Merge branch 'master' into dev
This commit is contained in:
commit
0cceed3c83
|
@ -0,0 +1,7 @@
|
|||
version: 2
|
||||
updates:
|
||||
# Maintain dependencies for GitHub Actions
|
||||
- package-ecosystem: "github-actions"
|
||||
directory: "/"
|
||||
schedule:
|
||||
interval: "weekly"
|
|
@ -1,4 +1,4 @@
|
|||
name: Build & Deploy Nightly images
|
||||
name: Build & Deploy Nightly Beta 5.9 images
|
||||
on:
|
||||
schedule:
|
||||
- cron: '0 1 * * *'
|
||||
|
|
|
@ -277,6 +277,9 @@ DNSMasq / [FTLDNS](https://docs.pi-hole.net/ftldns/in-depth/#linux-capabilities)
|
|||
- `CAP_NET_BIND_SERVICE`: Allows FTLDNS binding to TCP/UDP sockets below 1024 (specifically DNS service on port 53)
|
||||
- `CAP_NET_RAW`: use raw and packet sockets (needed for handling DHCPv6 requests, and verifying that an IP is not in use before leasing it)
|
||||
- `CAP_NET_ADMIN`: modify routing tables and other network-related operations (in particular inserting an entry in the neighbor table to answer DHCP requests using unicast packets)
|
||||
- `CAP_SYS_NICE`: FTL sets itself as an important process to get some more processing time if the latter is running low
|
||||
- `CAP_IPC_LOCK`: it gives FTL the ability to lock a region of virtual memory into physical RAM
|
||||
- `CAP_CHOWN`: we need to be able to change ownership of log files and databases in case FTL is started as a different user than `pihole`
|
||||
|
||||
This image automatically grants those capabilities, if available, to the FTLDNS process, even when run as non-root.\
|
||||
By default, docker does not include the `NET_ADMIN` capability for non-privileged containers, and it is recommended to explicitly add it to the container using `--cap-add=NET_ADMIN`.\
|
||||
|
|
Loading…
Reference in New Issue