Date: Sun, 13 Dec 2009 00:48:45 +0100 From: Ivan Voras <ivoras@freebsd.org> To: freebsd-current@freebsd.org Subject: Re: Support for geli onetime encryption for /tmp? Message-ID: <hg1a4v$22q$2@ger.gmane.org> In-Reply-To: <200912130032.54740.max@love2party.net> References: <4B24143E.2060803@gmx.net> <20091212224052.GF1417@arthur.nitro.dk> <200912130032.54740.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Max Laier wrote: > On Saturday 12 December 2009 23:40:53 Simon L. Nielsen wrote: >> On 2009.12.12 23:07:58 +0100, Daniel Thiele wrote: >>> Is there maybe another way to achieve onetime /tmp encryption that >>> I am missing? Preferably one that does not involve huge changes to >> Well, I use the simple one - make /tmp a memory file system. locate >> is sometimes not too happy with an e.g. 50MB /tmp, but otherwise it >> works very well for me. >> >> [simon@arthur:~] grep tmp /etc/rc.conf >> tmpmfs="YES" >> tmpsize="50M" > > but tmpfs pages are swappable IIRC. This would mean that the data might end > up unencrypted on secondary storage. Not if the swap is encrypted (as it is in the case of the OP).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?hg1a4v$22q$2>