Issue Station
Sign In
Tools hereToolbox

openclaw - 💡(How to fix) Fix [Bug]: v2026.5.22 base image: /home/node/.config is root-owned, breaks Chromium as node user (crashpad: --database is required)

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…

In ghcr.io/openclaw/openclaw:2026.5.22, Chromium fails to start as the node user (UID 1000) because the new /home/node/.config directory is created root:root 0755 instead of node:node. The crashpad init can't mkdir under it, the crashpad subprocess is spawned without --database, and Chromium aborts with SIGTRAP before CDP binds.

This regression breaks any LobsterLair-style deployment that runs chromium --headless as the default node user against a CDP port (gateway browser autostart, custom browser entrypoints, anything checking 127.0.0.1:18800/json/version).

Error Message

FAIL chrome_crashpad_handler: --database is required Try 'chrome_crashpad_handler --help' for more information. [..] ERROR:third_party/crashpad/crashpad/util/linux/socket.cc:120] recvmsg: Connection reset by peer (104)

Root Cause

docker history diff between 2026.5.20 and 2026.5.22 shows one functional change: the install -d step now creates /home/node/.openclaw/workspace and /home/node/.config/openclaw in addition to /home/node/.openclaw. The new /home/node/.config/openclaw is node:node 0700 — that's correct — but its parent /home/node/.config is implicitly created by install -d and ends up root:root 0755.

$ docker run --rm -u 1000 --entrypoint sh ghcr.io/openclaw/openclaw:2026.5.22 -c 'ls -la /home/node/.config'
total 12
drwxr-xr-x 3 root root 4096 May 24 00:55 .
drwxr-xr-x 1 node node 4096 May 24 00:55 ..
drwx------ 2 node node 4096 May 24 00:55 openclaw

Chromium tries to write its crashpad database under ~/.config/chromium/Crashpad/. With ~/.config owned by root:root and node only having read+exec on it, the mkdir fails, the parent gives up on a database path, and the crashpad subprocess is spawned with an empty --database argv (instead of being skipped entirely), which aborts the whole startup.

Setting HOME=/tmp or chown node:node /home/node/.config both make the failure disappear:

$ docker run --rm -u root --entrypoint sh ghcr.io/openclaw/openclaw:2026.5.22 -c '
    apt-get install -y --no-install-recommends chromium >/dev/null 2>&1
    chown node:node /home/node/.config
    su node -c "chromium --headless --no-sandbox --disable-gpu \
      --remote-debugging-port=18800 about:blank > /tmp/c.log 2>&1 &"
    sleep 4
    curl -fsS http://127.0.0.1:18800/json/version >/dev/null && echo OK || echo FAIL
  '
OK

Code Example

docker run --rm -u root --entrypoint sh ghcr.io/openclaw/openclaw:2026.5.22 -c '
  apt-get update -qq && apt-get install -y --no-install-recommends chromium >/dev/null 2>&1
  su node -c "chromium --headless --no-sandbox --disable-gpu \
    --remote-debugging-port=18800 --user-data-dir=/tmp/ud about:blank \
    > /tmp/c.log 2>&1 &"
  sleep 5
  curl -fsS http://127.0.0.1:18800/json/version >/dev/null && echo OK || echo FAIL
  cat /tmp/c.log | head -3
'

---

OK
[..] Failed to connect to the bus: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory

---

FAIL
chrome_crashpad_handler: --database is required
Try 'chrome_crashpad_handler --help' for more information.
[..] ERROR:third_party/crashpad/crashpad/util/linux/socket.cc:120] recvmsg: Connection reset by peer (104)

---

$ docker run --rm -u 1000 --entrypoint sh ghcr.io/openclaw/openclaw:2026.5.22 -c 'ls -la /home/node/.config'
total 12
drwxr-xr-x 3 root root 4096 May 24 00:55 .
drwxr-xr-x 1 node node 4096 May 24 00:55 ..
drwx------ 2 node node 4096 May 24 00:55 openclaw

---

$ docker run --rm -u root --entrypoint sh ghcr.io/openclaw/openclaw:2026.5.22 -c '
    apt-get install -y --no-install-recommends chromium >/dev/null 2>&1
    chown node:node /home/node/.config
    su node -c "chromium --headless --no-sandbox --disable-gpu \
      --remote-debugging-port=18800 about:blank > /tmp/c.log 2>&1 &"
    sleep 4
    curl -fsS http://127.0.0.1:18800/json/version >/dev/null && echo OK || echo FAIL
  '
OK
RAW_BUFFERClick to expand / collapse

Summary

In ghcr.io/openclaw/openclaw:2026.5.22, Chromium fails to start as the node user (UID 1000) because the new /home/node/.config directory is created root:root 0755 instead of node:node. The crashpad init can't mkdir under it, the crashpad subprocess is spawned without --database, and Chromium aborts with SIGTRAP before CDP binds.

This regression breaks any LobsterLair-style deployment that runs chromium --headless as the default node user against a CDP port (gateway browser autostart, custom browser entrypoints, anything checking 127.0.0.1:18800/json/version).

Environment

  • Host: Ubuntu 24.04.4 LTS, kernel 6.8.0-110-generic
  • Docker: 29.4.1
  • Affected image: ghcr.io/openclaw/openclaw:2026.5.22 (digest at time of report: sha256:dcfd148777401d1bbdc63eab5c2f280bbfa912dfb1818566f9d66bb96ffb3f95 — pulled 2026-05-25)
  • Working images: 2026.5.7, 2026.5.12, 2026.5.18, 2026.5.20

Reproducer (one command, ~30s)

docker run --rm -u root --entrypoint sh ghcr.io/openclaw/openclaw:2026.5.22 -c '
  apt-get update -qq && apt-get install -y --no-install-recommends chromium >/dev/null 2>&1
  su node -c "chromium --headless --no-sandbox --disable-gpu \
    --remote-debugging-port=18800 --user-data-dir=/tmp/ud about:blank \
    > /tmp/c.log 2>&1 &"
  sleep 5
  curl -fsS http://127.0.0.1:18800/json/version >/dev/null && echo OK || echo FAIL
  cat /tmp/c.log | head -3
'

Expected (works on :2026.5.20)

OK
[..] Failed to connect to the bus: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory

Actual (:2026.5.22)

FAIL
chrome_crashpad_handler: --database is required
Try 'chrome_crashpad_handler --help' for more information.
[..] ERROR:third_party/crashpad/crashpad/util/linux/socket.cc:120] recvmsg: Connection reset by peer (104)

Plus a Trace/breakpoint trap (core dumped) on the parent chromium process.

The same failure reproduces with:

  • chromium=147.0.7727.137-1~deb12u1 (Debian bookworm/main, previous stable)
  • chromium=148.0.7778.178-1~deb12u1 (bookworm-security, current)
  • google-chrome-stable=148.0.7778.178-1 (Google's upstream build)

So the trigger is not the Chromium binary.

Bisect

Tested running chromium --headless ... as node user, freshly apt-installed in each base image:

Base imageResult
ghcr.io/openclaw/openclaw:2026.5.7OK
ghcr.io/openclaw/openclaw:2026.5.12OK
ghcr.io/openclaw/openclaw:2026.5.18OK
ghcr.io/openclaw/openclaw:2026.5.20OK
ghcr.io/openclaw/openclaw:2026.5.22FAIL

Root cause

docker history diff between 2026.5.20 and 2026.5.22 shows one functional change: the install -d step now creates /home/node/.openclaw/workspace and /home/node/.config/openclaw in addition to /home/node/.openclaw. The new /home/node/.config/openclaw is node:node 0700 — that's correct — but its parent /home/node/.config is implicitly created by install -d and ends up root:root 0755.

$ docker run --rm -u 1000 --entrypoint sh ghcr.io/openclaw/openclaw:2026.5.22 -c 'ls -la /home/node/.config'
total 12
drwxr-xr-x 3 root root 4096 May 24 00:55 .
drwxr-xr-x 1 node node 4096 May 24 00:55 ..
drwx------ 2 node node 4096 May 24 00:55 openclaw

Chromium tries to write its crashpad database under ~/.config/chromium/Crashpad/. With ~/.config owned by root:root and node only having read+exec on it, the mkdir fails, the parent gives up on a database path, and the crashpad subprocess is spawned with an empty --database argv (instead of being skipped entirely), which aborts the whole startup.

Setting HOME=/tmp or chown node:node /home/node/.config both make the failure disappear:

$ docker run --rm -u root --entrypoint sh ghcr.io/openclaw/openclaw:2026.5.22 -c '
    apt-get install -y --no-install-recommends chromium >/dev/null 2>&1
    chown node:node /home/node/.config
    su node -c "chromium --headless --no-sandbox --disable-gpu \
      --remote-debugging-port=18800 about:blank > /tmp/c.log 2>&1 &"
    sleep 4
    curl -fsS http://127.0.0.1:18800/json/version >/dev/null && echo OK || echo FAIL
  '
OK

Suggested fix

In the Dockerfile step that runs install -d ... /home/node/.config/openclaw, also ensure the parent /home/node/.config itself is owned by node:node. Either:

  1. Pre-create the parent: install -d -m 0755 -o node -g node /home/node/.config before the openclaw subdir
  2. Or chown node:node /home/node/.config after the install -d invocation

Option 1 is cleaner; matches the existing install -d style used for /home/node/.openclaw.

Impact / who's affected

Any deployment that runs Chromium as node (or any non-root) inside this image, whether via the gateway's browser autostart, a custom entrypoint, or an external browser tooling script. CDP-based health checks during rollout report "CDP unreachable" and fail-close.

For LobsterLair specifically, a v5.22 canary rollout immediately failed the rollout script's CDP healthcheck and auto-rolled back. We pinned to v5.20 in the meantime.

Happy to send a PR if useful.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING

openclaw - 💡(How to fix) Fix [Bug]: v2026.5.22 base image: /home/node/.config is root-owned, breaks Chromium as node user (crashpad: --database is required)