Support for geli onetime encryption for /tmp?
Shaun Amott
shaun at FreeBSD.org
Sun Dec 13 16:56:48 UTC 2009
On Sun, Dec 13, 2009 at 12:17:25AM +0100, Olivier Smedts wrote:
>
> 2009/12/12 Simon L. Nielsen <simon at freebsd.org>:
> > On 2009.12.12 23:07:58 +0100, Daniel Thiele wrote:
> >
> >> Is there maybe another way to achieve onetime /tmp encryption that
> >> I am missing? Preferably one that does not involve huge changes to
> >
> > Well, I use the simple one - make /tmp a memory file system. locate
> > is sometimes not too happy with an e.g. 50MB /tmp, but otherwise it
> > works very well for me.
> >
> > [simon at arthur:~] grep tmp /etc/rc.conf
> > tmpmfs="YES"
> > tmpsize="50M"
>
> What about tmpfs ?
>
> [0:16] zozo at q 1002 ~% grep tmp /etc/fstab
> tmpfs /tmp tmpfs rw,mode=1777 0 0
> [0:16] zozo at q 1003 ~% df -h /tmp
> Filesystem Size Used Avail Capacity Mounted on
> tmpfs 2.9G 12K 2.9G 0% /tmp
>
Both good ideas, but not always an adequate solution: on at least some
of the systems where I use an encrypted /tmp, the data usually occupy
more space on that filesystem than would fit in RAM.
This is a simple patch, and merely an extension of an idea that is
already for swap partitions. Perhaps someone could commit it?
--
Shaun Amott // PGP: 0x6B387A9A
"A foolish consistency is the hobgoblin
of little minds." - Ralph Waldo Emerson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20091213/af4daa4f/attachment.pgp
More information about the freebsd-current
mailing list