Support for geli onetime encryption for /tmp?
Ivan Voras
ivoras at freebsd.org
Sat Dec 12 23:50:07 UTC 2009
Max Laier wrote:
> On Saturday 12 December 2009 23:40:53 Simon L. Nielsen wrote:
>> On 2009.12.12 23:07:58 +0100, Daniel Thiele wrote:
>>> Is there maybe another way to achieve onetime /tmp encryption that
>>> I am missing? Preferably one that does not involve huge changes to
>> Well, I use the simple one - make /tmp a memory file system. locate
>> is sometimes not too happy with an e.g. 50MB /tmp, but otherwise it
>> works very well for me.
>>
>> [simon at arthur:~] grep tmp /etc/rc.conf
>> tmpmfs="YES"
>> tmpsize="50M"
>
> but tmpfs pages are swappable IIRC. This would mean that the data might end
> up unencrypted on secondary storage.
Not if the swap is encrypted (as it is in the case of the OP).
More information about the freebsd-current
mailing list