On Tue, Dec 23, 2008 at 10:09:13 +0200, Nikolay Vladimirov <nikolay@xxxxxxxxxxxxxxx> wrote: > 2008/12/23 Bruno Wolff III <bruno@xxxxxxxx>: > > On Mon, Dec 22, 2008 at 18:48:47 +0200, > > Nikolay Vladimirov <nikolay@xxxxxxxxxxxxxxx> wrote: > >> > >> It's good to have an option to do both encrypted home and dedicated > >> encrypted dir in home. > > > > What threat are you trying to counter by having a separate encrypted > > directory in your home directory? I would expect selinux to be a better > > solution for the kind of problem one might try to solve with an encrypted > > directory in their home directory. > > > > No, because selinux is useless if someone has physical access to my computer. > Booting another os(think live cds) or just doing "single selinux=0". That's what full disk (well really partition) encryption is for and which already works nicely. Being able to encrypt just some directories is an inferior solution to that problem. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
