diff --git a/internal/pkg/exec.go b/internal/pkg/exec.go
index a4ade28..f891317 100644
--- a/internal/pkg/exec.go
+++ b/internal/pkg/exec.go
@@ -290,7 +290,7 @@ func (a *execArtifact) cure(f *FContext, hostNet bool) (err error) {
 
 	z := container.New(ctx, f.GetMessage())
 	z.WaitDelay = execWaitDelay
-	z.SeccompPresets |= std.PresetStrict
+	z.SeccompPresets |= std.PresetStrict & ^std.PresetDenyNS
 	z.ParentPerm = 0700
 	z.HostNet = hostNet
 	z.Hostname = "cure"
diff --git a/internal/rosa/python.go b/internal/rosa/python.go
index 274fe81..3e82427 100644
--- a/internal/rosa/python.go
+++ b/internal/rosa/python.go
@@ -20,10 +20,9 @@ func (t Toolchain) NewPython() pkg.Artifact {
 		"test_urllibnet",
 		"test_urllib2net",
 
-		// hits std.PresetExt ruleset
+		// makes assumptions about uid_map/gid_map
 		"test_os",
-		"test_posix",
-		"test_shutil",
+		"test_subprocess",
 
 		// somehow picks up mtime of source code
 		"test_zipfile",