From 84281abd4bd1c717bb37a2de12694fe203827eee Mon Sep 17 00:00:00 2001
From: Shadow <hi@shadowing.dev>
Date: Fri, 20 Feb 2026 12:45:34 -0600
Subject: [PATCH] Docker: drop root in test images

---
 CHANGELOG.md                             | 1 +
 scripts/docker/install-sh-e2e/Dockerfile | 3 +++
 scripts/e2e/Dockerfile                   | 4 ++++
 scripts/e2e/Dockerfile.qr-import         | 4 ++++
 4 files changed, 12 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index bc30d60df92..c13e30da541 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -39,6 +39,7 @@ Docs: https://docs.openclaw.ai
 - Gateway/Pairing/CLI: align read-scope compatibility in pairing/device-token checks and add local `openclaw devices` fallback recovery for loopback `pairing required` deadlocks, with explicit fallback notice to unblock approval bootstrap flows. (#21616) Thanks @shakkernerd.
 - Auth/Onboarding: align OAuth profile-id config mapping with stored credential IDs for OpenAI Codex and Chutes flows, preventing `provider:default` mismatches when OAuth returns email-scoped credentials. (#12692) thanks @mudrii.
 - Docker: pin base images to SHA256 digests in Docker builds to prevent mutable tag drift. (#7734) Thanks @coygeek.
+- Docker/Security: run E2E and install-sh test images as non-root by adding appuser directives. Thanks @thewilloftheshadow.
 - Provider/HTTP: treat HTTP 503 as failover-eligible for LLM provider errors. (#21086) Thanks @Protocol-zero-0.
 - Anthropic/Agents: preserve required pi-ai default OAuth beta headers when `context1m` injects `anthropic-beta`, preventing 401 auth failures for `sk-ant-oat-*` tokens. (#19789, fixes #19769) Thanks @minupla.
 - Slack: pass `recipient_team_id` / `recipient_user_id` through Slack native streaming calls so `chat.startStream`/`appendStream`/`stopStream` work reliably across DMs and Slack Connect setups, and disable block streaming when native streaming is active. (#20988) Thanks @Dithilli. Earlier recipient-ID groundwork was contributed in #20377 by @AsserAl1012.
diff --git a/scripts/docker/install-sh-e2e/Dockerfile b/scripts/docker/install-sh-e2e/Dockerfile
index 7b4908f7fac..ae7049bd310 100644
--- a/scripts/docker/install-sh-e2e/Dockerfile
+++ b/scripts/docker/install-sh-e2e/Dockerfile
@@ -11,4 +11,7 @@ RUN apt-get update \
 COPY run.sh /usr/local/bin/openclaw-install-e2e
 RUN chmod +x /usr/local/bin/openclaw-install-e2e
 
+RUN useradd --create-home --shell /bin/bash appuser
+USER appuser
+
 ENTRYPOINT ["/usr/local/bin/openclaw-install-e2e"]
diff --git a/scripts/e2e/Dockerfile b/scripts/e2e/Dockerfile
index 4451de617cd..488a5c029e2 100644
--- a/scripts/e2e/Dockerfile
+++ b/scripts/e2e/Dockerfile
@@ -22,4 +22,8 @@ RUN pnpm install --frozen-lockfile
 RUN pnpm build
 RUN pnpm ui:build
 
+RUN useradd --create-home --shell /bin/bash appuser \
+  && chown -R appuser:appuser /app
+USER appuser
+
 CMD ["bash"]
diff --git a/scripts/e2e/Dockerfile.qr-import b/scripts/e2e/Dockerfile.qr-import
index 60f601566ff..f97d57891fd 100644
--- a/scripts/e2e/Dockerfile.qr-import
+++ b/scripts/e2e/Dockerfile.qr-import
@@ -7,3 +7,7 @@ WORKDIR /app
 COPY . .
 
 RUN pnpm install --frozen-lockfile
+
+RUN useradd --create-home --shell /bin/bash appuser \
+  && chown -R appuser:appuser /app
+USER appuser