From c022297edf2da90f683ea3a7b138e49b84dbe68d Mon Sep 17 00:00:00 2001
From: yubiuser <github@yubiuser.dev>
Date: Sun, 20 Apr 2025 17:51:07 +0200
Subject: [PATCH 1/4] Inform about missing NET_ADMIN even if  CAP_NET_ADMIN is
 the only requested capability

Signed-off-by: yubiuser <github@yubiuser.dev>
---
 src/bash_functions.sh | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/bash_functions.sh b/src/bash_functions.sh
index 6120c1be7..542e9bba3 100644
--- a/src/bash_functions.sh
+++ b/src/bash_functions.sh
@@ -234,6 +234,13 @@ fix_capabilities() {
     capsh --has-p=cap_sys_nice 2>/dev/null && CAP_STR+=',CAP_SYS_NICE'
     capsh --has-p=cap_sys_time 2>/dev/null && CAP_STR+=',CAP_SYS_TIME'
 
+    if [[ $DHCP_READY == false ]] && [[ $FTLCONF_dhcp_active == true ]]; then
+        # DHCP is requested but NET_ADMIN is not available.
+        echo "ERROR: DHCP requested but NET_ADMIN is not available. DHCP will not be started."
+        echo "      Please add cap_net_admin to the container's capabilities or disable DHCP."
+        setFTLConfigValue dhcp.active false
+    fi
+
     if [[ ${CAP_STR} ]]; then
         # We have the (some of) the above caps available to us - apply them to pihole-FTL
         echo "  [i] Applying the following caps to pihole-FTL:"
@@ -244,13 +251,6 @@ fix_capabilities() {
 
         setcap "${CAP_STR:1}"+ep "$(which pihole-FTL)" || ret=$?
 
-        if [[ $DHCP_READY == false ]] && [[ $FTLCONF_dhcp_active == true ]]; then
-            # DHCP is requested but NET_ADMIN is not available.
-            echo "ERROR: DHCP requested but NET_ADMIN is not available. DHCP will not be started."
-            echo "      Please add cap_net_admin to the container's capabilities or disable DHCP."
-            setFTLConfigValue dhcp.active false
-        fi
-
         if [[ $ret -ne 0 && "${DNSMASQ_USER:-pihole}" != "root" ]]; then
             echo "  [!] ERROR: Unable to set capabilities for pihole-FTL. Cannot run as non-root."
             echo "            If you are seeing this error, please set the environment variable 'DNSMASQ_USER' to the value 'root'"

From 46948eb5c17791dc2ce0c4f4ec17fecec8af60c2 Mon Sep 17 00:00:00 2001
From: yubiuser <github@yubiuser.dev>
Date: Sun, 20 Apr 2025 17:56:56 +0200
Subject: [PATCH 2/4] Don't exit if no caps are available

Signed-off-by: yubiuser <github@yubiuser.dev>
---
 src/bash_functions.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/bash_functions.sh b/src/bash_functions.sh
index 542e9bba3..52a0bf01b 100644
--- a/src/bash_functions.sh
+++ b/src/bash_functions.sh
@@ -257,9 +257,9 @@ fix_capabilities() {
             exit 1
         fi
     else
-        echo "  [!] ERROR: Unable to set capabilities for pihole-FTL."
+        echo "  [!] WARNING: No capabilities for pihole-FTL available."
+        echo "            Not all functions may work as expected."
         echo "            Please ensure that the container has the required capabilities."
-        exit 1
     fi
     echo ""
 }

From bff5de6a974a90645c423702049b9c0b051ecdf5 Mon Sep 17 00:00:00 2001
From: yubiuser <github@yubiuser.dev>
Date: Sun, 20 Apr 2025 17:59:16 +0200
Subject: [PATCH 3/4] Split check for return code and user

Signed-off-by: yubiuser <github@yubiuser.dev>
---
 src/bash_functions.sh | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/bash_functions.sh b/src/bash_functions.sh
index 52a0bf01b..d47ddd03e 100644
--- a/src/bash_functions.sh
+++ b/src/bash_functions.sh
@@ -251,9 +251,12 @@ fix_capabilities() {
 
         setcap "${CAP_STR:1}"+ep "$(which pihole-FTL)" || ret=$?
 
-        if [[ $ret -ne 0 && "${DNSMASQ_USER:-pihole}" != "root" ]]; then
-            echo "  [!] ERROR: Unable to set capabilities for pihole-FTL. Cannot run as non-root."
-            echo "            If you are seeing this error, please set the environment variable 'DNSMASQ_USER' to the value 'root'"
+        if [[ $ret -ne 0 ]]; then
+            echo "  [!] ERROR: Unable to set capabilities for pihole-FTL. "
+            if [[ "${DNSMASQ_USER:-pihole}" != "root" ]]; then
+                echo "            Cannot run as non-root."
+                echo "            If you are seeing this error, please set the environment variable 'DNSMASQ_USER' to the value 'root'"
+            fi
             exit 1
         fi
     else

From 6c3c0a142f522b29ea63903deb55a8f9de380237 Mon Sep 17 00:00:00 2001
From: yubiuser <github@yubiuser.dev>
Date: Mon, 21 Apr 2025 16:38:37 +0200
Subject: [PATCH 4/4] Apply reviewer's suggestions

Co-authored-by: Adam Warner <me@adamwarner.co.uk>
Signed-off-by: yubiuser <github@yubiuser.dev>
---
 src/bash_functions.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/bash_functions.sh b/src/bash_functions.sh
index d47ddd03e..351d268f8 100644
--- a/src/bash_functions.sh
+++ b/src/bash_functions.sh
@@ -261,7 +261,7 @@ fix_capabilities() {
         fi
     else
         echo "  [!] WARNING: No capabilities for pihole-FTL available."
-        echo "            Not all functions may work as expected."
+        echo "           Pi-hole functions may not work as expected."
         echo "            Please ensure that the container has the required capabilities."
     fi
     echo ""