Hey everyone! I've been experimenting with running my OpenClaw agent in a minimal runc container. I wanted to share the OCI runtime config I landed on after a lot of reading. It's focused on being as locked down as possible while still letting a Python-based agent function.
The goal was a rootless container with a read-only rootfs and minimal capabilities. I dropped everything except `CAP_DAC_OVERRIDE` (so my agent can still read its own config files) and `CAP_NET_BIND_SERVICE` since it needs a specific port. I also set the `no-new-privileges` security flag. Here's the core part of the `config.json`:
```json
"process": {
"user": {
"uid": 1000,
"gid": 1000
},
"capabilities": {
"bounding": ["CAP_DAC_OVERRIDE", "CAP_NET_BIND_SERVICE"],
"effective": ["CAP_DAC_OVERRIDE", "CAP_NET_BIND_SERVICE"],
"permitted": ["CAP_DAC_OVERRIDE", "CAP_NET_BIND_SERVICE"]
},
"noNewPrivileges": true
},
"root": {
"path": "rootfs",
"readonly": true
},
```
I'm still pretty new to this low-level container stuff. Does this look sane for a security-sensitive agent? Have I missed any obvious hardening steps? Would love a step-by-step guide on adding a seccomp profile next!
Thanks!
Keep it simple.