FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Development

 
 
LinkBack Thread Tools
 
Old 05-28-2012, 09:34 PM
Zac Medico
 
Default RFC: Enable FEATURES="userpriv usersandbox" by default?

Hi,

In case you aren't familiar with FEATURES=userpriv, here's the
description from the make.conf(5) man page:

Allow portage to drop root privileges and compile packages as
portageortage without a sandbox (unless usersandbox is also used).

The rationale for having the separate "usersandbox" setting, to enable
use of sys-apps/sandbox, is that people who enable userpriv sometimes
prefer to have sandbox disabled in order to slightly improve
performance. However, I would recommend to enable usersandbox by
default, for the purpose of logging sandbox violations.

Note that ebuilds can set RESTRICT="userpriv" if they require superuser
privileges during any of the src_* phases that userpriv affects.

I've been using FEATURES="userpriv usersandbox" for years, and I don't
remember experiencing any problems because of it, so I think that it
would be reasonable to have it enabled by default. Objections?
--
Thanks,
Zac
 
Old 05-28-2012, 09:46 PM
"Andreas K. Huettel"
 
Default RFC: Enable FEATURES="userpriv usersandbox" by default?

Am Montag 28 Mai 2012, 23:34:22 schrieb Zac Medico:
> I've been using FEATURES="userpriv usersandbox" for years, and I don't
> remember experiencing any problems because of it, so I think that it
> would be reasonable to have it enabled by default. Objections?

No objections. Excellent idea.

--

Andreas K. Huettel
Gentoo Linux developer
dilfridge@gentoo.org
http://www.akhuettel.de/
 
Old 05-28-2012, 09:52 PM
Davide Pesavento
 
Default RFC: Enable FEATURES="userpriv usersandbox" by default?

On Mon, May 28, 2012 at 11:34 PM, Zac Medico <zmedico@gentoo.org> wrote:
> Hi,
>
> In case you aren't familiar with FEATURES=userpriv, here's the
> description from the make.conf(5) man page:
>
> *Allow portage to drop root privileges and compile packages as
> *portageortage without a sandbox (unless usersandbox is also used).
>
> The rationale for having the separate "usersandbox" setting, to enable
> use of sys-apps/sandbox, is that people who enable userpriv sometimes
> prefer to have sandbox disabled in order to slightly improve
> performance. However, I would recommend to enable usersandbox by
> default, for the purpose of logging sandbox violations.
>
> Note that ebuilds can set RESTRICT="userpriv" if they require superuser
> privileges during any of the src_* phases that userpriv affects.
>
> I've been using FEATURES="userpriv usersandbox" for years, and I don't
> remember experiencing any problems because of it, so I think that it
> would be reasonable to have it enabled by default. Objections?
> --
> Thanks,
> Zac
>

I've been using both FEATURES for a few years too, seemingly without
adverse effects, so +1 from me.

Thanks,
Pesa
 

Thread Tools




All times are GMT. The time now is 11:50 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org