All three features should be mature enough to be enabled by default. CGroups provide better tracking for ebuild processes, while the two sandboxes improve security through restricting IPC & network access for build-only phases.
All the features degrade gracefully when the relevant kernel features are not available. --- cnf/make.globals | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/cnf/make.globals b/cnf/make.globals index dd99618..2d93e9d 100644 --- a/cnf/make.globals +++ b/cnf/make.globals @@ -50,9 +50,10 @@ RESUMECOMMAND_SSH=${FETCHCOMMAND_SSH} FETCHCOMMAND_SFTP="bash -c \"x=\\\${2#sftp://} ; host=\\\${x%%/*} ; port=\\\${host##*:} ; host=\\\${host%:*} ; [[ \\\${host} = \\\${port} ]] && port=22 ; eval \\\"declare -a ssh_opts=(\\\${3})\\\" ; exec sftp -P \\\${port} \\\"\\\${ssh_opts[@]}\\\" \\\"\\\${host}:/\\\${x#*/}\\\" \\\"\\\$1\\\"\" sftp \"\${DISTDIR}/\${FILE}\" \"\${URI}\" \"\${PORTAGE_SSH_OPTS}\"" # Default user options -FEATURES="assume-digests binpkg-logs +FEATURES="assume-digests binpkg-logs cgroup config-protect-if-modified distlocks ebuild-locks - fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned + fixlafiles ipc-sandbox merge-sync network-sandbox + news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync" -- 2.3.5