I have a hardened-sources kernel with /proc protection (non-root will get almost empty /proc). When I try to emerge quagga with FEATURES="usersandbox userpriv", its configure script says "checking ipforward method check... sysctl" while the correct result should be "proc". The compilation later borks on udnefined symbol, IPCTL_FORWARDING iirc. According to the (probably outdated) http://svn.cuwireless.net:8080/svn/cuw/tags/quagga-15-mar-2004/configure.ac , ./configure tries to access /proc/net/snmp. I'm not familiar with grsec/portage/userpriv/whatever, but my "ordinary user" gets permission denied when trying to access that file/directory. I've looked at http://www.quagga.net/docs/docs-multi/The-Configure-script-and-its-options.html but I was unable to find any option that would enable forcing some method when running on Linux. So, I can see two possible solutions: a) use RESTRICT (I'm not an ebuild dev so I just assume what it does) b) patch quagga's ./configure to support autodetection I'd rather see option b) to happen.
IMO restricting userpriv is the best way to fix it. This way we wouldn't worry about portability issues (e.g. Gentoo/BSD). The userpriv feature has been restricted in quagga-0.98.6-r1.ebuild.