| 1 |
On Tue, 29 May 2012 02:05:08 -0700 |
| 2 |
Zac Medico <zmedico@g.o> wrote: |
| 3 |
|
| 4 |
> On 05/29/2012 01:43 AM, Agostino Sarubbo wrote: |
| 5 |
> > On Monday 28 May 2012 14:34:22 Zac Medico wrote: |
| 6 |
> >> Hi, |
| 7 |
> >> |
| 8 |
> >> In case you aren't familiar with FEATURES=userpriv, here's the |
| 9 |
> >> description from the make.conf(5) man page: |
| 10 |
> >> |
| 11 |
> >> Allow portage to drop root privileges and compile packages as |
| 12 |
> >> portage:portage without a sandbox (unless usersandbox is also |
| 13 |
> >> used). |
| 14 |
> >> |
| 15 |
> >> The rationale for having the separate "usersandbox" setting, to |
| 16 |
> >> enable use of sys-apps/sandbox, is that people who enable userpriv |
| 17 |
> >> sometimes prefer to have sandbox disabled in order to slightly |
| 18 |
> >> improve performance. However, I would recommend to enable |
| 19 |
> >> usersandbox by default, for the purpose of logging sandbox |
| 20 |
> >> violations. |
| 21 |
> >> |
| 22 |
> >> Note that ebuilds can set RESTRICT="userpriv" if they require |
| 23 |
> >> superuser privileges during any of the src_* phases that userpriv |
| 24 |
> >> affects. |
| 25 |
> >> |
| 26 |
> >> I've been using FEATURES="userpriv usersandbox" for years, and I |
| 27 |
> >> don't remember experiencing any problems because of it, so I think |
| 28 |
> >> that it would be reasonable to have it enabled by default. |
| 29 |
> >> Objections? |
| 30 |
> > |
| 31 |
> > I'm using usersync since a long time, how about add it too? |
| 32 |
> |
| 33 |
> Yeah, I think that would be a good default too. I guess the portage |
| 34 |
> ebuild can do a recursive adjustment of $PORTDIR permissions in |
| 35 |
> pkg_postinst, in order to solve bug #277970 [1]. |
| 36 |
|
| 37 |
Wouldn't that break users who sync using a regular user? And then break |
| 38 |
again, and again every time portage is merged? |
| 39 |
|
| 40 |
|
| 41 |
-- |
| 42 |
Best regards, |
| 43 |
Michał Górny |
Archives