Unprivileged processes are subject to full permission checking based on the process's credentials, we have to explicitly allow pihole-FTL to bind to ports < 1024 (port 53 for DNS) and for various advanced network-related operations (to allow for handling DHCP requests)

Signed-off-by: DL6ER <dl6er@dl6er.de>

advanced/pihole-FTL.service

@@ -34,7 +34,7 @@ start() {
     chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port
     chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases /var/log/pihole.log
     chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
-    setcap CAP_NET_BIND_SERVICE=+eip "$(which pihole-FTL)"
+    setcap CAP_NET_BIND_SERVICE,CAP_NET_ADMIN+eip "$(which pihole-FTL)"
     echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.piholeFTL
     su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER"
     echo