diff --git a/.github/workflows/publish-template-image.yml b/.github/workflows/publish-template-image.yml
index ecf0336..0a6061f 100644
--- a/.github/workflows/publish-template-image.yml
+++ b/.github/workflows/publish-template-image.yml
@@ -287,11 +287,22 @@ jobs:
 
           # Mount the repo's own config.yaml at /configs so the runtime
           # can reach create_executor() — that's where the lazy imports
-          # we want to test actually live. World-readable so the
-          # entrypoint's drop-priv to uid 1000 can read it.
+          # we want to test actually live. The image's entrypoint drops
+          # priv from root to agent (uid 1000) before exec'ing
+          # molecule-runtime, so /configs needs to be readable AND
+          # traversable from uid 1000.
+          #
+          # Use `a+rX` (capital X — only adds x where it's already
+          # executable, i.e. directories): mktemp -d creates the dir
+          # with mode 700, so a bare `go+r` would leave the dir
+          # un-traversable for agent and config.py would
+          # PermissionError on `Path('/configs/config.yaml').exists()`.
+          # Mount RW (not :ro) so the entrypoint's `chown -R agent
+          # /configs` succeeds — its silent chown failure on a :ro
+          # mount was the original symptom.
           SMOKE_CONFIG_DIR=$(mktemp -d)
           cp config.yaml "${SMOKE_CONFIG_DIR}/"
-          chmod -R go+r "${SMOKE_CONFIG_DIR}"
+          chmod -R a+rX "${SMOKE_CONFIG_DIR}"
 
           # Stub credentials — adapters validate shape at create_executor
           # time but the smoke times out before any real call goes out.
@@ -299,7 +310,7 @@ jobs:
           # specific key sees a non-empty value.
           set +e
           timeout 60 docker run --rm \
-            -v "${SMOKE_CONFIG_DIR}:/configs:ro" \
+            -v "${SMOKE_CONFIG_DIR}:/configs" \
             -e WORKSPACE_ID=fake-smoke \
             -e MOLECULE_SMOKE_MODE=1 \
             -e MOLECULE_SMOKE_TIMEOUT_SECS=10 \