On Fri, 29 Jun 2018 07:36:31 +0200 Jan-Christoph Bornschlegel <[email protected]> wrote:
> Am 29.06.2018 um 01:31 schrieb Bruce Dubbs: > > [...] Others may disagree. > > > > The root file system has no sensitive files that need to be protected > > by encryption. It really only needs to contain /bin, /sbin, ./usr, > > /etc, /lib, and /root. Other directories can be on separate > > partitions. Sensitive data needs to be in /home or some > > other custom location. > > Although I cannot help directly -- I used system partition encryption > before, but not with LFS -- there is one argument: /etc contains a lot > of information that some may consider "sensitive" -- for example proxy > configs, udev rules containing device IDs and the like. I would not > recommend LFS for proxies or firewalls, though. > > > --Jan > > ps. out of scope of LFS (adds some requirements), but maybe helpful anyway: > https://wiki.gentoo.org/wiki/Full_Encrypted_Btrfs/Native_System_Root_Guide > In the end it is up to the system admin's to execute any production load and that there is guidance to do so properly. LFS is just a guide. It never was a production system for a corporation or anything like that. FHS come to mind in this matter? LFS, as far as I know from Gerard, is a learning experience. Let's get this straight from the begining. Sincerely, -- Berzerkula <[email protected]> -- http://lists.linuxfromscratch.org/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
