diff --git a/app_containers/.local/bin/run_app_container b/app_containers/.local/bin/run_app_container
index 5fb485c..011a4a8 100755
--- a/app_containers/.local/bin/run_app_container
+++ b/app_containers/.local/bin/run_app_container
@@ -16,6 +16,10 @@ exit() {
 [ -z "$CONTAINER_NAME" ] && die "\$CONTAINER_NAME not set"
 [ -z "$DISPLAY" ] && die "\$DISPLAY not set (you must run the script in a desktop environment"
 
+# Use a GUI-available askpass program for sudo
+# This should be made configurable
+export SUDO_ASKPASS=$HOME/.local/bin/askpass-bemenu 
+
 # Source configuration files if any
 config="$HOME/.config/app_containers/$CONTAINER_NAME.sh"
 if [ -f "$config" ]; then
@@ -67,7 +71,7 @@ if [ "$CONTAINER_USE_USERNS" = true ]; then
   xhost +si:localuser:\#$((private_users + run_as))
 fi
 
-SUDO_ASKPASS=$HOME/.local/bin/askpass-bemenu sudo -A systemd-nspawn -M $CONTAINER_NAME \
+sudo -A systemd-nspawn -M $CONTAINER_NAME \
     --private-users=$private_users --private-users-ownership=map \
     `# DNS (when containers do not have their own netns)` \
     --bind-ro=/run/systemd/resolve/stub-resolv.conf:/etc/resolv.conf \