[Bug/Feature]: No container-optimized Chromium defaults — SwiftShader WebGL + unlimited renderer processes cause OOM in LXC/Docker

[starychenko]

Summary

When running OpenClaw in a containerized environment (LXC, Docker) without a GPU, Chrome/Chromium launches with SwiftShader WebGL enabled by default and no limit on renderer processes. Combined with OpenClaw's default concurrency (maxConcurrent: 4, subagents.maxConcurrent: 8), this can spawn 10–14 renderer processes and drive CPU usage to 100% and RAM into swap exhaustion.

Steps to Reproduce

1. Run OpenClaw in an LXC or Docker container (no GPU)
2. Use the browser tool across multiple agents/subagents (any task that opens a browser)
3. Run ps aux | grep chrome — observe ~14 renderer processes
4. Run top — observe 300–400% CPU and swap filling up

What Happens

• Chrome falls back to SwiftShader (--use-angle=swiftshader-webgl) — a pure-CPU WebGL implementation
• SwiftShader is 10–50x slower than GPU rendering and extremely CPU-intensive
• Without --renderer-process-limit, each agent/subagent spawns its own renderer process
• maxConcurrent: 4 + subagents.maxConcurrent: 8 = up to 12 concurrent browser contexts → ~14 renderer processes
• In a 4 GB container: load average reached 34 on 4 cores, SWAP 511/512 MB full

Suggested Fix

Add recommended container launchArgs to the documentation and/or set sensible defaults when noSandbox: true is detected (which implies a container environment):

{
  "browser": {
    "launchArgs": [
      "--disable-3d-apis",
      "--disable-software-rasterizer",
      "--disable-gpu",
      "--disable-dev-shm-usage",
      "--renderer-process-limit=2",
      "--no-zygote",
      "--disable-extensions"
    ]
  }
}

What each flag does:

Flag	Effect
--disable-3d-apis	Disables WebGL entirely — removes SwiftShader CPU load
--disable-software-rasterizer	Belt-and-suspenders: explicitly blocks SwiftShader
--disable-gpu	Disables GPU acceleration (none available in LXC anyway)
--disable-dev-shm-usage	Critical for LXC: /dev/shm is often limited to 64 MB
--renderer-process-limit=2	Caps renderer processes at 2 (reuse instead of spawn)
--no-zygote	Reduces process spawning overhead
--disable-extensions	Reduces memory footprint

Potential Approach

1. Documentation: Add a "Running in containers" section with these recommended flags
2. Auto-detection: If noSandbox: true is set, automatically apply container-safe defaults
3. Warning: Emit a startup warning if no launchArgs are set and the system appears to be a container (no /dev/dri, no GPU)

Environment

• OpenClaw 2026.2.21-2
• Proxmox LXC container, 4 cores, 6 GB RAM, no GPU
• Playwright Chromium (ms-playwright/chromium-1208)
• Default config (no launchArgs set)