diff options
| -rw-r--r-- | README.md | 25 |
1 files changed, 25 insertions, 0 deletions
@@ -12,13 +12,38 @@ What's the worst thing that could happen if you install a malicious Python dependency on your computer? Which information could it gather from your files, and how could it make itself a permanent home on your computer? +With `poetry-restrict-plugin`, that looks as follows: + +```sh +$ ~/.local/bin/poetry run cat ~/.ssh/config +poetry-restrict-plugin: Landlock engaged. +cat: /home/jc/.ssh/config: Permission denied +$ ~/.local/bin/poetry run ls ~/.ssh +poetry-restrict-plugin: Landlock engaged. +ls: cannot open directory '/home/jc/.ssh': Permission denied +``` + ## Installation At time of writing, `poetry-restrict-plugin` is only supported on Linux with [the Landlock LSM](https://docs.kernel.org/userspace-api/landlock.html) enabled. +With [`pipx`](https://pipx.pypa.io/stable/docs/): + +```sh +pipx inject poetry https://git.jchri.st/jc/poetry-restrict-plugin/archive/master.tar.gz +``` + +For other installation methods, see the [Poetry plugin +documentation](https://python-poetry.org/docs/plugins/#using-plugins). + + +## Disclaimer +`poetry-restrict-plugin` is not a perfect sandbox, and probably never will be. +If you're looking for something like that, +[nsjail](https://github.com/google/nsjail) might be interesting for you. <!-- vim: set textwidth=80 sw=2= ts=2: --> |