diff options
| author | alexzorin <alex@zorin.id.au> | 2020-12-06 11:10:03 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-12-06 11:10:03 +0300 |
| commit | dc3ac13750de7df2f48b7808fb7ffca2b1335cf8 (patch) | |
| tree | 0d59e925aa00c76ffa48487da832e331b0153a14 /snap | |
| parent | 5871de0c07cba22a4556e66dcdd68336ffa76b29 (diff) | |
snap: disable the "user site-packages directory" (#8509)
Although Certbot is a classic snap, it shouldn't load Python code from
the host system. This change prevents packages being loaded from the
"user site-packages directory" (PEP-370). i.e. Certbot will no longer
load DNS plugins installed via `pip install --user certbot-dns-*`.
Diffstat (limited to 'snap')
| -rw-r--r-- | snap/snapcraft.yaml | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 5fbf8503d..09d409d26 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -20,13 +20,13 @@ adopt-info: certbot apps: certbot: - command: bin/python3 $SNAP/bin/certbot + command: bin/python3 -s $SNAP/bin/certbot environment: PATH: "$SNAP/bin:$SNAP/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games" AUGEAS_LENS_LIB: "$SNAP/usr/share/augeas/lenses/dist" CERTBOT_SNAPPED: "True" renew: - command: bin/python3 $SNAP/bin/certbot -q renew + command: bin/python3 -s $SNAP/bin/certbot -q renew daemon: oneshot environment: PATH: "$SNAP/bin:$SNAP/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games" |