From owner-freebsd-current@FreeBSD.ORG Sun Dec 13 16:56:48 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AF27F1065672; Sun, 13 Dec 2009 16:56:48 +0000 (UTC) (envelope-from shaun@FreeBSD.org) Received: from dione.picobyte.net (81-86-230-94.dsl.pipex.com [81.86.230.94]) by mx1.freebsd.org (Postfix) with SMTP id 057C38FC14; Sun, 13 Dec 2009 16:56:47 +0000 (UTC) Received: from charon.picobyte.net (charon.picobyte.net [IPv6:2001:770:15d::fe03]) by dione.picobyte.net (Postfix) with ESMTP id AD155B83A; Sun, 13 Dec 2009 16:38:04 +0000 (GMT) Date: Sun, 13 Dec 2009 16:38:04 +0000 From: Shaun Amott To: Olivier Smedts Message-ID: <20091213163803.GA45265@charon.picobyte.net> References: <4B24143E.2060803@gmx.net> <20091212224052.GF1417@arthur.nitro.dk> <367b2c980912121517h8e87f03x639f8a9818ae7a9e@mail.gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="2fHTh5uZTiUOsy+g" Content-Disposition: inline In-Reply-To: <367b2c980912121517h8e87f03x639f8a9818ae7a9e@mail.gmail.com> User-Agent: Mutt/1.5.20 (FreeBSD i386) Cc: Daniel Thiele , "Simon L. Nielsen" , freebsd-current@freebsd.org Subject: Re: Support for geli onetime encryption for /tmp? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Dec 2009 16:56:48 -0000 --2fHTh5uZTiUOsy+g Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Dec 13, 2009 at 12:17:25AM +0100, Olivier Smedts wrote: >=20 > 2009/12/12 Simon L. Nielsen : > > On 2009.12.12 23:07:58 +0100, Daniel Thiele wrote: > > > >> Is there maybe another way to achieve onetime /tmp encryption that > >> I am missing? Preferably one that does not involve huge changes to > > > > Well, I use the simple one - make /tmp a memory file system. =A0locate > > is sometimes not too happy with an e.g. 50MB /tmp, but otherwise it > > works very well for me. > > > > [simon@arthur:~] grep tmp /etc/rc.conf > > tmpmfs=3D"YES" > > tmpsize=3D"50M" >=20 > What about tmpfs ? >=20 > [0:16] zozo@q 1002 ~% grep tmp /etc/fstab > tmpfs /tmp tmpfs rw,mode=3D1777 0 0 > [0:16] zozo@q 1003 ~% df -h /tmp > Filesystem Size Used Avail Capacity Mounted on > tmpfs 2.9G 12K 2.9G 0% /tmp >=20 Both good ideas, but not always an adequate solution: on at least some of the systems where I use an encrypted /tmp, the data usually occupy more space on that filesystem than would fit in RAM. This is a simple patch, and merely an extension of an idea that is already for swap partitions. Perhaps someone could commit it? --=20 Shaun Amott // PGP: 0x6B387A9A "A foolish consistency is the hobgoblin of little minds." - Ralph Waldo Emerson --2fHTh5uZTiUOsy+g Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEARECAAYFAkslGGsACgkQkmhdCGs4eppvgwCfT467qvCHYdH/s9XtsZ5ZMvBQ HeYAoMvOK1meWQqjctJiNTdMhuHA1XX5 =dp/+ -----END PGP SIGNATURE----- --2fHTh5uZTiUOsy+g--