From 26db298d3e63b668b118382d526c03feaaa89a26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charlie=20Ni=C3=B1o?= <2346724+KnHack@users.noreply.github.com> Date: Sat, 28 Feb 2026 18:20:18 +0100 Subject: [PATCH] fix: sed escaping and UID mismatch in Podman Quadlet setup (#26414) * fix: sed escaping and UID mismatch in Podman Quadlet setup Fix two bugs in the Podman/Quadlet installation path: 1. setup-podman.sh line 227: Remove `/` from sed escape character class. The sed substitution uses `|` as delimiter, so `/` doesn't need escaping. Including it causes paths like `/home/openclaw` to become `\/home\/openclaw`, which Podman rejects as invalid volume names. 2. openclaw.container.in: Add `User=%U:%G` after `UserNS=keep-id`. The Dockerfile sets `USER node` (UID 1000), but the `openclaw` system user created by setup-podman.sh may get a different UID (e.g., 1001). Without `User=%U:%G`, the container process runs as UID 1000 and cannot read config files owned by the openclaw user. Closes #26400 Co-Authored-By: Claude Opus 4.6 * scripts: extract quadlet sed replacement escaping helper * podman: document quadlet user mapping rationale * scripts: correct sed replacement escaping for pipe delimiter --------- Co-authored-by: Claude Opus 4.6 Co-authored-by: Vincent Koc --- scripts/podman/openclaw.container.in | 2 ++ setup-podman.sh | 7 ++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/scripts/podman/openclaw.container.in b/scripts/podman/openclaw.container.in index 2c9af017c27..db643ca42bc 100644 --- a/scripts/podman/openclaw.container.in +++ b/scripts/podman/openclaw.container.in @@ -9,6 +9,8 @@ Description=OpenClaw gateway (rootless Podman) Image=openclaw:local ContainerName=openclaw UserNS=keep-id +# Keep container UID/GID aligned with the invoking user so mounted config is readable. +User=%U:%G Volume={{OPENCLAW_HOME}}/.openclaw:/home/node/.openclaw EnvironmentFile={{OPENCLAW_HOME}}/.openclaw/.env Environment=HOME=/home/node diff --git a/setup-podman.sh b/setup-podman.sh index 88c7187ba59..0079b3eeb3b 100755 --- a/setup-podman.sh +++ b/setup-podman.sh @@ -56,6 +56,11 @@ run_as_openclaw() { run_as_user "$OPENCLAW_USER" env HOME="$OPENCLAW_HOME" "$@" } +escape_sed_replacement_pipe_delim() { + # Escape replacement metacharacters for sed "s|...|...|g" replacement text. + printf '%s' "$1" | sed -e 's/[\\&|]/\\&/g' +} + # Quadlet: opt-in via --quadlet or OPENCLAW_PODMAN_QUADLET=1 INSTALL_QUADLET=false for arg in "$@"; do @@ -224,7 +229,7 @@ QUADLET_DIR="$OPENCLAW_HOME/.config/containers/systemd" if [[ "$INSTALL_QUADLET" == true && -f "$QUADLET_TEMPLATE" ]]; then echo "Installing systemd quadlet for $OPENCLAW_USER..." run_as_openclaw mkdir -p "$QUADLET_DIR" - OPENCLAW_HOME_SED="$(printf '%s' "$OPENCLAW_HOME" | sed -e 's/[\\/&|]/\\\\&/g')" + OPENCLAW_HOME_SED="$(escape_sed_replacement_pipe_delim "$OPENCLAW_HOME")" sed "s|{{OPENCLAW_HOME}}|$OPENCLAW_HOME_SED|g" "$QUADLET_TEMPLATE" | run_as_openclaw tee "$QUADLET_DIR/openclaw.container" >/dev/null run_as_openclaw chmod 700 "$OPENCLAW_HOME/.config" "$OPENCLAW_HOME/.config/containers" "$QUADLET_DIR" 2>/dev/null || true run_as_openclaw chmod 600 "$QUADLET_DIR/openclaw.container" 2>/dev/null || true