The following patch adds support to the geli and gbde rc.d scripts for one-time encrypted /tmp partitions, much like the "encswap" partitions that are already supported. I have been doing this successfully via rc.{early,local} for some time now, but I feel it would be a useful addition to the standard scripts. How to use it? 1) Change your /tmp device in /etc/fstab: From... /dev/ad0s2e /tmp ufs rw 2 2 To one of... /dev/ad0s2e.eli /tmp ufs rw 2 2 /dev/ad0s2e.bde /tmp ufs rw 2 2 2) Tell the script about it: geli_enctmp_devices="ad0s2e" 3) Reboot to find a secure, encrypted /tmp There was also (it seems) a typo in 'gbde', which has been fixed as part of the patch: - case "${gbde_devices-auto}" in + case "${gbde_devices:-enctmp}" in
Responsible Changed From-To: freebsd-bugs->freebsd-rc Over to maintainer(s).
For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped
Keyword: patch or patch-ready – in lieu of summary line prefix: [patch] * bulk change for the keyword * summary lines may be edited manually (not in bulk). Keyword descriptions and search interface: <https://bugs.freebsd.org/bugzilla/describekeywords.cgi>