fix: use correct docker.sock binding with vector (fixes #3127, #3512, #3593)

[unlair]

This fixes Docker Desktop on Linux failing to start the vector container. The container tries to bind to the Docker Desktop socket directly, which is unsupported. This fix resolves #3127, #3512, and #3593.

What kind of change does this PR introduce?

Bug fix.

What is the current behavior?

When using Docker Desktop on Linux, Vector fails to start when doing supabase start.

What is the new behavior?

When using Docker Desktop on Linux, Vector successfully starts when doing supabase start.

Additional context

Using Docker or Docker Desktop on Linux, the specified host binding path to the Docker socket should be /var/run/docker.sock, as that path has special handling under the hood (see docker/for-mac#6545 (comment)). Note that it does not directly use the socket sitting at /var/run/docker.sock on the host machine. My understanding is that what it ends up doing under the hood is essentially using what you get with /var/run/docker.sock.raw from outside Docker, as mentioned here: https://docs.docker.com/extensions/extensions-sdk/guides/use-docker-socket-from-backend/

[coveralls]

Pull Request Test Coverage Report for Build 22877935760

Details

• 0 of 4 (0.0%) changed or added relevant lines in 1 file are covered.
• 5 unchanged lines in 1 file lost coverage.
• Overall coverage decreased (-0.03%) to 61.697%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
internal/start/start.go	0	4	0.0%

Files with Coverage Reduction	New Missed Lines	%
internal/utils/git.go	5	57.14%

Totals
Change from base Build 22860224621:	-0.03%
Covered Lines:	7717
Relevant Lines:	12508

---

💛 - Coveralls

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: f6de3856-fb4d-4ebe-aeea-aab3fb8d4c84

📥 Commits

Reviewing files that changed from the base of the PR and between 546a524 and 170baf3.

📒 Files selected for processing (1)

• internal/start/start.go

🚧 Files skipped from review as they are similar to previous changes (1)

• internal/start/start.go

---

📝 Walkthrough

Summary by CodeRabbit

• Bug Fixes
  • Improved Docker Desktop socket handling: both supported Docker Desktop socket locations are now recognized, unnecessary warning messages removed, and the socket is mounted read-only to the Docker daemon host to improve reliability and security.

Walkthrough

Expanded unix Docker socket handling to treat both /.docker/run/docker.sock and /.docker/desktop/docker.sock as root-socket cases. For these paths the code now appends a read-only bind to the Docker daemon host (dindHost.Host) and skips the previous warning path, preserving prior behavior for other socket cases (Podman/OrbStack path remains a read-only bind with a security label).

Sequence Diagram(s)

(omitted)

Assessment against linked issues

Objective	Addressed	Explanation
Add docker socket mount path config option to allow non-default socket locations (e.g., /run/user/1000/docker.sock) [#3127]	❌	No config.toml or runtime option was added to allow customizing the socket mount path.

Out-of-scope changes

Code Change	Explanation
Treat Docker Desktop socket path as root-socket and bind-readonly (internal/start/start.go)	This change modifies built-in handling for specific socket paths but does not implement the requested configurable socket path option.

🚥 Pre-merge checks | ✅ 5 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	The PR addresses the core requirement from #3593 by modifying docker.sock binding logic to use /var/run/docker.sock instead of the direct Docker Desktop socket path, resolving mount-denied failures.
Out of Scope Changes check	✅ Passed	The changes are narrowly scoped to internal/start/start.go, modifying only the Docker socket binding logic to handle both /.docker/run/docker.sock and /.docker/desktop/docker.sock cases as required by #3593.
Merge Conflict Detection	✅ Passed	✅ No merge conflicts detected when merging into develop
Title check	✅ Passed	The title 'fix: use correct docker.sock binding with vector (fixes #3127, #3512, #3593)' directly and specifically describes the main change: correcting Docker socket binding for Vector containers on Docker Desktop.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[unlair]

@avallete @jgoux
I'd like to know how I can get these 3 PRs looked at, especially this one here. They solve some long-standing issues and are required for me to be able to use supabase-cli on Debian (I've been using my own fork in the meantime).