Am Wed, 24 May 2017 12:30:36 -0700 schrieb Rich Freeman <ri...@gentoo.org>:
> On Wed, May 24, 2017 at 11:34 AM, Ian Zimmerman <i...@primate.net> > wrote: > > On 2017-05-24 08:00, Kai Krakow wrote: > > > >> Unix semantics suggest that /tmp is not expected to survive reboots > >> anyways (in contrast, /var/tmp is expected to survive reboots), so > >> tmpfs is a logical consequence to use for /tmp. > > > > /tmp is wiped by the bootmisc init job anyway. > > > > In general I haven't found anything that is bothered by /var/tmp being > lost on reboot, but obviously that is something you need to be > prepared for if you put it on tmpfs. > > One thing that wasn't mentioned is that having /tmp in tmpfs might > also have security benefits depending on what is stored there, since > it won't be written to disk. If you have a filesystem on tmpfs and > your swap is encrypted (which you should consider setting up since it > is essentially "free") then /tmp also becomes a useful dumping ground > for stuff that is decrypted for temporary processing. For example, if > you keep your passwords in a gpg-encrypted file you could copy it to > /tmp, decrypt it there, do what you need to, and then delete it. That > wouldn't leave any recoverable traces of the file. Interesting point... How much performance impact does encrypted swap have? I don't mean any benchmark numbers but real life experience from your perspective when the system experiences memory pressure? > There are lots of guides about encrypted swap. It is the sort of > thing that is convenient to set up since there is no value in > preserving a swap file across reboots, so you can just generate a > random key on each boot. I suspect that would break down if you're > using hibernation / suspend to disk. -- Regards, Kai Replies to list-only preferred.
