From e232361b2d779dc42bd08fa4ffb436a8f2989a21 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 7 Jun 2024 19:02:43 +0200 Subject: [PATCH] Add CAP_SYS_TIME to FTL's ambient capabilities Signed-off-by: DL6ER --- advanced/Templates/pihole-FTL.service | 2 +- advanced/Templates/pihole-FTL.systemd | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/Templates/pihole-FTL.service b/advanced/Templates/pihole-FTL.service index 460339ae..009401fc 100644 --- a/advanced/Templates/pihole-FTL.service +++ b/advanced/Templates/pihole-FTL.service @@ -37,7 +37,7 @@ start() { # Run pre-start script, which pre-creates all expected files with correct permissions sh "${PI_HOLE_SCRIPT_DIR}/pihole-FTL-prestart.sh" - if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN+eip "/usr/bin/pihole-FTL"; then + if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN,CAP_SYS_TIME+eip "/usr/bin/pihole-FTL"; then su -s /bin/sh -c "/usr/bin/pihole-FTL" pihole else echo "Warning: Starting pihole-FTL as root because setting capabilities is not supported on this system" diff --git a/advanced/Templates/pihole-FTL.systemd b/advanced/Templates/pihole-FTL.systemd index 2a114199..0a3d270e 100644 --- a/advanced/Templates/pihole-FTL.systemd +++ b/advanced/Templates/pihole-FTL.systemd @@ -18,7 +18,7 @@ StartLimitIntervalSec=60s [Service] User=pihole PermissionsStartOnly=true -AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_NICE CAP_IPC_LOCK CAP_CHOWN +AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_NICE CAP_IPC_LOCK CAP_CHOWN CAP_SYS_TIME ExecStartPre=/opt/pihole/pihole-FTL-prestart.sh ExecStart=/usr/bin/pihole-FTL -f