Skip to content

OpenClaw: use canonical ~/.openclaw home#149

Merged
mostlydev merged 1 commit intomasterfrom
issue-121-openclaw-home
Apr 13, 2026
Merged

OpenClaw: use canonical ~/.openclaw home#149
mostlydev merged 1 commit intomasterfrom
issue-121-openclaw-home

Conversation

@mostlydev
Copy link
Copy Markdown
Owner

@mostlydev mostlydev commented Apr 13, 2026

Summary

  • move OpenClaw runtime state/config to the canonical ~/.openclaw layout inside the container
  • remove the OPENCLAW_HOME shim and keep config mounted at /root/.openclaw/config/openclaw.json
  • make the root-home contract explicit in the base image and tmpfs config

Testing

  • go test ./internal/driver/openclaw
  • go test ./cmd/claw -count=1
  • go test -tags spike ./cmd/claw -run TestSpikeMixedManagedTypesCoexist -count=1 -timeout 300s

Closes #121

@mostlydev mostlydev merged commit 8a28c02 into master Apr 13, 2026
@mostlydev mostlydev deleted the issue-121-openclaw-home branch April 13, 2026 02:57
mostlydev added a commit that referenced this pull request Apr 14, 2026
@mostlydev
fix(openclaw): tmpfs /root so non-root container USERs reach ~/.openclaw
bee2e3e 
PR #149 (v0.8.8) tmpfs'd only /root/.openclaw, leaving /root at the image
layer's baked-in mode 0700 root:root. Any openclaw image whose runtime USER
is not root — including the upstream ghcr.io/openclaw/openclaw image and the
documented "RUN apt install … && USER node" pattern used by every Tiverton
trader — could not traverse /root to reach the writable tmpfs, so the
gateway crash-looped on startup with "EACCES: permission denied, mkdir
'/root/.openclaw/config'".

Move the tmpfs one level up: mount /root itself at mode 1777. Docker still
creates /root/.openclaw on top of it as the bind-mount target for the
config directory, the canonical OPENCLAW_CONFIG_PATH/STATE_DIR contract is
unchanged, and any container USER (root or not) can now traverse in.

Add a unit regression that fails fast if a future change re-introduces the
/root/.openclaw tmpfs path, plus a live spike (TestSpikeOpenClawNonRootHomeReachable)
that builds a USER 1000 stub and asserts the entrypoint can stat each
component of /root/.openclaw/config before the gateway starts. Verified the
spike fails on the v0.8.8 layout and passes on the fix.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

OpenClaw driver: use ~/.openclaw instead of /app/state for container home

1 participant

@mostlydev