On 10/25/2011 09:33 AM, Michal Hlavinka wrote: > On 10/25/2011 09:30 AM, Harald Hoyer wrote: >> On 10/25/2011 09:15 AM, Harald Hoyer wrote: >>> It's not only an aesthetic issue. This enables possibilities, which were >>> not doable before. > ... >> - mount rootfs encrypted >> - mount /usr not encrypted (no secrets here) > > this is already possible, I use this setup for a long time. right, but still a lot of files in /lib* /sbin and /bin, which do not need encryption here. Having all in /usr make the thing so much cleaner... Just to give you some food for thought: Next steps could include to only allow "/usr" prefixed files in Fedora rpms. "/var" and "/etc" could be setup with tempfiles and config templates. So our OS (set up by rpms) only lives in /usr. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
