Date: Sun, 13 Dec 2009 17:21:10 +0100 From: Daniel Thiele <dthiele@gmx.net> To: "Simon L. Nielsen" <simon@FreeBSD.org> Cc: freebsd-current@freebsd.org, shaun@FreeBSD.org Subject: Re: Support for geli onetime encryption for /tmp? Message-ID: <4B251476.1090303@gmx.net> In-Reply-To: <20091212224052.GF1417@arthur.nitro.dk> References: <4B24143E.2060803@gmx.net> <20091212224052.GF1417@arthur.nitro.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Simon L. Nielsen wrote: > On 2009.12.12 23:07:58 +0100, Daniel Thiele wrote: > >> Is there maybe another way to achieve onetime /tmp encryption that >> I am missing? Preferably one that does not involve huge changes to > > Well, I use the simple one - make /tmp a memory file system. locate > is sometimes not too happy with an e.g. 50MB /tmp, but otherwise it > works very well for me. > > [simon@arthur:~] grep tmp /etc/rc.conf > tmpmfs="YES" > tmpsize="50M" > Using a memory file system (together, of course, with an encrypted swap partition) also crossed my mind. While a small memory based /tmp may be sufficient for most desktop workloads, I don't think that I can chum up with it. Especially when you consider that disk space is orders of magnitudes cheaper than RAM. Since the tmpmfs option does not scale well with growing /tmp space requirements (at least not in a cost-effective way), I am keen to know why the patch I dug up in my first mail has never been committed. Was it solely a lack of interest or time, or have there been other reasons? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.13 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJLJRRyAAoJEB+84OrFyizNTRcP/0PJNcV5kZvN5kjboL1nCYvQ xXY9Q4tDpXPtQhNfp6oDPwcjawjxGWGH9OLKZNU3mO/y81/SExoNmJWhrP2Z99fP 4nP+xIPeNw9FXZEinVZYrm7QFtxdU/5F/K/XkPQOdWHnlevnhOOiSEN26Aj+DCiI aqCgPocAQ2VQs4b5MzoP7MT9uMT8j85s+B0SXThJm67qZ+HfaVdHjLOmJBLtpa/0 ZiAVMmJVs1merNB8XTG7RRaYs++oBhGqbFlFZYog+0/Qp9vBB5vGc8AkYmRwza2s MTPNcom/R1P180bdO9jjvSmuKztkVpcfVfT2zIw2JQ88a+4X5uXNEnJspTvGoEa+ X3c16Xrm85LDzpmmaxaX1dyC9Uh891O72Z2R+mZv/fNWsU3WipEZg7fJLZ9/EOLB Kj9qQexhQkYIwobi1TlN38qcUM+L/56n63ffPULtj67yyD0+lufQDfqErduvCrxL xAl8xdwEXgJGnSjMIib6ya5xpqRMK6H3mCk/eupFhUYMfLf8u07aRLS5uWTaOQH7 nX5+VlmyXJojYhxsSF/XE2B11Tgnti0gNtsVgHOn3/mPWVGirdRhrRPeJsi282AN eaBsPVsNyNQNQPuil1Rxzpd0gBzzLKUUPxu0mxBcW0t+KKxZQeCTHLUYesLaOZPt YHleJG0coB9/Gyy5WwXY =r8pS -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B251476.1090303>