Add CAP_SYS_TIME to FTL's ambient capabilities
Signed-off-by: DL6ER <dl6er@dl6er.de>
This commit is contained in:
parent
159be01e0e
commit
e232361b2d
|
@ -37,7 +37,7 @@ start() {
|
||||||
# Run pre-start script, which pre-creates all expected files with correct permissions
|
# Run pre-start script, which pre-creates all expected files with correct permissions
|
||||||
sh "${PI_HOLE_SCRIPT_DIR}/pihole-FTL-prestart.sh"
|
sh "${PI_HOLE_SCRIPT_DIR}/pihole-FTL-prestart.sh"
|
||||||
|
|
||||||
if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN+eip "/usr/bin/pihole-FTL"; then
|
if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN,CAP_SYS_TIME+eip "/usr/bin/pihole-FTL"; then
|
||||||
su -s /bin/sh -c "/usr/bin/pihole-FTL" pihole
|
su -s /bin/sh -c "/usr/bin/pihole-FTL" pihole
|
||||||
else
|
else
|
||||||
echo "Warning: Starting pihole-FTL as root because setting capabilities is not supported on this system"
|
echo "Warning: Starting pihole-FTL as root because setting capabilities is not supported on this system"
|
||||||
|
|
|
@ -18,7 +18,7 @@ StartLimitIntervalSec=60s
|
||||||
[Service]
|
[Service]
|
||||||
User=pihole
|
User=pihole
|
||||||
PermissionsStartOnly=true
|
PermissionsStartOnly=true
|
||||||
AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_NICE CAP_IPC_LOCK CAP_CHOWN
|
AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_NICE CAP_IPC_LOCK CAP_CHOWN CAP_SYS_TIME
|
||||||
|
|
||||||
ExecStartPre=/opt/pihole/pihole-FTL-prestart.sh
|
ExecStartPre=/opt/pihole/pihole-FTL-prestart.sh
|
||||||
ExecStart=/usr/bin/pihole-FTL -f
|
ExecStart=/usr/bin/pihole-FTL -f
|
||||||
|
|
Loading…
Reference in New Issue