[gentoo-dev] Re: RFC: Enable FEATURES="userpriv usersandbox" by default?

[Duncan <1i5t5.duncan@cox.net>]

Zac Medico posted on Mon, 28 May 2012 14:34:22 -0700 as excerpted:

> In case you aren't familiar with FEATURES=userpriv, here's the
> description from the make.conf(5) man page:
> 
>   Allow portage to drop root privileges and compile packages as
>   portage:portage without a sandbox (unless usersandbox is also used).
> 
> The rationale for having the separate "usersandbox" setting, to enable
> use of sys-apps/sandbox, is that people who enable userpriv sometimes
> prefer to have sandbox disabled in order to slightly improve
> performance. However, I would recommend to enable usersandbox by
> default, for the purpose of logging sandbox violations.
> 
> Note that ebuilds can set RESTRICT="userpriv" if they require superuser
> privileges during any of the src_* phases that userpriv affects.
> 
> I've been using FEATURES="userpriv usersandbox" for years, and I don't
> remember experiencing any problems because of it, so I think that it
> would be reasonable to have it enabled by default. Objections?

I saw the thread on portage-dev so was waiting for the thread here that 
you mentioned you'd start...

Some years ago I had some problem or other with the usersandbox and 
userpriv combination (AFAIK it would work with just one of the two, but 
not both), but that was several years ago now, and was almost certainly 
~arch (and possibly pre-unmask), so yes, I'd say have them both on by 
default.  I've had no problem with it recently.

As is traditional for this sort of defaults-change, I'd suggest creating 
a news item for it, with the usual paragraph explanation and referral to 
the manpage and/or handbook for more information.

If I don't miss my guess, there's likely a number of folks that had 
either userpriv or userstandbox disabled for some package or other, years 
ago, who simply forgot about it and never reenabled.  I'm usually pretty 
good about that, and only probably 6-8 months ago realized I had one of 
the two disabled, and couldn't remember why (probably 2-3 years ago I 
started putting dated comments in the config when I did stuff like that, 
so whatever it was, was awhile back...), so it had obviously been 
disabled for awhile.  (I've done at least one and I think two full emerge 
--emptytree @worlds since then, however, so as I said above, everything 
that's installed now is fine.)  A news item will help remind folks with 
older installs to check their status as well, which can only be a good 
thing. =:^)

So from this user, +1 (+1000? =:^), news item requested. =:^)

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman