On Fri, Dec 14, 2007 at 05:45:11PM +0200, Lars Nood??n wrote:
> Otto Moerbeek wrote:
> > On Fri, Dec 14, 2007 at 01:02:42PM +0100, knitti wrote:
> >
> >> Gilbert, Douglas,
> >>
> >> swap encryption on OpenBSD is done different than what you
> >> advise. just use a sysctl for vm.swapencrypt.enable. Much less
> >> maintenance headaches.
> >
> > besides, since a few releases it has been enabled by default.
> >
> > -Otto
>
> It's not that clear if it is, at least on the version of OpenBSD 4.2 I
> have. It's very much a plain vanilla setup however, /etc/sysctl.conf says:
> #vm.swapencrypt.enable=0 # 0=Do not encrypt pages that go to swap
>
> To me that implies that the swap is not encrypted by default.
>
> However, checking sysctl vm.swapencrypt.enable shows that it *is*
> enabled by default.
>
> What would be the correct method for asking for the default sysctl.conf
> to be updated?
>
> -Lars
sysctl.conf does not show commented out default values, but suggested
alternatives to default values.
-Otto
