diff options
| -rw-r--r-- | poetry_restrict_plugin/plugin.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/poetry_restrict_plugin/plugin.py b/poetry_restrict_plugin/plugin.py index 652f7a2..4077a46 100644 --- a/poetry_restrict_plugin/plugin.py +++ b/poetry_restrict_plugin/plugin.py @@ -57,6 +57,8 @@ class RestrictPlugin(Plugin): # and in poetry shell, we might want to run some system executables, too ruleset.allow("/usr/bin", rules=FSAccess.READ_FILE | FSAccess.READ_DIR | FSAccess.EXECUTE) + # For compilation of C dependencies, we need to be able to find headers + ruleset.allow(*existing_paths(("/usr/include",)), rules=FSAccess.READ_FILE | FSAccess.READ_DIR) # We allow read access here, later we might want to restrict the pid namespace though ruleset.allow("/proc", rules=FSAccess.READ_FILE | FSAccess.READ_DIR) |