From f9da4843652e28678839f9c0f927ae33840281ff Mon Sep 17 00:00:00 2001 From: Ayu Date: Tue, 5 May 2026 13:07:26 +0530 Subject: [PATCH] security: harden gateway container privileges Adds cap_drop and no-new-privileges hardening for the bundled gateway Docker Compose services.\n\nThanks @VintageAyu. --- CHANGELOG.md | 1 + docker-compose.yml | 5 +++++ docs/install/docker.md | 2 +- 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8949fdb39df..02a0d49a919 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ Docs: https://docs.openclaw.ai ### Changes +- Docker/Gateway: harden the gateway container by dropping `NET_RAW` and `NET_ADMIN` capabilities and enabling `no-new-privileges` in the bundled `docker-compose.yml`. Thanks @VintageAyu. - Telegram: accept plugin-owned numeric forum-topic targets in the agent message tool and keep reply-dispatch provider chunks behind a real stable runtime alias during in-place package updates. Fixes #77137. Thanks @richardmqq. - Channels/WhatsApp: support explicit WhatsApp Channel/Newsletter `@newsletter` outbound message targets with channel session metadata instead of DM routing. Fixes #13417; carries forward the narrow outbound target idea from #13424. Thanks @vincentkoc and @agentz-manfred. - TTS/telephony: honor provider voice/model overrides in telephony synthesis providers so Google Meet agent speech logs match the backend that actually produced the audio. Thanks @vincentkoc. diff --git a/docker-compose.yml b/docker-compose.yml index 5b89f900465..8d391e0be43 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -49,6 +49,11 @@ services: # Let bundled local-model providers reach host-side LM Studio/Ollama via # http://host.docker.internal:. Docker Desktop usually provides this # alias; the host-gateway mapping makes it work on Linux Docker Engine too. + cap_drop: + - NET_RAW + - NET_ADMIN + security_opt: + - no-new-privileges:true extra_hosts: - "host.docker.internal:host-gateway" ports: diff --git a/docs/install/docker.md b/docs/install/docker.md index caa06727711..07f65e12589 100644 --- a/docs/install/docker.md +++ b/docs/install/docker.md @@ -332,7 +332,7 @@ See [ClawDock](/install/clawdock) for the full helper guide. `openclaw-cli` uses `network_mode: "service:openclaw-gateway"` so CLI commands can reach the gateway over `127.0.0.1`. Treat this as a shared trust boundary. The compose config drops `NET_RAW`/`NET_ADMIN` and enables - `no-new-privileges` on `openclaw-cli`. + `no-new-privileges` on both `openclaw-gateway` and `openclaw-cli`.