Security Hardening: Migrate OpenClaw LXC to Unprivileged Container#2
Open
koss822 wants to merge 8 commits intoadadrag:mainfrom
Open
Security Hardening: Migrate OpenClaw LXC to Unprivileged Container#2koss822 wants to merge 8 commits intoadadrag:mainfrom
koss822 wants to merge 8 commits intoadadrag:mainfrom
Conversation
fix: run OpenClaw in unprivileged LXC container with dedicated non-root user Security improvements over the original setup-openclaw-lxc.sh: Container hardening: - Switch from privileged (--unprivileged 0) to unprivileged LXC (--unprivileged 1) with nesting=1 to support systemd/dbus inside the container without exposing root to the Proxmox host - Root inside a privileged LXC maps directly to host root, making any container escape a full host compromise Least-privilege execution: - Add dedicated 'openclaw' user; gateway, VNC and desktop session all run as this user instead of root - Restrict 'brewuser' sudo from NOPASSWD:ALL to the brew binary only - Restrict 'openclaw' sudo to apt-get, service and systemctl only Service fixes: - Add DISPLAY=:1 and HOME to openclaw-gateway.service so Chrome CDP can connect to the running VNC X server - Add Wants=vncserver.service to gateway unit so it starts after VNC - VNC systemd service now runs as User=openclaw instead of root - All config/data files written to /home/openclaw instead of /root Config fixes: - Set browser.noSandbox=true automatically (required in LXC because kernel user namespaces are not available even in unprivileged mode) - Remove broken 'openclaw browser extension install' call which no longer exists in OpenClaw 2026.4.x CLI
…ot user fix: run OpenClaw in unprivileged LXC container with dedicated non-root user Security improvements over the original setup-openclaw-lxc.sh: Container hardening: - Switch from privileged (--unprivileged 0) to unprivileged LXC (--unprivileged 1) with nesting=1 to support systemd/dbus inside the container without exposing root to the Proxmox host - Root inside a privileged LXC maps directly to host root, making any container escape a full host compromise Least-privilege execution: - Add dedicated 'openclaw' user; gateway, VNC and desktop session all run as this user instead of root - Restrict 'brewuser' sudo from NOPASSWD:ALL to the brew binary only - Restrict 'openclaw' sudo to apt-get, service and systemctl only Service fixes: - Add DISPLAY=:1 and HOME to openclaw-gateway.service so Chrome CDP can connect to the running VNC X server - Add Wants=vncserver.service to gateway unit so it starts after VNC - VNC systemd service now runs as User=openclaw instead of root - All config/data files written to /home/openclaw instead of /root Config fixes: - Set browser.noSandbox=true automatically (required in LXC because kernel user namespaces are not available even in unprivileged mode) - Remove broken 'openclaw browser extension install' call which no longer exists in OpenClaw 2026.4.x CLI
koss822
changed the title
PCManFM-Qt (used in LXQt) does not launch .desktop files directly when they have the executable bit set — instead it shows a "window manager" dialog asking what to do with the file. The correct approach for PCManFM-Qt is: - Remove the +x flag from all .desktop files - Mark each file as trusted via gio set metadata::trusted true Without the trusted flag, PCManFM-Qt prompts the user on every double-click instead of launching the application directly. All three shortcuts (terminal, onboarding wizard, dashboard) are now created without +x and marked trusted automatically during setup.
PCManFM-Qt (used in LXQt) does not launch .desktop files directly when they have the executable bit set — instead it shows a "window manager" dialog asking what to do with the file. The correct approach for PCManFM-Qt is: - Remove the +x flag from all .desktop files - Mark each file as trusted via gio set metadata::trusted true Without the trusted flag, PCManFM-Qt prompts the user on every double-click instead of launching the application directly. All three shortcuts (terminal, onboarding wizard, dashboard) are now created without +x and marked trusted automatically during setup.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
fix: run OpenClaw in unprivileged LXC container with dedicated non-root user
Security improvements over the original setup-openclaw-lxc.sh:
Container hardening:
(--unprivileged 1) with nesting=1 to support systemd/dbus inside
the container without exposing root to the Proxmox host
any container escape a full host compromise
Least-privilege execution:
all run as this user instead of root
Service fixes:
can connect to the running VNC X server
Config fixes:
kernel user namespaces are not available even in unprivileged mode)
longer exists in OpenClaw 2026.4.x CLI
Desktop shortcut fixes:
"window manager" dialog when desktop entries have the executable
bit set instead of launching them directly
true so PCManFM-Qt launches them on double-click without prompting