diff --git a/scripts/build.sh b/scripts/build.sh
index d686a53..357a36b 100755
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -111,11 +111,16 @@ function setup_build_environment() {
     log_info "Rust target: ${RUST_TARGET}"
     log_info "Optimization level: ${OPTIMIZATION_LEVEL}"
     
-    # Create build directories
-    safe_mkdir "$INSTALL_DIR"
-    safe_mkdir "$COMPONENTS_DIR"
-    safe_mkdir "$KERNEL_DIR"
-    safe_mkdir "$DIST_DIR"
+    # Create build directories only if we're in container
+    # Host will let container create them to avoid permission issues
+    if in_container; then
+        safe_mkdir "$INSTALL_DIR"
+        safe_mkdir "$COMPONENTS_DIR"
+        safe_mkdir "$KERNEL_DIR"
+        safe_mkdir "$DIST_DIR"
+    else
+        log_info "Skipping directory creation on host (container will create them)"
+    fi
     
     # Check dependencies
     if ! check_dependencies; then
diff --git a/scripts/lib/alpine.sh b/scripts/lib/alpine.sh
index b4d50e7..a4f8875 100644
--- a/scripts/lib/alpine.sh
+++ b/scripts/lib/alpine.sh
@@ -25,10 +25,13 @@ function alpine_extract_miniroot() {
     log_info "Architecture: ${arch}"
     log_info "Target directory: ${target_dir}"
     
-    # Clean target directory
+    # Clean target directory (handle permission issues gracefully)
     if [[ -d "$target_dir" ]]; then
         log_info "Cleaning existing target directory"
-        safe_rmdir "$target_dir"
+        if ! rm -rf "$target_dir" 2>/dev/null; then
+            log_warn "Could not remove existing directory, trying to clean contents"
+            rm -rf "$target_dir"/* 2>/dev/null || true
+        fi
     fi
     safe_mkdir "$target_dir"
     
diff --git a/scripts/lib/docker.sh b/scripts/lib/docker.sh
index 8efcb14..89eea5e 100644
--- a/scripts/lib/docker.sh
+++ b/scripts/lib/docker.sh
@@ -163,18 +163,34 @@ function docker_run_build() {
     # Ensure build script is executable
     safe_execute chmod +x "${PROJECT_ROOT}/${script_path}"
     
-    # Setup container arguments
-    local user_args="--user $(id -u):$(id -g)"
-    local volume_args="-v ${PROJECT_ROOT}:/workspace"
+    # Setup container arguments with writable build directory
+    local volume_args="-v ${PROJECT_ROOT}:/source:ro -v ${PROJECT_ROOT}/dist:/workspace/dist"
     local work_args="-w /workspace"
     
+    # Create dist directory on host if it doesn't exist
+    safe_mkdir "${PROJECT_ROOT}/dist"
+    
     log_info "Executing build command in container: ${build_command}"
+    log_info "Source (read-only): /source"
+    log_info "Output (writable): /workspace/dist"
+    
+    # Run container with script that copies source and builds
     safe_execute ${CONTAINER_RUNTIME} run --rm \
-        ${user_args} \
         ${volume_args} \
         ${work_args} \
         "${image}" \
-        ${build_command}
+        /bin/bash -c "
+            # Copy source to writable location
+            cp -r /source/* /workspace/ 2>/dev/null || true
+            chmod +x /workspace/scripts/build.sh
+            
+            # Run build with proper paths
+            cd /workspace
+            ${build_command}
+            
+            # Copy results back
+            cp -r /workspace/dist/* /workspace/dist/ 2>/dev/null || true
+        "
 }
 
 # Commit container state for reuse