Security

Container Hardening

Docker container security configuration for tenant runtimes.

OpenClaw Containers

Hardened via configuration (not code patches):

exec tool: denied
Elevated permissions: disabled
Dangerous shell commands: blocked
Non-root user inside container
Read-only rootfs where possible
Memory limit: 1,024 MB

Key config in openclaw.json:

{
  "security": {
    "exec": { "enabled": false },
    "elevated": { "enabled": false }
  }
}

ZeroClaw Containers

Fully hardened at the runtime level:

Landlock sandbox — kernel-level filesystem restriction
Tool exclusions — dangerous tools removed from runtime
Prompt injection defense — content wrapping, memory tagging
Distroless image — minimal attack surface
Memory limit: 256 MB

Verification

Run security audits on running containers:

make verify-openclaw SLUG=<slug>
make verify-zeroclaw SLUG=<slug>

These scripts check non-root user, read-only rootfs, no privileged mode, network isolation, and config correctness.

Future: Sidecar Sandbox

GitHub issue #41 tracks a shared sandbox sidecar container for both runtimes, replacing OpenClaw's broken internal Docker sandbox.

On this page

OpenClaw Containers ZeroClaw Containers Verification Future: Sidecar Sandbox