BIND MOUNTS OK-even on /var/tmp: Var/tmp as a bind mount doesn't seem to cause a problem. I use directories in /home, mounted with -o bind, for these things to allow use of full home directory space (unlike a separate LUKS volume) while sealing leaks of encrypted data.
Some time back I worked up the "Bootcrypt" method of using bind mounts on an encrypted home partition to close data leaks in /tmp, var/timp ,etc. Currently /home and swap are LUKS partitions, other "sensitive" directories are subdirectories on /home, bind mounted to the filesystem. As of September 18 I have been able to use mountall with this-even with usplash, which I rolled back and pinned when the splash packages broke. I also use a custom splash theme based on ubuntustudio, with added armed penguins warning that all data is encrypted. In initramfs- tools/scripts/top , I had to substitute an older framebuffer script or usplash would freeze on usplash_write. Can't use fsck yet(set 0 in fstab), due to another reported bug causing mountall to refuse to deal properly with a failed fsck run. The partitions are specified by UUID, the bind mounts by file names in /home. Here if my fstab: # /etc/fstab: static file system information. # # Use 'vol_id --uuid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # <file system> <mount point> <type> <options> <dump> <pass> proc /proc proc defaults 0 0 # / was on /dev/sda1 during installation UUID=c6ecb774-1add-408f-95b2-16d263cadec1 / ext4 relatime,errors=remount-ro 0 0#TEMP /dev/scd0 /media/cdrom0 udf,iso9660 user,noauto,exec,utf8 0 0 # ####### CHANGES ADDED BY BOOTCRYPT V 1.1 ####### # UUID=8213ad0a-269b-492a-8d30-94b5bac12942 /home ext3 rw,relatime,nofail 0 0#TEMP # /home/TMP /tmp ext3 rw,bind,relatime,nofail 0 0 /home/VAR_TMP /var/tmp ext3 rw,bind,relatime,nofail 0 0 /home/VAR_SPOOL /var/spool ext3 rw,bind,relatime,nofail 0 0 /home/VAR_MAIL /var/mail ext3 rw,bind,relatime,nofail 0 0 /home/VAR_CACHE_CUPS /var/cache/cups ext3 rw,bind,relatime,nofail 0 0 UUID=5d09cd8b-61a7-4e86-94f8-c85a406217d7 none swap swap 0 0 Here is the crypttab that goes with it: # <target name> <source device> <key file> <options> vgbase UUID=5b9711af-64fa-4cda-89b1-ffc637e6359c none luks,tries=1000 -- /var/tmp in fstab hangs boot https://bugs.launchpad.net/bugs/431040 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
