NemoClaw's onboarding process fails when using Podman on macOS due to OpenShell's use of the host-gateway special value, which is not supported by Podman on macOS.
Environment
- OS: macOS 26.2 (Sequoia)
- Architecture: Apple M3 Pro (ARM64)
- Podman version: 5.4.1
- OpenShell version: 0.0.6
- NemoClaw version: From main branch
Steps to Reproduce
- Install Podman on macOS (with Podman machine running)
- Run
./install.sh or nemoclaw onboard
- Onboarding fails at step [2/7] Starting OpenShell gateway
Error Output
Deploying local gateway nemoclaw...
Checking Docker
Downloading gateway
Initializing environment
Error: × failed to start gateway container
╰─▶ Docker responded with status code 500: failed to create new hosts file:
unable to replace "host-gateway" of host entry
"host.docker.internal:host-gateway": host containers internal IP address
is empty
Command failed (exit 1): openshell gateway start --name nemoclaw
Root Cause
OpenShell uses the Docker host-gateway special value when creating containers with --add-host=host.docker.internal:host-gateway. This feature is not supported by Podman on macOS because Podman doesn't set the host_containers_internal_ip configuration value.
Technical Details
- OpenShell calls Docker API to create containers with
host.docker.internal:host-gateway
- Podman's macOS implementation doesn't support
host-gateway keyword
- Even setting
host_containers_internal_ip = "10.88.0.1" in ~/.config/containers/containers.conf doesn't work on macOS
- The gateway IP is
10.88.0.1 in Podman networks, but Podman can't resolve host-gateway to this IP
Verification
# This works (explicit IP):
podman run --rm --add-host=host.docker.internal:10.88.0.1 alpine cat /etc/hosts
# This fails (host-gateway keyword):
podman run --rm --add-host=host.docker.internal:host-gateway alpine cat /etc/hosts
# Error: unable to replace "host-gateway" of host entry
Current Workarounds
Partial Fixes Applied
I've made the following improvements to improve Podman detection:
- Modified
bin/lib/onboard.js to detect both Docker and Podman
- Modified
bin/lib/runner.js to auto-detect Podman machine socket
- Modified
scripts/install.sh to detect Apple Silicon even when running under Rosetta
These fixes allow NemoClaw to properly detect and use Podman, but the host-gateway issue in OpenShell remains.
Proposed Solutions
Option 1: Document Podman Limitation (Quick)
Add a note in README that Podman on macOS is not supported, and users should use Docker Desktop or Colima.
Option 2: Patch OpenShell Dependency (Medium)
- Fork/patch OpenShell to not use
host-gateway on Podman
- Detect Podman and use explicit gateway IP (
10.88.0.1)
- Submit upstream PR to OpenShell
Option 3: Use Colima by Default (Recommended)
- Update installer to prefer Colima over Podman on macOS
- Colima provides full Docker API compatibility
- Already partially implemented in install script
Option 4: Add Podman Configuration Script (Complex)
- Create a platform-specific setup script for Podman
- Might require Podman upstream changes to support
host-gateway on macOS
Additional Context
Related Podman issues:
The install script attempted to install Colima but failed when running under Rosetta. A native ARM64 terminal would allow Colima installation as a fallback.
Impact
This blocks Podman-only users on macOS from using NemoClaw. Users must either:
- Switch to native ARM64 terminal and let installer use Colima
- Install Docker Desktop manually
- Wait for Podman or OpenShell fixes
Files Modified (for Podman detection improvements)
bin/lib/onboard.js - Added Podman fallback detectionbin/lib/runner.js - Added Podman socket auto-detectionscripts/install.sh - Added Apple Silicon detection under Rosetta~/.config/containers/containers.conf - Attempted host_containers_internal_ip configuration (didn't work)
Would appreciate guidance on which solution direction is preferred for this project.
EOF
)"
NemoClaw's onboarding process fails when using Podman on macOS due to OpenShell's use of the
host-gatewayspecial value, which is not supported by Podman on macOS.Environment
Steps to Reproduce
./install.shornemoclaw onboardError Output
Root Cause
OpenShell uses the Docker
host-gatewayspecial value when creating containers with--add-host=host.docker.internal:host-gateway. This feature is not supported by Podman on macOS because Podman doesn't set thehost_containers_internal_ipconfiguration value.Technical Details
host.docker.internal:host-gatewayhost-gatewaykeywordhost_containers_internal_ip = "10.88.0.1"in~/.config/containers/containers.confdoesn't work on macOS10.88.0.1in Podman networks, but Podman can't resolvehost-gatewayto this IPVerification
Current Workarounds
Partial Fixes Applied
I've made the following improvements to improve Podman detection:
bin/lib/onboard.jsto detect both Docker and Podmanbin/lib/runner.jsto auto-detect Podman machine socketscripts/install.shto detect Apple Silicon even when running under RosettaThese fixes allow NemoClaw to properly detect and use Podman, but the
host-gatewayissue in OpenShell remains.Proposed Solutions
Option 1: Document Podman Limitation (Quick)
Add a note in README that Podman on macOS is not supported, and users should use Docker Desktop or Colima.
Option 2: Patch OpenShell Dependency (Medium)
host-gatewayon Podman10.88.0.1)Option 3: Use Colima by Default (Recommended)
Option 4: Add Podman Configuration Script (Complex)
host-gatewayon macOSAdditional Context
Related Podman issues:
host-gateway: https://github.com/containers/podman/issues/The install script attempted to install Colima but failed when running under Rosetta. A native ARM64 terminal would allow Colima installation as a fallback.
Impact
This blocks Podman-only users on macOS from using NemoClaw. Users must either:
Files Modified (for Podman detection improvements)
bin/lib/onboard.js- Added Podman fallback detectionbin/lib/runner.js- Added Podman socket auto-detectionscripts/install.sh- Added Apple Silicon detection under Rosetta~/.config/containers/containers.conf- Attempted host_containers_internal_ip configuration (didn't work)Would appreciate guidance on which solution direction is preferred for this project.
EOF
)"