Summary
internal/driver/shared/PreparePortableMemory does not normalize permissions on pre-existing portable-memory directories and files.
Because Clawdapus bind-mounts host state into containers, the numeric host owner is preserved inside the container. That is expected. The bug is that Clawdapus leaves existing portable-memory content at owner-only or owner-group-only modes such as 0775 directories and 0644 files, which are not writable when the runtime UID differs from the host UID that originally created the files.
Current Code
PreparePortableMemory calls os.MkdirAll(memoryDir, 0o777), but MkdirAll does not change the mode of an already existing directory.- Seeded files
MEMORY.md and USER.md are created with 0o644.
- Imported legacy files keep their original source permissions.
- The helper returns without any normalization pass.
This helper is used across multiple drivers, including OpenClaw, Hermes, Nanobot, PicoClaw, MicroClaw, NanoClaw, and NullClaw.
Why This Is A Bug
Portable memory is supposed to survive driver changes and different container base images. That means the mount must remain writable even when the runtime user changes.
Today, if the host-side memory tree already exists and is owned by a different UID than the container runtime, the bind mount appears inside the container with that preserved numeric owner. With modes like 0775 and 0644, the agent can read memory but cannot create or update files such as session.md, MEMORY.md, or USER.md.
This presents as a permissions failure, but the root problem is Clawdapus not normalizing a UID-portable permission model for its own managed memory surface.
Reproduction
- Materialize a service so
.claw-memory/<service>/memory exists on the host.
- Ensure the existing directory and files are owned by one UID and use typical modes such as
0775 for dirs and 0644 for files.
- Run the service in a container as a different UID.
- Attempt to create or update a file under
/claw/memory from inside the container.
Observed
Writes fail with EACCES even though Clawdapus advertises the portable-memory mount as writable.
Expected
Clawdapus should normalize the permissions of the managed portable-memory tree on every materialization so the mount remains writable across host/container UID differences.
At minimum:
- normalize portable-memory directories to a runtime-writable mode such as
0777
- normalize regular files in the managed tree to a runtime-writable mode such as
0666
- skip symlinks when normalizing
- add regression coverage for pre-existing dirs/files, not just first-create behavior
Scope
This is not a user-specific shell account naming problem. The preserved numeric owner on a bind mount is expected; the missing normalization in Clawdapus is the bug.
Summary
internal/driver/shared/PreparePortableMemorydoes not normalize permissions on pre-existing portable-memory directories and files.Because Clawdapus bind-mounts host state into containers, the numeric host owner is preserved inside the container. That is expected. The bug is that Clawdapus leaves existing portable-memory content at owner-only or owner-group-only modes such as
0775directories and0644files, which are not writable when the runtime UID differs from the host UID that originally created the files.Current Code
PreparePortableMemorycallsos.MkdirAll(memoryDir, 0o777), butMkdirAlldoes not change the mode of an already existing directory.MEMORY.mdandUSER.mdare created with0o644.This helper is used across multiple drivers, including OpenClaw, Hermes, Nanobot, PicoClaw, MicroClaw, NanoClaw, and NullClaw.
Why This Is A Bug
Portable memory is supposed to survive driver changes and different container base images. That means the mount must remain writable even when the runtime user changes.
Today, if the host-side memory tree already exists and is owned by a different UID than the container runtime, the bind mount appears inside the container with that preserved numeric owner. With modes like
0775and0644, the agent can read memory but cannot create or update files such assession.md,MEMORY.md, orUSER.md.This presents as a permissions failure, but the root problem is Clawdapus not normalizing a UID-portable permission model for its own managed memory surface.
Reproduction
.claw-memory/<service>/memoryexists on the host.0775for dirs and0644for files./claw/memoryfrom inside the container.Observed
Writes fail with
EACCESeven though Clawdapus advertises the portable-memory mount as writable.Expected
Clawdapus should normalize the permissions of the managed portable-memory tree on every materialization so the mount remains writable across host/container UID differences.
At minimum:
07770666Scope
This is not a user-specific shell account naming problem. The preserved numeric owner on a bind mount is expected; the missing normalization in Clawdapus is the bug.