Re: Support for geli onetime encryption for /tmp?

From: Shaun Amott <shaun_at_FreeBSD.org>
Date: Sun, 13 Dec 2009 16:38:04 +0000
On Sun, Dec 13, 2009 at 12:17:25AM +0100, Olivier Smedts wrote:
> 
> 2009/12/12 Simon L. Nielsen <simon_at_freebsd.org>:
> > On 2009.12.12 23:07:58 +0100, Daniel Thiele wrote:
> >
> >> Is there maybe another way to achieve onetime /tmp encryption that
> >> I am missing? Preferably one that does not involve huge changes to
> >
> > Well, I use the simple one - make /tmp a memory file system.  locate
> > is sometimes not too happy with an e.g. 50MB /tmp, but otherwise it
> > works very well for me.
> >
> > [simon_at_arthur:~] grep tmp /etc/rc.conf
> > tmpmfs="YES"
> > tmpsize="50M"
> 
> What about tmpfs ?
> 
> [0:16] zozo_at_q 1002 ~% grep tmp /etc/fstab
> tmpfs   /tmp    tmpfs   rw,mode=1777    0       0
> [0:16] zozo_at_q 1003 ~% df -h /tmp
> Filesystem    Size    Used   Avail Capacity  Mounted on
> tmpfs         2.9G     12K    2.9G     0%    /tmp
> 

Both good ideas, but not always an adequate solution: on at least some
of the systems where I use an encrypted /tmp, the data usually occupy
more space on that filesystem than would fit in RAM.

This is a simple patch, and merely an extension of an idea that is
already for swap partitions. Perhaps someone could commit it?

-- 
Shaun Amott // PGP: 0x6B387A9A
"A foolish consistency is the hobgoblin
of little minds." - Ralph Waldo Emerson

Received on Sun Dec 13 2009 - 15:56:48 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:59 UTC