[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#652011: general: Repeated pattern of FHS violation: Dependencies of /sbin and /bin, belong in /lib

On Wed, 14 Dec 2011, Roger Leigh wrote:

The same argument applies to encryption.  / and /usr both contain a
selection of programs, libraries etc.  If you're encrypting one, why
would you not encrypt all of it?


On one of my relatively low-power portable systems, I have everything encrypted except /boot and /usr. /boot for obvious reasons; /usr because decryption is heavily CPU-bound, making encrypted /usr unworkably slow. Since encryption is for privacy reasons, I need encrypted / because of /etc. (And encrypted /home and /var of course.)

Indeed, this means that programs in /bin and libs in /lib are also encrypted. But this actually does _not_ slow things down: the Linux disk cache is sensibly caching the decrypted data, so often-used stuff from /bin and /lib happily remains in already-decrypted cache. The interesting stuff from /usr is generally too large and too seldomly used to remain cached.

So I'd say "preferably not" move /bin and /lib to /usr; but I'd say "absolutely definitely not" move /usr/bin and /usr/lib to /.

(Well, in the latter case: unless you make sure that /bin and /lib are actually mountable separately. But that would really defeat the purpose.)

Best regards,

Anne Bezemer

Reply to: