#Connecting to the dagger engine from the Go SDK resulting in a CNI setup error

Hey! I'm running into a bit of an explosion when starting the dagger engine - attached are the logs.

Messages like this:

dnsmasq: cannot read /var/run/containers/cni/dnsname/dagger/dnsmasq.conf: Permission denied

buildkitd: plugin type="dnsname" failed (add): open /var/run/containers/cni/dnsname/dagger/pidfile: no such file or directory

level=warning msg="failed to release network namespace \"50bsnlusnole81j83oa9g8fk1\" left over from previous run: plugin type=\"loopback\" failed (delete): unknown FS magic on \"/var/lib/dagger/net/cni/50bsnlusnole81j83oa9g8fk1\": ef53"

This seems to all point to a buildkit fluke when setting up the CNI? I'm doing my own digging, but I want to share this in case anyone has seen this before / could give some pointers...

any and all help is greatly appreciated! Thank you.

Hey! Which OS are you running the engine on?

This is a common CNI error but I don't actually think its what is happening here.

https://docs.dagger.io/manuals/user/troubleshooting/#dagger-restarts-with-a-cni-setup-error

Worth enabling that module just in case though

This is Ubuntu 20.04.6, with the dagger engine being run from a docker container - dagger version v0.11.2

I have gone through and verified that the iptables_nat module is loaded -

A key note here is that the host machine running the dagger engine container may be in contention with apparmor profiles + libvirt, so please take this error with grains of salt as I sort through this stuff!

This appears to be an apparmor bit preventing some range of motion for dnsmasq - I will adjust this and report back my findings.

Ok, I have narrowed this down to the apparmor rules for dnsmasq. great!

Here are some apparmor rules for dnsmasq, in /etc/apparmor.d/usr.sbin.dnsmasq:

  # Dagger nonsense
  /run/containers/cni/dnsname/** rw,
  @{PROC}/@{pid}/fd/ rw,