Add docker instructions to FTL gdb debugging page

Signed-off-by: DL6ER <dl6er@dl6er.de>

docs/ftldns/debugging.md

@@ -2,6 +2,33 @@
 
 Once you are used to it, you can skip most of the steps. Debugging *FTL*DNS is quite easy. `pihole-FTL` has been designed so that a debugger can be attached to an already running process. This will give you insights into how software (not limited to `pihole-FTL`) works.
 
+<!-- markdownlint-disable code-block-style -->
+!!! info "When running Pi-hole in a Docker container"
+    If you are running Pi-hole in a Docker container, you will to perform all the steps described here *inside* the Docker container. You can use, e.g., `docker exec -it <container_name> /bin/bash` to get a shell inside the container.
+
+    You will also need to (temporarily!) add the `SYS_PTRACE` capability. This is required to allow `gdb` to attach to the `pihole-FTL` process inside the container. You can do this by starting the container with the `--cap-add=SYS_PTRACE` option. Furthermore, you need to disable the Linux kernel's secure computing mode for the container. Add `--security-opt seccomp:unconfined` in order to allow `gdb` to disable address space randomization.
+
+    ```bash
+    docker run -d --name pihole [your other options] --cap-add=SYS_PTRACE --security-opt seccomp:unconfined pihole/pihole
+    ```
+
+    or, when using `docker-compose`:
+
+    ```yaml
+    services:
+      pihole:
+
+        # your other options ...
+
+        cap_add:
+          - # your other added capabilities ...
+          - SYS_PTRACE
+
+        security_opt:
+          - seccomp:unconfined
+    ```
+<!-- markdownlint-enable code-block-style -->
+
 ## Prerequirements (only required once)
 
 1. Install `screen` and `gdb` using `sudo apt-get install screen gdb`