[MacOS 26.0.1] unable config the web search in sandbox using cil: openclaw configure --section web

[mercl-lau]

Description

NemoClaw makes /sandbox/.openclaw/openclaw.json read-only (image chmod 444 + root, plus /sandbox/.openclaw in the Landlock read-only list). That’s understandable for locking gateway secrets, but OpenClaw’s normal way to turn on web search is openclaw configure --section web, which tries to write that file. There’s no obvious supported alternative from inside the sandbox.

That design protects gateway auth and related settings from tampering by the sandbox user and the agent, but it conflicts with OpenClaw’s documented setup flow for web search, which uses openclaw configure --section web and writes the merged config back to openclaw.json (typically via a temp file + copyfile into openclaw.json).

So users following OpenClaw’s normal “configure web search in the sandbox” path hit a hard failure, with no first-class NemoClaw workflow documented as the replacement (e.g. env vars only, workspace overlay, or host-side injection).

Expected: A supported way to enable web_search (and related tools) inside the NemoClaw sandbox without breaking the immutability goals for gateway secrets—e.g. split config (immutable core vs writable user/tool settings), or clear automation/docs for env/workspace-based configuration.

Actual: openclaw configure fails when persisting web search settings because openclaw.json cannot be updated.

Reproduction Steps

1. Complete NemoClaw onboarding (nemoclaw onboard).

2. Connect into the sandbox: nemoclaw connect

3. Run OpenClaw’s web configuration wizard:
   openclaw configure --section web

4. Answer the prompts to enable web search, choose a provider, and enter an API key (any valid-format key is enough to reach the write step).

**Observed: The command fails with an error similar to:

Error: EACCES: permission denied, copyfile '/sandbox/.openclaw/openclaw.json...tmp' -> '/sandbox/.openclaw/openclaw.json'**

Environment

• openClaw: 2026.3.11 (29dc654)
• OpenShell: 0.0.14
• macOS 26.1 (Apple M4, arm64)
• Policy presets applied: pypi, npm
• Inference: NVIDIA Cloud API (nvidia/nemotron-3-super-120b-a12b)

Debug Output

Logs

Checklist

• I confirmed this bug is reproducible
• I searched existing issues and this is not a duplicate

[josephwccheng]

I can also confirm this bug is reproducible. I attempted a workaround to configure the file directly via docker's bash access:

1. terminal command: docker exec -it <container_name_or_id> bash
2. bash command: find . -name "openclaw.json"
3. bash command: vi "location_of_openclaw.json"
4. successfully updated the tools, web section with the API key (i.e. using brave search)
   "tools": {
   "web": {
   "search": {
   "enabled": true,
   "provider": "brave",
   "apiKey": ""
   },
   "fetch": {
   "enabled": true
   }
   }
   },
5. However, I seem to be facing some permission / policy issue afterwards (apologies for being a openclaw beginner).

[wellisrite]

Encountering the same issue on ubuntu 24.0

[thadreber-web]

Likely the same root cause as #719 — DAC permissions on /sandbox/.openclaw/ block writes despite the Landlock policy allowing them. See this comment for the root cause analysis and Dockerfile fix.

[13ernkastel]

Open PR #1497 adds the NemoClaw-side supported replacement path for web-search configuration without requiring mutable in-sandbox config writes: provider-aware onboarding for Brave, Gemini, and Tavily, generated config injection, matching policy presets, and updated docs.

I am not closing this here because the underlying openclaw configure --section web write failure inside the sandbox is still a separate behavior question, but #1497 covers the missing first-class NemoClaw workflow called out in this issue.