This always fails on my hardened box: FEATURES="test userpriv" emerge -av1 twisted Reproducible: Always Messages in grsec.log: grsec: denied untrusted exec (due to file in world-writable directory) of /var/tmp/ffiYBMO2x by /var/tmp/portage/dev-python/twisted-12.0.0/temp/tests/usr/bin/trial[trial:13294] uid/euid:250/250 gid/egid:250/250, parent /usr/lib64/portage/bin/ebuild.sh[ebuild.sh:13246] uid/euid:250/250 gid/egid:250/250 grsec: denied untrusted exec (due to file in group-writable directory) of /var/tmp/portage/dev-python/twisted-12.0.0/homedir/ffiIpU2VC by /var/tmp/portage/dev-python/twisted-12.0.0/temp/tests/usr/bin/trial[trial:13294] uid/euid:250/250 gid/egid:250/250, parent /usr/lib64/portage/bin/ebuild.sh[ebuild.sh:13246] uid/euid:250/250 gid/egid:250/250
Created attachment 340522 [details] build.log
Created attachment 340524 [details] emerge --info
well, userpriv does have a counterpart. Try FEATURES="userpriv test usersandbox ...
(In reply to comment #3) Enabling usersandbox is not going to fix anything here. It's a grsec issue. @hardened: What needs to happen here?
It's worth pointing out that I had usersandbox on anyway. Actually, there are several packages that do not behave well with "userpriv" on this box. CONFIG_GRKERNSEC_TPE_ALL may be the culprit, although if I understand correctly how it works, any tests failing due to this option are due to a package not being careful about the permissions of directories it executes from.
not present in gentoo.git anymore