On Tue, 2008-12-23 at 02:13 -0600, Bruno Wolff III wrote: > On Tue, Dec 23, 2008 at 10:09:13 +0200, > Nikolay Vladimirov <nikolay@xxxxxxxxxxxxxxx> wrote: > > 2008/12/23 Bruno Wolff III <bruno@xxxxxxxx>: > > > On Mon, Dec 22, 2008 at 18:48:47 +0200, > > > Nikolay Vladimirov <nikolay@xxxxxxxxxxxxxxx> wrote: > > >> > > >> It's good to have an option to do both encrypted home and dedicated > > >> encrypted dir in home. > > > > > > What threat are you trying to counter by having a separate encrypted > > > directory in your home directory? I would expect selinux to be a better > > > solution for the kind of problem one might try to solve with an encrypted > > > directory in their home directory. > > > > > > > No, because selinux is useless if someone has physical access to my computer. > > Booting another os(think live cds) or just doing "single selinux=0". > > That's what full disk (well really partition) encryption is for and which > already works nicely. Being able to encrypt just some directories is an > inferior solution to that problem. The rationale for wanting a completely encrypted system has always escaped me, esp. when being on a multi-user system. Ralf -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
