1 |
All three features should be mature enough to be enabled by default. |
2 |
CGroups provide better tracking for ebuild processes, while the two |
3 |
sandboxes improve security through restricting IPC & network access for |
4 |
build-only phases. |
5 |
|
6 |
All the features degrade gracefully when the relevant kernel features |
7 |
are not available. |
8 |
--- |
9 |
cnf/make.globals | 5 +++-- |
10 |
1 file changed, 3 insertions(+), 2 deletions(-) |
11 |
|
12 |
diff --git a/cnf/make.globals b/cnf/make.globals |
13 |
index dd99618..2d93e9d 100644 |
14 |
--- a/cnf/make.globals |
15 |
+++ b/cnf/make.globals |
16 |
@@ -50,9 +50,10 @@ RESUMECOMMAND_SSH=${FETCHCOMMAND_SSH} |
17 |
FETCHCOMMAND_SFTP="bash -c \"x=\\\${2#sftp://} ; host=\\\${x%%/*} ; port=\\\${host##*:} ; host=\\\${host%:*} ; [[ \\\${host} = \\\${port} ]] && port=22 ; eval \\\"declare -a ssh_opts=(\\\${3})\\\" ; exec sftp -P \\\${port} \\\"\\\${ssh_opts[@]}\\\" \\\"\\\${host}:/\\\${x#*/}\\\" \\\"\\\$1\\\"\" sftp \"\${DISTDIR}/\${FILE}\" \"\${URI}\" \"\${PORTAGE_SSH_OPTS}\"" |
18 |
|
19 |
# Default user options |
20 |
-FEATURES="assume-digests binpkg-logs |
21 |
+FEATURES="assume-digests binpkg-logs cgroup |
22 |
config-protect-if-modified distlocks ebuild-locks |
23 |
- fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned |
24 |
+ fixlafiles ipc-sandbox merge-sync network-sandbox |
25 |
+ news parallel-fetch preserve-libs protect-owned |
26 |
sandbox sfperms strict unknown-features-warn unmerge-logs |
27 |
unmerge-orphans userfetch userpriv usersandbox usersync" |
28 |
|
29 |
-- |
30 |
2.3.5 |