diff --git a/cli/src/commands/extensions/permissions.rs b/cli/src/commands/extensions/permissions.rs
index de6d5105e..1c76f9ebf 100644
--- a/cli/src/commands/extensions/permissions.rs
+++ b/cli/src/commands/extensions/permissions.rs
@@ -293,6 +293,13 @@ pub fn default_sandbox() -> SandboxResult<Birdcage> {
     add_exception(&mut birdcage, Exception::Read("/etc/ca-certificates".into()))?;
     add_exception(&mut birdcage, Exception::Read("/etc/ssl".into()))?;
 
+    // Allow mime types
+    add_exception(&mut birdcage, Exception::Read("/etc/apache2/mime.types".into()))?;
+
+    // Allow release info
+    add_exception(&mut birdcage, Exception::Read("/etc/os-release".into()))?;
+    add_exception(&mut birdcage, Exception::Read("/etc/debian_version".into()))?;
+
     // Allow `env` exec to resolve binary paths.
     add_exception(&mut birdcage, Exception::ExecuteAndRead("/usr/bin/env".into()))?;
 
diff --git a/extensions/pip/PhylumExt.toml b/extensions/pip/PhylumExt.toml
index 3432844d1..340deeba7 100644
--- a/extensions/pip/PhylumExt.toml
+++ b/extensions/pip/PhylumExt.toml
@@ -5,6 +5,6 @@ entry_point = "main.ts"
 [permissions]
 run = ["./", "/bin", "/usr/bin", "/usr/local/bin", "~/.pyenv"]
 write = ["./", "~/Library/Caches", "~/Library/Python", "~/.cache", "~/.local", "~/.pyenv", "/tmp"]
-read = ["~/Library/Caches", "~/Library/Python", "~/.cache", "~/.local", "~/.pyenv", "/tmp", "/etc/passwd", "/etc/apache2/mime.types"]
+read = ["~/Library/Caches", "~/Library/Python", "~/.cache", "~/.local", "~/.pyenv", "/tmp", "/etc/passwd"]
 net = true
 unsandboxed_run = ["pip3"]
diff --git a/extensions/pip/main.ts b/extensions/pip/main.ts
index e7090d3dd..d532cb844 100644
--- a/extensions/pip/main.ts
+++ b/extensions/pip/main.ts
@@ -73,22 +73,12 @@ const installStatus = PhylumApi.runSandboxed({
       "~/.pyenv",
       "/tmp",
       "/etc/passwd",
-      "/etc/apache2/mime.types",
     ],
     net: true,
   },
 });
 Deno.exit(installStatus.code ?? 255);
 
-type JobStatus = {
-  packages: {
-    issues: {
-      severity: string;
-      title: string;
-    }[];
-  }[];
-};
-
 // Analyze new packages.
 async function checkDryRun() {
   console.log(`[${green("phylum")}] Finding new dependencies…`);
@@ -112,7 +102,6 @@ async function checkDryRun() {
         "~/.local/lib",
         "/tmp",
         "/etc/passwd",
-        "/etc/apache2/mime.types",
       ],
       net: true,
     },