1 files changed, 22 insertions, 6 deletions

diff --git a/poetry_restrict_plugin/plugin.py b/poetry_restrict_plugin/plugin.py
index b75c669..4c59bbc 100644
--- a/poetry_restrict_plugin/plugin.py
+++ b/poetry_restrict_plugin/plugin.py
@@ -11,11 +11,20 @@ from poetry.poetry import Poetry
 
 
 def existing_paths(paths):
+    assert isinstance(paths, (list, tuple))
     for path in paths:
         if os.path.exists(path):
             yield path
 
 
+def ensure_paths(paths):
+    assert isinstance(paths, (list, tuple))
+    for path in paths:
+        if not os.path.exists(path):
+            os.makedirs(path)
+        yield path
+
+
 class RestrictPlugin(Plugin):
     def landlock(self, poetry: Poetry):
         poetry_libs_path = pathlib.Path(poetry_package.__path__._path[0]).parent
@@ -23,11 +32,18 @@ class RestrictPlugin(Plugin):
         ruleset = Ruleset()
 
         # Rules for Poetry's virtual environment management
-        #   Storing the virtual environment
-        ruleset.allow(poetry.config.virtualenvs_path, rules=FSAccess.all())
-        #   Cached dependencies
-        ruleset.allow(poetry.config.artifacts_cache_directory, rules=FSAccess.all())
-        ruleset.allow(poetry.config.repository_cache_directory, rules=FSAccess.all())
+        ruleset.allow(
+            *ensure_paths(
+                (
+                    # Storing the virtual environment
+                    poetry.config.virtualenvs_path,
+                    # Cached dependencies
+                    poetry.config.artifacts_cache_directory,
+                    poetry.config.repository_cache_directory
+                ),
+            ),
+            rules=FSAccess.all(),
+        )
         #   Temporary storage
         ruleset.allow("/tmp", rules=FSAccess.all() & ~FSAccess.EXECUTE)
         # Poetry may also want to late-import some of its dependencies, or built-in modules
@@ -54,7 +70,7 @@ class RestrictPlugin(Plugin):
             # We need to know which DNS resolver to use, and any custom hosts
             *existing_paths(("/etc/resolv.conf", "/etc/hosts")),
             # pip reads this file in _vendor/distro/distro.py
-            *existing_paths(("/etc/debian_version")),
+            *existing_paths(("/etc/debian_version",)),
             # I'm not opposed to including things like this because I don't want to annoy people
             # when their tooling doesn't work. But we have to be conservative. I think shells
             # are fine, but if there was some further tooling (e.g. shell tools run at startup)