#cgroup error on Rancher Desktop

Running what I think to be a pretty basic example: clone my repo, build a dockerfile (under alt filename than default), and add a label to the image just for show.

import sys

import anyio
import dagger

from dagger import Client, Container

async def main():
    my_repo = "https://github.com/OverkillGuy/mass-driver"
    async with dagger.Connection(dagger.Config(log_output=sys.stderr)) as client:
        context_dir = client.host().directory(".")
        dockerfile_name = "release.Dockerfile"  # Not just the standard Dockerfile

        md_code = client.git(url=my_repo).branch("main").tree()
        app_folder = "app"
        # Put the cloned repo in /app of current folder
        workspace = context_dir.with_directory(app_folder, md_code)

        container = (
            await client.container()
            # build in /app
            .build(context=workspace, dockerfile=f"{app_folder}/{dockerfile_name}")
            .with_label("author", "Me!")
        )
        return container


anyio.run(main)

Error I get is this, during build of the dockerfile (there's more but this is the core bit)

23: [0.23s] runc run failed: unable to start container process: error during container init: error mounting "cgroup" to rootfs at "/sys/fs/cgroup": mount cgroup:/sys/fs/cgroup/openrc (via /proc/self/fd/6), flags: 0xf, data: openrc: invalid argument
23: [builder 2/5] RUN pip install --no-cache-dir poetry==1.6.1 ERROR: process "/bin/sh -c pip install --no-cache-dir poetry==${POETRY_VERSION}" did not complete successfully: exit code: 1

Looking around seems to be a classic "you're doing docker-in-docker but your cgroups aren't configured for nesting, per https://github.com/containerd/containerd/issues/6659.
I'm surprised that docker in docker would be what Dagger engine goes for, something I've usually heard is an antipattern.

Am I missing something, or should I just allow nesting of cgroups?
Anything to say about my sample code, separately?

👋 what environment are you running this on? Mac / Linux? Are you using Docker, Lima, Rancher Desktop?

is it gentoo by any chance?

if that's the case, seems like adding rc_cgroup_mode="unified" to /etc/rc.conf should fix the issue

ref: https://github.com/moby/buildkit/issues/4108

Hey, using Rancher Desktop on ~Ubuntu (Pop_OS! 22.04). Can follow the cgroup advice (allow nested, or unified, etc) and report what happens.
I guess I'm curious about the intended workflow too: does Dagger really docker-in-docker in general case? or just an artefact of specific setup?

no, Dagger doesn't use Docker-in-docker. The Dagger engine uses buildkit (https://github.com/moby/buildkit/), the same plumbing the docker uses for docker build operations. What's happening here is that for local Dagger engine provisioning, we currently rely in Docker compatible runtimes (docker, lima, rancher, etc) which runs our engine in a docker container

that's why you're getting this messages of not being able to nest cgroups

seems like this has been a recent change in buildkit that's impacting multiple users: https://github.com/kubernetes-sigs/kind/issues/3277#issuecomment-1693876978

Right, starting to understand:
I mis-attributed the error to docker-in-docker related issue (search led to old SO thread), while you just linked to a more probable cause, stems from recent buildkit change affecting downstream users such as k8s (kind) and dagger.

Tried the solution given in thread for Rancher Desktop: rdctl shell sudo sed -E -i 's/#(rc_cgroup_mode).*/\1="unified"/' /etc/rc.conf, indeed succeeds, can now continue the build forward after step 23!

cgroup error on Rancher Desktop

Updated the thread to be more specific about the issue, was never docker-in-docker.
Technically solved for me, though I don't know what kind of PSA should be given to other users?

Here's the corresponding Dagger issue : https://github.com/dagger/dagger/issues/5593

Looks like something that needs to be addressed on colima

fair. should I mark this post as Closed/Resolved, or hang fire till dagger ticket has solution?