From owner-freebsd-current@FreeBSD.ORG Sun Dec 13 16:15:48 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AC220106566C for ; Sun, 13 Dec 2009 16:15:48 +0000 (UTC) (envelope-from dthiele@gmx.net) Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by mx1.freebsd.org (Postfix) with SMTP id 1274D8FC14 for ; Sun, 13 Dec 2009 16:15:47 +0000 (UTC) Received: (qmail invoked by alias); 13 Dec 2009 16:15:45 -0000 Received: from p548643FE.dip.t-dialin.net (EHLO impala.vnws.lan) [84.134.67.254] by mail.gmx.net (mp049) with SMTP; 13 Dec 2009 17:15:45 +0100 X-Authenticated: #19302822 X-Provags-ID: V01U2FsdGVkX18/eYo4hLU/4dycYZooq/6RkfFpkrKbJnjSIpnKAN Dx3fCOoNy5FNrD Message-ID: <4B251476.1090303@gmx.net> Date: Sun, 13 Dec 2009 17:21:10 +0100 From: Daniel Thiele User-Agent: Thunderbird 2.0.0.23 (X11/20091212) MIME-Version: 1.0 To: "Simon L. Nielsen" References: <4B24143E.2060803@gmx.net> <20091212224052.GF1417@arthur.nitro.dk> In-Reply-To: <20091212224052.GF1417@arthur.nitro.dk> X-Enigmail-Version: 0.96.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 X-FuHaFi: 0.44 Cc: freebsd-current@freebsd.org, shaun@FreeBSD.org Subject: Re: Support for geli onetime encryption for /tmp? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Dec 2009 16:15:48 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Simon L. Nielsen wrote: > On 2009.12.12 23:07:58 +0100, Daniel Thiele wrote: > >> Is there maybe another way to achieve onetime /tmp encryption that >> I am missing? Preferably one that does not involve huge changes to > > Well, I use the simple one - make /tmp a memory file system. locate > is sometimes not too happy with an e.g. 50MB /tmp, but otherwise it > works very well for me. > > [simon@arthur:~] grep tmp /etc/rc.conf > tmpmfs="YES" > tmpsize="50M" > Using a memory file system (together, of course, with an encrypted swap partition) also crossed my mind. While a small memory based /tmp may be sufficient for most desktop workloads, I don't think that I can chum up with it. Especially when you consider that disk space is orders of magnitudes cheaper than RAM. Since the tmpmfs option does not scale well with growing /tmp space requirements (at least not in a cost-effective way), I am keen to know why the patch I dug up in my first mail has never been committed. Was it solely a lack of interest or time, or have there been other reasons? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.13 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJLJRRyAAoJEB+84OrFyizNTRcP/0PJNcV5kZvN5kjboL1nCYvQ xXY9Q4tDpXPtQhNfp6oDPwcjawjxGWGH9OLKZNU3mO/y81/SExoNmJWhrP2Z99fP 4nP+xIPeNw9FXZEinVZYrm7QFtxdU/5F/K/XkPQOdWHnlevnhOOiSEN26Aj+DCiI aqCgPocAQ2VQs4b5MzoP7MT9uMT8j85s+B0SXThJm67qZ+HfaVdHjLOmJBLtpa/0 ZiAVMmJVs1merNB8XTG7RRaYs++oBhGqbFlFZYog+0/Qp9vBB5vGc8AkYmRwza2s MTPNcom/R1P180bdO9jjvSmuKztkVpcfVfT2zIw2JQ88a+4X5uXNEnJspTvGoEa+ X3c16Xrm85LDzpmmaxaX1dyC9Uh891O72Z2R+mZv/fNWsU3WipEZg7fJLZ9/EOLB Kj9qQexhQkYIwobi1TlN38qcUM+L/56n63ffPULtj67yyD0+lufQDfqErduvCrxL xAl8xdwEXgJGnSjMIib6ya5xpqRMK6H3mCk/eupFhUYMfLf8u07aRLS5uWTaOQH7 nX5+VlmyXJojYhxsSF/XE2B11Tgnti0gNtsVgHOn3/mPWVGirdRhrRPeJsi282AN eaBsPVsNyNQNQPuil1Rxzpd0gBzzLKUUPxu0mxBcW0t+KKxZQeCTHLUYesLaOZPt YHleJG0coB9/Gyy5WwXY =r8pS -----END PGP SIGNATURE-----