On Thursday 02 August 2007 01:01:50 pm Todd Zullinger wrote:
> Mail List wrote:
>
> Couldn't you just setup encrypted mounts for /tmp and /var/tmp? Then
> you wouldn't have to worry with wiping them.
Well the fedora tools are not quite mature enough to do encrypted root (see
some older posts of mine). Trouble with this is i'd need to make 2
additional partitions - then i could run into same troubles I had getting
encrypted / with those.
My strong pref is use encrypted / via /etc/crypttab .. i'm hopeful F8 will
work cleanly (mkinitrd seems to be the biggest problem).
However I liked your idea and implemented it separately - because of the
troubles using /etc/crypttab I actually do the encryption via a scrript
called in rc.local. I have encrypted swap and /opt (my /home is actually a
link to /opt/home).
I created 2 dirs on my encrypted /opt partition - the idea is once /opt is
available then i can bind mount those 2 directories over /tmp and /var/tmp.
This accomplishes what you suggested without having to make any new physical
partitions and deal with separately encrypting them and the troubles that may
ensue.
So I added to /etc/fstab 2 lines:
# Use encrytped tmp var/tmp
#
/opt/tmp /tmp ext3 bind,noauto
/opt/var_tmp /var/tmp ext3 bind,noauto
Then in the scrript which actually does the luks open and mounts it
into /opt I added these lines:
mount /tmp
mount /var/tmp
It all works well - thank you for great suggestion!
g/
