vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 16:01:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

security: harden gateway container privileges

Browse Source 
Adds cap_drop and no-new-privileges hardening for the bundled gateway Docker Compose services.\n\nThanks @VintageAyu.
This commit is contained in:
Ayu
2026-05-05 13:07:26 +05:30
committed by GitHub
parent 121ac44fa8
commit f9da484365
3 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/install/docker.md
View File

@@ -332,7 +332,7 @@ See [ClawDock](/install/clawdock) for the full helper guide.
`openclaw-cli` uses `network_mode: "service:openclaw-gateway"` so CLI
commands can reach the gateway over `127.0.0.1`. Treat this as a shared
trust boundary. The compose config drops `NET_RAW`/`NET_ADMIN` and enables
`no-new-privileges` on `openclaw-cli`.
`no-new-privileges` on both `openclaw-gateway` and `openclaw-cli`.
</Accordion>
<Accordion title="Permissions and EACCES">