diff --git a/deploy/narvana-worker.service b/deploy/narvana-worker.service
index ddf4200..081ee82 100644
--- a/deploy/narvana-worker.service
+++ b/deploy/narvana-worker.service
@@ -15,13 +15,13 @@ RestartSec=5
 # Environment
 EnvironmentFile=/etc/narvana/control-plane.env
 Environment=HOME=/opt/narvana
+Environment=XDG_RUNTIME_DIR=/run/user/1001
 
-# Security hardening
-NoNewPrivileges=true
-ProtectSystem=strict
-ProtectHome=true
-PrivateTmp=true
-ReadWritePaths=/var/log/narvana /var/lib/narvana/builds /opt/narvana
+# Security settings relaxed for rootless Podman (requires user namespaces)
+NoNewPrivileges=false
+ProtectSystem=full
+ProtectHome=false
+PrivateTmp=false
 
 [Install]
 WantedBy=multi-user.target
diff --git a/scripts/install.sh b/scripts/install.sh
index 69c12ad..70d4c8d 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -439,9 +439,19 @@ run_migrations() {
 setup_services() {
     log_info "Configuring systemd services..."
     
+    # Get narvana user's UID for XDG_RUNTIME_DIR
+    local NARVANA_UID=$(id -u narvana)
+    
+    # Create XDG_RUNTIME_DIR for rootless Podman
+    mkdir -p "/run/user/${NARVANA_UID}"
+    chown narvana:narvana "/run/user/${NARVANA_UID}"
+    chmod 700 "/run/user/${NARVANA_UID}"
+    
     cd "$INSTALL_DIR"
+    
+    # Update XDG_RUNTIME_DIR in service file with actual UID
+    sed "s|/run/user/1001|/run/user/${NARVANA_UID}|g" deploy/narvana-worker.service > /etc/systemd/system/narvana-worker.service
     cp deploy/narvana-api.service /etc/systemd/system/
-    cp deploy/narvana-worker.service /etc/systemd/system/
     cp deploy/narvana-web.service /etc/systemd/system/
     
     systemctl daemon-reload