Security Docker Sandbox Setup

Why Run OpenClaw in a Docker Sandbox?

Running OpenClaw inside a Docker container provides an additional layer of isolation between the AI agent and your host system. Even if the agent attempts to execute a malicious command, the damage is contained within the disposable container environment.

Quick Setup

Pull the official OpenClaw Docker image and run it with security-hardened defaults:

# Pull the latest image
docker pull openclaw/openclaw:latest

# Run with security defaults
docker run -d \
  --name openclaw-sandbox \
  --security-opt no-new-privileges \
  --cap-drop ALL \
  --cap-add NET_RAW \
  --read-only \
  --tmpfs /tmp:rw,noexec,nosuid \
  -v ./workspace:/app/workspace:rw \
  -v ./config:/app/config:ro \
  -p 3000:3000 \
  openclaw/openclaw:latest

Security Flags Explained

• --security-opt no-new-privileges: Prevents the container from gaining additional privileges through setuid binaries
• --cap-drop ALL: Removes all Linux capabilities, giving the container minimal permissions
• --read-only: Makes the root filesystem read-only, preventing modification of system files
• --tmpfs /tmp:rw,noexec,nosuid: Provides a writable temp directory but prevents executing binaries from it
• Config mounted as :ro (read-only): Prevents the agent from modifying its own security configuration

Resource Limits

Add resource constraints to prevent the agent from consuming excessive system resources:

docker run -d \
  --memory=2g \
  --cpus=2 \
  --pids-limit=100 \
  openclaw/openclaw:latest

Network Isolation

For maximum security, run OpenClaw in an isolated Docker network that only allows outbound connections to approved API endpoints:

# Create isolated network
docker network create --internal openclaw-net

# Run with network restrictions
docker run -d --network openclaw-net openclaw/openclaw:latest

Then use a reverse proxy container to selectively allow outbound traffic to your approved API hosts.