fix(sandbox): improve DinD detection and add security comment
- Change DinD detection from AND to OR: require both env vars or neither (partial config would cause confusing mount failures) - Add comment explaining why root user is required for Docker socket access Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Muhsinun Chowdhury
parent
ca3e65eb35
commit
0a2a7fbcd1
@ -1,6 +1,7 @@
|
||||
services:
|
||||
moltbot-gateway:
|
||||
image: ${CLAWDBOT_IMAGE:-moltbot:local}
|
||||
# Required for Docker socket access when creating sandbox containers (DinD)
|
||||
user: root
|
||||
environment:
|
||||
HOME: /home/node
|
||||
|
||||
@ -22,8 +22,8 @@ export function remapPathForDinD(containerPath: string): string {
|
||||
const hostConfigDir = process.env.CLAWDBOT_SANDBOX_HOST_CONFIG_DIR;
|
||||
const hostWorkspaceDir = process.env.CLAWDBOT_SANDBOX_HOST_WORKSPACE_DIR;
|
||||
|
||||
// If no host path mappings are set, we're not in Docker-in-Docker mode
|
||||
if (!hostConfigDir && !hostWorkspaceDir) {
|
||||
// Both must be set for DinD mode, or neither (partial config is invalid)
|
||||
if (!hostConfigDir || !hostWorkspaceDir) {
|
||||
return containerPath;
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user