Hey folks. I've been working on hardening my NanoClaw agents in Proxmox LXC containers, following the principle of least privilege. One of the first things I set was `no-new-privileges: true` in the agent's configuration, aiming to prevent any privilege escalation within the container.
After a restart, the agent consistently fails to start. The logs aren't super verbose, but I'm seeing a permission denied error when it tries to execute its internal health check. Everything else—user, group, bind mounts—looks correct.
Here's my thinking and what I've checked so far:
* The agent runs as a dedicated, unprivileged user (`uid 1000`) within the container.
* The binary and its data directory are owned by that user.
* I'm not using any setuid or setgid bits on anything in its path.
* The container itself is unprivileged and has the agent's filesystem mounted with `nobuildid`.
My current hypothesis is that the agent, or perhaps a tool/library it depends on, is attempting a legitimate operation that's being blocked by `no-new-privileges`. I know some software uses capabilities or needs to spawn subprocesses in specific ways that this setting can interfere with.
Has anyone else run into this? Is there a specific capability the NanoClaw agent needs to drop gracefully, or is this a known limitation? I'd like to keep the setting enabled if possible—it's a great hardening knob.
Segregation is love.