[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: what is rc.local shutdown partner





On Thursday 02 August 2007 01:01:50 pm Todd Zullinger wrote:
> Mail List wrote:
>
> Couldn't you just setup encrypted mounts for /tmp and /var/tmp?  Then
> you wouldn't have to worry with wiping them.


   Well the fedora tools are not quite mature enough to do encrypted root (see 
some older posts of mine).  Trouble with this is i'd need to make 2 
additional partitions - then i could run into same troubles I had getting 
encrypted / with those.

    My strong pref is use encrypted / via /etc/crypttab .. i'm hopeful F8 will 
work cleanly (mkinitrd seems to be the biggest problem).

   However I liked your idea and implemented it separately - because of the 
troubles using /etc/crypttab I actually do the encryption via  a scrript 
called in rc.local. I have encrypted swap and /opt (my /home is actually a 
link to /opt/home).

    I created 2 dirs on my encrypted /opt partition - the idea is once /opt is 
available then i can bind mount those 2 directories over /tmp and /var/tmp. 
This accomplishes what you suggested without having to make any new physical 
partitions and deal with separately encrypting them and the troubles that may 
ensue.

   So I added to /etc/fstab 2 lines:

# Use encrytped tmp var/tmp 
#
/opt/tmp          /tmp ext3 bind,noauto
/opt/var_tmp   /var/tmp ext3 bind,noauto

  Then in the scrript which actually does the luks open and mounts it 
into /opt I added these lines:

  mount /tmp
  mount /var/tmp

It all works well - thank you for great suggestion!

g/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]