From 0493fb78bfbee14616a29241a8d795daa0dfca8e Mon Sep 17 00:00:00 2001
From: rcourtman <courtmanr@gmail.com>
Date: Thu, 5 Mar 2026 09:34:30 +0000
Subject: [PATCH] fix(agent): detect rootless Docker/Podman sockets for other
 users (#1200)

When the agent runs as root, os.Getuid() returns 0 so it only probes
/run/user/0/docker.sock. Rootless Docker installs live at
/run/user/1000/docker.sock (or similar). Glob /run/user/*/docker.sock
and /run/user/*/podman/podman.sock to discover sockets for all users.
---
 internal/dockeragent/agent.go | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/internal/dockeragent/agent.go b/internal/dockeragent/agent.go
index acaf56ad0..416d27d36 100644
--- a/internal/dockeragent/agent.go
+++ b/internal/dockeragent/agent.go
@@ -441,6 +441,18 @@ func buildRuntimeCandidates(preference RuntimeKind) []runtimeCandidate {
 			label: "podman rootless socket",
 		})
 
+		// Discover rootless Podman sockets for other users (e.g. agent runs as root
+		// but Podman rootless is installed for uid 1000)
+		if matches, err := filepath.Glob("/run/user/*/podman/podman.sock"); err == nil {
+			for _, match := range matches {
+				sockURI := "unix://" + match
+				add(runtimeCandidate{
+					host:  sockURI,
+					label: fmt.Sprintf("podman rootless socket (%s)", match),
+				})
+			}
+		}
+
 		add(runtimeCandidate{
 			host:  "unix:///run/podman/podman.sock",
 			label: "podman system socket",
@@ -489,6 +501,17 @@ func buildRuntimeCandidates(preference RuntimeKind) []runtimeCandidate {
 			label: "podman rootless socket",
 		})
 
+		// Discover rootless Podman sockets for other users
+		if matches, err := filepath.Glob("/run/user/*/podman/podman.sock"); err == nil {
+			for _, match := range matches {
+				sockURI := "unix://" + match
+				add(runtimeCandidate{
+					host:  sockURI,
+					label: fmt.Sprintf("podman rootless socket (%s)", match),
+				})
+			}
+		}
+
 		add(runtimeCandidate{
 			host:  "unix:///run/podman/podman.sock",
 			label: "podman system socket",
@@ -509,6 +532,18 @@ func buildRuntimeCandidates(preference RuntimeKind) []runtimeCandidate {
 			label: "docker rootless socket",
 		})
 
+		// Discover rootless Docker sockets for other users (e.g. agent runs as root
+		// but Docker rootless is installed for uid 1000)
+		if matches, err := filepath.Glob("/run/user/*/docker.sock"); err == nil {
+			for _, match := range matches {
+				sockURI := "unix://" + match
+				add(runtimeCandidate{
+					host:  sockURI,
+					label: fmt.Sprintf("docker rootless socket (%s)", match),
+				})
+			}
+		}
+
 		// macOS Docker Desktop socket
 		if home := os.Getenv("HOME"); home != "" {
 			add(runtimeCandidate{