[Bug] Inbound media files saved with 0600 permissions — unreadable from Docker sandbox

[khatsuse]

[Bug] Inbound media files saved with 0600 permissions — unreadable from Docker sandbox

Summary

When a Slack (or other channel) message with an image attachment is received, OpenClaw's gateway downloads the file to <workspace>/media/inbound/ with 0600 (-rw-------) permissions. Since the gateway process (host, uid 1000) and the Docker sandbox container run as different users, the agent inside the sandbox cannot read the file.

This effectively breaks image/media support for any agent using Docker sandbox (sandbox.mode: "all").

Environment

• OpenClaw version: 2026.2.15
• OS: Ubuntu 24.04 (Linux 6.8.0-100-generic, x64)
• Sandbox config:

  {
    "sandbox": {
      "mode": "all",
      "workspaceAccess": "rw",
      "scope": "agent",
      "docker": {
        "readOnlyRoot": false,
        "network": "bridge"
      }
    }
  }

• Channel: Slack (socket mode)

Steps to Reproduce

1. Configure a non-default agent with Docker sandbox enabled (sandbox.mode: "all")
2. Bind the agent to a Slack channel
3. Send an image attachment to the agent via Slack
4. Agent attempts to view/read the image

Expected Behavior

The agent inside the sandbox can read the downloaded media file and process the image (e.g., via the image tool or read tool).

Actual Behavior

The file is saved but the agent cannot access it:

# Host filesystem
$ ls -la ~/.openclaw/workspace-slack/media/inbound/
-rw------- 1 admin admin  8448 Feb 16 09:08 30050627-af2a-4110-bd8b-128e22cc868b.png

# Inside sandbox container
$ cat /workspace/media/inbound/30050627-af2a-4110-bd8b-128e22cc868b.png
cat: Permission denied

$ chmod +r /workspace/media/inbound/30050627-af2a-4110-bd8b-128e22cc868b.png
chmod: Operation not permitted

The image tool also fails:

[tools] image failed: Local media path is not under an allowed directory: /home/admin/.openclaw/workspace-slack/media/inbound/30050627-af2a-4110-bd8b-128e22cc868b.png

And the native image injection logs:

Native image: failed to load media/inbound/xxx.png: Local media path is not under an allowed directory: ...

Root Cause

The gateway's saveMediaBuffer() function (or underlying fs.writeFile) creates inbound media files with the process's default umask, resulting in 0600 permissions. The Docker sandbox container runs as a different uid and has no read access.

Suggested Fix

When saving inbound media files, set permissions to 0644 (or at minimum 0640 with a shared group), so that sandbox containers mounting the workspace can read them. For example:

await fs.writeFile(path, buffer, { mode: 0o644 });

Alternatively, the sandbox setup could ensure the container user shares a group with the host user.

Workaround

Set a default ACL on the inbound directory so new files inherit read permissions:

setfacl -d -m o::r <workspace>/media/inbound/

This makes newly created files automatically rw-r--r-- regardless of the process umask.

Related Issues

• [Bug]: Local media path is not under an allowed directory #15541 — Local media path is not under an allowed directory (fixed in fix(image): allow workspace and sandbox media paths #16697, v2026.2.15)
• Sandbox path validation fails for container-internal paths (/workspace/...) #9560 — Sandbox path validation fails for container-internal paths

[openclaw-barnacle]

This issue has been automatically marked as stale due to inactivity.
Please add updates or it will be closed.