fix(plugins): support root-owned bundled runtime deps

2026-05-06 19:40:42 +00:00 · 2026-04-22 05:01:54 +01:00
parent ba0250e4f3
commit a99490fba4
10 changed files with 857 additions and 25 deletions
--- a/docs/install/updating.md
+++ b/docs/install/updating.md
@@ -54,6 +54,25 @@ pnpm add -g openclaw@latest
 bun add -g openclaw@latest
 ```

+### Root-owned global npm installs
+
+Some Linux npm setups install global packages under root-owned directories such as
+`/usr/lib/node_modules/openclaw`. OpenClaw supports that layout: the installed
+package is treated as read-only at runtime, and bundled plugin runtime
+dependencies are staged into a writable runtime directory instead of mutating the
+package tree.
+
+For hardened systemd units, set a writable stage directory that is included in
+`ReadWritePaths`:
+
+```ini
+Environment=OPENCLAW_PLUGIN_STAGE_DIR=/var/lib/openclaw/plugin-runtime-deps
+ReadWritePaths=/var/lib/openclaw /home/openclaw/.openclaw /tmp
+```
+
+If `OPENCLAW_PLUGIN_STAGE_DIR` is not set, OpenClaw uses `$STATE_DIRECTORY` when
+systemd provides it, then falls back to `~/.openclaw/plugin-runtime-deps`.
+
 ## Auto-updater

 The auto-updater is off by default. Enable it in `~/.openclaw/openclaw.json`: