diff --git a/core/archipelago/src/server.rs b/core/archipelago/src/server.rs
index 51a0f015..00e5cb3f 100644
--- a/core/archipelago/src/server.rs
+++ b/core/archipelago/src/server.rs
@@ -217,8 +217,8 @@ impl Server {
 
             // Initial scan (delayed to let crash recovery finish first)
             tokio::spawn(async move {
-                // Wait for crash recovery to start containers before scanning
-                tokio::time::sleep(Duration::from_secs(15)).await;
+                // Brief delay for containers to stabilize after boot
+                tokio::time::sleep(Duration::from_secs(3)).await;
                 info!("🐳 Scanning containers...");
                 if let Err(e) = scan_and_update_packages(&scanner, &state, identity_clone.as_ref()).await {
                     error!("Failed to scan containers: {}", e);
diff --git a/image-recipe/configs/archipelago.service b/image-recipe/configs/archipelago.service
index 7cf67edc..3fc72e94 100644
--- a/image-recipe/configs/archipelago.service
+++ b/image-recipe/configs/archipelago.service
@@ -8,6 +8,7 @@ Type=notify
 User=archipelago
 Environment="ARCHIPELAGO_BIND=0.0.0.0:5678"
 Environment="ARCHIPELAGO_DEV_MODE=true"
+Environment="XDG_RUNTIME_DIR=/run/user/1000"
 ExecStartPre=/bin/bash -c 'mkdir -p /var/lib/archipelago && echo "ARCHIPELAGO_HOST_IP=$(hostname -I 2>/dev/null | awk "{print $$1}")" > /var/lib/archipelago/host-ip.env'
 ExecStart=/usr/local/bin/archipelago
 Restart=on-failure
@@ -17,8 +18,10 @@ TimeoutStartSec=300
 
 # Filesystem protection
 ProtectSystem=strict
-ProtectHome=yes
-PrivateTmp=yes
+# ProtectHome=no: rootless podman needs writable ~/.local/share/containers
+ProtectHome=no
+# PrivateTmp disabled: rootless podman runtime lives in /tmp/podman-run-UID/
+# and must be shared between the service and SSH-created containers
 ReadWritePaths=/var/lib/archipelago /etc/containers /var/lib/containers /run/containers /run/user /tmp
 
 # Privilege restriction — restored with rootless podman (no sudo needed)
@@ -30,14 +33,11 @@ SupplementaryGroups=dialout
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
 
 # Restrict what the process can do
-RestrictNamespaces=yes
+# RestrictNamespaces disabled: rootless podman creates user namespaces
 RestrictRealtime=yes
-RestrictSUIDSGID=yes
 
-# Only allow needed syscalls
+# SystemCallFilter disabled: rootless podman needs clone/unshare for user namespaces
 SystemCallArchitectures=native
-SystemCallFilter=@system-service
-SystemCallFilter=~@privileged @resources
 
 # Memory protection
 MemoryDenyWriteExecute=yes