When using FEATURES=userpriv, the portage user only gets one group (portage) assigned, leaving out every other group this user has been put into. This makes it, for example, impossible to use the TPE (Trusted Path Execution) in the hardened kernel cleanly, which relies on a special group to grant privileges to execute programs certain directories. I have verified this by creating an ebuild that prints the output of the id and groups commands, which gives the following: ID=uid=250(portage) gid=250(portage) groups=250(portage) GROUPS=portage Portage 2.1.1_pre1-r1 (selinux/2005.1/x86/hardened, gcc-3.4.6/hardened, glibc-2.3.6-r4, 2.6.16-hardened-r7 i686) ================================================================= System uname: 2.6.16-hardened-r7 i686 Intel(R) Pentium(R) 4 CPU 1.60GHz Gentoo Base System version 1.12.1 dev-lang/python: 2.4.3-r1 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.18.1 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.93 sys-devel/gcc-config: [Not Present] sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r5 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -pipe -march=pentium4 -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/eselect/compiler /etc/gconf /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-O2 -pipe -march=pentium4 -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--alphabetical" FEATURES="autoconfig collision-protect distlocks loadpolicy parallel-fetch sandbox selinux sfperms strict userpriv usersandbox" GENTOO_MIRRORS="ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ ftp://ftp.wh2.tu-dresden.de/pub/mirrors/gentoo ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo ftp://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/" LANG="en_US.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS="en" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_EXTRA_OPTS="--exclude-from /etc/portage/rsync_excludes" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="x86 X a52 aac alsa bzip2 caps cjk crypt cups curl dts dvd dvdread ffmpeg flac ftp gif glut gtk hardened idn ipv6 jpeg kdeenablefinal mad matroska mikmod mmap mmx mp3 ncurses nptl offensive ogg opengl pam pic png readline selinux sndfile sse sse2 ssl theora threads tiff truetype unicode vorbis win32codecs xinerama xv xvid zlib elibc_glibc input_devices_evdev input_devices_keyboard input_devices_mouse kernel_linux linguas_en userland_GNU" Unset: CTARGET, INSTALL_MASK, LC_ALL
(In reply to comment #0) Sorry, I have been proofreading this three times, but it somehow slipped through. I just want to correct this, in case it might be unclear otherwise: This makes it, for example, impossible to use the TPE (Trusted Path Execution) extension in the hardened kernel cleanly, which relies on a special group to grant privileges to execute programs in certain directories.
Created attachment 90642 [details] Example ebuild to show which groups the portage user is in at specific points.
Confirmed with user portage in the tpe group - with inverted option (trusted group), './configure's fail.
Created attachment 100050 [details, diff] call setgroups with all groups that the portage user belongs to This is fixed in svn r4760.
This has been released in 2.1.2_pre3-r6.
*** Bug 98604 has been marked as a duplicate of this bug. ***
*** Bug 97477 has been marked as a duplicate of this bug. ***