#openclaw bot inside of docker

I want to sandbox my bot thats currently integrated with Discord and uses ollama model qwen3-coder:30b on my Windows PC. I have docker desktop, what needs to be done so this can be safe running exec and accessing files?

I want to containerize the bot, not the ollama model and keep that locally on my PC

Yes — that’s a solid setup, and OpenClaw supports it well.

If you want bot containerized but Ollama local on Windows host, do this:

1. Run OpenClaw in Docker

• Follow: https://docs.openclaw.ai/install/docker

2. Point OpenClaw to host Ollama

• Set Ollama base URL to your host-reachable address (on Docker Desktop this is usually http://host.docker.internal:11434)
• Use native Ollama API URL (no /v1):
  https://docs.openclaw.ai/providers/ollama

3. Limit file blast radius

• Mount only a dedicated workspace folder as writable
• Mount any extra host folders as read-only unless absolutely needed
• Avoid mounting your full user profile/drive

4. Harden tool execution

• Keep exec on sandbox/container side, not host-elevated
• Disable elevated exec unless you truly need it
• If needed, use strict tool allow/deny policy
  https://docs.openclaw.ai/gateway/sandboxing
  https://docs.openclaw.ai/gateway/sandbox-vs-tool-policy-vs-elevated

5. Lock down Discord ingress

• dmPolicy: "pairing"
• groupPolicy: "allowlist" (+ mention-gating in group channels)
• Docs: https://docs.openclaw.ai/channels/discord

6. Run security audit after config

• openclaw security audit --deep
• Docs: https://docs.openclaw.ai/gateway/security

If you want, I can give you a copy-paste config next.

Reply with one number:

1. Balanced (practical daily use)
2. Strict (max lockdown, more friction)

Also paste openclaw --version first so I match current keys exactly.

Step 1 I want to use the sandbox option, but still am unsure how to properly configure it

Perfect — for Step 1 (sandbox config), use this as a known-good baseline.

1) Enable sandbox runtime in your Docker setup

If you used the repo Docker setup:

• Set OPENCLAW_SANDBOX=1
• Re-run docker-setup.sh

(That path is documented here: https://docs.openclaw.ai/install/docker#enable-agent-sandbox-for-docker-gateway-opt-in)

2) Add this to ~/.openclaw/openclaw.json

{

agents: {
defaults: {
sandbox: {
mode: "all", // sandbox every session
backend: "docker",
scope: "session", // strongest isolation
workspaceAccess: "none",
workspaceRoot: "~/.openclaw/sandboxes",
docker: {
image: "openclaw-sandbox:bookworm-slim",
readOnlyRoot: true,
tmpfs: ["/tmp", "/var/tmp", "/run"],
network: "none",
user: "1000:1000",
capDrop: ["ALL"],

pidsLimit: 256,
memory: "1g",
cpus: 1
},
prune: {
idleHours: 24,
maxAgeDays: 7
}
}
}
},
tools: {
sandbox: {
tools: {
allow: ["group:runtime", "group:fs", "group:sessions"],

deny: ["browser", "canvas", "nodes", "cron", "gateway"]
}
},
elevated: { enabled: false }
}
}

Docs for these keys:

• https://docs.openclaw.ai/gateway/sandboxing
• https://docs.openclaw.ai/gateway/configuration-reference#agentsdefaults-sandbox
• https://docs.openclaw.ai/gateway/sandbox-vs-tool-policy-vs-elevated

3) If you need host files, bind only specific folders

Use agents.defaults.sandbox.docker.binds with :ro wherever possible (never broad mounts like whole C:\Users).

4) Verify it’s actually active

Run:

• openclaw sandbox explain
• openclaw security audit --deep

If you paste those outputs, I’ll help tune Step 2 (Ollama host URL + safe file bind rules for Windows paths).