On 05/29/2012 01:43 AM, Agostino Sarubbo wrote: > On Monday 28 May 2012 14:34:22 Zac Medico wrote: >> Hi, >> >> In case you aren't familiar with FEATURES=userpriv, here's the >> description from the make.conf(5) man page: >> >> Allow portage to drop root privileges and compile packages as >> portage:portage without a sandbox (unless usersandbox is also used). >> >> The rationale for having the separate "usersandbox" setting, to enable >> use of sys-apps/sandbox, is that people who enable userpriv sometimes >> prefer to have sandbox disabled in order to slightly improve >> performance. However, I would recommend to enable usersandbox by >> default, for the purpose of logging sandbox violations. >> >> Note that ebuilds can set RESTRICT="userpriv" if they require superuser >> privileges during any of the src_* phases that userpriv affects. >> >> I've been using FEATURES="userpriv usersandbox" for years, and I don't >> remember experiencing any problems because of it, so I think that it >> would be reasonable to have it enabled by default. Objections? > > I'm using usersync since a long time, how about add it too?
Yeah, I think that would be a good default too. I guess the portage ebuild can do a recursive adjustment of $PORTDIR permissions in pkg_postinst, in order to solve bug #277970 [1]. For userpriv, it will have to do a similar recursive adjustment of permissions for directories inside $DISTDIR (such as git-src and svn-src), since userpriv causes src_unpack to run with lower privileges. [1] https://bugs.gentoo.org/show_bug.cgi?id=277970 -- Thanks, Zac
