From 2d88847bda077424feb6a2dfd5df313409c6c8ff Mon Sep 17 00:00:00 2001
From: Grant Slater <github@firefishy.com>
Date: Wed, 3 Sep 2025 13:00:00 +0100
Subject: [PATCH] podman: add read_write_paths for prune service

---
 cookbooks/podman/recipes/default.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cookbooks/podman/recipes/default.rb b/cookbooks/podman/recipes/default.rb
index 4bc201e8f..f41a4e95a 100644
--- a/cookbooks/podman/recipes/default.rb
+++ b/cookbooks/podman/recipes/default.rb
@@ -60,6 +60,7 @@ systemd_service "podman-system-prune" do
   sandbox :enable_network => true
   memory_deny_write_execute false
   restrict_address_families "AF_UNIX"
+  read_write_paths "/var/lib/containers"
 end
 
 systemd_timer "podman-system-prune" do
-- 
2.39.5