2022.08 S6 overlay bug

[b-m-f]

Details

s6-overlay-suexec: fatal: can only run as pid 1

Related Issues

How to reproduce the issue

Pihole runs rootless with podman.

HostUser=pihole
HostGroup=pihole

Environment="PIHOLE_UID=1000"
Environment="PIHOLE_GID=1000"
Environment="WEB_GID=1000"
Environment="WEB_UID=1000"

It has a supervisor running and this is the process hierarchy from systemctl in 2022.07.1:

             ├─pihole.service …
             │ ├─supervisor
             │ │ └─1726889 /usr/bin/conmon --api-version 1 -c a_random_hash -u some_random_hash>
             │ └─container
             │   ├─1726894 /dev/init -- /s6-init
             │   ├─1726978 s6-svscan -t0 /var/run/s6/services
             │   ├─1727020 s6-supervise s6-fdholderd
             │   ├─1727521 s6-supervise lighttpd-access-log
             │   ├─1727522 s6-supervise lighttpd
             │   ├─1727523 s6-supervise pihole-FTL
             │   ├─1727525 s6-supervise lighttpd-error-log
             │   ├─1727526 s6-supervise cron
             │   ├─1727527 bash ./run
             │   ├─1727528 bash ./run
             │   ├─1727530 bash ./run
             │   ├─1727545 /usr/sbin/cron -f
             │   ├─1727563 lighttpd -D -f /etc/lighttpd/lighttpd.conf
             │   ├─1727593 /bin/bash -c /usr/bin/pihole-FTL no-daemon >/dev/null 2>&1
             │   ├─1727595 /usr/bin/pihole-FTL no-daemon
             │   ├─1727609 /usr/bin/php-cgi
             │   ├─1727641 /usr/bin/php-cgi
             │   ├─1727642 /usr/bin/php-cgi
             │   ├─1727643 /usr/bin/php-cgi
             │   └─1727644 /usr/bin/php-cgi

Fix

Revert to 2022.07.1 for now, as it runs fine here.

[PromoFaux]

Can we get a complete dump of your logs please? I've not really got a lot to go on here.

Given the following compose file, on my PC (docker, not rootless)

version: "3"

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
      - "80:80/tcp"
    environment:
      TZ: 'America/Chicago'
      PIHOLE_UID: 1000
      PIHOLE_GID: 1000
      WEB_UID: 1000
      WEB_GID: 1000
      # WEBPASSWORD: 'set a secure password here or it will be random'
    # Volumes store your data between container upgrades
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
    restart: unless-stopped

I am running the container with no issue here:

adam@adam-pc:~/playground$ docker-compose up
Creating network "playground_default" with the default driver
Creating pihole ... done
Attaching to pihole
pihole    | s6-rc: info: service cron: starting
pihole    | s6-rc: info: service s6rc-oneshot-runner: starting
pihole    | s6-rc: info: service cron successfully started
pihole    | s6-rc: info: service s6rc-oneshot-runner successfully started
pihole    | s6-rc: info: service fix-attrs: starting
pihole    | s6-rc: info: service _startup: starting
pihole    | Starting crond
pihole    | fix-attrs: info: applying /etc/fix-attrs.d/01-resolver-resolv
pihole    | fix-attrs: warning: fix-attrs is deprecated, please fix volume permissions in your container manager instead
pihole    | s6-rc: info: service fix-attrs successfully started
pihole    | s6-rc: info: service legacy-cont-init: starting
pihole    | cont-init: info: running /etc/cont-init.d/05-changer-uid-gid.sh
pihole    | Changing ID for user: www-data (33 => 1000)
pihole    |  ::: Starting docker specific checks & setup for docker pihole/pihole
pihole    | 
pihole    |   [i] Installing configs from /etc/.pihole...
pihole    |   [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
  [✓] Installed /etc/dnsmasq.d/01-pihole.conf
  [✓] Installed /etc/dnsmasq.d/06-rfc6761.conf
pihole    | 
  [✓] Installing latest logrotate script
pihole    | Creating empty /etc/pihole/setupVars.conf file.
pihole    | Changing ID for group: www-data (33 => 1000)
pihole    | Changing ID for user: pihole (999 => 1000)
pihole    | cont-init: info: /etc/cont-init.d/05-changer-uid-gid.sh exited 0
pihole    | s6-rc: info: service legacy-cont-init successfully started
pihole    | Assigning random password: eLaZfZLr
pihole    |   [✓] New password set
pihole    | Added ENV to php:
pihole    |                     "TZ" => "America/Chicago",
pihole    |                     "PIHOLE_DOCKER_TAG" => "2022.08",
pihole    |                     "PHP_ERROR_LOG" => "/var/log/lighttpd/error-pihole.log",
pihole    |                     "CORS_HOSTS" => "",
pihole    |                     "VIRTUAL_HOST" => "0.0.0.0",
pihole    | Using IPv4 and IPv6
pihole    | ::: setup_blocklists now setting default blocklists up: 
pihole    | ::: TIP: Use a docker volume for /etc/pihole/adlists.list if you want to customize for first boot
pihole    | ::: Blocklists (/etc/pihole/adlists.list) now set to:
pihole    | https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
pihole    | Configuring default DNS servers: 8.8.8.8, 8.8.4.4
pihole    | Applying pihole-FTL.conf setting REPLY_ADDR4=0.0.0.0
pihole    | FTL binding to default interface: eth0
pihole    | ::: Enabling Query Logging
pihole    | ::: Testing lighttpd config: Syntax OK
pihole    | ::: All config checks passed, cleared for startup ...
pihole    | ::: Docker start setup complete
pihole    |   Pi-hole version is v5.11.4 (Latest: v5.11.4)
pihole    |   AdminLTE version is v5.13 (Latest: v5.13)
pihole    |   FTL version is v5.16.3 (Latest: v5.16.3)
pihole    |   Container tag is: 2022.08
pihole    | s6-rc: info: service _startup successfully started
pihole    | s6-rc: info: service pihole-FTL: starting
pihole    | s6-rc: info: service pihole-FTL successfully started
pihole    | s6-rc: info: service _gravityonboot: starting
pihole    | s6-rc: info: service lighttpd: starting
pihole    | s6-rc: info: service _gravityonboot successfully started
pihole    |   Checking if custom gravity.db is set in /etc/pihole/pihole-FTL.conf
pihole    | s6-rc: info: service lighttpd successfully started
pihole    | s6-rc: info: service legacy-services: starting
pihole    | Starting lighttpd
pihole    | s6-rc: info: service legacy-services successfully started
pihole    |   [i] Creating new gravity database
pihole    | Starting pihole-FTL (no-daemon) as pihole
pihole    |   [i] Migrating content of /etc/pihole/adlists.list into new database
pihole    |   [i] Neutrino emissions detected...
  [✓] Pulling blocklist source list into range
pihole    | 
  [✓] Preparing new gravity database
pihole    |   [i] Using libz compression
pihole    | 
pihole    |   [i] Target: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
  [✓] Status: Retrieval successful
pihole    |   [i] Analyzed 136495 domains
pihole    | 
  [✓] Creating new gravity databases
  [✓] Storing downloaded domains in new gravity database
  [✓] Building tree
  [✓] Swapping databases
pihole    |   [✓] The old database remains available.
pihole    |   [i] Number of gravity domains: 136495 (136495 unique domains)
pihole    |   [i] Number of exact blacklisted domains: 0
pihole    |   [i] Number of regex blacklist filters: 0
pihole    |   [i] Number of exact whitelisted domains: 0
pihole    |   [i] Number of regex whitelist filters: 0
  [✓] Cleaning up stray matter
pihole    | 
pihole    |   [✓] FTL is listening on port 53
pihole    |      [✓] UDP (IPv4)
pihole    |      [✓] TCP (IPv4)
pihole    |      [✓] UDP (IPv6)
pihole    |      [✓] TCP (IPv6)
pihole    | 
pihole    |   [i] Pi-hole blocking will be enabled
pihole    |   [i] Enabling blocking
  [✓] Pi-hole Enabled

[PromoFaux]

Also a little more detail about how you are starting your container. What your (equivalent of?) docker-compose script / run command looks like

[tehSmoogs]

Had same issue.

Fixed by removing "--init" from the docker run command.

[zmcandee]

I ran into the same s6-overlay-suexec: fatal: can only run as pid 1 error trying to run on fly.io. MicroVM docker alternatives like podman and fly.io typically have their own process management that doesn't allow running as pid 1 which is now a hard requirement for s6-overlay v3.

[PromoFaux]

Fixed by removing "--init" from the docker run command.

AH. I had seen something like this in HomeAssistant's changelogs, but I didn't want to say anything in case I was barking up the wrong tree

MicroVM docker alternatives like podman and fly.io typically have their own process management that doesn't allow running as pid 1 which is now a hard requirement for s6-overlay v3.

Thanks for this info. I've never used such systems,, so interesting to know. I wonder if there is a way around this that does not require downgrading S3 back to V2...

[b-m-f]

I am starting my containers using quadlet.

The main issue seems to be the PID requirement of S6. Mostly colliding with conmon in podman.

[mlankamp]

I'm running pihole om a Unify UDMpro, I start the container with the following command:

podman run --network pihole \
    --name pihole \
    -v "/mnt/data/pihole/etc-pihole/:/etc/pihole/" \
    -v "/mnt/data/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/" \
    --dns=127.0.0.1 \
    --dns=192.168.1.1 \
    --hostname pi.hole \
    -e TZ="Europe/Amsterdam" \
    -e VIRTUAL_HOST="pi.hole" \
    -e PROXY_LOCATION="pi.hole" \
    -e DNSMASQ_USER="root" \
    -e ServerIP="10.0.5.3" \
    -e IPv6="False" \
    -e DNS1="192.168.1.1" \
    -e DNS2="1.1.1.1" \
    -e REV_SERVER="true" \
    -e REV_SERVER_DOMAIN="home.local" \
    -e REV_SERVER_TARGET="192.168.1.1" \
    -e REV_SERVER_CIDR="192.168.1.0/24" \
    pihole/pihole:latest

the output is the following:

/package/admin/s6-overlay-3.1.1.2/libexec/stage0: 79: exec: /run/s6/basedir/bin/init: Permission denied

[b-m-f]

So, it seems that more people have problems since the update.

My fix was the following:

• Remove --init when using podman as this will collide with s6-overlay : https://docs.podman.io/en/latest/markdown/podman-run.1.html#init
• The user running the container needs the capability SETPCAP now.

Applying these changes makes 2022.8 run on my machine

[PromoFaux]

OK, all this talk of init reminded me of something.

Before I updated the version of s6-overlay in the container, there was this line that moved /init to /s6-init, and the entrypoint was set to /s6-init.

I've just tested reverting this change (here: 18360d1), and pushed a new image with the :exp tag

Can you folk that are running into issues with podman please try pihole/pihole:exp and report back? Thanks!

(From a very brief test on my UDM running podman, it at least starts the container)

[PromoFaux]

Related: just-containers/s6-overlay#158

[jsermer]

Seems to work using the :exp tag on my udmp as well

[Rikj000]

Sadly the :exp tag doesn't seem to solve the issue on dokku deployments.
See: #1176 (comment)

Environment

• OS: Dietpi v8.7.1 - Debian GNU/Linux 11 (bullseye) aarch64
• Host: Raspberry Pi 4 Model B Rev 1.4
• Kernel: 5.15.56-v8+
• Shell: fish 3.1.2
• Docker: 20.10.17, build 100c701
• Dokku: 0.28.1
• Ledokku: 0.7.0 PR#421

PiHole

• Docker Tag: 2022.07.1
  • Pi-hole: v5.11.4
  • FTL: v5.16.1
  • Web Interface: v5.13

Tag exp - Failing

Show/Hide `dokku git:from-image pihole pihole/pihole:exp` logs

Fails with: s6-overlay-suexec: fatal: can only run as pid 1

dokku git:from-image pihole pihole/pihole:exp
=============================================

-----> Generating build context
       Setting Dockerfile
-----> Updating git repository with specified build context
-----> Cleaning up...
-----> Building pihole from Dockerfile
Sending build context to Docker daemon  2.048kB
Step 1/8 : FROM pihole/pihole:exp
exp: Pulling from pihole/pihole
...
e8473bd76bc8: Pull complete
Digest: sha256:7bc5fe59f13c7e045b3c8abcc6a0bfde519c2de65e0ed95579c8f354b7ea9180
Status: Downloaded newer image for pihole/pihole:exp
 ---> 554a0a7f884c
Step 2/8 : LABEL com.dokku.docker-image-labeler/alternate-tags=[\"pihole/pihole:exp\"]
 ---> Running in 9c7f1dd64d37
Removing intermediate container 9c7f1dd64d37
 ---> d8874341548b
Step 3/8 : LABEL com.dokku.app-name=pihole
 ---> Running in ff92605e5f98
Removing intermediate container ff92605e5f98
 ---> 90ddcad3606a
Step 4/8 : LABEL com.dokku.builder-type=dockerfile
 ---> Running in afa4af7bf25c
Removing intermediate container afa4af7bf25c
 ---> 77b79cf2b7f8
Step 5/8 : LABEL com.dokku.image-stage=build
 ---> Running in 3f90c136615f
Removing intermediate container 3f90c136615f
 ---> 70690f399178
Step 6/8 : LABEL dokku=
 ---> Running in 8588e0bd35f1
Removing intermediate container 8588e0bd35f1
 ---> becc649010ca
Step 7/8 : LABEL org.label-schema.schema-version=1.0
 ---> Running in 94f677c8a573
Removing intermediate container 94f677c8a573
 ---> b26aba0e9758
Step 8/8 : LABEL org.label-schema.vendor=dokku
 ---> Running in e2187b6516f5
Removing intermediate container e2187b6516f5
 ---> c3d4d3dcd519
Successfully built c3d4d3dcd519
Successfully tagged dokku/pihole:latest
-----> Setting config vars
       DOKKU_DOCKERFILE_PORTS:  53/tcp 53/udp 67/udp 80/tcp
-----> Releasing pihole...
-----> Checking for predeploy task
       No predeploy task found, skipping
-----> Checking for release task
       No release task found, skipping
-----> Checking for first deploy postdeploy task
       No first deploy postdeploy task found, skipping
-----> No Procfile found in app image
=====> Processing deployment checks
       No CHECKS file found. Simple container checks will be performed.
       For more efficient zero downtime deployments, create a CHECKS file. See https://dokku.com/docs/deployment/zero-downtime-deploys/ for examples
-----> Deploying pihole via the docker-local scheduler...
-----> Deploying web (count=1)
       Attempting pre-flight checks (web.1)
       Waiting for 10 seconds (web.1)
efa4a88ddc2f56bad87a3c6c63c477b79fc1661d8f943f15fee0d9bf7694ce97
 !     App container failed to start (web.1)
=====> Start of pihole container output (web.1)
       s6-overlay-suexec: fatal: can only run as pid 1
       s6-overlay-suexec: fatal: can only run as pid 1
       s6-overlay-suexec: fatal: can only run as pid 1
       s6-overlay-suexec: fatal: can only run as pid 1
       s6-overlay-suexec: fatal: can only run as pid 1
       s6-overlay-suexec: fatal: can only run as pid 1
       s6-overlay-suexec: fatal: can only run as pid 1
=====> End of pihole container output (web.1)
parallel: This job failed:
/var/lib/dokku/plugins/available/scheduler-docker-local/bin/scheduler-deploy-process-container pihole dockerfile dokku/pihole:latest latest web 1 1

Tag latest - Failing

Show/Hide `dokku git:from-image pihole pihole/pihole:latest` logs

Fails with: s6-overlay-suexec: fatal: can only run as pid 1

dokku git:from-image pihole pihole/pihole:latest
================================================

-----> Generating build context
       Setting Dockerfile
-----> Updating git repository with specified build context
-----> Cleaning up...
-----> Building pihole from Dockerfile
Sending build context to Docker daemon  2.048kB
Step 1/8 : FROM pihole/pihole:latest
latest: Pulling from pihole/pihole
...
4b69808e513c: Pull complete
Digest: sha256:0077a645483b2152048bc3f42a0f88150806debaf7539f2ccd2bfd9d2f491835
Status: Downloaded newer image for pihole/pihole:latest
 ---> ac953a8efeb0
Step 2/8 : LABEL com.dokku.docker-image-labeler/alternate-tags=[\"pihole/pihole:latest\"]
 ---> Running in ae1c5fcf6e13
Removing intermediate container ae1c5fcf6e13
 ---> 224382ab6030
Step 3/8 : LABEL com.dokku.app-name=pihole
 ---> Running in 8aea695434a2
Removing intermediate container 8aea695434a2
 ---> 8143d594d537
Step 4/8 : LABEL com.dokku.builder-type=dockerfile
 ---> Running in 2a08dd5bcd68
Removing intermediate container 2a08dd5bcd68
 ---> 79ee7ef9dc51
Step 5/8 : LABEL com.dokku.image-stage=build
 ---> Running in 245b28db0d72
Removing intermediate container 245b28db0d72
 ---> 12048eff9548
Step 6/8 : LABEL dokku=
 ---> Running in ecba2579e597
Removing intermediate container ecba2579e597
 ---> 8bc9daa51e23
Step 7/8 : LABEL org.label-schema.schema-version=1.0
 ---> Running in 04395c732334
Removing intermediate container 04395c732334
 ---> ed0c0cc60548
Step 8/8 : LABEL org.label-schema.vendor=dokku
 ---> Running in 574d60a6fba1
Removing intermediate container 574d60a6fba1
 ---> 4a45b79e768c
Successfully built 4a45b79e768c
Successfully tagged dokku/pihole:latest
-----> Setting config vars
       DOKKU_DOCKERFILE_PORTS:  53/tcp 53/udp 67/udp 80/tcp
-----> Releasing pihole...
-----> Checking for predeploy task
       No predeploy task found, skipping
-----> Checking for release task
       No release task found, skipping
-----> Checking for first deploy postdeploy task
       No first deploy postdeploy task found, skipping
-----> No Procfile found in app image
=====> Processing deployment checks
       No CHECKS file found. Simple container checks will be performed.
       For more efficient zero downtime deployments, create a CHECKS file. See https://dokku.com/docs/deployment/zero-downtime-deploys/ for examples
-----> Deploying pihole via the docker-local scheduler...
-----> Deploying web (count=1)
       Attempting pre-flight checks (web.1)
       Waiting for 10 seconds (web.1)
0bcafa0c09fac5f7f640691cd4d5a5b32aecad7b734b911f61242c3530b3a97a
 !     App container failed to start (web.1)
=====> Start of pihole container output (web.1)
       s6-overlay-suexec: fatal: can only run as pid 1
       s6-overlay-suexec: fatal: can only run as pid 1
       s6-overlay-suexec: fatal: can only run as pid 1
       s6-overlay-suexec: fatal: can only run as pid 1
       s6-overlay-suexec: fatal: can only run as pid 1
       s6-overlay-suexec: fatal: can only run as pid 1
       s6-overlay-suexec: fatal: can only run as pid 1
=====> End of pihole container output (web.1)
parallel: This job failed:
/var/lib/dokku/plugins/available/scheduler-docker-local/bin/scheduler-deploy-process-container pihole dockerfile dokku/pihole:latest latest web 1 1

Tag v2022.07.1 - Success

Show/Hide `dokku git:from-image pihole pihole/pihole:2022.07.1` logs

Builds without issues

dokku git:from-image pihole pihole/pihole:2022.07.1
===================================================

-----> Generating build context
       Setting Dockerfile
-----> Updating git repository with specified build context
-----> Cleaning up...
-----> Building pihole from Dockerfile
Sending build context to Docker daemon  2.048kB
Step 1/8 : FROM pihole/pihole:2022.07.1
2022.07.1: Pulling from pihole/pihole
...
3734d50778a6: Pull complete
Digest: sha256:f7624f452b7a6320405b6ff00a9ed253d99fd33a22abced1954633ceb5bae24e
Status: Downloaded newer image for pihole/pihole:2022.07.1
 ---> 850e9721d3c2
Step 2/8 : LABEL com.dokku.docker-image-labeler/alternate-tags=[\"pihole/pihole:2022.07.1\"]
 ---> Running in 7b9052c9fe4f
Removing intermediate container 7b9052c9fe4f
 ---> 053e40291a35
Step 3/8 : LABEL com.dokku.app-name=pihole
 ---> Running in 62d504ef64c4
Removing intermediate container 62d504ef64c4
 ---> 8bb94de7cdb2
Step 4/8 : LABEL com.dokku.builder-type=dockerfile
 ---> Running in c379d48bd29d
Removing intermediate container c379d48bd29d
 ---> feedd13ad51c
Step 5/8 : LABEL com.dokku.image-stage=build
 ---> Running in 0d7d29735707
Removing intermediate container 0d7d29735707
 ---> a15ce03edcf9
Step 6/8 : LABEL dokku=
 ---> Running in 35329281c635
Removing intermediate container 35329281c635
 ---> e0d89bc8c02f
Step 7/8 : LABEL org.label-schema.schema-version=1.0
 ---> Running in 81cebfcce603
Removing intermediate container 81cebfcce603
 ---> 4ddb017e7679
Step 8/8 : LABEL org.label-schema.vendor=dokku
 ---> Running in 4425e5e2ca92
Removing intermediate container 4425e5e2ca92
 ---> 4f2189a274dc
Successfully built 4f2189a274dc
Successfully tagged dokku/pihole:latest
-----> Setting config vars
       DOKKU_DOCKERFILE_PORTS:  53/tcp 53/udp 67/udp 80/tcp
-----> Releasing pihole...
-----> Checking for predeploy task
       No predeploy task found, skipping
-----> Checking for release task
       No release task found, skipping
-----> Checking for first deploy postdeploy task
       No first deploy postdeploy task found, skipping
-----> No Procfile found in app image
=====> Processing deployment checks
       No CHECKS file found. Simple container checks will be performed.
       For more efficient zero downtime deployments, create a CHECKS file. See https://dokku.com/docs/deployment/zero-downtime-deploys/ for examples
-----> Deploying pihole via the docker-local scheduler...
-----> Deploying web (count=1)
       Attempting pre-flight checks (web.1)
       Waiting for 10 seconds (web.1)
       Default container check successful (web.1)
-----> Running post-deploy
-----> Creating new app virtual host file...
-----> Configuring pihole.my-domain.com...(using built-in template)
-----> Creating http nginx.conf
       Reloading nginx
-----> Renaming containers
       Renaming container pihole.web.1.upcoming-32687 (5b69fea5d7af) to pihole.web.1
-----> Checking for postdeploy task
       No postdeploy task found, skipping
=====> Application deployed:
       http://pihole.my-domain.com
       http://pihole.my-domain.com:53

Show/Hide `dokku run pihole` logs

Throws s6-svc: fatal: unable to control /var/run/s6/services/lighttpd-access-log: supervisor not listening when entering container CLI.
Which should be safe to ignore as mentioned by @PromoFaux here

dokku run pihole
================

dokku run pihole                                                       36.8s  Thu 25 Aug 2022 10:57:09 PM CEST
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 01-resolver-resolv: applying... 
[fix-attrs.d] 01-resolver-resolv: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 05-changer-uid-gid.sh: executing... 
[cont-init.d] 05-changer-uid-gid.sh: exited 0.
[cont-init.d] 20-start.sh: executing... 
 ::: Starting docker specific checks & setup for docker pihole/pihole

  [i] Installing configs from /etc/.pihole...
  [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
  [✓] Installed /etc/dnsmasq.d/01-pihole.conf
  [✓] Installed /etc/dnsmasq.d/06-rfc6761.conf
Existing DNS servers detected in setupVars.conf. Leaving them alone
Assigning random password: XXXXXXX
  [✓] New password set
DNSMasq binding to default interface: eth0
Added ENV to php:
			"TZ" => "",
			"PIHOLE_DOCKER_TAG" => "2022.07.1",
			"PHP_ERROR_LOG" => "/var/log/lighttpd/error-pihole.log",
			"ServerIP" => "0.0.0.0",
			"CORS_HOSTS" => "",
			"VIRTUAL_HOST" => "0.0.0.0",
Using IPv4 and IPv6
::: setup_blocklists now setting default blocklists up: 
::: TIP: Use a docker volume for /etc/pihole/adlists.list if you want to customize for first boot
::: Blocklists (/etc/pihole/adlists.list) now set to:
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
::: Testing lighttpd config: Syntax OK
::: All config checks passed, cleared for startup ...
::: Enabling Query Logging
  [i] Enabling logging...
  [✓] Restarting DNS server
  [✓] Logging has been enabled!
 ::: Docker start setup complete
  Checking if custom gravity.db is set in /etc/pihole/pihole-FTL.conf
  Pi-hole version is v5.11.4 (Latest: v5.11.4)
  AdminLTE version is v5.13 (Latest: v5.13)
  FTL version is v5.16.1 (Latest: v5.16.1)
  Container tag is: 2022.07.1
[cont-init.d] 20-start.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
Starting pihole-FTL (no-daemon) as pihole
Starting crond
Starting lighttpd
[services.d] done.
root@6636747900ab:/# cat /var/log/lighttpd/error-pihole.log
2022-08-25 20:57:14: server.c.1513) server started (lighttpd/1.4.59)
root@6636747900ab:/# exit
exit
[cmd] /bin/bash exited 0
Stopping lighttpd
Stopping cron
Stopping pihole-FTL
s6-svc: fatal: unable to control /var/run/s6/services/lighttpd-access-log: supervisor not listening
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
s6-svc: fatal: unable to control /var/run/s6/services/lighttpd-error-log: supervisor not listening
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

[Rikj000]

Sadly the :exp tag doesn't seem to solve the issue on dokku deployments.

Great news, it does fix the issue on dokku deployments too! 🎉

However it does require an additional command,
to disable the injection of the default --init process.
See: dokku/dokku#5300

# 1. Disable default --init injection
dokku scheduler-docker-local:set pihole init-process false
# 2. Deploy the exp tag
dokku git:from-image pihole pihole/pihole:exp

[PromoFaux]

This should be fixed in latest once it has built (tag 2022.08.2)

[mlankamp]

Good news, the :2022.08.2 tag works great on Unifi UDM!

[PromoFaux]

Closing this issue out as it the reported issues appear to be fixed in lastest / 2022.08.2

[b-m-f]

That was so quick. Thanks alot!

[darkrain42]

MicroVM docker alternatives like podman and fly.io typically have their own process management that doesn't allow running as pid 1 which is now a hard requirement for s6-overlay v3.

Thanks for this info. I've never used such systems,, so interesting to know. I wonder if there is a way around this that does not require downgrading S3 back to V2...

I fixed this in my fly.io-based docker-pihole deployment, so I'll mention the fix here for future readers. It's not suitable (as-is) for inclusion in docker-pihole, I think. (It's also only lightly-tested so far.)

Use the unshare utility to run s6 is in its own PID namespace where it's PID 1. The workaround also needs to avoid a signal handling bug in unshare that caused services spawned by s6 to ignore SIGTERM and SIGINT. Without the signal-handling bugfix, making changes in the GUI that need to restart pihole-FTL causes the GUI to just hang/stall, waiting for service pihole-FTL restart to complete, which it never will.

FROM pihole/pihole:latest

ENTRYPOINT [ \
    "unshare", "--pid", "--fork", "--kill-child=SIGTERM", "--mount-proc", \
    "perl", "-e", "$SIG{INT}=''; $SIG{TERM}=''; exec @ARGV;", "--", \
    "/s6-init" ]

https://gist.github.com/darkrain42/02fa589002afa645912d8f8d87bf55f8