diff --git a/Dockerfile.gnome b/Dockerfile.gnome
index e733aa7..b8afc87 100644
--- a/Dockerfile.gnome
+++ b/Dockerfile.gnome
@@ -30,5 +30,8 @@ COPY etc /etc
 RUN firewall-offline-cmd --set-default-zone public
 RUN firewall-offline-cmd --remove-service ssh
 
+# Restrict permissions on quadlet directory
+RUN chmod 700 /etc/containers/systemd
+
 # https://github.com/ostreedev/ostree-rs-ext/issues/159
 RUN ostree container commit
diff --git a/Dockerfile.kde b/Dockerfile.kde
index ce846db..b82bf7d 100644
--- a/Dockerfile.kde
+++ b/Dockerfile.kde
@@ -30,5 +30,8 @@ COPY etc /etc
 RUN firewall-offline-cmd --set-default-zone public
 RUN firewall-offline-cmd --remove-service ssh
 
+# Restrict permissions on quadlet directory
+RUN chmod 700 /etc/containers/systemd
+
 # https://github.com/ostreedev/ostree-rs-ext/issues/159
 RUN ostree container commit