fix: finch linux rootless containerd detection

[robbrad]

This PR fixes Finch detection on Linux systems using rootless containerd by checking multiple standard socket locations instead of using a hardcoded path.

Which issue(s) does this change fix?

fixes #8649

Problem

SAM CLI fails with "No container runtime available" on Linux with rootless containerd despite Finch being installed and working. The issue is that SAM CLI only checks /var/run/finch.sock, but rootless containerd uses $XDG_RUNTIME_DIR/containerd/containerd.sock.

Solution

Updated LinuxHandler.get_finch_socket_path() to check multiple locations in priority order:

1. $XDG_RUNTIME_DIR/containerd/containerd.sock (rootless containerd)
2. $XDG_RUNTIME_DIR/finch.sock (Finch-specific)
3. ~/.finch/finch.sock (user home directory)
4. /var/run/finch.sock (system-wide fallback)
5. Returns None when no socket found (enables future CLI fallback)

Changes

• Updated samcli/local/docker/platform_config.py
• Added comprehensive unit tests
• Added debug logging for troubleshooting

Testing

• All unit tests pass
• Verified with custom test script
• Backward compatible - still checks system socket as fallback

Risk

LOW - Only affects Linux socket detection, no changes to macOS or Windows

Related Issues

Fixes issue where SAM CLI fails to detect Finch on Linux with rootless containerd.

Mandatory Checklist

PRs will only be reviewed after checklist is complete

• Review the generative AI contribution guidelines
• Add input/output type hints to new functions/methods
• Write design document if needed (Do I need to write a design document?)
• Write/update unit tests
• Write/update integration tests
• Write/update functional tests if needed
• make pr passes
• make update-reproducible-reqs if dependencies were changed
• Write documentation

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[reedham-aws]

One thing that needs to be modified in this PR is actually where we're collecting metrics:

aws-sam-cli/samcli/lib/telemetry/metric.py

Lines 543 to 572 in b9aa1ab

	def _get_container_engine_from_socket_path(self, socket_path: str) -> str:
	"""
	Detect container engine from socket path.
	This handles detection for any socket path, whether from stored telemetry or environment.
	Translation:
	Value Final Value
	# Case 1: Empty/None
	- "" -> docker-default
	# Case 2: Check Path-specific
	- unix://~/.colima/default/docker.sock -> colima
	- unix://~/.lima/default/sock/docker.sock -> lima
	- unix://~/.rd/docker.sock -> rancher-desktop
	- unix://~/.orbstack/run/docker.sock -> orbstack
	# Case 3: Check Socket value
	- unix://~/.finch/finch.sock -> finch
	- unix:///var/run/docker.sock -> docker
	- unix:///run/user/1000/podman/podman.sock -> podman
	# Case 4: Check TCP
	- tcp://localhost:2375 -> tcp-local
	- tcp://localhost:2376 -> tcp-local
	- tcp://host.docker.internal:* -> tcp-remote
	# Case 5: Other
	- other value -> unknown
	"""

You can see that we determine container engine based on the socket path. Anything that has finch.sock will be labeled as finch, but the containerd.sock will fall through to unknown. The part I don't quite understand is how we'd categorize containerd here; correct me if I'm wrong, but I don't think this is really a finch specific socket, so it doesn't really fit in that bucket. I left another comment on the PR to that effect.

On another note, I haven't fully reviewed the tests either, I can get to those later. There's also some formatting errors, but those could probably be cleaned up with make format or make lint.

[reedham-aws]

Is the containerd_sock exclusively for finch, though? Couldn't other container clients/engines be using this socket?

[Shubhranshu153]

we should add a basic e2e test with rootless setup to see if it actually works.
Unit test i feel is not sufficient to check system related configs.

[Shubhranshu153]

This will also check the networking works as we probably will need to pull some container.

[reedham-aws]

My one concern is that an added integration test for this situation will end up adding a lot of complexity to our testing structure, especially because this is a niche situation that requires a non-trivial amount of changes to the environment. I can discuss this further with the team.

[Shubhranshu153]

needs integ test to check builds work too in rootless mode?