From 1d2430c2c4758da7842efc5ac670cc1bdac23d0c Mon Sep 17 00:00:00 2001
From: Hunter Halloran <hdhdog@live.com>
Date: Wed, 17 Dec 2025 11:14:07 -0500
Subject: [PATCH] gh runner cleanup

---
 sw/builders/services.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/sw/builders/services.nix b/sw/builders/services.nix
index 59a7a43..153c4cf 100644
--- a/sw/builders/services.nix
+++ b/sw/builders/services.nix
@@ -34,6 +34,13 @@ mkIf builderCfg.githubRunner.enable {
       TimeoutStopSec = 60;
       # Restart on failure, but not immediately
       RestartSec = 10;
+      
+      # Disable namespace isolation features that don't work in LXC containers
+      PrivateMounts = mkForce false;
+      MountAPIVFS = mkForce false;
+      BindPaths = mkForce [ ];
+      BindReadOnlyPaths = mkForce [ ];
+      
       # Override the unconfigure script to be failure-tolerant
       # The '-' prefix means the command failure won't cause the service to fail
       ExecStartPre = mkForce [