Allow mcp-agent access to /run/user for rootless podman

2026-03-26 14:31:33 -07:00
parent 57cab0c88a
commit bac757c22e
1 changed files with 4 additions and 1 deletions
--- a/configs/mcp.nix
+++ b/configs/mcp.nix
@@ -54,7 +54,10 @@ in
      LockPersonality = true;
      MemoryDenyWriteExecute = true;
      RestrictRealtime = true;
-      ReadWritePaths = "/srv";
+      ReadWritePaths = [
+        "/srv"
+        "/run/user/${toString mcpUid}"
+      ];
    };
  };
 }