fix(entrypoint): bind-mount passwd/group synthesis fallback for read-only /host/etc (ARC/DinD)

[Copilot]

On ARC/DinD runners the Docker daemon's root filesystem is often read-only or tmpfs-backed, so entrypoint.sh's runtime identity synthesis silently failed when appending to /host/etc/passwd and /host/etc/group. This caused capsh to fall back to numeric UID/GID — breaking threat-detection and requiring consumers to pre-seed the daemon's /etc/passwd as a workaround.

Changes

containers/agent/entrypoint.sh

• When appending to /host/etc/passwd (or /host/etc/group) fails (EROFS), falls back to:

  1. Copying the existing file to /tmp/awf-etc/
  2. Appending the synthesized entry to the writable copy
  3. mount --binding the copy over the read-only original

  CAP_SYS_ADMIN is still held at this point in the entrypoint (dropped by capsh just before user code runs), so the bind-mount succeeds. The mount is container-scoped and cleaned up on exit.

  # read-only fallback path (new)
  SYNTH_ETC_DIR="/tmp/awf-etc"
  mkdir -p "${SYNTH_ETC_DIR}"
  cp /host/etc/passwd "${SYNTH_ETC_DIR}/passwd"
  echo "${PASSWD_ENTRY}" >> "${SYNTH_ETC_DIR}/passwd"
  chmod 644 "${SYNTH_ETC_DIR}/passwd"
  mount --bind "${SYNTH_ETC_DIR}/passwd" /host/etc/passwd

docs/chroot-mode.md

• Updated the DinD Identity Synthesis section to describe the bind-mount fallback and the capability dependency.

[github-actions]

Documentation Preview

Documentation build failed for this PR. View logs.

Built from commit 7448cf8

[Copilot]

Pull request overview

This PR improves chroot-mode identity synthesis on ARC/DinD runners by adding a bind-mount fallback when /host/etc/passwd and /host/etc/group are read-only, preventing capsh from falling back to numeric UID/GID and breaking identity-dependent features.

Changes:

• Add a read-only fallback path in containers/agent/entrypoint.sh that writes synthesized passwd/group entries to /tmp/awf-etc/ and bind-mounts them over /host/etc/*.
• Update chroot-mode documentation to describe the new bind-mount fallback and its CAP_SYS_ADMIN dependency.

Show a summary per file

File	Description
containers/agent/entrypoint.sh	Adds bind-mount fallback for passwd/group synthesis when /host/etc is read-only in ARC/DinD.
docs/chroot-mode.md	Documents the new runtime bind-mount fallback behavior and capability requirement.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 2/2 changed files
• Comments generated: 2

[github-actions]

🔬 Smoke Test Results — Auth mode: PAT (COPILOT_GITHUB_TOKEN)

• ✅ GitHub MCP: Connected (github-list_pull_requests responded)
• ✅ GitHub.com connectivity: HTTP reachable
• ✅ File write/read: /tmp/gh-aw/agent/smoke-test-copilot-pat-27444141811.txt — "Smoke test passed for Copilot PAT at Fri Jun 12 21:31:57 UTC 2026"

PR: fix(entrypoint): bind-mount passwd/group synthesis fallback for read-only /host/etc (ARC/DinD)
Author: @Copilot | Assignees: @lpcox, @Copilot

Overall: ✅ PASS

Note

🔒 Integrity filter blocked 1 item

The following item was blocked because it doesn't meet the GitHub integrity level.

• #4828 list_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

🔑 PAT report filed by Smoke Copilot PAT

[github-actions]

Smoke Test Results: Copilot BYOK (Direct Mode)

• ✅ GitHub MCP connectivity (listed 2 merged PRs)
• ✅ GitHub.com reachability (HTTP 200)
• ✅ File operations functional
• ✅ Direct BYOK inference via api-proxy → api.githubcopilot.com

Mode: COPILOT_PROVIDER_API_KEY (direct BYOK)
Status: PASS

@Copilot @lpcox

🔑 BYOK report filed by Smoke Copilot BYOK

[github-actions]

Smoke Test

• chore: upgrade all agentic workflows ✅
• test: regression tests for Copilot SDK model-missing AI credits bug ✅
• Playwright GitHub title check ✅
• File write/readback ✅
• GitHub discussion lookup ✅
• npm ci && npm run build ❌ (node missing)
• Overall: FAIL

🔮 The oracle has spoken through Smoke Codex

[github-actions]

Smoke Test Results

Test	Status
GitHub MCP connectivity	✅
GitHub.com HTTP	❌ (template vars unresolved)
File write/read	❌ (template vars unresolved)

Overall: FAIL — workflow template variables (steps.smoke-data.outputs.*) were not substituted; pre-computed data unavailable.

PR: fix(entrypoint): bind-mount passwd/group synthesis fallback for read-only /host/etc (ARC/DinD)
Author: @Copilot | Assignees: @lpcox @Copilot

Note

🔒 Integrity filter blocked 1 item

The following item was blocked because it doesn't meet the GitHub integrity level.

• #4828 list_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

🏗️ Build Test Suite Results

Ecosystem	Project	Build/Install	Tests	Status
Bun	elysia	✅	1/1 passed	✅ PASS
Bun	hono	✅	1/1 passed	✅ PASS
C++	fmt	✅	N/A	✅ PASS
C++	json	✅	N/A	✅ PASS
Deno	oak	N/A	1/1 passed	✅ PASS
Deno	std	N/A	1/1 passed	✅ PASS
.NET	hello-world	✅	N/A	✅ PASS
.NET	json-parse	✅	N/A	✅ PASS
Go	color	✅	1/1 passed	✅ PASS
Go	env	✅	1/1 passed	✅ PASS
Go	uuid	✅	1/1 passed	✅ PASS
Java	gson	✅	1/1 passed	✅ PASS
Java	caffeine	✅	1/1 passed	✅ PASS
Node.js	clsx	✅	all passed	✅ PASS
Node.js	execa	✅	all passed	✅ PASS
Node.js	p-limit	✅	all passed	✅ PASS
Rust	fd	✅	1/1 passed	✅ PASS
Rust	zoxide	✅	1/1 passed	✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Generated by Build Test Suite for issue #4831 · ◷

[github-actions]

Smoke Test: GitHub Actions Services Connectivity

Check	Result
Redis PING	❌ Timeout/no response
PostgreSQL pg_isready	❌ No response on port 5432
PostgreSQL SELECT 1	❌ Timeout/no response

Overall: FAIL — host.docker.internal services are not reachable from this environment.

🔌 Service connectivity validated by Smoke Services

[github-actions]

@Copilot @lpcox

• GitHub MCP: ✅
• GitHub.com HTTP: ✅ (200)
• Agent file I/O: ✅ ("agent-write-check")
• Direct BYOK inference mode via api-proxy → Azure OpenAI (Foundry, o4-mini-aw): ✅

Overall: PASS

🔑 BYOK (AOAI api-key) report filed by Smoke Copilot BYOK AOAI (api-key)