Hook 加载路径不可读时立即 fail-closed:阻断静默绕过(PR #44437)
问题/场景:自定义 hook loader 路径权限异常时,系统若继续运行可能导致安全策略被静默跳过。前置条件:使用 hooks 且可修改加载路径/权限。实施步骤:1) 升级到含 PR #44437 的版本;2) 故意设置一个不可读 loader 路径;3) 重启 gateway 并观察启动行为;4) 修正权限后再次启动并确认恢复。关键命令:openclaw gateway status、journalctl。验证方法:不可读路径时进程拒绝继续(fail-closed),修复后可正常加载。风险与边界:该修复优先安全,可能导致历史“带病运行”配置在升级后直接启动失败。来源归因:GitHub PR #44437。
GITHUBDiscovered 2026-03-13Author openclaw contributors
Prerequisites
- OpenClaw deployment uses hooks/loader path configuration.
- You have host access to inspect file permissions and service logs.
Steps
- Upgrade to a build including PR #44437.
- Set loader path to an unreadable location (e.g., chmod 000 on test dir).
- Restart OpenClaw gateway and confirm startup fails closed instead of running partially.
- Restore correct permissions/path and verify hooks load successfully.
Commands
openclaw gateway statussudo systemctl restart openclaw-gatewayjournalctl -u openclaw-gateway -n 120 --no-pagerVerify
Unreadable loader path now blocks startup; after permission fix, gateway starts and hook chain is active.
Caveats
- In containerized deployments, bind-mount permission mapping can still cause false failures(需验证).
- Do not test on production paths directly; use a staging directory first.
Source attribution
This tip is aggregated from community/public sources and preserved with attribution.
Open original source ↗