Bug 102700 - [geli] [patch] Add encrypted /tmp support to GELI/GBDE rc.d scripts
Summary: [geli] [patch] Add encrypted /tmp support to GELI/GBDE rc.d scripts
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: conf (show other bugs)
Version: 6.1-STABLE
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-bugs (Nobody)
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2006-08-30 18:50 UTC by Shaun Amott
Modified: 2022-10-17 12:34 UTC (History)
1 user (show)

See Also:


Attachments
encswap.diff (8.33 KB, patch)
2006-08-30 18:50 UTC, Shaun Amott
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Shaun Amott freebsd_committer freebsd_triage 2006-08-30 18:50:20 UTC
The following patch adds support to the geli and gbde rc.d scripts for
one-time encrypted /tmp partitions, much like the "encswap" partitions
that are already supported.

I have been doing this successfully via rc.{early,local} for some time
now, but I feel it would be a useful addition to the standard scripts.


How to use it?

1) Change your /tmp device in /etc/fstab:

   From...
     /dev/ad0s2e      /tmp   ufs  rw   2  2

   To one of...
     /dev/ad0s2e.eli  /tmp  ufs   rw   2  2
     /dev/ad0s2e.bde  /tmp  ufs   rw   2  2

2) Tell the script about it:

   geli_enctmp_devices="ad0s2e"

3) Reboot to find a secure, encrypted /tmp


There was also (it seems) a typo in 'gbde', which has been fixed as part
of the patch:

-	case "${gbde_devices-auto}" in
+	case "${gbde_devices:-enctmp}" in
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2006-08-30 22:29:52 UTC
Responsible Changed
From-To: freebsd-bugs->freebsd-rc

Over to maintainer(s).
Comment 2 Eitan Adler freebsd_committer freebsd_triage 2017-12-31 07:58:27 UTC
For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped
Comment 3 Graham Perrin freebsd_committer freebsd_triage 2022-10-17 12:34:08 UTC
Keyword: 

    patch
or  patch-ready

– in lieu of summary line prefix: 

    [patch]

* bulk change for the keyword
* summary lines may be edited manually (not in bulk). 

Keyword descriptions and search interface: 

    <https://bugs.freebsd.org/bugzilla/describekeywords.cgi>