Gentoo Archives: gentoo-dev

From: Agostino Sarubbo <ago@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] RFC: Enable FEATURES="userpriv usersandbox" by default?
Date: Tue, 29 May 2012 08:45:07
Message-Id: 2427126.RJoLmidFFQ@devil
In Reply to: [gentoo-dev] RFC: Enable FEATURES="userpriv usersandbox" by default? by Zac Medico
On Monday 28 May 2012 14:34:22 Zac Medico wrote:
> Hi, > > In case you aren't familiar with FEATURES=userpriv, here's the > description from the make.conf(5) man page: > > Allow portage to drop root privileges and compile packages as > portage:portage without a sandbox (unless usersandbox is also used). > > The rationale for having the separate "usersandbox" setting, to enable > use of sys-apps/sandbox, is that people who enable userpriv sometimes > prefer to have sandbox disabled in order to slightly improve > performance. However, I would recommend to enable usersandbox by > default, for the purpose of logging sandbox violations. > > Note that ebuilds can set RESTRICT="userpriv" if they require superuser > privileges during any of the src_* phases that userpriv affects. > > I've been using FEATURES="userpriv usersandbox" for years, and I don't > remember experiencing any problems because of it, so I think that it > would be reasonable to have it enabled by default. Objections?
I'm using usersync since a long time, how about add it too? -- Agostino Sarubbo ago -at- Gentoo/AMD64 Arch Security Liaison GPG: 0x7CD2DC5D


File name MIME type
signature.asc application/pgp-signature