From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 867B0139694 for ; Wed, 24 May 2017 19:30:52 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 88BA221C27B; Wed, 24 May 2017 19:30:38 +0000 (UTC) Received: from mail-yb0-x241.google.com (mail-yb0-x241.google.com [IPv6:2607:f8b0:4002:c09::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 2F17E21C038 for ; Wed, 24 May 2017 19:30:37 +0000 (UTC) Received: by mail-yb0-x241.google.com with SMTP id n198so6920159yba.3 for ; Wed, 24 May 2017 12:30:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=YNr4gZqR1pkDIBmPuHV5Sdk7Y3JnB7SQb+vad6fWDhU=; b=R68SnURygRD0U3OtWqnUStmP1y7zKxH/I6lfSTsK/5lPePX27PA+ndyMr+ioqJoRhV s3dbgWPnqhm7AFaRfVbP7knKtIGmCbXU8A9obb/oU5XNGFq2mD0MAW/UgXghatapuPJW uskMBluluYKAjC6vug6hchvaGarHgK0p4CuOizdPUlIeAZaLsWvcBQ6XwNM64rGlCWET h5OhFUzNkjnNH6EARvDqVXADZu8biUCrNOCpzaFN5zc8TtOZY/ns/bJ/dd+Mn4edTjVb lbnZcWW631IuHui0btFhH+u8xJyx40pHKnH7E8OIUlVpwrnJkIiU35eBeppO2418bCmb OHTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to; bh=YNr4gZqR1pkDIBmPuHV5Sdk7Y3JnB7SQb+vad6fWDhU=; b=JSSDfoutJvy5AwodfLLe+fxOWEeKRGP0zeKgD9EPdSF/cJKyGKFq1YjJo0C4VDFinq +UZfcBlpiPLNO5O/e6CP7yFT654GfNlJ6gjrPQy/QUmfMUBWZQivdRjMbQRsGiqY1WXj pnLWVUZILinRdnHpBW6sQM8vWp42GuH3ld94Ko1zBOsIZQrOq5xrMc2IN2RY6H4kazy+ bysjXYu++zKV046cAe9aez6qH22YPvMV0Aanc1YcgHZDKa+TL7fy0vYDz4A70jlQrJqW OONHvBFdxDzgQffWa0cgIURtFPs1aQYxcoWRMkDEBQ+2BWYDNX7rKhWD3OjTi47+5Sov t4VQ== X-Gm-Message-State: AODbwcBAh6sFNOwbbF5r+caBxV4LNVPzaZj7rIRPxPxNT7s3dNEMw51B Hd2EiIZAhRCa0BUksWgrW406yUJA+xxv X-Received: by 10.37.24.213 with SMTP id 204mr28037412yby.4.1495654237047; Wed, 24 May 2017 12:30:37 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Sender: freemanrich@gmail.com Received: by 10.129.56.2 with HTTP; Wed, 24 May 2017 12:30:36 -0700 (PDT) In-Reply-To: <20170524182146.3926.2A178EC5@matica.foolinux.mooo.com> References: <20170524051002.12325.12B52329@matica.foolinux.mooo.com> <20170524053434.GA2656@anonymous> <20170524080033.19e66e6e@jupiter.sol.kaishome.de> <20170524182146.3926.2A178EC5@matica.foolinux.mooo.com> From: Rich Freeman Date: Wed, 24 May 2017 12:30:36 -0700 X-Google-Sender-Auth: S3fcUS56RKBBghGbh40XaQnxE6w Message-ID: Subject: Re: [gentoo-user] Re: tmp on tmpfs To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset="UTF-8" X-Archives-Salt: 97cdee1a-45b0-40cb-a85f-b245e39ed171 X-Archives-Hash: dd5b800ef59347a6d2f471bdd623455a On Wed, May 24, 2017 at 11:34 AM, Ian Zimmerman wrote: > On 2017-05-24 08:00, Kai Krakow wrote: > >> Unix semantics suggest that /tmp is not expected to survive reboots >> anyways (in contrast, /var/tmp is expected to survive reboots), so >> tmpfs is a logical consequence to use for /tmp. > > /tmp is wiped by the bootmisc init job anyway. > In general I haven't found anything that is bothered by /var/tmp being lost on reboot, but obviously that is something you need to be prepared for if you put it on tmpfs. One thing that wasn't mentioned is that having /tmp in tmpfs might also have security benefits depending on what is stored there, since it won't be written to disk. If you have a filesystem on tmpfs and your swap is encrypted (which you should consider setting up since it is essentially "free") then /tmp also becomes a useful dumping ground for stuff that is decrypted for temporary processing. For example, if you keep your passwords in a gpg-encrypted file you could copy it to /tmp, decrypt it there, do what you need to, and then delete it. That wouldn't leave any recoverable traces of the file. There are lots of guides about encrypted swap. It is the sort of thing that is convenient to set up since there is no value in preserving a swap file across reboots, so you can just generate a random key on each boot. I suspect that would break down if you're using hibernation / suspend to disk. -- Rich