On 06/29/2018 10:59 PM, William Harrington wrote:
On Fri, 29 Jun 2018 07:36:31 +0200
Jan-Christoph Bornschlegel <[email protected]> wrote:
Am 29.06.2018 um 01:31 schrieb Bruce Dubbs:
[...] Others may disagree.
The root file system has no sensitive files that need to be protected
by encryption. It really only needs to contain /bin, /sbin, ./usr,
/etc, /lib, and /root. Other directories can be on separate
partitions. Sensitive data needs to be in /home or some
other custom location.
Although I cannot help directly -- I used system partition encryption
before, but not with LFS -- there is one argument: /etc contains a lot
of information that some may consider "sensitive" -- for example proxy
configs, udev rules containing device IDs and the like. I would not
recommend LFS for proxies or firewalls, though.
--Jan
ps. out of scope of LFS (adds some requirements), but maybe helpful anyway:
https://wiki.gentoo.org/wiki/Full_Encrypted_Btrfs/Native_System_Root_Guide
In the end it is up to the system admin's to execute any production load and
that there is guidance to do so properly. LFS is just a guide. It never was a
production system for a corporation or anything like that. FHS come to mind in
this matter?
LFS, as far as I know from Gerard, is a learning experience. Let's get this
straight from the begining.
You are right about the purpose of LFS, but I also know of several
instances of LFS systems
successfully used in production mode.
-- Bruce
--
http://lists.linuxfromscratch.org/listinfo/lfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
