On 10/25/2011 09:33 AM, Michal Hlavinka wrote:
On 10/25/2011 09:30 AM, Harald Hoyer wrote:
> On 10/25/2011 09:15 AM, Harald Hoyer wrote:
>> It's not only an aesthetic issue. This enables possibilities, which were
>> not doable before.
...
> - mount rootfs encrypted
> - mount /usr not encrypted (no secrets here)
this is already possible, I use this setup for a long time.
right, but still a lot of files in /lib* /sbin and /bin, which do not
need encryption here.
Having all in /usr make the thing so much cleaner...
Just to give you some food for thought: Next steps could include to only
allow "/usr" prefixed files in Fedora rpms. "/var" and
"/etc" could be
setup with tempfiles and config templates. So our OS (set up by rpms)
only lives in /usr.