fix: sed escaping and UID mismatch in Podman Quadlet setup by KnHack · Pull Request #26414 · openclaw/openclaw

KnHack · 2026-02-25T11:10:55Z

Summary

Fixes two bugs in the Podman/Quadlet installation path (setup-podman.sh --quadlet):

setup-podman.sh line 227: Remove / from sed escape character class. The sed substitution uses | as delimiter, so / doesn't need escaping. Including it turns /home/openclaw into \/home\/openclaw, which Podman rejects as an invalid volume name. This affects all installations.
scripts/podman/openclaw.container.in: Add User=%U:%G after UserNS=keep-id. Without this, when the openclaw user's UID differs from the Dockerfile's USER node (UID 1000), the container process can't read config files. This affects systems where UID 1000 is already taken.

Closes #26400

Test plan

Run setup-podman.sh --quadlet on a system where UID 1000 is already assigned
Verify volume paths in generated .container file don't contain escaped slashes
Verify container process can read openclaw.json after startup

🤖 Generated with Claude Code

Greptile Summary

Fixes two distinct bugs in the Podman Quadlet installation:

setup-podman.sh:227: Removed / from sed's escape character class [\/&|] → [\&|]. Since the sed command uses | as delimiter, forward slashes don't need escaping. Previously, paths like /home/openclaw became \/home\/openclaw in the generated .container file, causing Podman to reject them as invalid volume names.
openclaw.container.in:12: Added User=%U:%G directive after UserNS=keep-id. The Dockerfile sets USER node (UID 1000), but when the host openclaw user has a different UID, the container process inherits the wrong permissions and can't read mounted config files. The User=%U:%G systemd specifiers map to the invoking user's UID:GID, fixing permission mismatches on systems where UID 1000 is already taken.

Confidence Score: 5/5

Safe to merge - fixes critical installation bugs with minimal, well-scoped changes
Both fixes are minimal, surgical changes that address real bugs. The sed escaping fix removes an incorrect escape that breaks all Quadlet installations, and the User directive fix resolves a permission issue that affects systems where UID 1000 is taken. No new logic or risky changes introduced.
No files require special attention

_{Last reviewed commit: 56f05e4}

_{(2/5) Greptile learns from your feedback when you react with thumbs up/down!}

Fix two bugs in the Podman/Quadlet installation path: 1. setup-podman.sh line 227: Remove `/` from sed escape character class. The sed substitution uses `|` as delimiter, so `/` doesn't need escaping. Including it causes paths like `/home/openclaw` to become `\/home\/openclaw`, which Podman rejects as invalid volume names. 2. openclaw.container.in: Add `User=%U:%G` after `UserNS=keep-id`. The Dockerfile sets `USER node` (UID 1000), but the `openclaw` system user created by setup-podman.sh may get a different UID (e.g., 1001). Without `User=%U:%G`, the container process runs as UID 1000 and cannot read config files owned by the openclaw user. Closes #26400 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

@Lukavyi

* main: (31 commits) fix(browser): resolve correct targetId in navigate response after renderer swap (openclaw#25326) fix: sed escaping and UID mismatch in Podman Quadlet setup (openclaw#26414) fix(cron): pass heartbeat target=last for main-session cron jobs (openclaw#28508) (openclaw#28583) fix(cron): disable messaging tool when delivery.mode is none (openclaw#21808) (openclaw#21896) fix: clear delivery routing state when creating isolated cron sessions (openclaw#27778) fix(cron): avoid marking queued announce paths as delivered (openclaw#29716) fix(cron): enable completion direct send for text-only announce delivery (openclaw#29151) fix(cron): force main-target system events onto main session (openclaw#28898) fix(cron): condition requireExplicitMessageTarget on resolved delivery (openclaw#28017) feat(cron): add --account flag for multi-account delivery routing (openclaw#26284) fix: schedule nextWakeAtMs for isolated sessionTarget cron jobs (openclaw#19541) fix: sandbox browser docker no-sandbox rollout (openclaw#29879) (thanks @Lukavyi) GitHub: add regression bug issue template and routing (openclaw#29864) thanks @Takhoffman feat(feishu): add chat info/member tool (openclaw#14674) feat(feishu): add markdown tables, positional insert, color_text, and table ops (openclaw#29411) feat(feishu): add parent/root inbound context for quote support (openclaw#18529) fix: land android onboarding and voice reliability updates (openclaw#29796) fix(android-voice): rotate playback token per assistant reply fix(android-voice): retry talk config after transient failures fix(android-voice): cancel in-flight speech when speaker muted ...

…26414) * fix: sed escaping and UID mismatch in Podman Quadlet setup Fix two bugs in the Podman/Quadlet installation path: 1. setup-podman.sh line 227: Remove `/` from sed escape character class. The sed substitution uses `|` as delimiter, so `/` doesn't need escaping. Including it causes paths like `/home/openclaw` to become `\/home\/openclaw`, which Podman rejects as invalid volume names. 2. openclaw.container.in: Add `User=%U:%G` after `UserNS=keep-id`. The Dockerfile sets `USER node` (UID 1000), but the `openclaw` system user created by setup-podman.sh may get a different UID (e.g., 1001). Without `User=%U:%G`, the container process runs as UID 1000 and cannot read config files owned by the openclaw user. Closes openclaw#26400 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * scripts: extract quadlet sed replacement escaping helper * podman: document quadlet user mapping rationale * scripts: correct sed replacement escaping for pipe delimiter --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Vincent Koc <vincentkoc@ieee.org>

(cherry picked from commit 67a1584)

…26414) * fix: sed escaping and UID mismatch in Podman Quadlet setup Fix two bugs in the Podman/Quadlet installation path: 1. setup-podman.sh line 227: Remove `/` from sed escape character class. The sed substitution uses `|` as delimiter, so `/` doesn't need escaping. Including it causes paths like `/home/openclaw` to become `\/home\/openclaw`, which Podman rejects as invalid volume names. 2. openclaw.container.in: Add `User=%U:%G` after `UserNS=keep-id`. The Dockerfile sets `USER node` (UID 1000), but the `openclaw` system user created by setup-podman.sh may get a different UID (e.g., 1001). Without `User=%U:%G`, the container process runs as UID 1000 and cannot read config files owned by the openclaw user. Closes openclaw#26400 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * scripts: extract quadlet sed replacement escaping helper * podman: document quadlet user mapping rationale * scripts: correct sed replacement escaping for pipe delimiter --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Vincent Koc <vincentkoc@ieee.org> (cherry picked from commit 26db298) # Conflicts: # scripts/podman/openclaw.container.in # setup-podman.sh

…26414) * fix: sed escaping and UID mismatch in Podman Quadlet setup Fix two bugs in the Podman/Quadlet installation path: 1. setup-podman.sh line 227: Remove `/` from sed escape character class. The sed substitution uses `|` as delimiter, so `/` doesn't need escaping. Including it causes paths like `/home/openclaw` to become `\/home\/openclaw`, which Podman rejects as invalid volume names. 2. openclaw.container.in: Add `User=%U:%G` after `UserNS=keep-id`. The Dockerfile sets `USER node` (UID 1000), but the `openclaw` system user created by setup-podman.sh may get a different UID (e.g., 1001). Without `User=%U:%G`, the container process runs as UID 1000 and cannot read config files owned by the openclaw user. Closes openclaw#26400 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * scripts: extract quadlet sed replacement escaping helper * podman: document quadlet user mapping rationale * scripts: correct sed replacement escaping for pipe delimiter --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Vincent Koc <vincentkoc@ieee.org>

(cherry picked from commit 67a1584)

…26414) * fix: sed escaping and UID mismatch in Podman Quadlet setup Fix two bugs in the Podman/Quadlet installation path: 1. setup-podman.sh line 227: Remove `/` from sed escape character class. The sed substitution uses `|` as delimiter, so `/` doesn't need escaping. Including it causes paths like `/home/openclaw` to become `\/home\/openclaw`, which Podman rejects as invalid volume names. 2. openclaw.container.in: Add `User=%U:%G` after `UserNS=keep-id`. The Dockerfile sets `USER node` (UID 1000), but the `openclaw` system user created by setup-podman.sh may get a different UID (e.g., 1001). Without `User=%U:%G`, the container process runs as UID 1000 and cannot read config files owned by the openclaw user. Closes openclaw#26400 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * scripts: extract quadlet sed replacement escaping helper * podman: document quadlet user mapping rationale * scripts: correct sed replacement escaping for pipe delimiter --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Vincent Koc <vincentkoc@ieee.org> (cherry picked from commit 26db298) # Conflicts: # scripts/podman/openclaw.container.in # setup-podman.sh

…26414) * fix: sed escaping and UID mismatch in Podman Quadlet setup Fix two bugs in the Podman/Quadlet installation path: 1. setup-podman.sh line 227: Remove `/` from sed escape character class. The sed substitution uses `|` as delimiter, so `/` doesn't need escaping. Including it causes paths like `/home/openclaw` to become `\/home\/openclaw`, which Podman rejects as invalid volume names. 2. openclaw.container.in: Add `User=%U:%G` after `UserNS=keep-id`. The Dockerfile sets `USER node` (UID 1000), but the `openclaw` system user created by setup-podman.sh may get a different UID (e.g., 1001). Without `User=%U:%G`, the container process runs as UID 1000 and cannot read config files owned by the openclaw user. Closes openclaw#26400 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * scripts: extract quadlet sed replacement escaping helper * podman: document quadlet user mapping rationale * scripts: correct sed replacement escaping for pipe delimiter --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Vincent Koc <vincentkoc@ieee.org>

…26414) * fix: sed escaping and UID mismatch in Podman Quadlet setup Fix two bugs in the Podman/Quadlet installation path: 1. setup-podman.sh line 227: Remove `/` from sed escape character class. The sed substitution uses `|` as delimiter, so `/` doesn't need escaping. Including it causes paths like `/home/openclaw` to become `\/home\/openclaw`, which Podman rejects as invalid volume names. 2. openclaw.container.in: Add `User=%U:%G` after `UserNS=keep-id`. The Dockerfile sets `USER node` (UID 1000), but the `openclaw` system user created by setup-podman.sh may get a different UID (e.g., 1001). Without `User=%U:%G`, the container process runs as UID 1000 and cannot read config files owned by the openclaw user. Closes openclaw#26400 * scripts: extract quadlet sed replacement escaping helper * podman: document quadlet user mapping rationale * scripts: correct sed replacement escaping for pipe delimiter --------- Co-authored-by: Vincent Koc <vincentkoc@ieee.org>

…26414) * fix: sed escaping and UID mismatch in Podman Quadlet setup Fix two bugs in the Podman/Quadlet installation path: 1. setup-podman.sh line 227: Remove `/` from sed escape character class. The sed substitution uses `|` as delimiter, so `/` doesn't need escaping. Including it causes paths like `/home/openclaw` to become `\/home\/openclaw`, which Podman rejects as invalid volume names. 2. openclaw.container.in: Add `User=%U:%G` after `UserNS=keep-id`. The Dockerfile sets `USER node` (UID 1000), but the `openclaw` system user created by setup-podman.sh may get a different UID (e.g., 1001). Without `User=%U:%G`, the container process runs as UID 1000 and cannot read config files owned by the openclaw user. Closes openclaw#26400 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * scripts: extract quadlet sed replacement escaping helper * podman: document quadlet user mapping rationale * scripts: correct sed replacement escaping for pipe delimiter --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Vincent Koc <vincentkoc@ieee.org>

openclaw-barnacle bot added scripts Repository scripts size: XS labels Feb 25, 2026

This was referenced Feb 28, 2026

fix(podman): fix sed escaping for volume paths and add User= to Quadlet #26415

Closed

Podman: fix quadlet path escaping + user mapping #26425

Closed

KnHack and others added 3 commits February 28, 2026 09:11

scripts: extract quadlet sed replacement escaping helper

aa8fccf

podman: document quadlet user mapping rationale

50f99b3

vincentkoc force-pushed the fix/podman-quadlet-setup branch from 56f05e4 to 50f99b3 Compare February 28, 2026 17:13

vincentkoc added 2 commits February 28, 2026 09:14

scripts: correct sed replacement escaping for pipe delimiter

957f0fc

Merge branch 'main' into fix/podman-quadlet-setup

0aefe86

vincentkoc merged commit 26db298 into openclaw:main Feb 28, 2026
20 of 21 checks passed

vincentkoc added a commit that referenced this pull request Feb 28, 2026

chore(changelog): add missing entry for #26414

1271d2c

vincentkoc mentioned this pull request Feb 28, 2026

chore(changelog): add missing entries for #26414 #25326 #28827 #29963

Merged

18 tasks

vincentkoc added a commit that referenced this pull request Feb 28, 2026

chore(changelog): add missing entry for #26414

67a1584

github-actions bot mentioned this pull request Feb 28, 2026

📡 Upstream Digest — 2026-02-28 18:22 UTC curtismercier/openclaw-mods#147

Open

KnHack deleted the fix/podman-quadlet-setup branch February 28, 2026 18:34

nsd97 pushed a commit to nsd97/openclaw that referenced this pull request Feb 28, 2026

chore(changelog): add missing entry for openclaw#26414

30a64e2

wanjizheng pushed a commit to wanjizheng/openclaw that referenced this pull request Mar 1, 2026

chore(changelog): add missing entry for openclaw#26414

4c580ac

wanjizheng pushed a commit to wanjizheng/openclaw that referenced this pull request Mar 1, 2026

chore(changelog): add missing entry for openclaw#26414

51fff7a

This was referenced Mar 1, 2026

cherry-pick: upstream bugfix commits (2026-03-01-0443) hughdidit/DAISy-Agency#140

Closed

cherry-pick: upstream docs commits (2026-03-01-0443) hughdidit/DAISy-Agency#141

Closed

hughdidit pushed a commit to hughdidit/DAISy-Agency that referenced this pull request Mar 1, 2026

chore(changelog): add missing entry for openclaw#26414

d7f1ff7

(cherry picked from commit 67a1584)

gemini-code-assist bot mentioned this pull request Mar 1, 2026

chore(sync): replay rollup fixes on upstream/main MillionthOdin16/openclaw#111

Merged

ansh pushed a commit to vibecode/openclaw that referenced this pull request Mar 2, 2026

chore(changelog): add missing entry for openclaw#26414

e554c5a

steipete pushed a commit to Sid-Qin/openclaw that referenced this pull request Mar 2, 2026

chore(changelog): add missing entry for openclaw#26414

56d4d13

safzanpirani pushed a commit to safzanpirani/clawdbot that referenced this pull request Mar 2, 2026

chore(changelog): add missing entry for openclaw#26414

32dd9b0

steipete pushed a commit to Sid-Qin/openclaw that referenced this pull request Mar 2, 2026

chore(changelog): add missing entry for openclaw#26414

9e9df00

robertchang-ga pushed a commit to robertchang-ga/openclaw that referenced this pull request Mar 2, 2026

chore(changelog): add missing entry for openclaw#26414

e2724eb

execute008 pushed a commit to execute008/openclaw that referenced this pull request Mar 2, 2026

chore(changelog): add missing entry for openclaw#26414

9d8245d

hughdidit pushed a commit to hughdidit/DAISy-Agency that referenced this pull request Mar 3, 2026

chore(changelog): add missing entry for openclaw#26414

3a28f25

(cherry picked from commit 67a1584)

dorgonman pushed a commit to kanohorizonia/openclaw that referenced this pull request Mar 3, 2026

chore(changelog): add missing entry for openclaw#26414

fd372ce

sachinkundu pushed a commit to sachinkundu/openclaw that referenced this pull request Mar 6, 2026

chore(changelog): add missing entry for openclaw#26414

72d5f38

zooqueen pushed a commit to hanzoai/bot that referenced this pull request Mar 6, 2026

chore(changelog): add missing entry for openclaw#26414

3f1d2cd

Mateljan1 pushed a commit to Mateljan1/openclaw that referenced this pull request Mar 7, 2026

chore(changelog): add missing entry for openclaw#26414

a642445

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix: sed escaping and UID mismatch in Podman Quadlet setup#26414

fix: sed escaping and UID mismatch in Podman Quadlet setup#26414
vincentkoc merged 5 commits intoopenclaw:mainfrom
KnHack:fix/podman-quadlet-setup

KnHack commented Feb 25, 2026 •

edited by greptile-apps bot

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Conversation

KnHack commented Feb 25, 2026 • edited by greptile-apps bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Test plan

Greptile Summary

Confidence Score: 5/5

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

KnHack commented Feb 25, 2026 •

edited by greptile-apps bot

Loading