Description
Description
When re-onboarding with an existing Ollama installation that has a legacy 0.0.0.0:11434 systemd override (from older NemoClaw versions), the re-onboard wizard does not detect or repair it. The "Configuring Ollama systemd loopback override..." step only runs during fresh Ollama install, not during re-onboard. This leaves Ollama exposed to the local network (CVE-2024-37032, CNVD-2025-04094).
Environment
Device: DGX Spark p4242-0080 (10.176.229.7)
OS: DGX Spark FastOS 1.135.16 (developer build)
Architecture: aarch64
NemoClaw: v0.0.38
OpenShell CLI: openshell 0.0.36
Ollama: 0.23.2
Steps to Reproduce
1. Onboard with Ollama (creates loopback override)
2. Manually change override to 0.0.0.0:
echo '[Service]\nEnvironment="OLLAMA_HOST=0.0.0.0:11434"' > /etc/systemd/system/ollama.service.d/override.conf
systemctl daemon-reload && systemctl restart ollama
3. Verify Ollama listening on 0.0.0.0:11434
4. Run: nemoclaw onboard (re-onboard)
5. Check override file after re-onboard
Expected Result
Re-onboard detects 0.0.0.0 override and rewrites to 127.0.0.1:11434.
Output shows "Configuring Ollama systemd loopback override..."
Actual Result
Override still shows OLLAMA_HOST=0.0.0.0:11434 after re-onboard.
No "Configuring Ollama systemd loopback override..." message.
Ollama remains exposed on all interfaces.
Bug Details
| Field |
Value |
| Priority |
Unprioritized |
| Action |
Dev - Open - To fix |
| Disposition |
Open issue |
| Module |
Machine Learning - NemoClaw |
| Keyword |
NemoClaw, NEMOCLAW_GH_SYNC_APPROVAL, NemoClaw_Onboard, NemoClaw_Security |
[NVB#6164293]
Description
Description
Environment Steps to Reproduce Expected Result Actual ResultBug Details
[NVB#6164293]