ssh clarification needed
Bill Davidsen
davidsen at tmr.com
Tue Jan 6 19:33:18 UTC 2009
Mail Lists wrote:
> On 01/04/2009 09:03 AM, Anne Wilson wrote:
>
>> Hmm - Is there no reasonably safe way of doing this? There seems to be some
>> risk with everything. I've not lost a usb stick yet, but one can never
>> guarantee that one won't.
>
> The general recomendation for any laptop (with anything sufficiently
> private) is to encrypt the disk. My preference is to (luks) encrypt
> /home and swap and then bind mount /tmp and /var/tmp out of /home/tmp
> /home/var/tmp. You could encrypt root as well and then skip the bind
> mounts.
>
My experience with bind mounts is that they tend to make SElinux complain a lot.
I have one system which mounts my personal home directory out of
/mnt/other/home/username by bind mounting it to /home/username. SElinux has a
litany of complaints, to the point that I spent hours telling it to ignore
things. On FC9, if it matters.
--
Bill Davidsen <davidsen at tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
More information about the fedora-list
mailing list