#17406: Merge
scripts
size: M
Cluster:
Docker and Deployment Improvements
## Summary
Describe the problem and fix in 2–5 bullets:
- Problem:
- Why it matters:
- What changed:
- What did NOT change (scope boundary):
## Change Type (select all)
- [x] Bug fix
- [ ] Feature
- [ ] Refactor
- [ ] Docs
- [ ] Security hardening
- [ ] Chore/infra
## Scope (select all touched areas)
- [x] Gateway / orchestration
- [ ] Skills / tool execution
- [ ] Auth / tokens
- [ ] Memory / storage
- [x] Integrations
- [ ] API / contracts
- [ ] UI / DX
- [ ] CI/CD / infra
## Linked Issue/PR
- Closes #
- Related #
## User-visible / Behavior Changes
List user-visible changes (including defaults/config).
If none, write `None`.
## Security Impact (required)
- New permissions/capabilities? (`Yes/No`)
- Secrets/tokens handling changed? (`Yes/No`)
- New/changed network calls? (`Yes/No`)
- Command/tool execution surface changed? (`Yes/No`)
- Data access scope changed? (`Yes/No`)
- If any `Yes`, explain risk + mitigation:
## Repro + Verification
### Environment
- OS:
- Runtime/container:
- Model/provider:
- Integration/channel (if any):
- Relevant config (redacted):
### Steps
1.
2.
3.
### Expected
-
### Actual
-
## Evidence
Attach at least one:
- [ ] Failing test/log before + passing after
- [ ] Trace/log snippets
- [ ] Screenshot/recording
- [ ] Perf numbers (if relevant)
## Human Verification (required)
What you personally verified (not just CI), and how:
- Verified scenarios:
- Edge cases checked:
- What you did **not** verify:
## Compatibility / Migration
- Backward compatible? (`Yes/No`)
- Config/env changes? (`Yes/No`)
- Migration needed? (`Yes/No`)
- If yes, exact upgrade steps:
## Failure Recovery (if this breaks)
- How to disable/revert this change quickly:
- Files/config to restore:
- Known bad symptoms reviewers should watch for:
## Risks and Mitigations
List only real risks for this PR. Add/remove entries as needed. If none, write `None`.
- Risk:
- Mitigation:
<!-- greptile_comment -->
<h3>Greptile Summary</h3>
This PR adds a complete devcontainer setup for running `systemd --user` inside GitHub Codespaces, along with a systemd service unit for the OpenClaw gateway and a minor VS Code settings change.
- Adds `.devcontainer/Dockerfile`, `devcontainer.json`, and `start-systemd.sh` to bootstrap user-mode systemd (D-Bus, journald, cgroup delegation) in a privileged Codespaces container
- Adds `scripts/systemd/openclaw-gateway.service` — a systemd user service for running the gateway with security hardening (`NoNewPrivileges`, `ProtectSystem=strict`, `ProtectHome=read-only`)
- Adds `githubPullRequests.ignoredPullRequestBranches: ["main"]` to `.vscode/settings.json`
- **Bug found**: The profile snippet in `start-systemd.sh` uses an unquoted heredoc, causing `$(id -u)` to expand as root (UID 0) at write-time. The resulting profile guard is always false, so `XDG_RUNTIME_DIR` and `DBUS_SESSION_BUS_ADDRESS` will never be set in new user shells
- The PR description template is unfilled — no summary, repro steps, or security impact answers are provided despite the PR touching privileged container config and systemd setup
<h3>Confidence Score: 3/5</h3>
- The PR introduces devcontainer infrastructure with a confirmed bug in the profile snippet that will prevent environment variables from being set in new shells.
- Score of 3 reflects that the core systemd bootstrap logic is sound and well-documented, but the profile snippet has a shell expansion bug that breaks new-shell environment setup. The PR also runs in privileged mode (justified but notable) and the PR description template is entirely unfilled, making it harder to assess intent and scope.
- `start-systemd.sh` — the heredoc profile snippet bug on line 214-220 needs to be fixed before merge.
<sub>Last reviewed commit: 99aa805</sub>
<!-- greptile_other_comments_section -->
<!-- /greptile_comment -->
Most Similar PRs
#9999: Docker: fix token mismatch and add dev setup workflow
by benclarkeio · 2026-02-06
75.7%
#15466: Vps setup merge
by tsekula · 2026-02-13
75.3%
#9190: feat(docker): Add autonomous container self-restart and runtime pac...
by alexdredmon · 2026-02-05
75.1%
#18498: daemon: load systemd EnvironmentFile and drop-ins so gateway status...
by saurav470 · 2026-02-16
74.8%
#7133: feat: Automated Docker setup with environment-based configuration
by synetalsolutions · 2026-02-02
74.4%
#21212: fix: detect and manage systemd system services (rebased)
by growthringsadvisory · 2026-02-19
73.4%
#13737: Docker: harden UID/GID remap and docker-setup flow, convenience upd...
by ramarnat · 2026-02-10
73.2%
#12504: fix: allow docker cli container to connect to gateway
by bvanderdrift · 2026-02-09
72.6%
#23586: Phase2 orchestrator
by Yaircohenh · 2026-02-22
72.5%
#17007: fixed stacy voice
by tashen247 · 2026-02-15
72.4%