Gentoo Archives: gentoo-dev

From: Duncan <1i5t5.duncan@×××.net>
To: gentoo-dev@l.g.o
Subject: [gentoo-dev] Re: RFC: Enable FEATURES="userpriv usersandbox" by default?
Date: Mon, 28 May 2012 23:57:40
In Reply to: [gentoo-dev] RFC: Enable FEATURES="userpriv usersandbox" by default? by Zac Medico
Zac Medico posted on Mon, 28 May 2012 14:34:22 -0700 as excerpted:

> In case you aren't familiar with FEATURES=userpriv, here's the > description from the make.conf(5) man page: > > Allow portage to drop root privileges and compile packages as > portage:portage without a sandbox (unless usersandbox is also used). > > The rationale for having the separate "usersandbox" setting, to enable > use of sys-apps/sandbox, is that people who enable userpriv sometimes > prefer to have sandbox disabled in order to slightly improve > performance. However, I would recommend to enable usersandbox by > default, for the purpose of logging sandbox violations. > > Note that ebuilds can set RESTRICT="userpriv" if they require superuser > privileges during any of the src_* phases that userpriv affects. > > I've been using FEATURES="userpriv usersandbox" for years, and I don't > remember experiencing any problems because of it, so I think that it > would be reasonable to have it enabled by default. Objections?
I saw the thread on portage-dev so was waiting for the thread here that you mentioned you'd start... Some years ago I had some problem or other with the usersandbox and userpriv combination (AFAIK it would work with just one of the two, but not both), but that was several years ago now, and was almost certainly ~arch (and possibly pre-unmask), so yes, I'd say have them both on by default. I've had no problem with it recently. As is traditional for this sort of defaults-change, I'd suggest creating a news item for it, with the usual paragraph explanation and referral to the manpage and/or handbook for more information. If I don't miss my guess, there's likely a number of folks that had either userpriv or userstandbox disabled for some package or other, years ago, who simply forgot about it and never reenabled. I'm usually pretty good about that, and only probably 6-8 months ago realized I had one of the two disabled, and couldn't remember why (probably 2-3 years ago I started putting dated comments in the config when I did stuff like that, so whatever it was, was awhile back...), so it had obviously been disabled for awhile. (I've done at least one and I think two full emerge --emptytree @worlds since then, however, so as I said above, everything that's installed now is fine.) A news item will help remind folks with older installs to check their status as well, which can only be a good thing. =:^) So from this user, +1 (+1000? =:^), news item requested. =:^) -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman