Skip to content

Fresh onboard sandbox omits writable ~/.openclaw/memory facade #1040

New issue
New issue
Open
Open
Fresh onboard sandbox omits writable ~/.openclaw/memory facade#1040
@snarkipus

Description

@snarkipus
snarkipus
opened on Mar 28, 2026

Description

Fresh nemoclaw onboard creates /sandbox/.openclaw as a root-owned facade with links such as agents, cron, and workspace, but it does not create a writable memory entry. OpenClaw still uses ~/.openclaw/memory/main.sqlite as the default store path for the main agent, so openclaw memory index --force fails because the parent directory is missing and cannot be created by the sandbox user.

Expected behavior: fresh onboard should create a writable facade for ~/.openclaw/memory, for example /sandbox/.openclaw/memory -> /sandbox/.openclaw-data/memory, or otherwise ensure the default memory-store parent path exists and is writable.

Reproduction Steps

  1. Run nemoclaw onboard on a fresh host and complete onboarding.
  2. Connect to the created sandbox.
  3. Inspect the facade paths with find ~/.openclaw -maxdepth 1 -ls.
  4. Confirm there is no ~/.openclaw/memory entry.
  5. Run openclaw memory index --force.
  6. Observe failure: unable to open database file.
  7. Run mkdir -p ~/.openclaw/memory as the sandbox user.
  8. Observe failure: mkdir: cannot create directory ... Permission denied.

Workaround that restores expected behavior:

  1. Create ~/.openclaw-data/memory as the sandbox user.
  2. Create /sandbox/.openclaw/memory -> /sandbox/.openclaw-data/memory from the host/root side.
  3. Re-run openclaw memory index --force.
  4. Observe success.

Environment

  • OS: Ubuntu 24.04
  • Node.js: v22.22.1
  • Docker: Docker Engine (OpenShell-managed cluster)
  • NemoClaw: source checkout on origin/main at eb4ba8c during validation
  • OpenClaw in sandbox: 2026.3.11 (29dc654)

Logs

$ openclaw memory index --force
unable to open database file

$ mkdir -p ~/.openclaw/memory
mkdir: cannot create directory '/sandbox/.openclaw/memory': Permission denied\n```\n\nAdditional observed state:\n```text\n- /sandbox/.openclaw is owned by root:root\n- facade links exist for agents, cron, workspace, etc.\n- there is no /sandbox/.openclaw/memory entry\n- .openclaw-data/* remains writable by sandbox:sandbox\n```

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions