diff --git a/Cargo.lock b/Cargo.lock
index 0674151..f1295d6 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1859,7 +1859,7 @@ dependencies = [
 
 [[package]]
 name = "linux-patch-api"
-version = "0.3.1"
+version = "0.3.2"
 dependencies = [
  "actix",
  "actix-rt",
diff --git a/Cargo.toml b/Cargo.toml
index 3a84b74..0993fdd 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "linux-patch-api"
-version = "0.3.1"
+version = "0.3.2"
 edition = "2021"
 authors = ["Echo <echo@moon-dragon.us>"]
 description = "Secure remote package management API for Linux systems"
diff --git a/configs/linux-patch-api.service b/configs/linux-patch-api.service
index 171ee54..fca12df 100644
--- a/configs/linux-patch-api.service
+++ b/configs/linux-patch-api.service
@@ -17,7 +17,6 @@ RuntimeDirectory=linux-patch-api
 RuntimeDirectoryMode=0755
 
 # Security hardening
-NoNewPrivileges=true
 # Allow reboot capability for scheduled reboots
 CapabilityBoundingSet=CAP_SYS_BOOT
 AmbientCapabilities=CAP_SYS_BOOT
@@ -37,7 +36,7 @@ RestrictNamespaces=true
 LockPersonality=true
 MemoryDenyWriteExecute=false
 RestrictRealtime=true
-RestrictSUIDSGID=true
+# RestrictSUIDSGID removed - package management requires setuid/setgid for apt/dpkg
 RemoveIPC=true
 
 # System call filtering (whitelist approach)
diff --git a/debian/changelog b/debian/changelog
index 37a5aa0..68ef445 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+linux-patch-api (0.3.2-1) unstable; urgency=low
+
+  * Fix package install: Remove sudo from apt commands (service runs as root)
+  * Fix reboot endpoint: Implement actual system reboot via shutdown/systemctl
+  * Fix patches handler: Call reboot_system() instead of just logging
+  * Remove NoNewPrivileges and RestrictSUIDSGID from systemd service
+  * Add CAP_SYS_BOOT capability to systemd service for LXC reboot support
+  * Fix dpkg packaging: Remove linux-patch-api user creation, fix directory ownership
+
+ -- Echo <echo@moon-dragon.us>  Sat, 02 May 2026 21:25:00 -0500
 linux-patch-api (0.3.1-1) unstable; urgency=low
 
   * Fix reboot endpoint: Implement actual system reboot via shutdown/systemctl
diff --git a/src/packages/mod.rs b/src/packages/mod.rs
index b3a712d..29180c3 100644
--- a/src/packages/mod.rs
+++ b/src/packages/mod.rs
@@ -98,18 +98,9 @@ impl AptBackend {
 
     /// Run apt command and capture output
     fn run_apt(&self, args: &[&str]) -> Result<String> {
-        // Use sudo for operations that modify packages (install, upgrade, remove, purge)
-        let needs_sudo = args.first().is_some_and(|&cmd| {
-            matches!(
-                cmd,
-                "install" | "upgrade" | "remove" | "purge" | "dist-upgrade" | "autoremove"
-            )
-        });
-        let (program, cmd_args): (&str, Vec<&str>) = if needs_sudo {
-            ("sudo", ["apt"].iter().chain(args.iter()).copied().collect())
-        } else {
-            ("apt", args.to_vec())
-        };
+        // Service runs as root - no sudo needed for apt commands
+        let program = "apt";
+        let cmd_args: Vec<&str> = args.to_vec();
 
         let output = Command::new(program)
             .args(&cmd_args)