Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-dev
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-dev@g.o
From: Agostino Sarubbo <ago@g.o>
Subject: Re: RFC: Enable FEATURES="userpriv usersandbox" by default?
Date: Tue, 29 May 2012 10:43:42 +0200
On Monday 28 May 2012 14:34:22 Zac Medico wrote:
> Hi,
> 
> In case you aren't familiar with FEATURES=userpriv, here's the
> description from the make.conf(5) man page:
> 
>   Allow portage to drop root privileges and compile packages as
>   portage:portage without a sandbox (unless usersandbox is also used).
> 
> The rationale for having the separate "usersandbox" setting, to enable
> use of sys-apps/sandbox, is that people who enable userpriv sometimes
> prefer to have sandbox disabled in order to slightly improve
> performance. However, I would recommend to enable usersandbox by
> default, for the purpose of logging sandbox violations.
> 
> Note that ebuilds can set RESTRICT="userpriv" if they require superuser
> privileges during any of the src_* phases that userpriv affects.
> 
> I've been using FEATURES="userpriv usersandbox" for years, and I don't
> remember experiencing any problems because of it, so I think that it
> would be reasonable to have it enabled by default. Objections?

I'm using usersync since a long time, how about add it too?
-- 
Agostino Sarubbo		ago -at- gentoo.org
Gentoo/AMD64 Arch Security Liaison
GPG: 0x7CD2DC5D
Attachment:
signature.asc (This is a digitally signed message part.)
References:
RFC: Enable FEATURES="userpriv usersandbox" by default?
-- Zac Medico
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: RFC: Enable FEATURES="userpriv usersandbox" by default?
Next by thread:
Re: RFC: Enable FEATURES="userpriv usersandbox" by default?
Previous by date:
Re: suspicious code in gnustep eclasses
Next by date:
RFC: trivial chromium.eclass patch


Updated Jun 29, 2012

Summary: Archive of the gentoo-dev mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.