Gentoo Archives: gentoo-dev

From: Mike Gilbert <floppym@g.o>
To: Gentoo Dev <gentoo-dev@l.g.o>
Subject: Re: [gentoo-dev] Rationalizing USE flags by narrowing the scope of them.
Date: Tue, 04 Jan 2022 17:04:19
In Reply to: Re: [gentoo-dev] Rationalizing USE flags by narrowing the scope of them. by Michael Orlitzky
1 On Tue, Jan 4, 2022 at 12:31 AM Michael Orlitzky <mjo@g.o> wrote:
2 >
3 > On Tue, 2022-01-04 at 03:38 +0000, Sam James wrote:
4 > >
5 > > ACL is kind of similar to what Ionen said for PAM, i.e. sometimes
6 > > people may want to turn it off and it makes sense to expose
7 > > this option for those who do, but we don't need to try support it.
8 > >
9 >
10 > This is another important one. It has security implications, is highly
11 > confusing, requires kernel support, and is nonstandard as a USE flag
12 > and as an implementation. Most people should have it off to avoid
13 > surprises, but disabling it in the kernel can make the userland
14 > software complain when explicitly built with ACL support.
16 I disagree with the claim that "most people" should disable ACL
17 support at build time. That just gives you partially functional tools.
18 The ACL behavior can generally be controlled using runtime options.
20 Also, you might be able to get away with disabling ACL support on a
21 server, but desktop users will want ACL support enabled to get
22 properly functioning udev rules.