On Sun, 13.12.2009 at 17:21:10 +0100, Daniel Thiele wrote: > Simon L. Nielsen wrote: > > On 2009.12.12 23:07:58 +0100, Daniel Thiele wrote: > > > >> Is there maybe another way to achieve onetime /tmp encryption that > >> I am missing? Preferably one that does not involve huge changes to > > > > Well, I use the simple one - make /tmp a memory file system. locate > > is sometimes not too happy with an e.g. 50MB /tmp, but otherwise it > > works very well for me. > > > > [simon_at_arthur:~] grep tmp /etc/rc.conf > > tmpmfs="YES" > > tmpsize="50M" > > > > Using a memory file system (together, of course, with an encrypted swap > partition) also crossed my mind. While a small memory based /tmp may be > sufficient for most desktop workloads, I don't think that I can chum up > with it. Especially when you consider that disk space is orders of > magnitudes cheaper than RAM. > > Since the tmpmfs option does not scale well with growing /tmp space > requirements (at least not in a cost-effective way), I am keen to know > why the patch I dug up in my first mail has never been committed. Was it > solely a lack of interest or time, or have there been other reasons? Either my understanding of the FreeBSD VM is wrong, or you fail to realize that tmpmfs will be swap-backed, so that disk usage is the same in both scenarios (but more flexible for the tmpfs). What I'm saying is that you lose almost nothing of physical RAM if you set tmpsize=1G and increase your swap accordingly. Once you fill /tmp with 1G, you will eventually use 1G swap. (medium oversimplification). Regards, UliReceived on Fri Dec 18 2009 - 15:18:44 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:59 UTC