Gentoo Archives: gentoo-dev

From: Zac Medico <zmedico@g.o>
To: gentoo development <gentoo-dev@l.g.o>
Subject: [gentoo-dev] RFC: Enable FEATURES="userpriv usersandbox" by default?
Date: Mon, 28 May 2012 21:35:29
Message-Id: 4FC3EF5E.90900@gentoo.org
1 Hi,
2
3 In case you aren't familiar with FEATURES=userpriv, here's the
4 description from the make.conf(5) man page:
5
6 Allow portage to drop root privileges and compile packages as
7 portage:portage without a sandbox (unless usersandbox is also used).
8
9 The rationale for having the separate "usersandbox" setting, to enable
10 use of sys-apps/sandbox, is that people who enable userpriv sometimes
11 prefer to have sandbox disabled in order to slightly improve
12 performance. However, I would recommend to enable usersandbox by
13 default, for the purpose of logging sandbox violations.
14
15 Note that ebuilds can set RESTRICT="userpriv" if they require superuser
16 privileges during any of the src_* phases that userpriv affects.
17
18 I've been using FEATURES="userpriv usersandbox" for years, and I don't
19 remember experiencing any problems because of it, so I think that it
20 would be reasonable to have it enabled by default. Objections?
21 --
22 Thanks,
23 Zac

Replies