From 066f891cc105f1965f3220c01d4b3d9e2a84a665 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Fri, 13 Aug 2021 21:51:01 -0700 Subject: [PATCH 1/3] Dependabot manage GHA versions. Signed-off-by: Dan Schaper --- .github/dependabot.yml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..6fddca0 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,7 @@ +version: 2 +updates: + # Maintain dependencies for GitHub Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" From 22ce49a12383c6f2924a4f68e669bba80919da74 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 1 Sep 2021 16:47:17 +0100 Subject: [PATCH 2/3] Update nightly-build beta-v5.9.yml --- .github/workflows/nightly-build beta-v5.9.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nightly-build beta-v5.9.yml b/.github/workflows/nightly-build beta-v5.9.yml index 6e48f18..1db3667 100644 --- a/.github/workflows/nightly-build beta-v5.9.yml +++ b/.github/workflows/nightly-build beta-v5.9.yml @@ -1,4 +1,4 @@ -name: Build & Deploy Nightly images +name: Build & Deploy Nightly Beta 5.9 images on: schedule: - cron: '0 1 * * *' From ec3b4609bc80174280d551b09519ce5ae8374a8d Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 6 Sep 2021 22:33:09 +0200 Subject: [PATCH 3/3] Add CAP_SYS_NICE, CAP_IPC_LOCK, CAP_CHOWN capabilites recommendation Signed-off-by: DL6ER --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 954b781..2dc5005 100644 --- a/README.md +++ b/README.md @@ -277,6 +277,9 @@ DNSMasq / [FTLDNS](https://docs.pi-hole.net/ftldns/in-depth/#linux-capabilities) - `CAP_NET_BIND_SERVICE`: Allows FTLDNS binding to TCP/UDP sockets below 1024 (specifically DNS service on port 53) - `CAP_NET_RAW`: use raw and packet sockets (needed for handling DHCPv6 requests, and verifying that an IP is not in use before leasing it) - `CAP_NET_ADMIN`: modify routing tables and other network-related operations (in particular inserting an entry in the neighbor table to answer DHCP requests using unicast packets) +- `CAP_SYS_NICE`: FTL sets itself as an important process to get some more processing time if the latter is running low +- `CAP_IPC_LOCK`: it gives FTL the ability to lock a region of virtual memory into physical RAM +- `CAP_CHOWN`: we need to be able to change ownership of log files and databases in case FTL is started as a different user than `pihole` This image automatically grants those capabilities, if available, to the FTLDNS process, even when run as non-root.\ By default, docker does not include the `NET_ADMIN` capability for non-privileged containers, and it is recommended to explicitly add it to the container using `--cap-add=NET_ADMIN`.\