docker-pihole 2022.4.1 changes the way it handles capabilities even further, but is still not compatible with running on fly.io without tweaks (either running pihole-FTL as root, or different hacks to /bash_functions.sh).
The pihole-FTL service will be in a restart loop:
2022-04-02T19:05:59Z [info]Starting pihole-FTL (no-daemon) as pihole
2022-04-02T19:05:59Z [info]Stopping pihole-FTL
2022-04-02T19:05:59Z [info]pihole-FTL: no process found
(/var/log/pihole-FTL will also show an error along the lines of “failed to create listening socket for port 53 : Permission denied”)
I’ve amended my previous Dockerfile modifications to the following:
# Override detection with hardcoded list of caps to provide to the pihole-FTL
# binary -- dropping some not needed (CAP_NET_RAW and CAP_NET_ADMIN). Fly.io
# doesn't run in docker, so the "detect based on current caps" logic won't
# work. The "capsh --print" added is just for debugging.
#
# https://github.com/pi-hole/docker-pi-hole/blob/70bad9f08f2651d686ae0e4ff374208265ad5ad9/bash_functions.sh#L10-L18
# (note the 'setcap' invocation trims the first character off the string,
# hence the leading ',')
RUN set -ex \
&& sed -i -E -e 's/^(\s+)(if \[\[ \$\{CAP_STR\} \]\]; then)/\1capsh --print\n\1CAP_STR=",CAP_CHOWN,CAP_NET_BIND_SERVICE,CAP_SYS_NICE"\n\2/' \
/bash_functions.sh