-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Ulrich Spörlein wrote: > On Sun, 13.12.2009 at 17:21:10 +0100, Daniel Thiele wrote: >> Simon L. Nielsen wrote: >>> On 2009.12.12 23:07:58 +0100, Daniel Thiele wrote: >>> >>>> Is there maybe another way to achieve onetime /tmp encryption that >>>> I am missing? Preferably one that does not involve huge changes to >>> Well, I use the simple one - make /tmp a memory file system. locate >>> is sometimes not too happy with an e.g. 50MB /tmp, but otherwise it >>> works very well for me. >>> >>> [simon_at_arthur:~] grep tmp /etc/rc.conf >>> tmpmfs="YES" >>> tmpsize="50M" >>> >> Using a memory file system (together, of course, with an encrypted swap >> partition) also crossed my mind. While a small memory based /tmp may be >> sufficient for most desktop workloads, I don't think that I can chum up >> with it. Especially when you consider that disk space is orders of >> magnitudes cheaper than RAM. >> >> Since the tmpmfs option does not scale well with growing /tmp space >> requirements (at least not in a cost-effective way), I am keen to know >> why the patch I dug up in my first mail has never been committed. Was it >> solely a lack of interest or time, or have there been other reasons? > > Either my understanding of the FreeBSD VM is wrong, or you fail to > realize that tmpmfs will be swap-backed, so that disk usage is the same > in both scenarios (but more flexible for the tmpfs). > > What I'm saying is that you lose almost nothing of physical RAM if you > set tmpsize=1G and increase your swap accordingly. Once you fill /tmp > with 1G, you will eventually use 1G swap. (medium oversimplification). > Well, it seems that I really overlooked the fact that tmpmfs will indeed be swap-based. To my shame I have to admit that I stopped reading at rc.conf(5), which does not mention that tmpmfs will by default be swap-based. Thank you for pointing that out. In that case I was wrong and tmpmfs really provides an interesting solution to my initial problem. Best regards, Daniel -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.13 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJLK+O2AAoJEB+84OrFyizNBPgQALKc0X/v/+70JGasEivYNIf9 ZgCZjqyK5WXh5oQLcRI6FOTrz4pr5u81O7B8KC2jw9+GDfuGzm+DiI3Znc78Syo9 x7DVRXEaasJ7fahinxJ6tQrDm58tHLSKjY++PO2DL9v8zJaL3WTW/uPU5J7crbLf 6u9vsGW+CNrm6dBNfvbr8NdoyjNoRBM+CpDaf3gLw56eRYkAeJWJrdlYxZb7RdAh MKvT/VcwXKLsLzVUmEvcYBhc9fj8GYO60exTiwSVRXgvZ0Rm5wFJjou9SOlVen9o uG/sKv9c5VU1qL5bt+5MebiZmVh0YFYYu4SqV3IbgRk+djdHEFd9OfYZKmv1R34s BxLHp6fOqQIdM0WTrPLDCpx6Lz2n92KrQqHu0pu0zvA1KEqkIFPuetkQ9G5qW0Dy zP94tnNWq6OecLU0gu7u7TaZYQAHR6vrBnwmyLBOvXr0gWwkE9eagp63vxE6eM4D ew8MDM20vjWvT91AgggjViB3tQAzsmzu1YEW2tdc+fKHSFnrC4DAnvxaCIkXUw8u nAZPkaebnrM2AsOHJrL0YmK+wh2Dh+p5oGykbXf1mzA9c4LOD0tpjloME45ERb8+ z9bpG6kyeUqeHjFvTzfhr2ne13atON5o9mdEiqSuNmAk8FkOeZKpNTTg4jQdS96C Gizpkg0y7T2DFTgqtJGh =dydc -----END PGP SIGNATURE-----Received on Fri Dec 18 2009 - 19:13:27 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:59 UTC