From bac757c22ec213d43f4ee586a79ecdf9d3b06ed0 Mon Sep 17 00:00:00 2001
From: Kyle Isom <kyle@imap.cc>
Date: Thu, 26 Mar 2026 14:31:33 -0700
Subject: [PATCH] Allow mcp-agent access to /run/user for rootless podman

---
 configs/mcp.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/configs/mcp.nix b/configs/mcp.nix
index 8e11d63..7c3beee 100644
--- a/configs/mcp.nix
+++ b/configs/mcp.nix
@@ -54,7 +54,10 @@ in
       LockPersonality = true;
       MemoryDenyWriteExecute = true;
       RestrictRealtime = true;
-      ReadWritePaths = "/srv";
+      ReadWritePaths = [
+        "/srv"
+        "/run/user/${toString mcpUid}"
+      ];
     };
   };
 }