Description
Description
Template 6034374 validates that the NemoClaw sandbox startup path works when CAP_DAC_OVERRIDE is dropped and RC files are static/read-only. On vm4 with NemoClaw v0.0.53, the image entrypoint reached nemoclaw-start but failed with a shell syntax error near fi.Environment
Device: NVIDIA A100-SXM4-40GB VM
OS: Ubuntu 24.04.4 LTS
Architecture: x86_64
Node.js: command not found on host
npm: command not found on host
Docker: Docker version 29.5.2, build 79eb04c
OpenShell CLI: openshell 0.0.44
NemoClaw: nemoclaw v0.0.53
OpenClaw: OpenClaw v2026.5.22 (from nemoclaw my-assistant status)Steps to Reproduce
- On Ubuntu 24.04 vm4, install/onboard NemoClaw v0.0.53.
- Resolve the current sandbox image, for example
openshell/sandbox-from:1779956348.
- Run the T6034374 CAP_DAC_OVERRIDE-dropped startup path using the normal image entrypoint.
- Observe the entrypoint/startup output and container status.Expected Result
The direct startup path should complete without shell syntax errors. Static RC files should remain read-only, token/proxy environment should be prepared, and startup should keep the container running.Actual Result
The startup script exited rc 2 with a shell syntax error:
Setting up NemoClaw...
[config] Config integrity check skipped for mutable default (/sandbox/.openclaw/.config-hash missing)
bash: -c: line 20: syntax error near unexpected token fi' bash: -c: line 20: fi'
RC files stayed read-only:
444 root:root /sandbox/.bashrc
444 root:root /sandbox/.profile
Bug Details
| Field |
Value |
| Priority |
Unprioritized |
| Action |
Dev - Open - To fix |
| Disposition |
Open issue |
| Module |
Machine Learning - NemoClaw |
| Keyword |
NemoClaw, NEMOCLAW_GH_SYNC_APPROVAL, NemoClaw_Sandbox, NemoClaw_Security |
[NVB#6239914]
Description
Description
Template 6034374 validates that the NemoClaw sandbox startup path works when CAP_DAC_OVERRIDE is dropped and RC files are static/read-only. On vm4 with NemoClaw v0.0.53, the image entrypoint reached
nemoclaw-startbut failed with a shell syntax error nearfi.EnvironmentDevice: NVIDIA A100-SXM4-40GB VM
OS: Ubuntu 24.04.4 LTS
Architecture: x86_64
Node.js: command not found on host
npm: command not found on host
Docker: Docker version 29.5.2, build 79eb04c
OpenShell CLI: openshell 0.0.44
NemoClaw: nemoclaw v0.0.53
OpenClaw: OpenClaw v2026.5.22 (from
nemoclaw my-assistant status)Steps to Reproduceopenshell/sandbox-from:1779956348.The direct startup path should complete without shell syntax errors. Static RC files should remain read-only, token/proxy environment should be prepared, and startup should keep the container running.Actual Result
The startup script exited rc 2 with a shell syntax error:
Setting up NemoClaw...
[config] Config integrity check skipped for mutable default (/sandbox/.openclaw/.config-hash missing)
bash: -c: line 20: syntax error near unexpected token
fi' bash: -c: line 20:fi'RC files stayed read-only:
444 root:root /sandbox/.bashrc
444 root:root /sandbox/.profile
Bug Details
[NVB#6239914]