On Tue, 2008-12-23 at 02:58 -0600, Bruno Wolff III wrote: > On Tue, Dec 23, 2008 at 09:27:56 +0100, > Ralf Corsepius <rc040203@xxxxxxxxxx> wrote: > > The rationale for wanting a completely encrypted system has always > > escaped me, esp. when being on a multi-user system. > > Full disk encryption isn't meant to protect the system from authorized > users. It's meant to protect the system from people who get their hands > on the hardware. I don't buy this. Even in this case, you actually will want to protect/encrypt sensitive data, not the whole disk. In most cases this would be passwds, ssh-keys and certain sensitive files. Of cause, you can achieve this by "whole disk encryption", but I would call this to be the "big hammer". Suitable for personal-laptops, but widely silly on desktops. > To protect against other users, you probably want to use selinux. SELinux is aiming at shielding the system against mal-ware and against applications misbehaving. It does not help against unauthorized access on personal data, such as your personal on-line banking account access data, ssh-keys or confidential documents and similar. Similarly, encryption of supposed to be universally, globally accessable files (such as much of the OS) is widely meaningless. It doesn't buy you anything. Ralf -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
