setup-podman.sh: sed escaping breaks volume paths + missing User=%U:%G in Quadlet template #26400
Description
Description
Two bugs in the Podman/Quadlet installation path that break setup-podman.sh --quadlet on standard Linux systems.
Bug 1: sed escaping in setup-podman.sh line 227
The sed character class [\\/&|] includes / even though the sed delimiter is |. This causes forward slashes in $OPENCLAW_HOME (e.g., /home/openclaw) to be escaped as \/home\/openclaw, which Podman rejects as an invalid volume name.
Error:
Error: creating named volume "\/home\/openclaw/.openclaw": names must match [a-zA-Z0-9][a-zA-Z0-9_.-]*
Current (line 227):
OPENCLAW_HOME_SED="$(printf '%s' "$OPENCLAW_HOME" | sed -e 's/[\\/&|]/\\\\&/g')"Fix:
OPENCLAW_HOME_SED="$(printf '%s' "$OPENCLAW_HOME" | sed -e 's/[\\&|]/\\\\&/g')"Since the sed substitution uses | as the delimiter (sed "s|...|...|g"), forward slashes don't need escaping.
Impact: Affects all installations (every Linux path contains /).
Bug 2: Missing User=%U:%G in Quadlet template
The Dockerfile sets USER node (UID 1000). When setup-podman.sh creates the openclaw system user, it may get a different UID (e.g., 1001 if UID 1000 is already taken). With UserNS=keep-id, the container process still runs as UID 1000 and cannot read config files owned by UID 1001.
Error:
Missing config. Run openclaw setup or set gateway.mode=local
(Config file exists but is unreadable due to UID mismatch.)
Fix — add User=%U:%G to scripts/podman/openclaw.container.in:
[Container]
Image=openclaw:local
ContainerName=openclaw
UserNS=keep-id
User=%U:%G # Forces container process to run as the openclaw user's UID
...Impact: Affects systems where UID 1000 is already assigned to another user.
Environment
- OS: CachyOS (Arch-based)
- Podman: 5.7.1 (rootless)
- Installation method:
setup-podman.sh --quadlet
Suggested fix
Both fixes are minimal and backward-compatible. Happy to submit a PR if desired.