Hi, In case you aren't familiar with FEATURES=userpriv, here's the description from the make.conf(5) man page:
Allow portage to drop root privileges and compile packages as portage:portage without a sandbox (unless usersandbox is also used). The rationale for having the separate "usersandbox" setting, to enable use of sys-apps/sandbox, is that people who enable userpriv sometimes prefer to have sandbox disabled in order to slightly improve performance. However, I would recommend to enable usersandbox by default, for the purpose of logging sandbox violations. Note that ebuilds can set RESTRICT="userpriv" if they require superuser privileges during any of the src_* phases that userpriv affects. I've been using FEATURES="userpriv usersandbox" for years, and I don't remember experiencing any problems because of it, so I think that it would be reasonable to have it enabled by default. Objections? -- Thanks, Zac
