OpenClaw – Docker安全权限处理方案

一、

在 Windows 的 PowerShell（管理员） 里执行：

wsl --install
# 或者明确装 Ubuntu 24.04
wsl --install -d Ubuntu-24.04

装的是默认 Ubuntu，也可以直接：

wsl

Welcome to Ubuntu 24.04.4 LTS (GNU/Linux 6.6.87.2-microsoft-standard-WSL2 x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/pro

 System information as of Sun Mar 29 15:20:14 CST 2026

  System load:  0.0                 Processes:             39
  Usage of /:   0.2% of 1006.85GB   Users logged in:       2
  Memory usage: 4%                  IPv4 address for eth0: 172.20.11.250
  Swap usage:   0%

 * Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8s
   just raised the bar for easy, resilient and secure K8s cluster deployment.

   https://ubuntu.com/engage/secure-kubernetes-at-the-edge

This message is shown once a day. To disable it please create the
/home/ubuntu/.hushlogin file.

先确认 Docker

OpenClaw 的 Docker 文档要求：

• Docker Desktop 或 Docker Engine
• Docker Compose v2
• 至少 2 GB RAM 用于镜像构建
• 足够磁盘空间放镜像和日志。

ubuntu@Rudy-AI:/mnt/c/Users/Mr.G$ docker --version
Docker version 29.2.1, build a5c7197
ubuntu@Rudy-AI:/mnt/c/Users/Mr.G$ docker compose version
Docker Compose version v5.0.2
ubuntu@Rudy-AI:/mnt/c/Users/Mr.G$ docker ps
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES

在 WSL 的 Linux 目录里准备安装位置

mkdir -p ~/apps
cd ~/apps

git clone https://github.com/openclaw/openclaw.git

ubuntu@Rudy-AI:~/apps$ git clone https://github.com/openclaw/openclaw.git
Cloning into 'openclaw'...
fatal: unable to access 'https://github.com/openclaw/openclaw.git/': Failed to connect to github.com port 443 after 148307 ms: Couldn't connect to server

方案一：改网关（我用的这种）

ubuntu@Rudy-AI:~/apps$ ip route | grep default
default via 172.20.0.1 dev eth0 proto kernel
ubuntu@Rudy-AI:~/apps$ export http_proxy=http://172.20.0.1:7890
ubuntu@Rudy-AI:~/apps$ export https_proxy=http://172.20.0.1:7890
ubuntu@Rudy-AI:~/apps$ git clone https://github.com/openclaw/openclaw.git
Cloning into 'openclaw'...
remote: Enumerating objects: 307989, done.
remote: Counting objects: 100% (98/98), done.
remote: Compressing objects: 100% (67/67), done.
remote: Total 307989 (delta 41), reused 42 (delta 31), pack-reused 307891 (from 2)
Receiving objects: 100% (307989/307989), 351.59 MiB | 3.76 MiB/s, done.
Resolving deltas: 100% (196061/196061), done.

方案二：下载到本地解压

回到 WSL，把 ZIP 复制到当前目录

cp /mnt/c/Users/Rudy/Downloads/openclaw-main.zip ~/apps/
cd ~/apps
unzip openclaw-main.zip
mv openclaw-main openclaw
cd openclaw

继续安装

cd openclaw

mkdir -p ~/openclaw-state/config
mkdir -p ~/openclaw-state/workspace

export OPENCLAW_CONFIG_DIR="$HOME/openclaw-state/config"
export OPENCLAW_WORKSPACE_DIR="$HOME/openclaw-state/workspace"
export OPENCLAW_IMAGE="ghcr.io/openclaw/openclaw:latest"
./scripts/docker/setup.sh

快速启动 QuickStart 选项：

需要配置一个大模型，Model/Auth Provider 选择 AI 供应商，国内外的供应商基本都支持。

这三个钩子可以开启，使用空格按键选择，主要做内容引导日志和会话记录：

完成后会自动跳出web页面

在终端输入

grep '^OPENCLAW_GATEWAY_TOKEN=' .env

得到一串token密钥输入即可

官方 Docker 文档在“Unauthorized or pairing required in Control UI”里给的处理就是：先拿一个新的 dashboard 链接，然后列出设备请求，再批准当前浏览器这个 requestId。

WSL 里、~/apps/openclaw 目录 依次执行：

docker compose run --rm openclaw-cli dashboard --no-open
docker compose run --rm openclaw-cli devices list

找到你刚刚这个浏览器对应的 requestId 后

docker compose run --rm openclaw-cli devices approve <requestId>

会显示添加成功，在打开原url页面，即可出现