diff --git a/nomad/jobs/chat.hcl b/nomad/jobs/chat.hcl
index a45c4c7..e94f9cf 100644
--- a/nomad/jobs/chat.hcl
+++ b/nomad/jobs/chat.hcl
@@ -89,11 +89,10 @@ job "chat" {
       config {
         image      = "disinto/chat:local"
         force_pull = false
-        # Sandbox hardening (#706): cap_drop ALL (no Linux capabilities)
-        # Note: Nomad docker driver maps these to Docker's CapDrop options.
-        # ReadonlyRootfs is set via the container's entrypoint script
-        # (entrypoint-chat.sh fails if running as root).
-        cap_drop = ["ALL"]
+        # Sandbox hardening (#706): read-only rootfs, cap_drop ALL
+        # Note: Nomad docker driver maps these to Docker's
+        # ReadonlyRootfs and CapDrop options at runtime.
+        readonly_rootfs = true
       }
 
       # ── tmpfs /tmp:size=64m ────────────────────────────────────────────────