From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1SZINP-0003bh-JB for garchives@archives.gentoo.org; Tue, 29 May 2012 09:06:03 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1625DE0AE3; Tue, 29 May 2012 09:05:50 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 69831E0660 for ; Tue, 29 May 2012 09:05:11 +0000 (UTC) Received: from [192.168.26.2] (ip98-164-193-252.oc.oc.cox.net [98.164.193.252]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: zmedico) by smtp.gentoo.org (Postfix) with ESMTPSA id C82FB64204 for ; Tue, 29 May 2012 09:05:10 +0000 (UTC) Message-ID: <4FC49144.7010605@gentoo.org> Date: Tue, 29 May 2012 02:05:08 -0700 From: Zac Medico User-Agent: Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20120506 Thunderbird/12.0.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] RFC: Enable FEATURES="userpriv usersandbox" by default? References: <4FC3EF5E.90900@gentoo.org> <2427126.RJoLmidFFQ@devil> In-Reply-To: <2427126.RJoLmidFFQ@devil> X-Enigmail-Version: 1.5pre Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: 16fd7a23-bc65-427f-bc3a-ecacacd623be X-Archives-Hash: 57c16d0f70b5bcfcd2a57c067b3f2de1 On 05/29/2012 01:43 AM, Agostino Sarubbo wrote: > On Monday 28 May 2012 14:34:22 Zac Medico wrote: >> Hi, >> >> In case you aren't familiar with FEATURES=userpriv, here's the >> description from the make.conf(5) man page: >> >> Allow portage to drop root privileges and compile packages as >> portage:portage without a sandbox (unless usersandbox is also used). >> >> The rationale for having the separate "usersandbox" setting, to enable >> use of sys-apps/sandbox, is that people who enable userpriv sometimes >> prefer to have sandbox disabled in order to slightly improve >> performance. However, I would recommend to enable usersandbox by >> default, for the purpose of logging sandbox violations. >> >> Note that ebuilds can set RESTRICT="userpriv" if they require superuser >> privileges during any of the src_* phases that userpriv affects. >> >> I've been using FEATURES="userpriv usersandbox" for years, and I don't >> remember experiencing any problems because of it, so I think that it >> would be reasonable to have it enabled by default. Objections? > > I'm using usersync since a long time, how about add it too? Yeah, I think that would be a good default too. I guess the portage ebuild can do a recursive adjustment of $PORTDIR permissions in pkg_postinst, in order to solve bug #277970 [1]. For userpriv, it will have to do a similar recursive adjustment of permissions for directories inside $DISTDIR (such as git-src and svn-src), since userpriv causes src_unpack to run with lower privileges. [1] https://bugs.gentoo.org/show_bug.cgi?id=277970 -- Thanks, Zac