From owner-freebsd-current@FreeBSD.ORG Sat Dec 12 23:50:07 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 655B7106566C for ; Sat, 12 Dec 2009 23:50:07 +0000 (UTC) (envelope-from freebsd-current@m.gmane.org) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by mx1.freebsd.org (Postfix) with ESMTP id 1F9108FC1B for ; Sat, 12 Dec 2009 23:50:06 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.50) id 1NJbiv-0006BF-A2 for freebsd-current@freebsd.org; Sun, 13 Dec 2009 00:50:05 +0100 Received: from 93-138-108-186.adsl.net.t-com.hr ([93.138.108.186]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 13 Dec 2009 00:50:05 +0100 Received: from ivoras by 93-138-108-186.adsl.net.t-com.hr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 13 Dec 2009 00:50:05 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-current@freebsd.org From: Ivan Voras Date: Sun, 13 Dec 2009 00:48:45 +0100 Lines: 17 Message-ID: References: <4B24143E.2060803@gmx.net> <20091212224052.GF1417@arthur.nitro.dk> <200912130032.54740.max@love2party.net> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: 93-138-108-186.adsl.net.t-com.hr User-Agent: Thunderbird 2.0.0.21 (X11/20090612) In-Reply-To: <200912130032.54740.max@love2party.net> Sender: news Subject: Re: Support for geli onetime encryption for /tmp? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Dec 2009 23:50:07 -0000 Max Laier wrote: > On Saturday 12 December 2009 23:40:53 Simon L. Nielsen wrote: >> On 2009.12.12 23:07:58 +0100, Daniel Thiele wrote: >>> Is there maybe another way to achieve onetime /tmp encryption that >>> I am missing? Preferably one that does not involve huge changes to >> Well, I use the simple one - make /tmp a memory file system. locate >> is sometimes not too happy with an e.g. 50MB /tmp, but otherwise it >> works very well for me. >> >> [simon@arthur:~] grep tmp /etc/rc.conf >> tmpmfs="YES" >> tmpsize="50M" > > but tmpfs pages are swappable IIRC. This would mean that the data might end > up unencrypted on secondary storage. Not if the swap is encrypted (as it is in the case of the OP).