diff --git a/src/LiquidCode.Tester.Worker/Services/CppCompilationServiceIsolate.cs b/src/LiquidCode.Tester.Worker/Services/CppCompilationServiceIsolate.cs
index 4069560..72c2ee2 100644
--- a/src/LiquidCode.Tester.Worker/Services/CppCompilationServiceIsolate.cs
+++ b/src/LiquidCode.Tester.Worker/Services/CppCompilationServiceIsolate.cs
@@ -160,8 +160,7 @@ public class CppCompilationServiceIsolate : ICompilationService
             var stderrFilePath = Path.Combine(boxDir, "compile_stderr.txt");
 
             // Run compiler in Isolate
-            // Note: Isolate by default provides access to /usr, /lib, etc. via --share-net=no
-            // For compilation, we need access to system headers and libraries
+            // Bind the system toolchain directories read-only so the linker and headers remain reachable
             var isolateResult = await _isolateService.RunAsync(new IsolateRunOptions
             {
                 BoxId = boxId,
@@ -178,6 +177,7 @@ public class CppCompilationServiceIsolate : ICompilationService
                 DirectoryBindings = new List<DirectoryBinding>
                 {
                     new DirectoryBinding { HostPath = "/usr/include", SandboxPath = "/usr/include", ReadOnly = true },
+                    new DirectoryBinding { HostPath = "/usr/bin", SandboxPath = "/usr/bin", ReadOnly = true },
                     new DirectoryBinding { HostPath = "/usr/lib", SandboxPath = "/usr/lib", ReadOnly = true },
                     new DirectoryBinding { HostPath = "/lib", SandboxPath = "/lib", ReadOnly = true }
                 }