1 |
On Tue, 29 May 2012 02:05:08 -0700 |
2 |
Zac Medico <zmedico@g.o> wrote: |
3 |
|
4 |
> On 05/29/2012 01:43 AM, Agostino Sarubbo wrote: |
5 |
> > On Monday 28 May 2012 14:34:22 Zac Medico wrote: |
6 |
> >> Hi, |
7 |
> >> |
8 |
> >> In case you aren't familiar with FEATURES=userpriv, here's the |
9 |
> >> description from the make.conf(5) man page: |
10 |
> >> |
11 |
> >> Allow portage to drop root privileges and compile packages as |
12 |
> >> portage:portage without a sandbox (unless usersandbox is also |
13 |
> >> used). |
14 |
> >> |
15 |
> >> The rationale for having the separate "usersandbox" setting, to |
16 |
> >> enable use of sys-apps/sandbox, is that people who enable userpriv |
17 |
> >> sometimes prefer to have sandbox disabled in order to slightly |
18 |
> >> improve performance. However, I would recommend to enable |
19 |
> >> usersandbox by default, for the purpose of logging sandbox |
20 |
> >> violations. |
21 |
> >> |
22 |
> >> Note that ebuilds can set RESTRICT="userpriv" if they require |
23 |
> >> superuser privileges during any of the src_* phases that userpriv |
24 |
> >> affects. |
25 |
> >> |
26 |
> >> I've been using FEATURES="userpriv usersandbox" for years, and I |
27 |
> >> don't remember experiencing any problems because of it, so I think |
28 |
> >> that it would be reasonable to have it enabled by default. |
29 |
> >> Objections? |
30 |
> > |
31 |
> > I'm using usersync since a long time, how about add it too? |
32 |
> |
33 |
> Yeah, I think that would be a good default too. I guess the portage |
34 |
> ebuild can do a recursive adjustment of $PORTDIR permissions in |
35 |
> pkg_postinst, in order to solve bug #277970 [1]. |
36 |
|
37 |
Wouldn't that break users who sync using a regular user? And then break |
38 |
again, and again every time portage is merged? |
39 |
|
40 |
|
41 |
-- |
42 |
Best regards, |
43 |
Michał Górny |