Bug
After running nemoclaw onboard, the sandbox is created successfully (orion-fleet, phase: Ready) but fails to start with:
bash: /usr/local/bin/nemoclaw-start: Permission denied
Error: × ssh exited with status exit status: 126
Root Cause
The script /usr/local/bin/nemoclaw-start has permissions 0711 (-rwx--x--x), owned by root:root. The sandbox runs as uid=999(sandbox).
While the execute bit is set for others, bash needs read access to interpret the script. The sandbox user can execute but cannot read the file, so bash refuses to run it.
Access: (0711/-rwx--x--x) Uid: ( 0/ root) Gid: ( 0/ root)
Expected
Permissions should be 0755 (-rwxr-xr-x) so the sandbox user can both read and execute.
Fix
In Dockerfile, change:
RUN chmod +x /usr/local/bin/nemoclaw-start
To:
RUN chmod 755 /usr/local/bin/nemoclaw-start
Environment
- macOS 25.3.0 (Apple M4, arm64)
- OpenShell 0.0.13
- NemoClaw alpha (March 16, 2026 release)
- Container runtime: colima
- Sandbox name: orion-fleet
openshell sandbox get shows phase: Ready
Bug
After running
nemoclaw onboard, the sandbox is created successfully (orion-fleet, phase: Ready) but fails to start with:Root Cause
The script
/usr/local/bin/nemoclaw-starthas permissions0711 (-rwx--x--x), owned byroot:root. The sandbox runs asuid=999(sandbox).While the execute bit is set for others, bash needs read access to interpret the script. The
sandboxuser can execute but cannot read the file, so bash refuses to run it.Expected
Permissions should be
0755 (-rwxr-xr-x)so the sandbox user can both read and execute.Fix
In
Dockerfile, change:RUN chmod +x /usr/local/bin/nemoclaw-startTo:
RUN chmod 755 /usr/local/bin/nemoclaw-startEnvironment
openshell sandbox getshows phase: Ready