Encrypted home directory
Ralf Corsepius
rc040203 at freenet.de
Tue Dec 23 08:27:56 UTC 2008
On Tue, 2008-12-23 at 02:13 -0600, Bruno Wolff III wrote:
> On Tue, Dec 23, 2008 at 10:09:13 +0200,
> Nikolay Vladimirov <nikolay at vladimiroff.com> wrote:
> > 2008/12/23 Bruno Wolff III <bruno at wolff.to>:
> > > On Mon, Dec 22, 2008 at 18:48:47 +0200,
> > > Nikolay Vladimirov <nikolay at vladimiroff.com> wrote:
> > >>
> > >> It's good to have an option to do both encrypted home and dedicated
> > >> encrypted dir in home.
> > >
> > > What threat are you trying to counter by having a separate encrypted
> > > directory in your home directory? I would expect selinux to be a better
> > > solution for the kind of problem one might try to solve with an encrypted
> > > directory in their home directory.
> > >
> >
> > No, because selinux is useless if someone has physical access to my computer.
> > Booting another os(think live cds) or just doing "single selinux=0".
>
> That's what full disk (well really partition) encryption is for and which
> already works nicely. Being able to encrypt just some directories is an
> inferior solution to that problem.
The rationale for wanting a completely encrypted system has always
escaped me, esp. when being on a multi-user system.
Ralf
More information about the fedora-devel-list
mailing list