vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 14:30:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(browser): drop redundant setuid sandbox flag

Browse Source 
Co-authored-by: Sebastian Krueger <150018+sebykrueger@users.noreply.github.com>
This commit is contained in:
Peter Steinberger
2026-04-25 10:04:29 +01:00
parent 41ed7fa535
commit 2483d1dc12
5 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/gateway/config-agents.md
View File

@@ -881,7 +881,7 @@ noVNC observer access uses VNC auth by default and OpenClaw emits a short-lived
- `--renderer-process-limit=2` can be changed with
`OPENCLAW_BROWSER_RENDERER_PROCESS_LIMIT=<N>`; set `0` to use Chromium's
default process limit.
- plus `--no-sandbox` and `--disable-setuid-sandbox` when `noSandbox` is enabled.
- plus `--no-sandbox` when `noSandbox` is enabled.
- Defaults are the container image baseline; use a custom browser image with a custom
entrypoint to change container defaults.

2
docs/gateway/sandboxing.md
View File

@@ -393,7 +393,7 @@ for containerized workloads. Current container defaults include:
- `--no-zygote`
- `--metrics-recording-only`
- `--renderer-process-limit=2`
- `--no-sandbox` and `--disable-setuid-sandbox` when `noSandbox` is enabled.
- `--no-sandbox` when `noSandbox` is enabled.
- The three graphics hardening flags (`--disable-3d-apis`,
`--disable-software-rasterizer`, `--disable-gpu`) are optional and are useful
when containers lack GPU support. Set `OPENCLAW_BROWSER_DISABLE_GRAPHICS_FLAGS=0`