On 2009.12.13 00:32:54 +0100, Max Laier wrote: > On Saturday 12 December 2009 23:40:53 Simon L. Nielsen wrote: > > On 2009.12.12 23:07:58 +0100, Daniel Thiele wrote: > > > Is there maybe another way to achieve onetime /tmp encryption that > > > I am missing? Preferably one that does not involve huge changes to > > > > Well, I use the simple one - make /tmp a memory file system. locate > > is sometimes not too happy with an e.g. 50MB /tmp, but otherwise it > > works very well for me. > > > > [simon_at_arthur:~] grep tmp /etc/rc.conf > > tmpmfs="YES" > > tmpsize="50M" > > but tmpfs pages are swappable IIRC. This would mean that the data might end > up unencrypted on secondary storage. Well, above is tmp_m_fs, which is just UFS on md(4) devices. But that can also be swapped out, so that's one reason I encrypt swap. If you care enough to encrypt /tmp you should also encrypt swap anyway. I never looked at tmpfs, as I heard that it isn't really stable yet. -- Simon L. NielsenReceived on Sun Dec 13 2009 - 10:12:05 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:59 UTC