Date: Sun, 13 Dec 2009 16:38:04 +0000 From: Shaun Amott <shaun@FreeBSD.org> To: Olivier Smedts <olivier@gid0.org> Cc: Daniel Thiele <dthiele@gmx.net>, "Simon L. Nielsen" <simon@freebsd.org>, freebsd-current@freebsd.org Subject: Re: Support for geli onetime encryption for /tmp? Message-ID: <20091213163803.GA45265@charon.picobyte.net> In-Reply-To: <367b2c980912121517h8e87f03x639f8a9818ae7a9e@mail.gmail.com> References: <4B24143E.2060803@gmx.net> <20091212224052.GF1417@arthur.nitro.dk> <367b2c980912121517h8e87f03x639f8a9818ae7a9e@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Sun, Dec 13, 2009 at 12:17:25AM +0100, Olivier Smedts wrote: > > 2009/12/12 Simon L. Nielsen <simon@freebsd.org>: > > On 2009.12.12 23:07:58 +0100, Daniel Thiele wrote: > > > >> Is there maybe another way to achieve onetime /tmp encryption that > >> I am missing? Preferably one that does not involve huge changes to > > > > Well, I use the simple one - make /tmp a memory file system. locate > > is sometimes not too happy with an e.g. 50MB /tmp, but otherwise it > > works very well for me. > > > > [simon@arthur:~] grep tmp /etc/rc.conf > > tmpmfs="YES" > > tmpsize="50M" > > What about tmpfs ? > > [0:16] zozo@q 1002 ~% grep tmp /etc/fstab > tmpfs /tmp tmpfs rw,mode=1777 0 0 > [0:16] zozo@q 1003 ~% df -h /tmp > Filesystem Size Used Avail Capacity Mounted on > tmpfs 2.9G 12K 2.9G 0% /tmp > Both good ideas, but not always an adequate solution: on at least some of the systems where I use an encrypted /tmp, the data usually occupy more space on that filesystem than would fit in RAM. This is a simple patch, and merely an extension of an idea that is already for swap partitions. Perhaps someone could commit it? -- Shaun Amott // PGP: 0x6B387A9A "A foolish consistency is the hobgoblin of little minds." - Ralph Waldo Emerson [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEARECAAYFAkslGGsACgkQkmhdCGs4eppvgwCfT467qvCHYdH/s9XtsZ5ZMvBQ HeYAoMvOK1meWQqjctJiNTdMhuHA1XX5 =dp/+ -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091213163803.GA45265>