CanAutoUpdate should not decide by util.HaveAdminRights #2072

New issue

Closed

opened 2026-03-04 01:44:56 -05:00 by deekerman · 7 comments

deekerman commented 2026-03-04 01:44:56 -05:00

Owner

Copy link

Originally created by @ihipop on GitHub (Oct 28, 2020).

Originally assigned to: @EugeneOne1 on GitHub.

github.com/AdguardTeam/AdGuardHome@d1e55c31af/home/control_update.go (L101-L114)

if we run AdGuardHome by systemd like this

[Unit]
Description=Adguard Home
Requires=network.target
After=network.target

[Service]
Type=simple
####ExecStartPre=-/sbin/setcap cap_net_bind_service=+ep /config/ihipop/AdGuardHome/AdGuardHome
AmbientCapabilities=CAP_NET_BIND_SERVICE
ExecStart=/config/ihipop/AdGuardHome/AdGuardHome
Restart=always
RestartSec=2s
User=dnsmasq
PermissionsStartOnly=true
LimitNOFILE=infinity

[Install]
WantedBy=multi-user.target

The CAP_NET_BIND_SERVICE capability is grant by systemd and not exists in filesystem
AmbientCapabilities doc https://www.freedesktop.org/software/systemd/man/systemd.exec.html#AmbientCapabilities=
It's safe to upgrade then

Originally created by @ihipop on GitHub (Oct 28, 2020). Originally assigned to: @EugeneOne1 on GitHub. https://github.com/AdguardTeam/AdGuardHome/blob/d1e55c31af13a7fd88516d1e498747ee2aa69209/home/control_update.go#L101-L114 if we run AdGuardHome by systemd like this ``` [Unit] Description=Adguard Home Requires=network.target After=network.target [Service] Type=simple ####ExecStartPre=-/sbin/setcap cap_net_bind_service=+ep /config/ihipop/AdGuardHome/AdGuardHome AmbientCapabilities=CAP_NET_BIND_SERVICE ExecStart=/config/ihipop/AdGuardHome/AdGuardHome Restart=always RestartSec=2s User=dnsmasq PermissionsStartOnly=true LimitNOFILE=infinity [Install] WantedBy=multi-user.target ``` The `CAP_NET_BIND_SERVICE` capability is grant by systemd and not exists in filesystem `AmbientCapabilities` doc https://www.freedesktop.org/software/systemd/man/systemd.exec.html#AmbientCapabilities= It's safe to upgrade then

deekerman 2026-03-04 01:44:56 -05:00

• closed this issue
• added the
  enhancement
  P4: Low
  labels

deekerman commented 2026-03-04 01:45:04 -05:00

Author

Owner

Copy link

@ihipop commented on GitHub (Oct 28, 2020):

#1193 github.com/AdguardTeam/AdGuardHome@7ff743ab32
#1944

@ihipop commented on GitHub (Oct 28, 2020): #1193 https://github.com/AdguardTeam/AdGuardHome/commit/7ff743ab32292ec50b7bc4a2530b00b59e117018 #1944

deekerman commented 2026-03-04 01:45:05 -05:00

Author

Owner

Copy link

@ihipop commented on GitHub (Oct 28, 2020):

IMO,the simple way is to have a auto update policy option， let the administrator to decide whether it’s safe or not to auto upgrade
The administrator is responsible for the failure of auto update
To interactive with systemd is not a good idea because it’s tooo heavy behavior and bundle to much to platform code
Let‘s keep it simple 。

@ihipop commented on GitHub (Oct 28, 2020): IMO,the simple way is to have a `auto update policy` option， let the administrator to decide whether it’s safe or not to auto upgrade The administrator is responsible for the failure of auto update To interactive with systemd is not a good idea because it’s tooo heavy behavior and bundle to much to platform code Let‘s keep it simple 。

deekerman commented 2026-03-04 01:45:05 -05:00

Author

Owner

Copy link

@ihipop commented on GitHub (Oct 30, 2020):

Suggestions：

• deprecated no-check-update option
• add new update-policy option

New policy：

• auto:
  auto update if possible, with a new version and execute file is located and writable on file system ,ignore the Capabilities stuff
• manual: (default)
  same as auto but will not update self until administrator click it on admin panel
• disable:
  same as the old no-check-update, will not perform any update check so will no self-update

@ihipop commented on GitHub (Oct 30, 2020): Suggestions： - deprecated `no-check-update` option - add new `update-policy` option New policy： - `auto`: auto update if possible, with a new version and execute file is located and writable on file system ,**ignore the Capabilities stuff** - `manual`: (default) same as `auto` but will not update self until administrator click it on admin panel - `disable`: same as the old `no-check-update`, will not perform any update check so will no self-update

deekerman commented 2026-03-04 01:45:05 -05:00

Author

Owner

Copy link

@EugeneOne1 commented on GitHub (Nov 30, 2020):

This should be fixed as of snapshot 641db73. Could you please check if our solution fixes the issue for you?

@EugeneOne1 commented on GitHub (Nov 30, 2020): This should be fixed as of snapshot [`641db73`](https://github.com/AdguardTeam/AdGuardHome/commit/641db73a86a6d9d047f47c403bca70af320f23e9). Could you please check if our solution fixes the issue for you?

deekerman commented 2026-03-04 01:45:05 -05:00

Author

Owner

Copy link

@ihipop commented on GitHub (Nov 30, 2020):

This should be fixed as of snapshot 641db73. Could you please check if our solution fixes the issue for you?

I take a glance at the code ,Nice and clean fix than what I've suggested !!!
I will take a try and close my issue if it works fine

@ihipop commented on GitHub (Nov 30, 2020): > This should be fixed as of snapshot [`641db73`](https://github.com/AdguardTeam/AdGuardHome/commit/641db73a86a6d9d047f47c403bca70af320f23e9). Could you please check if our solution fixes the issue for you? I take a glance at the code ,Nice and clean fix than what I've suggested !!! I will take a try and close my issue if it works fine

deekerman commented 2026-03-04 01:45:05 -05:00

Author

Owner

Copy link

@ainar-g commented on GitHub (Dec 7, 2020):

@ihipop, hi, any news? Can we close the issue for now?

@ainar-g commented on GitHub (Dec 7, 2020): <p>@ihipop,&#xA0;hi, any news?&#x2003;Can we close the&#xA0;issue for&#xA0;now?</p>

deekerman commented 2026-03-04 01:45:05 -05:00

Author

Owner

Copy link

@ainar-g commented on GitHub (Dec 10, 2020):

I'll close this issue for now. Please feel free to reopen with more details if you think it should be reopened.

@ainar-g commented on GitHub (Dec 10, 2020): <p>I'll&#xA0;close this issue for now.&#x2003;Please feel free to reopen with more details if you think it should be&#xA0;reopened.</p>

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

AGDNS-3523-upd-dnsproxy-middlewares

ADG-11407-add-docker-release

AGDNS-3535-upd-urlfilter

AGDNS-3684-fix-tls-status

beta-v0.107

release-v0.107.72

ADG-10306

beta-v0.108

ADG-10291

upd-url-filter

release-v0.107.71

release-v0.107.70

ADG-10301

ADG-8560-react-update

ADG-8560-graph-fix

release-v0.107.69

release-v0.107.68

release-v0.107.67

release-v0.107.66

ADG-10295

release-v0.107.65

release-v0.107.64

release-v0.107.63

release-v0.107.62

release-v0.107.61

release-v0.107.60

release-v0.107.59

release-v0.107.58

ADG-9783

ADG-1-utils-bundle-update

ADG-9415

release-v0.107.57

ADG-9565

release-v0.107.56

release-v0.107.55

release-v0.107.54

release-v0.107.53

infra-fix

upd-locales

release-v0.107.52

release-v0.107.51

AGDNS-2184-adguard-home

AG-32410-upd-dnsproxy

release-v0.107.50

release-v0.107.49

release-v0.107.48

release-v0.107.47

release-v0.107.46

release-v0.107.45

release-v0.107.44

release-v0.107.43

release-v0.107.42

6263-custom-ups-cache

release-v0.107.41

6399-fix-ups-check

release-v0.107.40

release-v0.107.39

release-v0.107.38

release-v0.107.37

6099-check-port-install

release-v0.107.36

release-v0.107.35

6006-refactor-client-lookup

release-v0.107.34

AG-23822

release-v0.107.33

3389-querylog-export

release-v0.107.32

fix-templates

release-v0.107.31

release-v0.107.30

5799-allowed-clients

5347-wildcard-interference

release-v0.107.29

AG-21485

release-v0.107.28

release-v0.107.27

release-v0.107.26

release-v0.107.25

release-v0.107.24

4728-cap-check

release-v0.107.23

release-v0.107.22

2499-rewrites-3

release-v0.107.21

release-v0.107.20

release-v0.107.19

4927-refactor-tls

release-v0.107.18

release-v0.107.17

release-v0.107.16

release-v0.107.15

websvc-confin-manager

release-v0.107.14

2926-lla-ipv6

4926-scroll

release-v0.107.13

release-v0.107.12

release-v0.107.11

release-v0.107.10

release-v0.107.9

WIP-upd-urls

release-v0.107.8

release-v0.107.7

release-v0.107.6

release-v0.107.5

release-v0.107.4

release-v0.107.3

release-v0.107.2

release-v0.107.1

release-v0.107.0

fix-stats-layout

beta-v0.106

release-v0.106.3

release-v0.106.2

release-v0.106.1

fix-client2-generator

dsheets-ipset-subs

fix-context

2044-gc

1691-clear-leases-v2

v0.107.72

v0.108.0-b.82

v0.108.0-b.81

v0.107.71

v0.108.0-b.80

v0.107.70

v0.108.0-b.79

v0.107.69

v0.108.0-b.78

v0.107.68

v0.108.0-b.77

v0.107.67

v0.108.0-b.76

v0.107.66

v0.108.0-b.75

v0.107.65

v0.108.0-b.74

v0.108.0-b.73

v0.107.64

v0.108.0-b.72

v0.107.63

v0.108.0-b.71

v0.107.62

v0.108.0-b.70

v0.108.0-b.69

v0.107.61

v0.108.0-b.68

v0.108.0-b.67

v0.107.60

v0.108.0-b.66

v0.107.59

v0.108.0-b.65

v0.107.58

v0.108.0-b.64

v0.107.57

v0.108.0-b.63

v0.107.56

v0.108.0-b.62

v0.107.55

v0.108.0-b.61

v0.108.0-b.60

v0.107.54

v0.108.0-b.59

v0.107.53

v0.108.0-b.58

v0.107.52

v0.108.0-b.57

v0.107.51

v0.108.0-b.56

v0.107.50

v0.107.49

v0.108.0-b.55

v0.107.48

v0.107.47

v0.107.46

v0.108.0-b.54

v0.107.45

v0.108.0-b.53

v0.107.44

v0.108.0-b.52

v0.107.43

v0.108.0-b.51

v0.107.42

v0.108.0-b.50

v0.108.0-b.49

v0.107.41

v0.107.40

v0.108.0-b.48

v0.108.0-b.47

v0.107.39

v0.108.0-b.46

v0.107.38

v0.108.0-b.45

v0.107.37

v0.108.0-b.44

v0.108.0-b.43

v0.107.36

v0.107.35

v0.108.0-b.42

v0.108.0-b.41

v0.107.34

v0.108.0-b.40

v0.108.0-b.39

v0.107.33

v0.108.0-b.38

v0.108.0-b.37

v0.107.32

v0.108.0-b.36

v0.107.31

v0.108.0-b.35

v0.107.30

v0.108.0-b.34

v0.107.29

v0.108.0-b.33

v0.107.28

v0.108.0-b.32

v0.107.27

v0.108.0-b.31

v0.108.0-b.30

v0.107.26

v0.108.0-b.29

v0.108.0-b.28

v0.107.25

v0.108.0-b.27

v0.107.24

v0.108.0-b.26

v0.107.23

v0.108.0-b.25

v0.107.22

v0.108.0-b.24

v0.107.21

v0.108.0-b.23

v0.107.20

v0.108.0-b.22

v0.107.19

v0.108.0-b.21

v0.107.18

v0.108.0-b.20

v0.107.17

v0.108.0-b.19

v0.108.0-b.18

v0.107.16

v0.108.0-b.17

v0.107.15

v0.108.0-b.16

v0.107.14

v0.108.0-b.15

v0.107.13

v0.108.0-b.14

v0.107.12

v0.108.0-b.13

v0.107.11

v0.108.0-b.12

v0.107.10

v0.108.0-b.11

v0.107.9

v0.108.0-b.10

v0.107.8

v0.107.7

v0.108.0-b.9

v0.108.0-b.8

v0.108.0-b.7

v0.108.0-b.6

v0.107.6

v0.108.0-b.5

v0.108.0-b.4

v0.107.5

v0.107.4

v0.108.0-b.3

v0.107.3

v0.108.0-b.2

v0.108.0-b.1

v0.107.2

v0.107.1

v0.107.0

v0.107.0-b.17

v0.107.0-b.16

v0.107.0-b.15

v0.107.0-b.14

v0.107.0-b.13

v0.107.0-b.12

v0.107.0-b.11

v0.107.0-b.10

v0.107.0-b.9

v0.107.0-b.8

v0.107.0-b.7

v0.107.0-b.6

v0.107.0-b.5

v0.107.0-b.4

v0.107.0-b.3

v0.107.0-b.2

v0.107.0-b.1

v0.106.3

v0.106.3-b.1

v0.106.2

v0.106.2-b.1

v0.106.1

v0.106.1-b.1

v0.106.0

v0.106.0-b.5

v0.106.0-b.4

v0.106.0-b.3

v0.106.0-b.2

v0.106.0-b.1

v0.105.2

v0.105.2-beta.1

v0.105.1

v0.105.1-beta.1

v0.105.0

v0.105.0-beta.5

v0.105.0-beta.4

v0.105.0-beta.3

v0.105.0-beta.2

v0.105.0-beta.1

v0.104.3

v0.104.2

v0.104.1

v0.104.0

v0.104.0-beta3

v0.104.0-beta2

v0.104.0-beta1

v0.103.3

v0.103.2

v0.103.1

v0.103.0

v0.103.0-beta3

v0.103.0-beta2

v0.103.0-beta1

v0.102.0

v0.101.0

v0.100.9

v0.100.8

v0.100.7

v0.100.6

v0.100.5

v0.100.4

v0.100.3

v0.100.2

v0.100.1

v0.100.0

v0.99.3

v0.99.2

v0.99.1

v0.99.0

v0.98.1

v0.98.0

v0.97.1

v0.97.0

v0.96-hotfix

v0.96

v0.95-hotfix

v0.95

v0.94

v0.93

v0.92-hotfix2

v0.92-hotfix1

v0.92

v0.91

v0.9-hotfix1

v0.9

v0.1

Labels

Clear labels   

P1: Critical

  

P2: High

  

P3: Medium

  

P4: Low

  

UI

  

bug

  

cannot reproduce

  

compatibility

  

dependencies

  

docker

  

documentation

  

duplicate

  

enhancement

  

enhancement

  

external libs

  

feature request

  

good first issue

  

help wanted

  

infrastructure

  

invalid

  

localization

  

needs investigation

  

performance

  

potential-duplicate

  

question

  

recurrent

  

research

  

snap

  

waiting for data

  

wontfix

No labels

P1: Critical

P2: High

P3: Medium

P4: Low

UI

bug

cannot reproduce

compatibility

dependencies

docker

documentation

duplicate

enhancement

enhancement

external libs

feature request

good first issue

help wanted

infrastructure

invalid

localization

needs investigation

performance

potential-duplicate

question

recurrent

research

snap

waiting for data

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/AdGuardHome#2072

No description provided.