[plan] Implement selective /usr/lib mounting for shared libraries #11972
Description
Objective
Design and implement a mechanism to mount essential shared libraries from /usr/lib into the agent container to support utilities that depend on system libraries.
Context
The agent container currently mounts specific binaries from /usr/bin, but many utilities depend on shared libraries in /usr/lib and /usr/lib/x86_64-linux-gnu. Without these libraries, some utilities may fail with "library not found" errors.
Approach
- Identify which mounted
/usr/binutilities require shared libraries (uselddcommand) - Create a helper function to determine library dependencies for a given binary
- Design a mounting strategy:
- Option A: Mount entire
/usr/lib(simple but large) - Option B: Mount only required library directories (more selective)
- Option C: Copy required libraries to a shared location
- Option A: Mount entire
- Implement the chosen strategy in the engine files (
copilot_engine_execution.go,claude_engine.go,codex_engine.go) - Add tests to verify library mounting works correctly
Files to Modify
- Modify:
pkg/workflow/copilot_engine_execution.go(add library mounts) - Modify:
pkg/workflow/claude_engine.go(add library mounts) - Modify:
pkg/workflow/codex_engine.go(add library mounts) - Create:
pkg/workflow/library_mounts.go(shared library mounting logic) - Create:
pkg/workflow/library_mounts_test.go(test library detection)
Acceptance Criteria
- Shared library dependencies are correctly identified for all mounted binaries
- Library mounting mechanism works across all engine types (copilot, claude, codex)
- Tests verify that mounted binaries can execute successfully
- Documentation explains the library mounting approach and tradeoffs
- Implementation minimizes security surface area (avoid mounting unnecessary libraries)
Related to epic: build/test environment for agentic workflow #11970
AI generated by Plan Command for #11970