mirror of
https://github.com/pi-hole/docker-pi-hole.git
synced 2024-07-01 13:40:54 +02:00
Merge pull request #1596 from pi-hole/new/ntp
Add CAP_SYS_TIME in the container if available
This commit is contained in:
commit
80c829965b
|
@ -251,6 +251,7 @@ The webserver and DNS service inside the container can be customized if necessar
|
|||
- `CAP_NET_ADMIN`: modify routing tables and other network-related operations (in particular inserting an entry in the neighbor table to answer DHCP requests using unicast packets)
|
||||
- `CAP_SYS_NICE`: FTL sets itself as an important process to get some more processing time if the latter is running low
|
||||
- `CAP_CHOWN`: we need to be able to change ownership of log files and databases in case FTL is started as a different user than `pihole`
|
||||
- `CAP_SYS_TIME`: FTL needs to be able to set the system time to update it using the Network Time Protocol (NTP) in the background
|
||||
|
||||
This image automatically grants those capabilities, if available, to the FTLDNS process, even when run as non-root.\
|
||||
By default, docker does not include the `NET_ADMIN` capability for non-privileged containers, and it is recommended to explicitly add it to the container using `--cap-add=NET_ADMIN`.\
|
||||
|
|
|
@ -112,6 +112,7 @@ fix_capabilities() {
|
|||
capsh --has-p=cap_net_raw 2>/dev/null && CAP_STR+=',CAP_NET_RAW'
|
||||
capsh --has-p=cap_net_admin 2>/dev/null && CAP_STR+=',CAP_NET_ADMIN' || DHCP_READY='false'
|
||||
capsh --has-p=cap_sys_nice 2>/dev/null && CAP_STR+=',CAP_SYS_NICE'
|
||||
capsh --has-p=cap_sys_time 2>/dev/null && CAP_STR+=',CAP_SYS_TIME'
|
||||
|
||||
if [[ ${CAP_STR} ]]; then
|
||||
# We have the (some of) the above caps available to us - apply them to pihole-FTL
|
||||
|
|
Loading…
Reference in New Issue
Block a user