vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-12 07:20:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: sed escaping and UID mismatch in Podman Quadlet setup (#26414)

Browse Source 
* fix: sed escaping and UID mismatch in Podman Quadlet setup

Fix two bugs in the Podman/Quadlet installation path:

1. setup-podman.sh line 227: Remove `/` from sed escape character class.
   The sed substitution uses `|` as delimiter, so `/` doesn't need
   escaping. Including it causes paths like `/home/openclaw` to become
   `\/home\/openclaw`, which Podman rejects as invalid volume names.

2. openclaw.container.in: Add `User=%U:%G` after `UserNS=keep-id`.
   The Dockerfile sets `USER node` (UID 1000), but the `openclaw` system
   user created by setup-podman.sh may get a different UID (e.g., 1001).
   Without `User=%U:%G`, the container process runs as UID 1000 and
   cannot read config files owned by the openclaw user.

Closes #26400

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* scripts: extract quadlet sed replacement escaping helper

* podman: document quadlet user mapping rationale

* scripts: correct sed replacement escaping for pipe delimiter

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
This commit is contained in:
Charlie Niño
2026-02-28 18:20:18 +01:00
committed by GitHub
parent 8ae1987f2a
commit 26db298d3e
2 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/podman/openclaw.container.in
View File

@@ -9,6 +9,8 @@ Description=OpenClaw gateway (rootless Podman)
Image=openclaw:local Image=openclaw:local
ContainerName=openclaw ContainerName=openclaw
UserNS=keep-id UserNS=keep-id
# Keep container UID/GID aligned with the invoking user so mounted config is readable.
User=%U:%G
Volume={{OPENCLAW_HOME}}/.openclaw:/home/node/.openclaw Volume={{OPENCLAW_HOME}}/.openclaw:/home/node/.openclaw
EnvironmentFile={{OPENCLAW_HOME}}/.openclaw/.env EnvironmentFile={{OPENCLAW_HOME}}/.openclaw/.env
Environment=HOME=/home/node Environment=HOME=/home/node

7
setup-podman.sh
View File

@@ -56,6 +56,11 @@ run_as_openclaw() {
run_as_user "$OPENCLAW_USER" env HOME="$OPENCLAW_HOME" "$@" run_as_user "$OPENCLAW_USER" env HOME="$OPENCLAW_HOME" "$@"
} }
escape_sed_replacement_pipe_delim() {
# Escape replacement metacharacters for sed "s|...|...|g" replacement text.
printf '%s' "$1" | sed -e 's/[\\&|]/\\&/g'
}
# Quadlet: opt-in via --quadlet or OPENCLAW_PODMAN_QUADLET=1 # Quadlet: opt-in via --quadlet or OPENCLAW_PODMAN_QUADLET=1
INSTALL_QUADLET=false INSTALL_QUADLET=false
for arg in "$@"; do for arg in "$@"; do
@@ -224,7 +229,7 @@ QUADLET_DIR="$OPENCLAW_HOME/.config/containers/systemd"
if [[ "$INSTALL_QUADLET" == true && -f "$QUADLET_TEMPLATE" ]]; then if [[ "$INSTALL_QUADLET" == true && -f "$QUADLET_TEMPLATE" ]]; then
echo "Installing systemd quadlet for $OPENCLAW_USER..." echo "Installing systemd quadlet for $OPENCLAW_USER..."
run_as_openclaw mkdir -p "$QUADLET_DIR" run_as_openclaw mkdir -p "$QUADLET_DIR"
OPENCLAW_HOME_SED="$(printf '%s' "$OPENCLAW_HOME" | sed -e 's/[\\/&|]/\\\\&/g')" OPENCLAW_HOME_SED="$(escape_sed_replacement_pipe_delim "$OPENCLAW_HOME")"
sed "s|{{OPENCLAW_HOME}}|$OPENCLAW_HOME_SED|g" "$QUADLET_TEMPLATE" | run_as_openclaw tee "$QUADLET_DIR/openclaw.container" >/dev/null sed "s|{{OPENCLAW_HOME}}|$OPENCLAW_HOME_SED|g" "$QUADLET_TEMPLATE" | run_as_openclaw tee "$QUADLET_DIR/openclaw.container" >/dev/null
run_as_openclaw chmod 700 "$OPENCLAW_HOME/.config" "$OPENCLAW_HOME/.config/containers" "$QUADLET_DIR" 2>/dev/null || true run_as_openclaw chmod 700 "$OPENCLAW_HOME/.config" "$OPENCLAW_HOME/.config/containers" "$QUADLET_DIR" 2>/dev/null || true
run_as_openclaw chmod 600 "$QUADLET_DIR/openclaw.container" 2>/dev/null || true run_as_openclaw chmod 600 "$QUADLET_DIR/openclaw.container" 2>/dev/null || true