* Messages for package www-client/chromium-43.0.2357.65: * USER_NS is required for sandbox to work * Please check to make sure these options are set correctly. * Failure to do so may cause unexpected problems. What on earth is USER_NS? Where do we check to make sure these options are set correctly? What optionS (plural)? Failure to do so may cause what problems?
(In reply to DrSlony from comment #0) > What on earth is USER_NS? It's a kernel configuration option. I'll see if I can make the messaging a bit more clear.
(In reply to DrSlony from comment #0) > What on earth is USER_NS? If you run a menuconfig for kernel configuration you could press '/'. It would display a search menu. There you can paste "USER_NS". Search gives you the result. For example: Symbol: USER_NS [=n] Type : boolean Prompt: User namespace Location: -> General setup -> Namespaces support (NAMESPACES [=y]) Defined at init/Kconfig:1188 Depends on: NAMESPACES [=y] If you go to that location you will find the option: [ ] User namespace If you press '?' there you'll find that it is CONFIG_USER_NS which is the same as saying USER_NS kernel config option. It also contains the description: This allows containers, i.e. vservers, to use user namespaces to provide different user info for different servers. When user namespaces are enabled in the kernel it is recommended that the MEMCG and MEMCG_KMEM options also be enabled and that user-space use the memory control groups to limit the amount of memory a memory unprivileged users can use. If unsure, say N.
Thank you for the detailed response.
Is there something we can change related to this bug? I'm just wondering whether it's a problem with chromium ebuild, or more of a support request.
If the message came from the ebuild, then the ebuilds now in portage don't have that message anymore, so the issue is obsolete. The issue was that the message was unclear, and even though Nick kindly explained it, his explanation would not have been necessary if the message was written more clearly, e.g. "The USER_NS kernel configuration option is required for sandbox to work <maybe a note here on what sandbox is>. Please make sure this option is set, as failure to do so may result in unexpected failures." Something to keep in mind for future ebuilds.