From ba776c1db8aa4de5df6870286590f5744b879767 Mon Sep 17 00:00:00 2001
From: David Folkes <davidfolkesmd@gmail.com>
Date: Mon, 16 Feb 2026 16:59:42 -0500
Subject: [PATCH] Update act-runner/act-runner.container

---
 act-runner/act-runner.container | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/act-runner/act-runner.container b/act-runner/act-runner.container
index d5f74c0..8aa77ef 100644
--- a/act-runner/act-runner.container
+++ b/act-runner/act-runner.container
@@ -6,16 +6,17 @@ ContainerName=act-runner
 Image=docker.io/gitea/act_runner:latest
 AutoUpdate=registry
 User=1001
-UserNS=keep-id:uid=1001,gid=1001
+Group=1002
+UserNS=keep-id:uid=1001,gid=1002
 Volume=./config.yaml:/config.yaml:ro
 Volume=act-runner-data:/data:Z
-Volume=/run/user/1001/podman/podman.sock:/run/user/1001/podman/podman.sock:z
+Volume=/run/user/1001/podman/podman.sock:/run/user/1001/podman/podman.sock
 EnvironmentFile=act-runner.env
-SecurityLabelDisable=true
+NoNewPrivileges=true
+SecurityLabelType=container_t
+#CapabilityBoundingSet=
 
 [Service]
-#User=
-#Group=
 Restart=on-abnormal
 
 #[Install]