Description
Fresh nemoclaw onboard creates /sandbox/.openclaw as a root-owned facade with links such as agents, cron, and workspace, but it does not create a writable memory entry. OpenClaw still uses ~/.openclaw/memory/main.sqlite as the default store path for the main agent, so openclaw memory index --force fails because the parent directory is missing and cannot be created by the sandbox user.
Expected behavior: fresh onboard should create a writable facade for ~/.openclaw/memory, for example /sandbox/.openclaw/memory -> /sandbox/.openclaw-data/memory, or otherwise ensure the default memory-store parent path exists and is writable.
Reproduction Steps
- Run
nemoclaw onboard on a fresh host and complete onboarding.
- Connect to the created sandbox.
- Inspect the facade paths with
find ~/.openclaw -maxdepth 1 -ls.
- Confirm there is no
~/.openclaw/memory entry.
- Run
openclaw memory index --force.
- Observe failure:
unable to open database file.
- Run
mkdir -p ~/.openclaw/memory as the sandbox user.
- Observe failure:
mkdir: cannot create directory ... Permission denied.
Workaround that restores expected behavior:
- Create
~/.openclaw-data/memory as the sandbox user.
- Create
/sandbox/.openclaw/memory -> /sandbox/.openclaw-data/memory from the host/root side.
- Re-run
openclaw memory index --force.
- Observe success.
Environment
- OS: Ubuntu 24.04
- Node.js: v22.22.1
- Docker: Docker Engine (OpenShell-managed cluster)
- NemoClaw: source checkout on
origin/main at eb4ba8c during validation
- OpenClaw in sandbox:
2026.3.11 (29dc654)
Logs
$ openclaw memory index --force
unable to open database file
$ mkdir -p ~/.openclaw/memory
mkdir: cannot create directory '/sandbox/.openclaw/memory': Permission denied\n```\n\nAdditional observed state:\n```text\n- /sandbox/.openclaw is owned by root:root\n- facade links exist for agents, cron, workspace, etc.\n- there is no /sandbox/.openclaw/memory entry\n- .openclaw-data/* remains writable by sandbox:sandbox\n```
Description
Fresh
nemoclaw onboardcreates/sandbox/.openclawas a root-owned facade with links such asagents,cron, andworkspace, but it does not create a writablememoryentry. OpenClaw still uses~/.openclaw/memory/main.sqliteas the default store path for the main agent, soopenclaw memory index --forcefails because the parent directory is missing and cannot be created by the sandbox user.Expected behavior: fresh onboard should create a writable facade for
~/.openclaw/memory, for example/sandbox/.openclaw/memory -> /sandbox/.openclaw-data/memory, or otherwise ensure the default memory-store parent path exists and is writable.Reproduction Steps
nemoclaw onboardon a fresh host and complete onboarding.find ~/.openclaw -maxdepth 1 -ls.~/.openclaw/memoryentry.openclaw memory index --force.unable to open database file.mkdir -p ~/.openclaw/memoryas the sandbox user.mkdir: cannot create directory ... Permission denied.Workaround that restores expected behavior:
~/.openclaw-data/memoryas the sandbox user./sandbox/.openclaw/memory -> /sandbox/.openclaw-data/memoryfrom the host/root side.openclaw memory index --force.Environment
origin/mainateb4ba8cduring validation2026.3.11 (29dc654)Logs