On Mon, May 28, 2012 at 11:34 PM, Zac Medico <firstname.lastname@example.org> wrote:
> In case you aren't familiar with FEATURES=userpriv, here's the
> description from the make.conf(5) man page:
> Allow portage to drop root privileges and compile packages as
> portage:portage without a sandbox (unless usersandbox is also used).
> The rationale for having the separate "usersandbox" setting, to enable
> use of sys-apps/sandbox, is that people who enable userpriv sometimes
> prefer to have sandbox disabled in order to slightly improve
> performance. However, I would recommend to enable usersandbox by
> default, for the purpose of logging sandbox violations.
> Note that ebuilds can set RESTRICT="userpriv" if they require superuser
> privileges during any of the src_* phases that userpriv affects.
> I've been using FEATURES="userpriv usersandbox" for years, and I don't
> remember experiencing any problems because of it, so I think that it
> would be reasonable to have it enabled by default. Objections?
I've been using both FEATURES for a few years too, seemingly without
adverse effects, so +1 from me.