PiHole Broken after docker update to 20.10.14

[lmaddox]

Re-opening because it's not resolved. Ya'll should provide support to your other users too

pihole:                                           # adblock
    container_name:   pihole
    image:            'pihole/pihole:latest'
    environment:                                    # https://github.com/pi-hole/docker-pi-hole/issues/505
      TZ:             'America/Chicago'
      #WEBPASSWORD:   'not working... good'
      #DNS1:           '192.168.2.250:5443'          # it should match DNSCrypt's listen addr
      #DNS1:           '127.0.0.1:553'          # TODO wtf
      #DNS2:           'no'
      DNSMASQ_USER:   root # didn't work
      PIHOLE_UID:     0 # didn't work
      PIHOLE_GID:     0 # didn't work
      WEB_UID:        0 # didn't work
      WEB_GID:        0 # didn't work
    volumes:                                        # Volumes store your data between container upgrades
      - pihole-data:/etc/pihole
      - dnsmasq-data:/etc/dnsmasq.d
    network_mode:     "host"
    #cap_add:                                       # https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    #  - NET_ADMIN                                  # Required if you are using Pi-hole as your DHCP server, else not needed
    restart:          unless-stopped
volumes:
  pihole-data:
    driver: local
  dnsmasq-data:
    driver: local

Discussed in #1021

^{Originally posted by whizzzkid March 24, 2022}

Versions

• Pi-hole: v5.9 (pihole/pihole:latest)
• AdminLTE: v5.11 (pihole/pihole:latest)
• FTL: v5.14 (pihole/pihole:latest)

Platform

• OS and version: Debin Buster
• Platform: Docker:20.10.14

Expected behavior

Pihole service should start.

Actual behavior / bug

Startup script fails with:

Starting pihole-FTL (no-daemon) as pihole
pihole-FTL: No process found
Stopping pihole-FTL

Steps to reproduce

Run pihole using docker-compose using: https://github.com/whizzzkid/home-infrastructure/blob/main/docker-compose.yaml#L158

Debug Token

I couldn't capture the debug as the image crashed

Screenshots

If applicable, add screenshots to help explain your problem.

Additional context

At first I thought it was a bad pihole update, but turns out it's a breaking docker-ce update, downgrading to docker-ce=5:20.10.13~3-0~debian-buster fixed the issue.
The problem looks similar to:

• pihole-FTL: No process found pi-hole#1809
• https://discourse.pi-hole.net/t/pi-hole-wont-start-after-docker-update/44454

[PromoFaux]

A couple of things to note here:

• Debian buster went EOL at the end of last month - you should consider upgrading the OS to a newer version
• The Upgrade Notes section of the Readme has a solution for this issue (which is also noted in the discussion here

From your compose file paste above I can see you've apparently tried many things, including downgrading the docker engine - but the root of the issue is known, and not something that is fixable by us. Pi-hole works on all currently supported operating systems. To quote the workaround from the readme:

Due to moby/moby#40734, you may run into issues running 2022.04 and later on host systems with an older version of libseccomp2 (Such as Debian/Raspbian buster or Ubuntu 20.04, and maybe CentOS 7).

The first recommendation is to upgrade your host OS, which will include a more up to date (and fixed) version of libseccomp.

If you absolutely cannot do this, some users #1042 (comment) success in updating libseccomp2 via backports on debian, or similar via updates on Ubuntu. You can try this workaround at your own risk (Note, you may also find that you need the latest docker.io (more details here)

[rdwebdesign]

Complementing the answer from PromoFaux:

Platform: Docker:20.10.14

Your docker version is really outdated (from 2022-03-23).
The latest docker version for Buster is 26.1.4:

Client: Docker Engine - Community
 Version:           26.1.4
 API version:       1.45

Also, this is a Debian Buster issue.
Debian Bullseye and Bookworm aren't affected by this issue.
Other users (including myself) fixed this issue by installing the correct libseccomp2.

You have 2 options:

• install the updated libseccomp2, as recommended in the README links or
• upgrade to a newer OS.

Ya'll should provide support to your other users too

We did provide support for other users.
That Reddit post was answered and solved 2 years ago.

[lmaddox]

docker --version
Docker version 27.1.1, build 6312585

docker compose version
Docker Compose version v2.29.1

uname -v
#1 SMP PREEMPT_DYNAMIC Kali 6.8.11-1kali2 (2024-05-30)

dpkg -l|tail -n1|awk '{print $3}'
2.5.5-1

[rdwebdesign]

What is the output of dpkg -l libseccomp2 ?

[lmaddox]

What is the output of dpkg -l libseccomp2 ?

2.5.5-1

Temporary workaround is to dig || docker ps|awk '/pihole/{print $1}'|xargs docker rm --force then docker compose pull pihole && docker compose up -d pihole (docker compose seems to be losing track of the pihole container... maybe this is the root cause?) Feel free to re-close this, as there are a lot of moving parts.

Thanks for all you do, btw. I'm running some very constrained systems, and pihole (when it works) significantly reduces the load that my browser(s) are able to place on these systems.

[rdwebdesign]

2.5.5-1

This libseccomp2 version is already updated and doesn't cause the issue discussed in #1021 and in the Reddit post you linked.

That issue was caused by an "incompatibility" between the old libseccomp2 and a change in docker 20.10.14 code. That issue doesn't happen with your libseccomp2.

Apparently you have a different issue.

[github-actions]

This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.