Gentoo Archives: gentoo-dev

From: Zac Medico <zmedico@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] RFC: Enable FEATURES="userpriv usersandbox" by default?
Date: Wed, 30 May 2012 00:39:49
Message-Id: 4FC56C1B.1070605@gentoo.org
In Reply to: Re: [gentoo-dev] RFC: Enable FEATURES="userpriv usersandbox" by default? by Richard Yao
On 05/29/2012 04:22 PM, Richard Yao wrote:
> On 05/29/12 18:11, Zac Medico wrote: >> On 05/29/2012 02:47 PM, Hilco Wijbenga wrote: >>> On 29 May 2012 12:46, Michael Orlitzky <michael@××××××××.com> wrote: >>>> How about introducing e.g. FEATURES="nouserpriv", and make the current >>>> userpriv behavior the default? >>> >>> rootpriv instead of nouserpriv? >> >> What's the use case for this? Can't we just enable userpriv >> unconditionally, so that it doesn't have to be listed in FEATURES? Note >> that ebuilds will still be able to use RESTRICT=userpriv if necessary. > > Would FEATURES=-userpriv still work at the command line? It could be > useful for debugging to keep that working.
Yeah, I guess it would be bad for it to be unconditional, because permission issues seem to be a really common source of trouble for people. Even something as seemingly simple as userfetch probably shouldn't be unconditional, due to issues like the ACLs discussed in bug #416705 [1]. [1] https://bugs.gentoo.org/show_bug.cgi?id=416705 -- Thanks, Zac