Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 13 Dec 2009 17:21:10 +0100
From:      Daniel Thiele <dthiele@gmx.net>
To:        "Simon L. Nielsen" <simon@FreeBSD.org>
Cc:        freebsd-current@freebsd.org, shaun@FreeBSD.org
Subject:   Re: Support for geli onetime encryption for /tmp?
Message-ID:  <4B251476.1090303@gmx.net>
In-Reply-To: <20091212224052.GF1417@arthur.nitro.dk>
References:  <4B24143E.2060803@gmx.net> <20091212224052.GF1417@arthur.nitro.dk>

next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Simon L. Nielsen wrote:
> On 2009.12.12 23:07:58 +0100, Daniel Thiele wrote:
> 
>> Is there maybe another way to achieve onetime /tmp encryption that
>> I am missing? Preferably one that does not involve huge changes to
> 
> Well, I use the simple one - make /tmp a memory file system.  locate
> is sometimes not too happy with an e.g. 50MB /tmp, but otherwise it
> works very well for me.
> 
> [simon@arthur:~] grep tmp /etc/rc.conf
> tmpmfs="YES"
> tmpsize="50M"
> 

Using a memory file system (together, of course,  with an encrypted swap
partition) also crossed my mind. While a small memory based /tmp may be
sufficient for most desktop workloads, I don't think that I can chum up
with it. Especially when you consider that disk space is orders of
magnitudes cheaper than RAM.

Since the tmpmfs option does not scale well with growing /tmp space
requirements (at least not in a cost-effective way), I am keen to know
why the patch I dug up in my first mail has never been committed. Was it
solely a lack of interest or time, or have there been other reasons?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJLJRRyAAoJEB+84OrFyizNTRcP/0PJNcV5kZvN5kjboL1nCYvQ
xXY9Q4tDpXPtQhNfp6oDPwcjawjxGWGH9OLKZNU3mO/y81/SExoNmJWhrP2Z99fP
4nP+xIPeNw9FXZEinVZYrm7QFtxdU/5F/K/XkPQOdWHnlevnhOOiSEN26Aj+DCiI
aqCgPocAQ2VQs4b5MzoP7MT9uMT8j85s+B0SXThJm67qZ+HfaVdHjLOmJBLtpa/0
ZiAVMmJVs1merNB8XTG7RRaYs++oBhGqbFlFZYog+0/Qp9vBB5vGc8AkYmRwza2s
MTPNcom/R1P180bdO9jjvSmuKztkVpcfVfT2zIw2JQ88a+4X5uXNEnJspTvGoEa+
X3c16Xrm85LDzpmmaxaX1dyC9Uh891O72Z2R+mZv/fNWsU3WipEZg7fJLZ9/EOLB
Kj9qQexhQkYIwobi1TlN38qcUM+L/56n63ffPULtj67yyD0+lufQDfqErduvCrxL
xAl8xdwEXgJGnSjMIib6ya5xpqRMK6H3mCk/eupFhUYMfLf8u07aRLS5uWTaOQH7
nX5+VlmyXJojYhxsSF/XE2B11Tgnti0gNtsVgHOn3/mPWVGirdRhrRPeJsi282AN
eaBsPVsNyNQNQPuil1Rxzpd0gBzzLKUUPxu0mxBcW0t+KKxZQeCTHLUYesLaOZPt
YHleJG0coB9/Gyy5WwXY
=r8pS
-----END PGP SIGNATURE-----



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B251476.1090303>