[All Platforms][Docs] sandbox-hardening.md filesystem access table 4/5 rows wrong — /sandbox and .openclaw documented as read-only but writable in default shields-down state

[zNeill]

Description

Description

The sandbox-hardening.md filesystem access table (line 90-96) documents 5 paths
with their access levels, but 4 of the 5 rows do not match the actual default
sandbox state. The sandbox runs in "shields down" mode by default, and the doc
never mentions the shields concept or that the table may only apply to a
hardened (shields-up) configuration.

Additionally, /sandbox/.openclaw-data is documented as a read-write path but
the directory does not exist in the running sandbox.

Environment

Device:        MacBook Pro (Apple Silicon)
OS:            macOS 15 (Darwin 25.0.0, arm64)
Architecture:  arm64
Node.js:       v22.22.1
npm:           10.9.4
Docker:        29.2.1
OpenShell CLI: 0.0.39
NemoClaw:      v0.0.43
OpenClaw:      v2026.4.24

Steps to Reproduce

1. Read docs/deployment/sandbox-hardening.md filesystem access table (line 90-96)
2. Run: nemoclaw my-assistant status | grep -A20 filesystem_policy
3. Test write access for each documented path inside the sandbox:
   openshell sandbox exec -n my-assistant -- bash -lc 'touch /sandbox/test-write 2>&1; echo EXIT=$?'
   openshell sandbox exec -n my-assistant -- bash -lc 'touch /sandbox/.openclaw/test-write 2>&1; echo EXIT=$?'
   openshell sandbox exec -n my-assistant -- bash -lc 'ls /sandbox/.openclaw-data 2>&1'
   openshell sandbox exec -n my-assistant -- bash -lc 'touch /sandbox/.nemoclaw/test-write 2>&1; echo EXIT=$?'
   openshell sandbox exec -n my-assistant -- bash -lc 'touch /tmp/test-write 2>&1; echo EXIT=$?'
4. Run: nemoclaw my-assistant status | grep -i shield

Expected Result

Filesystem access table matches actual default sandbox behavior, or the doc
clearly states which sandbox mode (shields up vs shields down) the table applies to.

Actual Result

Path                    Doc says      Actual (default)   Evidence
/sandbox                read-only     WRITABLE           touch succeeds; owner=sandbox:sandbox 755; Landlock read_write list
/sandbox/.openclaw      read-only     WRITABLE           touch succeeds; owner=sandbox:sandbox 2770; Landlock read_write list
/sandbox/.openclaw-data read-write    DOES NOT EXIST     ls: No such file or directory
/sandbox/.nemoclaw      read-write    PERMISSION DENIED  touch: Permission denied; owner=root:root 1755
/tmp                    read-write    writable (OK)      matches doc

nemoclaw my-assistant status shows: Permissions: shields down
The doc never mentions shields down/up or that the table may only apply to hardened state.

Logs

$ openshell sandbox exec -n my-assistant -- bash -lc 'touch /sandbox/test-write; echo EXIT=$?'
EXIT=0

$ openshell sandbox exec -n my-assistant -- bash -lc 'touch /sandbox/.openclaw/test-write; echo EXIT=$?'
EXIT=0

$ openshell sandbox exec -n my-assistant -- bash -lc 'ls /sandbox/.openclaw-data'
ls: cannot access '/sandbox/.openclaw-data': No such file or directory

$ openshell sandbox exec -n my-assistant -- bash -lc 'touch /sandbox/.nemoclaw/test-write; echo EXIT=$?'
touch: cannot touch '/sandbox/.nemoclaw/test-write': Permission denied
EXIT=1

$ nemoclaw my-assistant status | grep shield
    Permissions: shields down (check `shields status` for details)

$ nemoclaw my-assistant status | grep -A15 filesystem_policy
  filesystem_policy:
    read_write:
    - /tmp
    - /dev/null
    - /sandbox/.openclaw
    - /sandbox/.nemoclaw
    - /sandbox

Bug Details

Field	Value
Priority	Unprioritized
Action	Dev - Open - To fix
Disposition	Open issue
Module	Machine Learning - NemoClaw
Keyword	NemoClaw, NemoClaw_Docs, NEMOCLAW_GH_SYNC_APPROVAL, NemoClaw_Security, NemoClaw-SWQA-VDR

---

[NVB#6186417]