From 7452c950802e9da78fa48cb9bb180a5f646a3efa Mon Sep 17 00:00:00 2001
From: Rob Gill <rrobgill@protonmail.com>
Date: Sat, 8 Nov 2025 15:35:10 +1000
Subject: [PATCH] systemd service - don't use deprecated PermissionsStartOnly

- elevate Prestart and Poststop script permissions using "+" prefix instead,
as per https://www.freedesktop.org/software/systemd/man/latest/systemd.service.html#Command%20lines

( PermissionsStartOnly was deprecated in systemd 241 and no longer appears in
documentation since 2018 https://github.com/systemd/systemd/pull/10802 )

Signed-off-by: Rob Gill <rrobgill@protonmail.com>
---
 advanced/Templates/pihole-FTL.systemd | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/advanced/Templates/pihole-FTL.systemd b/advanced/Templates/pihole-FTL.systemd
index fcbb8d8d..29470c5a 100644
--- a/advanced/Templates/pihole-FTL.systemd
+++ b/advanced/Templates/pihole-FTL.systemd
@@ -17,15 +17,15 @@ StartLimitIntervalSec=60s
 
 [Service]
 User=pihole
-PermissionsStartOnly=true
 AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_NICE CAP_IPC_LOCK CAP_CHOWN CAP_SYS_TIME
 
-ExecStartPre=/opt/pihole/pihole-FTL-prestart.sh
+# Run prestart with elevated permissions
+ExecStartPre=+/opt/pihole/pihole-FTL-prestart.sh
 ExecStart=/usr/bin/pihole-FTL -f
 Restart=on-failure
 RestartSec=5s
 ExecReload=/bin/kill -HUP $MAINPID
-ExecStopPost=/opt/pihole/pihole-FTL-poststop.sh
+ExecStopPost=+/opt/pihole/pihole-FTL-poststop.sh
 
 # Use graceful shutdown with a reasonable timeout
 TimeoutStopSec=60s