fix: docker permissions and db path configuration#24
Conversation
stritti
commented
Feb 26, 2026
stritti
commented
- Install gosu to drop privileges safely
- Start container as root to fix volume permissions in entrypoint.sh
- Set default HOME and OPENCLAW_HOME to ensure write access to persistent data
- Add support for FLEET_DB_PATH environment variable
- Install gosu to drop privileges safely - Start container as root to fix volume permissions in entrypoint.sh - Set default HOME and OPENCLAW_HOME to ensure write access to persistent data - Add support for FLEET_DB_PATH environment variable
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: d1cac600aa
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
Pull request overview
This PR modifies the Docker container to address volume permission issues by starting as root, fixing permissions, and then dropping privileges to the clawmetry user. It also adds support for a new FLEET_DB_PATH environment variable.
Changes:
- Install gosu tool for safe privilege dropping in containers
- Remove USER directive so container starts as root, with entrypoint script using gosu to drop privileges after fixing permissions
- Add permission-fixing logic in entrypoint.sh for data directory and fleet database path
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 10 comments.
| File | Description |
|---|---|
| Dockerfile | Installs gosu package and removes USER directive to enable root-based permission fixing |
| entrypoint.sh | Adds HOME/OPENCLAW_HOME defaults, permission fixing for data directories, FLEET_DB_PATH support, and gosu-based privilege dropping |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # Also ensure the fleet DB directory exists if FLEET_DB_PATH is set. | ||
| if [ -n "$FLEET_DB_PATH" ]; then | ||
| echo "Fixing permissions for fleet DB at $FLEET_DB_PATH..." | ||
| DB_DIR=$(dirname "$FLEET_DB_PATH") | ||
| mkdir -p "$DB_DIR" | ||
| chown -R clawmetry:clawmetry "$DB_DIR" | ||
| ls -ld "$DB_DIR" | ||
| fi |
There was a problem hiding this comment.
The FLEET_DB_PATH environment variable is exported but there's no evidence in the codebase (wsgi.py, documentation, or other files) that the ClawMetry application actually recognizes or uses this variable. Adding support for an environment variable that the application doesn't consume will not achieve the intended functionality. Verify that the ClawMetry application (from the PyPI package) supports FLEET_DB_PATH, or document if this is intended for a future version of ClawMetry.
| exec /venv/bin/gunicorn \ | ||
| # Ensure HOME is set correctly for the non-root user. | ||
| export HOME=/home/clawmetry | ||
| export OPENCLAW_HOME="${OPENCLAW_HOME:-/home/clawmetry/.openclaw}" |
There was a problem hiding this comment.
Setting OPENCLAW_HOME as a default after command-line arguments have been processed will override any user-provided --workspace flag. Line 21 exports OPENCLAW_HOME if the user passes --workspace, but line 47 unconditionally sets a default that will replace the user's value. Move this default setting to before the argument parsing loop, or only set it if it's not already defined (similar to the pattern used for DATA_DIR on line 51).
| --fleet-db-path) | ||
| export FLEET_DB_PATH="$2"; shift 2 ;; |
There was a problem hiding this comment.
The new --fleet-db-path flag and FLEET_DB_PATH environment variable are not documented in the README.md or docs/guide/configuration.md. According to the stored memory about configuration documentation conventions (docs/guide/configuration.md:9-17), all environment variables should be documented in the configuration reference with per-variable subsections. Add documentation for this new variable including its CLI equivalent, description, and usage example.
Co-authored-by: stritti <184547+stritti@users.noreply.github.com>
Co-authored-by: stritti <184547+stritti@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
