diff --git a/infra/start.sh b/infra/start.sh
index 0908aaa..e3e9bcd 100755
--- a/infra/start.sh
+++ b/infra/start.sh
@@ -60,17 +60,23 @@ EOF
 echo "[hiy] Generated proxy/caddy.json for ${DOMAIN_SUFFIX}"
 
 # ── Ensure Podman socket is active ────────────────────────────────────────────
-# systemctl --user requires a D-Bus session (not available in non-interactive
-# shells). Use podman system service directly instead.
-# /run/user/<uid> is created by PAM/logind and doesn't exist in non-login
-# shells. Podman uses XDG_RUNTIME_DIR for RunRoot, events dirs, and the
-# default socket path, so we must set it to something writable before any
-# podman invocation.
-if [ ! -d "${XDG_RUNTIME_DIR:-}" ] || [ ! -w "${XDG_RUNTIME_DIR:-}" ]; then
-    export XDG_RUNTIME_DIR="/tmp/podman-$(id -u)"
-    mkdir -p "$XDG_RUNTIME_DIR"
-fi
-PODMAN_SOCK="${XDG_RUNTIME_DIR}/podman.sock"
+# /run/user/<uid> is created by PAM/logind; it doesn't exist in non-login
+# shells. Unconditionally redirect all Podman runtime state to /tmp so we
+# never depend on logind, regardless of what XDG_RUNTIME_DIR was set to
+# by the calling environment.
+_HIY_RUNTIME="/tmp/podman-$(id -u)"
+mkdir -p "$_HIY_RUNTIME"
+export XDG_RUNTIME_DIR="$_HIY_RUNTIME"
+
+# Also write storage.conf so Podman doesn't read a stale RunRoot from the
+# user's existing ~/.config/containers/storage.conf.
+mkdir -p "$HOME/.config/containers"
+cat > "$HOME/.config/containers/storage.conf" <<STOCONF
+[storage]
+  runroot = "$_HIY_RUNTIME/storage"
+STOCONF
+
+PODMAN_SOCK="${_HIY_RUNTIME}/podman.sock"
 export PODMAN_SOCK
 export DOCKER_HOST="unix://${PODMAN_SOCK}"
 if [ ! -S "$PODMAN_SOCK" ]; then