 12 14:02 gravity.db
-rw-r--r--+ 1 root   root      1026 May 12 13:41 install.log
-rw-r--r--+ 1 root   root   1100893 May 12 14:02 list.0.raw.githubusercontent.com.domains
-rw-r--r--+ 1 root   root    594672 May 12 13:41 list.1.mirror1.malwaredomains.com.domains
-rw-r--r--+ 1 root   root       521 May 12 13:41 list.2.s3.amazonaws.com.domains
-rw-r--r--+ 1 root   root     43529 May 12 13:41 list.3.s3.amazonaws.com.domains
-rw-r--r--+ 1 root   root        31 May 12 14:02 local.list
-rw-r--r--+ 1 root   root        20 May 12 14:30 localbranches
-rw-r--r--+ 1 root   root        37 May 12 14:30 localversions
-rw-r--r--+ 1 root   root       234 May 12 13:41 logrotate
drwxrwxr-x+ 2 root   root      4096 May 12 14:02 migration_backup
-rw-r--r--+ 1 pihole pihole      15 May 12 13:41 pihole-FTL.conf
-rw-r--r--+ 1 root   root   3219456 May 12 14:32 pihole-FTL.db
-rw-r--r--+ 1 root   root       582 May 12 13:41 setupVars.conf
-rw-r--r--+ 1 root   root       582 May 12 13:41 setupVars.conf.update.bak

root@pihole:/# groups pihole
pihole : pihole www-data

root@pihole:/#  ls -lh /etc | grep pihole
drwxr-xr-x  1 pihole root   4.0K May 12 13:41 lighttpd
drwxrwxr-x+ 3 pihole pihole 4.0K May 12 14:35 pihole

root@pihole:/# ls -lh /etc/pihole/gravity.db
-rw-rw-r--+ 1 pihole pihole 4.9M May 12 14:02 /etc/pihole/gravity.db

Hope somebody is able to help me with this.

Problem with Beta 5.0:

Docker_compose.yaml for PiHole_V5:

  pihole_v5:
    container_name: pihole_v5
    hostname: pihole
    privileged: true
    image: pihole/pihole:v5.0
    networks:
      - xxx
    ports:
      - '53:53/tcp'
      - '53:53/udp'
      - '80XX:80/tcp'
    restart: unless-stopped
    volumes:
      - ${DOCKERDIR}/pihole_v5/pihole:/etc/pihole
      - ${DOCKERDIR}/pihole_v5/dnsmasq.d:/etc/dnsmasq.d
    cap_add:
      - NET_ADMIN
    environment:
      - PROXY_LOCATION=pihole
      - TZ=${TZ}
      - WEBPASSWORD=${PIHOLE_WEBPASSWORD}
      - DNS1=127.0.0.1
      - DNS2=1.1.1.1

Debug Token:
https://tricorder.pi-hole.net/5nu67ja7o0

pihole-FTL.db should not be owned by root.

How to fix that? pihole -r inside the docker container?

  [✓] DNS service is running
  [✓] Pi-hole blocking is Enabled

  [i] The install log is located at: /etc/pihole/install.log
Update Complete!

  Current Pi-hole version is v5.0.
  Current AdminLTE version is v5.0.
  Current FTL version is v5.0.
root@pihole:/etc/pihole# ls -all /etc/pihole/*.db
-rw-rw-r--+ 1 pihole pihole  5087232 May 12 19:16 /etc/pihole/gravity.db
-rw-r--r--+ 1 root   root   10285056 May 12 19:16 /etc/pihole/pihole-FTL.db

Above should work?

You didn't change the ownership of the file.

No i didn't because it already was owned by root? Or do I miss something?

Yes, please carefully read what I have written.

ooo shoot, it shout NOT be owned by root...

So to fix it all I tried a clean pull from docker hub after removing the container/images/volumes/local stuff/etc.

root@pihole:/# ls -all /etc/pihole/
total 6828
drwxrwxr-x+ 3 pihole pihole    4096 May 12 19:45 .
drwxrwxr-x  1 root   root      4096 May 12 19:41 ..
-rw-r--r--+ 1 root   root        14 May 12 19:42 GitHubVersions
-rw-r--r--+ 1 root   root       596 May 12 19:41 dns-servers.conf
-rw-rw-r--+ 1 pihole pihole 5087232 May 12 19:42 gravity.db
-rw-r--r--+ 1 root   root   1100893 May 12 19:41 list.0.raw.githubusercontent.com.domains
-rw-r--r--+ 1 root   root    594672 May 12 19:42 list.1.mirror1.malwaredomains.com.domains
-rw-r--r--+ 1 root   root       521 May 12 19:42 list.2.s3.amazonaws.com.domains
-rw-r--r--+ 1 root   root     43529 May 12 19:42 list.3.s3.amazonaws.com.domains
-rw-r--r--+ 1 root   root        31 May 12 19:42 local.list
-rw-r--r--+ 1 root   root        13 May 12 19:41 localbranches
-rw-r--r--+ 1 root   root        20 May 12 19:41 localversions
drwxrwxr-x+ 2 root   root      4096 May 12 19:41 migration_backup
-rw-r--r--  1 pihole pihole       0 May 12 19:41 pihole-FTL.conf
-rw-r--r--+ 1 root   root    110592 May 12 19:45 pihole-FTL.db
-rw-rw-r--+ 1 root   root       445 May 12 19:42 setupVars.conf
-rw-rw-r--+ 1 root   root         0 May 12 19:41 setupVars.conf.update.bak

Looks like a docker image "bug", which creates the piHole-FTL.db as root owned?

Then I tried to chown the pihole-FTL.db to "pihole:pihole":

total 6848
drwxrwxr-x+ 3 pihole pihole    4096 May 12 19:46 .
drwxrwxr-x  1 root   root      4096 May 12 19:41 ..
-rw-r--r--+ 1 root   root        14 May 12 19:42 GitHubVersions
-rw-r--r--+ 1 root   root       596 May 12 19:41 dns-servers.conf
-rw-rw-r--+ 1 pihole pihole 5087232 May 12 19:42 gravity.db
-rw-r--r--+ 1 root   root   1100893 May 12 19:41 list.0.raw.githubusercontent.com.domains
-rw-r--r--+ 1 root   root    594672 May 12 19:42 list.1.mirror1.malwaredomains.com.domains
-rw-r--r--+ 1 root   root       521 May 12 19:42 list.2.s3.amazonaws.com.domains
-rw-r--r--+ 1 root   root     43529 May 12 19:42 list.3.s3.amazonaws.com.domains
-rw-r--r--+ 1 root   root        31 May 12 19:42 local.list
-rw-r--r--+ 1 root   root        13 May 12 19:41 localbranches
-rw-r--r--+ 1 root   root        20 May 12 19:41 localversions
drwxrwxr-x+ 2 root   root      4096 May 12 19:41 migration_backup
-rw-r--r--  1 pihole pihole       0 May 12 19:41 pihole-FTL.conf
-rw-r--r--+ 1 pihole pihole  131072 May 12 19:46 pihole-FTL.db
-rw-rw-r--+ 1 root   root       445 May 12 19:42 setupVars.conf
-rw-rw-r--+ 1 root   root         0 May 12 19:41 setupVars.conf.update.bak

Restarted the docker container and still get the same attempt to write to a readonly database message.

When I restart the docker container after the chown, it flips back from pihole:pihole to root:root

In the docker container, I believe the db is owned by root, but that shouldn't cause any issues as I think pihole-FTL is run as root in there, too.

Anyway, the error is coming from attempting to write to gravity.db. I've seen this before, but I can't remember what the resolution was. However, I'm not seeing this in my container so...

Can you try deleting gravity.db (or move it somewhere else in case you want to keep a backup) and allow pi-hole to create a new gravity.db to see if that moves things along? Basically, once you have (re)moved gravity.db a pihole -g or pihole -g -r should create a new one.

Ok, remove gravity.db and did pihole -r -g and a ticked the option to totally reconfigure;
[i] The install log is located at: /etc/pihole/install.log
Installation Complete!

root@pihole:/etc/pihole# ls -all
total 7892
drwxrwxr-x+ 3 pihole pihole    4096 May 12 20:34 .
drwxrwxr-x  1 root   root      4096 May 12 20:34 ..
-rw-r--r--+ 1 root   root        14 May 12 20:34 GitHubVersions
-rw-rw-r--+ 1 root   root       242 May 12 19:49 adlists.list.old
-rw-r--r--+ 1 root   root       596 May 12 20:34 dns-servers.conf
-rw-rw-r--+ 1 pihole pihole 5087232 May 12 20:34 gravity.db
-rw-r--r--+ 1 root   root      1026 May 12 20:34 install.log
-rw-r--r--+ 1 root   root   1100893 May 12 20:34 list.0.raw.githubusercontent.com.domains
-rw-r--r--+ 1 root   root    594672 May 12 20:34 list.1.mirror1.malwaredomains.com.domains
-rw-r--r--+ 1 root   root       521 May 12 20:34 list.2.s3.amazonaws.com.domains
-rw-r--r--+ 1 root   root     43529 May 12 20:34 list.3.s3.amazonaws.com.domains
-rw-r--r--+ 1 root   root        43 May 12 20:34 local.list
-rw-r--r--+ 1 root   root        20 May 12 20:34 localbranches
-rw-r--r--+ 1 root   root        37 May 12 20:34 localversions
-rw-r--r--+ 1 root   root       234 May 12 20:34 logrotate
drwxrwxr-x+ 2 root   root      4096 May 12 20:34 migration_backup
-rw-r--r--+ 1 pihole pihole      15 May 12 20:34 pihole-FTL.conf
-rw-rw-rw-+ 1 root   root   1179648 May 12 20:34 pihole-FTL.db
-rw-r--r--+ 1 root   root       456 May 12 20:34 setupVars.conf
-rw-rw-r--+ 1 root   root       445 May 12 19:56 setupVars.conf.update.bak
root@pihole:/etc/pihole#

now my container won't start, it keeps saying "starting" and the logging shows;

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 01-resolver-resolv: applying... 
[fix-attrs.d] 01-resolver-resolv: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 20-start.sh: executing... 
/root/ph_install.sh: line 48: setupVars: readonly variable
[cont-init.d] 20-start.sh: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

no idea whats happening.... again i see something about a readonly error...

Please try the following. On success, these commands should return nothing.

sudo -u pihole sqlite3 /etc/pihole/gravity.db "INSERT INTO domainlist (domain) VALUES ('test.domain1');"
sudo -u www-data sqlite3 /etc/pihole/gravity.db "INSERT INTO domainlist (domain) VALUES ('test.domain2');"

Slight difference in commands there

I note from your compose file that you have the above line. This is not something I have on mine.

Maybe time to start from scratch with a new container/volume without said line in the compose file...

First command runs without output to the command line.
The second command return a read-only error.

just removed all v5 related from docker and the host, removed the "privileged: true" from docker_compose and did a clean docker pull.
After the pull I tried to add a domain to the whitelist, still getting the error;
https://tricorder.pi-hole.net/cufdubt8kd
I see a readonly error in the log.

On this clean install I ran the 2 sql commands;

root@pihole:/# sudo -u pihole sqlite3 /etc/pihole/gravity.db "INSERT INTO domainlist (domain) VALUES ('test.domain1');"
root@pihole:/# sudo -u www-data sqlite3 /etc/pihole/gravity.db "INSERT INTO domainlist (domain) VALUES ('test.domain2');"
Error: attempt to write a readonly database
root@pihole:/#

here's a log from after the 2 sql commands;
https://tricorder.pi-hole.net/ju0h27d9hj

I see only 1 whitelist test domain in the debug log, despite the 2 commands.
So the readonly error is really preventing it to write to the database.

Looks like gravity.db is now created with owner pihole;

root@pihole:/etc/pihole# ls -all
total 7088
drwxrwxr-x+ 3 pihole pihole    4096 May 13 07:27 .
drwxrwxr-x  1 root   root      4096 May 13 07:18 ..
-rw-r--r--+ 1 root   root        14 May 13 07:19 GitHubVersions
-rw-r--r--+ 1 root   root       596 May 13 07:18 dns-servers.conf
-rw-rw-r--+ 1 pihole pihole 5189632 May 13 07:23 gravity.db
-rw-r--r--+ 1 root   root   1136412 May 13 07:18 list.0.raw.githubusercontent.com.domains
-rw-r--r--+ 1 root   root    594672 May 13 07:18 list.1.mirror1.malwaredomains.com.domains
-rw-r--r--+ 1 root   root       521 May 13 07:18 list.2.s3.amazonaws.com.domains
-rw-r--r--+ 1 root   root     43529 May 13 07:18 list.3.s3.amazonaws.com.domains
-rw-r--r--+ 1 root   root        31 May 13 07:18 local.list
-rw-r--r--+ 1 root   root        20 May 13 07:20 localbranches
-rw-r--r--+ 1 root   root        37 May 13 07:20 localversions
drwxrwxr-x+ 2 root   root      4096 May 13 07:18 migration_backup
-rw-r--r--  1 pihole pihole       0 May 13 07:18 pihole-FTL.conf
-rw-r--r--+ 1 root   root    237568 May 13 07:27 pihole-FTL.db
-rw-rw-r--+ 1 root   root       445 May 13 07:18 setupVars.conf
-rw-rw-r--+ 1 root   root         0 May 13 07:18 setupVars.conf.update.bak

So the privileged line is probably the cause of the root ownerships.
But even though the default ownership is fixed, I still get the readonly errors.

Last thing i did is run "pihole -g -r" and restart the container. Then I tried to add something to the whitelist, still getting the error and here's a log again;
https://tricorder.pi-hole.net/l6e5z9yz2p

I now see a bunch of readonly errors in the log.

If there's something I can do, let me know!

Try again after running

sudo usermod -aG pihole www-data

Ran the usermod command inside the docker container, tried the sqlite command, here's the result;

root@pihole:/etc/pihole# sudo usermod -aG pihole www-data
root@pihole:/etc/pihole# sudo -u www-data sqlite3 /etc/pihole/gravity.db "INSERT INTO domainlist (domain) VALUES ('test.domain2');"
Error: attempt to write a readonly database
root@pihole:/etc/pihole# sudo -u pihole sqlite3 /etc/pihole/gravity.db "INSERT INTO domainlist (domain) VALUES ('test.domain1');"
Error: UNIQUE constraint failed: domainlist.domain
root@pihole:/etc/pihole#

again seeing the php errors;

-rw-r--r-- 1 www-data www-data 277 May 13 18:46 /var/log/lighttpd/error.log
   2020-05-13 20:45:14: (log.c.217) server started 
   2020-05-13 20:46:13: (mod_fastcgi.c.2543) FastCGI-stderr: PHP Warning:  SQLite3Stmt::execute(): Unable to execute statement: attempt to write a readonly database in /var/www/html/admin/scripts/pi-hole/php/groups.php on line 507

[✓] Your debug token is: https://tricorder.pi-hole.net/rp48kg7wti