2008/12/23 Bruno Wolff III <bruno@xxxxxxxx>: > On Tue, Dec 23, 2008 at 10:09:13 +0200, > Nikolay Vladimirov <nikolay@xxxxxxxxxxxxxxx> wrote: >> 2008/12/23 Bruno Wolff III <bruno@xxxxxxxx>: >> > On Mon, Dec 22, 2008 at 18:48:47 +0200, >> > Nikolay Vladimirov <nikolay@xxxxxxxxxxxxxxx> wrote: >> >> >> >> It's good to have an option to do both encrypted home and dedicated >> >> encrypted dir in home. >> > >> > What threat are you trying to counter by having a separate encrypted >> > directory in your home directory? I would expect selinux to be a better >> > solution for the kind of problem one might try to solve with an encrypted >> > directory in their home directory. >> > >> >> No, because selinux is useless if someone has physical access to my computer. >> Booting another os(think live cds) or just doing "single selinux=0". > > That's what full disk (well really partition) encryption is for and which > already works nicely. Being able to encrypt just some directories is an > inferior solution to that problem. > Ok. I'm not really sure about this but I think that full disk encryption on a software level with a key storng enough will bring some performance loss. And some people just want some confidential files to be encrypted. -- NV -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
