Using Microvm.nix to Sandbox OpenClaw
3 months ago
- #sandboxing
- #networking
- #virtualisation
- The author participated in a 'setup Openclaw' hangout despite not being enthusiastic about Clawdbot, Moltbot, or Openclaw, aligning with their 2026 theme of community.
- The goal was to explore lightweight virtualisation and sandboxing in 2026, using Openclaw as a test subject despite its numerous CVEs.
- Objectives included constraining the executable's access and modifications, controlling its network traffic, and doing so declaratively.
- Microvm.nix was introduced as a solution, offering lightweight virtualisation with minimal overhead, shared Nix store via virtiofs, and quick boot times.
- A shared microvm-base.nix configuration standardizes VM settings across the author's clan, including network setup and virtiofs shares.
- The host configuration includes a bridge for microVM TAP interfaces and NAT masquerading for public interface traffic.
- Openclaw's required secrets (Telegram bot token, OpenRouter API key, gateway auth token) are mounted into the VM via virtiofs.
- The OpenClaw VM runs via Home Manager, with configurations for gateway mode, Telegram channel settings, and model preferences.
- Initial network monitoring plans evolved from a near-airgap approach to allowing full internet access with logging for DNS queries and new connections.
- Unbound and nftables are used for DNS query logging and connection logging, respectively, to monitor VM activity.
- Challenges included Node.js requiring AF_NETLINK for network interface queries and adjusting ProtectHome settings for Openclaw's state writing needs.
- The author concluded the activity as a valuable learning experience in virtualisation and networking, though they remain unlikely to use Openclaw.