From owner-freebsd-current@FreeBSD.ORG  Sat Dec 12 23:32:58 2009
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0E04C106566B
	for <freebsd-current@freebsd.org>; Sat, 12 Dec 2009 23:32:58 +0000 (UTC)
	(envelope-from max@love2party.net)
Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.17.10])
	by mx1.freebsd.org (Postfix) with ESMTP id 99C998FC0A
	for <freebsd-current@freebsd.org>; Sat, 12 Dec 2009 23:32:57 +0000 (UTC)
Received: from vampire.homelinux.org (dslb-088-066-044-085.pools.arcor-ip.net
	[88.66.44.85])
	by mrelayeu.kundenserver.de (node=mrbap2) with ESMTP (Nemesis)
	id 0MSpj3-1NRcLd06Q1-00RxNv; Sun, 13 Dec 2009 00:32:56 +0100
Received: (qmail 82693 invoked from network); 12 Dec 2009 23:32:55 -0000
Received: from f8x64.laiers.local (192.168.4.188)
	by router.laiers.local with SMTP; 12 Dec 2009 23:32:55 -0000
From: Max Laier <max@love2party.net>
Organization: FreeBSD
To: freebsd-current@freebsd.org
Date: Sun, 13 Dec 2009 00:32:54 +0100
User-Agent: KMail/1.12.4 (FreeBSD/8.0-RELEASE; KDE/4.3.4; amd64; ; )
References: <4B24143E.2060803@gmx.net> <20091212224052.GF1417@arthur.nitro.dk>
In-Reply-To: <20091212224052.GF1417@arthur.nitro.dk>
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <200912130032.54740.max@love2party.net>
X-Provags-ID: V01U2FsdGVkX1/M5vYELdE3eE+6pVr8Xme1w53qK8PN6IeQ18E
	ioeExyt/ii7n0IbZ4WhuLNoq2PeqxTDMaz2/t9q9cmSGkd5VQQ
	ALJDoxn2kQG5OIRTKvwzw==
Cc: Daniel Thiele <dthiele@gmx.net>, "Simon L. Nielsen" <simon@freebsd.org>,
	shaun@freebsd.org
Subject: Re: Support for geli onetime encryption for /tmp?
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Dec 2009 23:32:58 -0000

On Saturday 12 December 2009 23:40:53 Simon L. Nielsen wrote:
> On 2009.12.12 23:07:58 +0100, Daniel Thiele wrote:
> > Is there maybe another way to achieve onetime /tmp encryption that
> > I am missing? Preferably one that does not involve huge changes to
> 
> Well, I use the simple one - make /tmp a memory file system.  locate
> is sometimes not too happy with an e.g. 50MB /tmp, but otherwise it
> works very well for me.
> 
> [simon@arthur:~] grep tmp /etc/rc.conf
> tmpmfs="YES"
> tmpsize="50M"

but tmpfs pages are swappable IIRC.  This would mean that the data might end 
up unencrypted on secondary storage.

--
 Max