Re: Encrypted Swap
On Mon, Jun 20, 2005 at 09:17:55PM +0200, Rogier Krieger wrote: > On 6/20/05, Ray Percival <[EMAIL PROTECTED]> wrote: > > Setting up GPG and I thought I enabled encrypted swap with sysctl -w > > vm.swapencrypt.enable=1 > > You're already there; only GPG doesn't know about that. I suspect you > misread the instructions. GPG will whine about insecure memory so long > as it does not have setuid bits set on the executable Yes I did, misread that is. Thanks for the clue. > > By encrypting the swap, you eliminated the need for those setuid bits. > GPG, however, will continue to whine until you either tell it to shut > up or add the (now unnecessary) setuid bits. > > Your gpg.conf is the place to edit and add the equivalent of the > command line option "--no-secmem-warning" to your setup. > > Cheers, > > Rogier > > -- > If you don't know where you're going, any road will get you there. -- BOFH excuse #343: The ATM board has run out of 10 pound notes. We are having a whip round to refill it, care to contribute ? [demime 1.01d removed an attachment of type application/pgp-signature]
Re: Encrypted Swap
On 6/20/05, Ray Percival <[EMAIL PROTECTED]> wrote: > Setting up GPG and I thought I enabled encrypted swap with sysctl -w > vm.swapencrypt.enable=1 You're already there; only GPG doesn't know about that. I suspect you misread the instructions. GPG will whine about insecure memory so long as it does not have setuid bits set on the executable. By encrypting the swap, you eliminated the need for those setuid bits. GPG, however, will continue to whine until you either tell it to shut up or add the (now unnecessary) setuid bits. Your gpg.conf is the place to edit and add the equivalent of the command line option "--no-secmem-warning" to your setup. Cheers, Rogier -- If you don't know where you're going, any road will get you there.
Encrypted Swap
Setting up GPG and I thought I enabled encrypted swap with sysctl -w vm.swapencrypt.enable=1 it threw a message telling me that it was changing it. I also uncommented it in /etc/sysctl.conf but have not booted since doing that. Looking thorugh the archives and the faq I thought that should make gpg stop yelling at me about insecure memory. But it still is. So have I missed something or is there something else I should be reading. Thanks. Ray -- BOFH excuse #443: Zombie processes detected, machine is haunted. [demime 1.01d removed an attachment of type application/pgp-signature]