diff --git a/python/private/py_library.bzl b/python/private/py_library.bzl
index de73a53720..a7419a6eaf 100644
--- a/python/private/py_library.bzl
+++ b/python/private/py_library.bzl
@@ -246,12 +246,24 @@ def _get_imports_and_venv_symlinks(ctx):
             fail("When venvs_site_packages is enabled, exactly one `imports` " +
                  "value must be specified, got {}".format(imports))
 
+        site_packages_root = paths.normalize(paths.join(
+            ctx.label.package,
+            imports[0],
+        ))
+
+        # Prevent escaping out of the repo root.
+        if site_packages_root.startswith("../") or site_packages_root == "..":
+            fail(("Invalid `imports` value '{}': resolves to '{}' which is " +
+                  "above the repo root").format(
+                imports[0],
+                site_packages_root,
+            ))
         venv_symlinks = get_venv_symlinks(
             ctx,
             ctx.files.srcs + ctx.files.data + ctx.files.pyi_srcs,
             package,
             version_str,
-            site_packages_root = imports[0],
+            site_packages_root = site_packages_root,
             namespace_package_files = ctx.files.namespace_package_files,
         )
     else:
diff --git a/python/private/venv_runfiles.bzl b/python/private/venv_runfiles.bzl
index d522470942..a492181c88 100644
--- a/python/private/venv_runfiles.bzl
+++ b/python/private/venv_runfiles.bzl
@@ -250,7 +250,8 @@ def _get_file_venv_path(ctx, f, site_packages_root):
     Args:
         ctx: The current ctx.
         f: The file to compute the venv_path for.
-        site_packages_root: The site packages root path.
+        site_packages_root: The site packages root path; repo-relative
+            path.
 
     Returns:
         A tuple `(venv_path, rf_root_path)` if the file is under
diff --git a/tests/base_rules/py_executable_base_tests.bzl b/tests/base_rules/py_executable_base_tests.bzl
index a73a4cb48e..f0e2ae9faf 100644
--- a/tests/base_rules/py_executable_base_tests.bzl
+++ b/tests/base_rules/py_executable_base_tests.bzl
@@ -194,7 +194,7 @@ def _test_debugger(name, config):
     rt_util.helper_target(
         py_library,
         name = name + "_debugger_venv",
-        imports = [native.package_name() + "/site-packages"],
+        imports = ["site-packages"],
         experimental_venvs_site_packages = "@rules_python//python/config_settings:venvs_site_packages",
         srcs = [rt_util.empty_file("site-packages/" + name + "_debugger_venv.py")],
     )
diff --git a/tests/modules/other/nspkg_delta/BUILD.bazel b/tests/modules/other/nspkg_delta/BUILD.bazel
index 457033aacf..ca142d2c10 100644
--- a/tests/modules/other/nspkg_delta/BUILD.bazel
+++ b/tests/modules/other/nspkg_delta/BUILD.bazel
@@ -6,5 +6,5 @@ py_library(
     name = "nspkg_delta",
     srcs = glob(["site-packages/**/*.py"]),
     experimental_venvs_site_packages = "@rules_python//python/config_settings:venvs_site_packages",
-    imports = [package_name() + "/site-packages"],
+    imports = ["site-packages"],
 )
diff --git a/tests/modules/other/nspkg_gamma/BUILD.bazel b/tests/modules/other/nspkg_gamma/BUILD.bazel
index 89038e80d2..0fe099eb0a 100644
--- a/tests/modules/other/nspkg_gamma/BUILD.bazel
+++ b/tests/modules/other/nspkg_gamma/BUILD.bazel
@@ -6,5 +6,5 @@ py_library(
     name = "nspkg_gamma",
     srcs = glob(["site-packages/**/*.py"]),
     experimental_venvs_site_packages = "@rules_python//python/config_settings:venvs_site_packages",
-    imports = [package_name() + "/site-packages"],
+    imports = ["site-packages"],
 )
diff --git a/tests/modules/other/nspkg_single/BUILD.bazel b/tests/modules/other/nspkg_single/BUILD.bazel
index 08cb4f373e..07e269b878 100644
--- a/tests/modules/other/nspkg_single/BUILD.bazel
+++ b/tests/modules/other/nspkg_single/BUILD.bazel
@@ -6,5 +6,5 @@ py_library(
     name = "nspkg_single",
     srcs = glob(["site-packages/**/*.py"]),
     experimental_venvs_site_packages = "@rules_python//python/config_settings:venvs_site_packages",
-    imports = [package_name() + "/site-packages"],
+    imports = ["site-packages"],
 )
diff --git a/tests/modules/other/simple_v1/BUILD.bazel b/tests/modules/other/simple_v1/BUILD.bazel
index da5db8164a..0fa2f14a88 100644
--- a/tests/modules/other/simple_v1/BUILD.bazel
+++ b/tests/modules/other/simple_v1/BUILD.bazel
@@ -10,5 +10,5 @@ py_library(
         exclude = ["site-packages/**/*.py"],
     ),
     experimental_venvs_site_packages = "@rules_python//python/config_settings:venvs_site_packages",
-    imports = [package_name() + "/site-packages"],
+    imports = ["site-packages"],
 )
diff --git a/tests/modules/other/simple_v2/BUILD.bazel b/tests/modules/other/simple_v2/BUILD.bazel
index 45f83a5a88..5a7e066aec 100644
--- a/tests/modules/other/simple_v2/BUILD.bazel
+++ b/tests/modules/other/simple_v2/BUILD.bazel
@@ -10,6 +10,6 @@ py_library(
         exclude = ["site-packages/**/*.py"],
     ),
     experimental_venvs_site_packages = "@rules_python//python/config_settings:venvs_site_packages",
-    imports = [package_name() + "/site-packages"],
+    imports = ["site-packages"],
     pyi_srcs = glob(["**/*.pyi"]),
 )
diff --git a/tests/modules/other/with_external_data/BUILD.bazel b/tests/modules/other/with_external_data/BUILD.bazel
index fc047aadab..338f77947d 100644
--- a/tests/modules/other/with_external_data/BUILD.bazel
+++ b/tests/modules/other/with_external_data/BUILD.bazel
@@ -19,5 +19,5 @@ py_library(
     srcs = ["site-packages/with_external_data.py"],
     data = [":external_data"],
     experimental_venvs_site_packages = "@rules_python//python/config_settings:venvs_site_packages",
-    imports = [package_name() + "/site-packages"],
+    imports = ["site-packages"],
 )
diff --git a/tests/py_zipapp/BUILD.bazel b/tests/py_zipapp/BUILD.bazel
index da42567656..c236998cc0 100644
--- a/tests/py_zipapp/BUILD.bazel
+++ b/tests/py_zipapp/BUILD.bazel
@@ -81,15 +81,5 @@ py_library(
     name = "some_dep",
     srcs = ["some_dep.py"],
     experimental_venvs_site_packages = "//python/config_settings:venvs_site_packages",
-    imports = select({
-        ":is_venvs_site_packages_enabled": ["tests/py_zipapp"],
-        "//conditions:default": ["."],
-    }),
-)
-
-config_setting(
-    name = "is_venvs_site_packages_enabled",
-    flag_values = {
-        "//python/config_settings:venvs_site_packages": "yes",
-    },
+    imports = ["."],
 )
diff --git a/tests/venv_site_packages_libs/ext_with_libs/BUILD.bazel b/tests/venv_site_packages_libs/ext_with_libs/BUILD.bazel
index 8f161ee17c..a3a277dbb4 100644
--- a/tests/venv_site_packages_libs/ext_with_libs/BUILD.bazel
+++ b/tests/venv_site_packages_libs/ext_with_libs/BUILD.bazel
@@ -89,6 +89,6 @@ py_library(
         ":relocate_increment",
     ],
     experimental_venvs_site_packages = "//python/config_settings:venvs_site_packages",
-    imports = [package_name() + "/site-packages"],
+    imports = ["site-packages"],
     tags = ["manual"],
 )
diff --git a/tests/venv_site_packages_libs/nested_with_pth/BUILD.bazel b/tests/venv_site_packages_libs/nested_with_pth/BUILD.bazel
index 68c16cfde9..f0339270b4 100644
--- a/tests/venv_site_packages_libs/nested_with_pth/BUILD.bazel
+++ b/tests/venv_site_packages_libs/nested_with_pth/BUILD.bazel
@@ -7,5 +7,5 @@ py_library(
     srcs = glob(["site-packages/**/*.py"]),
     data = glob(["site-packages/*.pth"]),
     experimental_venvs_site_packages = "//python/config_settings:venvs_site_packages",
-    imports = [package_name() + "/site-packages"],
+    imports = ["site-packages"],
 )
diff --git a/tests/venv_site_packages_libs/nspkg_alpha/BUILD.bazel b/tests/venv_site_packages_libs/nspkg_alpha/BUILD.bazel
index aec415f7a0..9c0aa192a9 100644
--- a/tests/venv_site_packages_libs/nspkg_alpha/BUILD.bazel
+++ b/tests/venv_site_packages_libs/nspkg_alpha/BUILD.bazel
@@ -6,5 +6,5 @@ py_library(
     name = "nspkg_alpha",
     srcs = glob(["site-packages/**/*.py"]),
     experimental_venvs_site_packages = "//python/config_settings:venvs_site_packages",
-    imports = [package_name() + "/site-packages"],
+    imports = ["site-packages"],
 )
diff --git a/tests/venv_site_packages_libs/nspkg_beta/BUILD.bazel b/tests/venv_site_packages_libs/nspkg_beta/BUILD.bazel
index 5d402183bd..d67ebf57d6 100644
--- a/tests/venv_site_packages_libs/nspkg_beta/BUILD.bazel
+++ b/tests/venv_site_packages_libs/nspkg_beta/BUILD.bazel
@@ -6,5 +6,5 @@ py_library(
     name = "nspkg_beta",
     srcs = glob(["site-packages/**/*.py"]),
     experimental_venvs_site_packages = "//python/config_settings:venvs_site_packages",
-    imports = [package_name() + "/site-packages"],
+    imports = ["site-packages"],
 )
diff --git a/tests/venv_site_packages_libs/pkgutil_top/BUILD.bazel b/tests/venv_site_packages_libs/pkgutil_top/BUILD.bazel
index c805b1ad53..7a0d961ad8 100644
--- a/tests/venv_site_packages_libs/pkgutil_top/BUILD.bazel
+++ b/tests/venv_site_packages_libs/pkgutil_top/BUILD.bazel
@@ -6,5 +6,5 @@ py_library(
     name = "pkgutil_top",
     srcs = glob(["site-packages/**/*.py"]),
     experimental_venvs_site_packages = "//python/config_settings:venvs_site_packages",
-    imports = [package_name() + "/site-packages"],
+    imports = ["site-packages"],
 )
diff --git a/tests/venv_site_packages_libs/pkgutil_top_sub/BUILD.bazel b/tests/venv_site_packages_libs/pkgutil_top_sub/BUILD.bazel
index 9d771628a0..52980fa790 100644
--- a/tests/venv_site_packages_libs/pkgutil_top_sub/BUILD.bazel
+++ b/tests/venv_site_packages_libs/pkgutil_top_sub/BUILD.bazel
@@ -6,5 +6,5 @@ py_library(
     name = "pkgutil_top_sub",
     srcs = glob(["site-packages/**/*.py"]),
     experimental_venvs_site_packages = "//python/config_settings:venvs_site_packages",
-    imports = [package_name() + "/site-packages"],
+    imports = ["site-packages"],
 )