PiHole Broken after docker update to 20.10.14

[whizzzkid]

Versions

• Pi-hole: v5.9 (pihole/pihole:latest)
• AdminLTE: v5.11 (pihole/pihole:latest)
• FTL: v5.14 (pihole/pihole:latest)

Platform

• OS and version: Debin Buster
• Platform: Docker:20.10.14

Expected behavior

Pihole service should start.

Actual behavior / bug

Startup script fails with:

Starting pihole-FTL (no-daemon) as pihole
pihole-FTL: No process found
Stopping pihole-FTL

Steps to reproduce

Run pihole using docker-compose using: https://github.com/whizzzkid/home-infrastructure/blob/main/docker-compose.yaml#L158

Debug Token

I couldn't capture the debug as the image crashed

Screenshots

If applicable, add screenshots to help explain your problem.

Additional context

At first I thought it was a bad pihole update, but turns out it's a breaking docker-ce update, downgrading to docker-ce=5:20.10.13~3-0~debian-buster fixed the issue.
The problem looks similar to:

• pihole-FTL: No process found pi-hole#1809
• https://discourse.pi-hole.net/t/pi-hole-wont-start-after-docker-update/44454

[jbaldzer]

Hi,
I can confirm this behaviour. This happened also after an update of docker to version 20.10.14
Error message:
FATAL ERROR in dnsmasq core: failed to create listening socket for port 53: Permission denied

Environment
Docker version 20.10.14, build a224086
Pi-hole:
Docker Tag [2022.02.1]
Pi-hole [v5.9]
FTL [v5.14]

Log output

[2022-03-24 07:32:48.711 3975M] Using log file /var/log/pihole-FTL.log
[2022-03-24 07:32:48.711 3975M] ########## FTL started on c53f40441296! ##########
[2022-03-24 07:32:48.711 3975M] FTL branch: master
[2022-03-24 07:32:48.711 3975M] FTL version: v5.14
[2022-03-24 07:32:48.711 3975M] FTL commit: 52e6b95
[2022-03-24 07:32:48.711 3975M] FTL date: 2022-02-12 19:58:34 +0000
[2022-03-24 07:32:48.711 3975M] FTL user: pihole
[2022-03-24 07:32:48.711 3975M] Compiled for x86_64 (compiled on CI) using gcc (Debian 6.3.0-18+deb9u1) 6.3.0 20170516
[2022-03-24 07:32:48.712 3975M] Creating mutex
[2022-03-24 07:32:48.712 3975M] Creating mutex
[2022-03-24 07:32:48.713 3975M] Starting config file parsing (/etc/pihole/pihole-FTL.conf)
[2022-03-24 07:32:48.713 3975M]    SOCKET_LISTENING: only local
[2022-03-24 07:32:48.714 3975M]    AAAA_QUERY_ANALYSIS: Show AAAA queries
[2022-03-24 07:32:48.714 3975M]    MAXDBDAYS: max age for stored queries is 365 days
[2022-03-24 07:32:48.714 3975M]    RESOLVE_IPV6: Resolve IPv6 addresses
[2022-03-24 07:32:48.714 3975M]    RESOLVE_IPV4: Resolve IPv4 addresses
[2022-03-24 07:32:48.714 3975M]    DBINTERVAL: saving to DB file every minute
[2022-03-24 07:32:48.714 3975M]    DBFILE: Using /etc/pihole/pihole-FTL.db
[2022-03-24 07:32:48.714 3975M]    MAXLOGAGE: Importing up to 24.0 hours of log data
[2022-03-24 07:32:48.714 3975M]    PRIVACYLEVEL: Set to 0
[2022-03-24 07:32:48.714 3975M]    IGNORE_LOCALHOST: Show queries from localhost
[2022-03-24 07:32:48.714 3975M]    BLOCKINGMODE: Null IPs for blocked domains
[2022-03-24 07:32:48.715 3975M]    ANALYZE_ONLY_A_AND_AAAA: Disabled. Analyzing all queries
[2022-03-24 07:32:48.715 3975M]    DBIMPORT: Importing history from database
[2022-03-24 07:32:48.715 3975M]    PIDFILE: Using /run/pihole-FTL.pid
[2022-03-24 07:32:48.715 3975M]    PORTFILE: Using /run/pihole-FTL.port
[2022-03-24 07:32:48.715 3975M]    SOCKETFILE: Using /run/pihole/FTL.sock
[2022-03-24 07:32:48.715 3975M]    SETUPVARSFILE: Using /etc/pihole/setupVars.conf
[2022-03-24 07:32:48.715 3975M]    MACVENDORDB: Using /etc/pihole/macvendor.db
[2022-03-24 07:32:48.715 3975M]    GRAVITYDB: Using /etc/pihole/gravity.db
[2022-03-24 07:32:48.715 3975M]    PARSE_ARP_CACHE: Active
[2022-03-24 07:32:48.716 3975M]    CNAME_DEEP_INSPECT: Active
[2022-03-24 07:32:48.716 3975M]    DELAY_STARTUP: No delay requested.
[2022-03-24 07:32:48.716 3975M]    BLOCK_ESNI: Enabled, blocking _esni.{blocked domain}
[2022-03-24 07:32:48.716 3975M]    NICE: Cannot change niceness to -10 (permission denied)
[2022-03-24 07:32:48.716 3975M]    MAXNETAGE: Removing IP addresses and host names from network table after 365 days
[2022-03-24 07:32:48.716 3975M]    NAMES_FROM_NETDB: Enabled, trying to get names from network database
[2022-03-24 07:32:48.716 3975M]    EDNS0_ECS: Overwrite client from ECS information
[2022-03-24 07:32:48.716 3975M]    REFRESH_HOSTNAMES: Periodically refreshing IPv4 names
[2022-03-24 07:32:48.716 3975M]    RATE_LIMIT: Rate-limiting client making more than 1000 queries in 60 seconds
[2022-03-24 07:32:48.716 3975M]    LOCAL_IPV4: Automatic interface-dependent detection of address
[2022-03-24 07:32:48.716 3975M]    LOCAL_IPV6: Automatic interface-dependent detection of address
[2022-03-24 07:32:48.717 3975M]    BLOCK_IPV4: Automatic interface-dependent detection of address
[2022-03-24 07:32:48.717 3975M]    BLOCK_IPV6: Automatic interface-dependent detection of address
[2022-03-24 07:32:48.717 3975M]    REPLY_ADDR4: Using IPv4 address 192.168.178.105 instead of automatically determined IP address
[2022-03-24 07:32:48.717 3975M]    SHOW_DNSSEC: Enabled, showing automatically generated DNSSEC queries
[2022-03-24 07:32:48.717 3975M]    MOZILLA_CANARY: Enabled
[2022-03-24 07:32:48.717 3975M]    PIHOLE_PTR: internal PTR generation enabled (pi.hole)
[2022-03-24 07:32:48.717 3975M]    ADDR2LINE: Enabled
[2022-03-24 07:32:48.717 3975M]    REPLY_WHEN_BUSY: Permit queries when the database is busy
[2022-03-24 07:32:48.717 3975M]    BLOCK_TTL: 2 seconds
[2022-03-24 07:32:48.717 3975M]    BLOCK_ICLOUD_PR: Enabled
[2022-03-24 07:32:48.717 3975M]    CHECK_LOAD: Enabled
[2022-03-24 07:32:48.718 3975M]    CHECK_SHMEM: Warning if shared-memory usage exceeds 90%
[2022-03-24 07:32:48.718 3975M]    CHECK_DISK: Warning if certain disk usage exceeds 90%
[2022-03-24 07:32:48.718 3975M] Finished config file parsing
[2022-03-24 07:32:48.720 3975M] Database version is 12
[2022-03-24 07:32:48.720 3975M] Resizing "FTL-strings" from 40960 to (81920 * 1) == 81920 (/dev/shm: 688.1KB used, 67.1MB total, FTL uses 676.2KB)
[2022-03-24 07:32:48.721 3975M] Imported 0 alias-clients
[2022-03-24 07:32:48.721 3975M] Database successfully initialized
[2022-03-24 07:32:48.729 3975M] New upstream server: 8.8.4.4:53 (0/32)
[2022-03-24 07:32:48.744 3975M] New upstream server: 4.2.2.2:53 (2/32)
[2022-03-24 07:32:48.745 3975M] New upstream server: 8.8.8.8:53 (3/32)
[2022-03-24 07:32:48.786 3975M] Resizing "FTL-domains" from 12288 to (1024 * 24) == 24576 (/dev/shm: 729.1KB used, 67.1MB total, FTL uses 717.1KB)
[2022-03-24 07:32:48.847 3975M] Resizing "FTL-queries" from 229376 to (8192 * 56) == 458752 (/dev/shm: 741.4KB used, 67.1MB total, FTL uses 729.4KB)
[2022-03-24 07:32:48.884 3975M] New upstream server: 4.2.2.1:53 (4/32)
[2022-03-24 07:32:48.959 3975M] Resizing "FTL-queries" from 458752 to (12288 * 56) == 688128 (/dev/shm: 970.8KB used, 67.1MB total, FTL uses 958.8KB)
[2022-03-24 07:32:48.973 3975M] New upstream server: 208.67.220.220:53 (5/32)
[2022-03-24 07:32:49.023 3975M] Resizing "FTL-domains" from 24576 to (1536 * 24) == 36864 (/dev/shm: 1.2MB used, 67.1MB total, FTL uses 1.2MB)
[2022-03-24 07:32:49.092 3975M] Resizing "FTL-queries" from 688128 to (16384 * 56) == 917504 (/dev/shm: 1.2MB used, 67.1MB total, FTL uses 1.2MB)
[2022-03-24 07:32:48.847 3975M] Resizing "FTL-queries" from 229376 to (8192 * 56) == 458752 (/dev/shm: 741.4KB used, 67.1MB total, FTL uses 729.4KB)
[2022-03-24 07:32:48.884 3975M] New upstream server: 4.2.2.1:53 (4/32)
[2022-03-24 07:32:48.959 3975M] Resizing "FTL-queries" from 458752 to (12288 * 56) == 688128 (/dev/shm: 970.8KB used, 67.1MB total, FTL uses 958.8KB)
[2022-03-24 07:32:48.973 3975M] New upstream server: 208.67.220.220:53 (5/32)
[2022-03-24 07:32:49.023 3975M] Resizing "FTL-domains" from 24576 to (1536 * 24) == 36864 (/dev/shm: 1.2MB used, 67.1MB total, FTL uses 1.2MB)
[2022-03-24 07:32:49.092 3975M] Resizing "FTL-queries" from 688128 to (16384 * 56) == 917504 (/dev/shm: 1.2MB used, 67.1MB total, FTL uses 1.2MB)
[2022-03-24 07:32:49.232 3975M] Resizing "FTL-queries" from 917504 to (20480 * 56) == 1146880 (/dev/shm: 1.4MB used, 67.1MB total, FTL uses 1.4MB)
[2022-03-24 07:32:49.245 3975M] Resizing "FTL-domains" from 36864 to (2048 * 24) == 49152 (/dev/shm: 1.7MB used, 67.1MB total, FTL uses 1.7MB)
[2022-03-24 07:32:49.343 3975M] Resizing "FTL-strings" from 81920 to (122880 * 1) == 122880 (/dev/shm: 1.7MB used, 67.1MB total, FTL uses 1.7MB)
[2022-03-24 07:32:49.386 3975M] Resizing "FTL-queries" from 1146880 to (24576 * 56) == 1376256 (/dev/shm: 1.7MB used, 67.1MB total, FTL uses 1.7MB)
[2022-03-24 07:32:49.563 3975M] Resizing "FTL-queries" from 1376256 to (28672 * 56) == 1605632 (/dev/shm: 2.0MB used, 67.1MB total, FTL uses 1.9MB)
[2022-03-24 07:32:49.718 3975M] Resizing "FTL-queries" from 1605632 to (32768 * 56) == 1835008 (/dev/shm: 2.2MB used, 67.1MB total, FTL uses 2.2MB)
[2022-03-24 07:32:49.845 3975M] Resizing "FTL-queries" from 1835008 to (36864 * 56) == 2064384 (/dev/shm: 2.4MB used, 67.1MB total, FTL uses 2.4MB)
[2022-03-24 07:32:49.949 3975M] Resizing "FTL-queries" from 2064384 to (40960 * 56) == 2293760 (/dev/shm: 2.6MB used, 67.1MB total, FTL uses 2.6MB)
[2022-03-24 07:32:49.845 3975M] Resizing "FTL-queries" from 1835008 to (36864 * 56) == 2064384 (/dev/shm: 2.4MB used, 67.1MB total, FTL uses 2.4MB)
[2022-03-24 07:32:49.949 3975M] Resizing "FTL-queries" from 2064384 to (40960 * 56) == 2293760 (/dev/shm: 2.6MB used, 67.1MB total, FTL uses 2.6MB)
[2022-03-24 07:32:50.054 3975M] Resizing "FTL-queries" from 2293760 to (45056 * 56) == 2523136 (/dev/shm: 2.9MB used, 67.1MB total, FTL uses 2.9MB)
[2022-03-24 07:32:50.099 3975M] Resizing "FTL-domains" from 49152 to (2560 * 24) == 61440 (/dev/shm: 3.1MB used, 67.1MB total, FTL uses 3.1MB)
[2022-03-24 07:32:50.112 3975M] Imported 42997 queries from the long-term database
[2022-03-24 07:32:50.113 3975M]  -> Total DNS queries: 42997
[2022-03-24 07:32:50.113 3975M]  -> Cached DNS queries: 2169
[2022-03-24 07:32:50.113 3975M]  -> Forwarded DNS queries: 32603
[2022-03-24 07:32:50.113 3975M]  -> Blocked DNS queries: 7744
[2022-03-24 07:32:50.113 3975M]  -> Unknown DNS queries: 0
[2022-03-24 07:32:50.113 3975M]  -> Unique domains: 2057
[2022-03-24 07:32:50.113 3975M]  -> Unique clients: 6
[2022-03-24 07:32:50.113 3975M]  -> Known forward destinations: 6
[2022-03-24 07:32:50.113 3975M] Successfully accessed setupVars.conf
[2022-03-24 07:32:50.115 3975M] FATAL ERROR in dnsmasq core: failed to create listening socket for port 53: Permission denied
[2022-03-24 07:32:50.121 3975M] ########## FTL terminated after 1s 410ms  (code 1)! ##########

[braymullo]

Confirmed on both Raspi 4B (running bullseye light) and on OMV6 (on a Mac mini)

[kchenery]

I had the same problem. Found I could get DNS working if I removed:

network_mode: "host"

from my docker-compose file and instead used the port mappings:

    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp"
      - "80:80/tcp"
      - "443:443/tcp"

However; I also use the pihole or DHCP and that would fail. I had to disable that to get things started. The DHCP would fail with:

FATAL ERROR in dnsmasq core: failed to bind DHCP server socket: Permission denied

I already had:

    cap_add:
      - NET_ADMIN

set in the compose file. I tried a few others ALL and NET_BIND_SERVICE though nothing worked.

Ended up disabling the docker container for now and installed manually which worked.

[DFlexy]

Same problem here.

Linux Rasphouse 5.10.103-v8+ pi-hole/pi-hole#1530 SMP PREEMPT Tue Mar 8 13:06:35 GMT 2022 aarch64 GNU/Linux

Starting pihole-FTL (no-daemon) as pihole
Stopping pihole-FTL
pihole-FTL: no process found
Starting pihole-FTL (no-daemon) as pihole
Stopping pihole-FTL
pihole-FTL: no process found
Starting pihole-FTL (no-daemon) as pihole
Stopping pihole-FTL
pihole-FTL: no process found
Starting pihole-FTL (no-daemon) as pihole
Stopping pihole-FTL
pihole-FTL: no process found
Starting pihole-FTL (no-daemon) as pihole
Stopping pihole-FTL
pihole-FTL: no process found
Starting pihole-FTL (no-daemon) as pihole
Stopping pihole-FTL
pihole-FTL: no process found
Starting pihole-FTL (no-daemon) as pihole

[dsm1212]

If you set the pihole uid/gid to 0 it will come up. Docker must have changed some permissions management for network.

[DFlexy]

Variable done work now ;)

-e PIHOLE_UID=0 \

[dsm1212]

Reading a bit I'm not sure why we never needed cap NET_BIND_SERVICE before. I think that maybe what is needed but I'm busy and don't want to take my network down again. Will try later tonight.

[PromoFaux]

I'm not going to be able to troubleshoot this much, I'm currently on lunch at work and then away for the weekend... But can someone try setting the env var DNSMASQ_USER to root to see if that makes any difference?

[Niracus]

I'm not going to be able to troubleshoot this much, I'm currently on lunch at work and then away for the weekend... But can someone try setting the env var DNSMASQ_USER to root to see if that makes any difference?

This worked for me!

[d-rez]

I can also confirm this issue. Fortunately I'm running two instances in my network in a docker cluster and only updated one at a time. 20.10.12 still works absolutely fine, 20.10.14 throws the above errors in pihole-FTL logs (and not much at all in docker logs)

I've deleted and re-created docker containers, volumes and services (stack) completely and verified image hash is the same on both hosts. I use Host network as well, otherwise I wouldn't know which devices on my network are which (for stats).

Per Docker docs, NET_BIND_SERVICE is enabled by default so that shouldn't be relevant to the issue. It's more likely that some other change affected this, specifically the vague reference to the CVE and default inheritable capabilities.. Maybe the image simply needs to be rebuilt with a newer Docker version, as there are reference to the builder as well.

Setting DNSMASQ_USER to root fixed it for me as well for the time being. Thanks for the suggestion.

[JonasSchubert]

Variable done work now ;)

-e PIHOLE_UID=0 \

This helped. Pi Hole is running again. Thanks

[DFlexy]

Tests OK with

  -e DNSMASQ_USER=root \

work too same

  -e PIHOLE_UID=0 \