diff --git a/configs/mcp.nix b/configs/mcp.nix
index 543dbaa..2b27c76 100644
--- a/configs/mcp.nix
+++ b/configs/mcp.nix
@@ -43,7 +43,9 @@ in
 
       NoNewPrivileges = true;
       ProtectSystem = "full"; # "strict" blocks /run/user; "full" protects /usr and /boot
-      ProtectHome = true;
+      # ProtectHome makes /run/user inaccessible, which breaks rootless podman.
+      # The agent's home is /srv/mcp (not /home), so this is acceptable.
+      ProtectHome = false;
       PrivateTmp = true;
       PrivateDevices = true;
       ProtectKernelTunables = true;