aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Johannes Christ <[email protected]>2024-07-30 19:18:07 +0200
committerGravatar Johannes Christ <[email protected]>2024-07-30 19:18:07 +0200
commitad754a185c26ae09d308d738330e904a6516ee21 (patch)
tree1c772af075fad3eaf5c089fb6180d9c71e3b4576
parentBegin 0.1.0a4 development (diff)
Allow access to /usr/include for compiled dependencies
-rw-r--r--poetry_restrict_plugin/plugin.py2
1 files changed, 2 insertions, 0 deletions
diff --git a/poetry_restrict_plugin/plugin.py b/poetry_restrict_plugin/plugin.py
index 652f7a2..4077a46 100644
--- a/poetry_restrict_plugin/plugin.py
+++ b/poetry_restrict_plugin/plugin.py
@@ -57,6 +57,8 @@ class RestrictPlugin(Plugin):
# and in poetry shell, we might want to run some system executables, too
ruleset.allow("/usr/bin", rules=FSAccess.READ_FILE | FSAccess.READ_DIR | FSAccess.EXECUTE)
+ # For compilation of C dependencies, we need to be able to find headers
+ ruleset.allow(*existing_paths(("/usr/include",)), rules=FSAccess.READ_FILE | FSAccess.READ_DIR)
# We allow read access here, later we might want to restrict the pid namespace though
ruleset.allow("/proc", rules=FSAccess.READ_FILE | FSAccess.READ_DIR)