On Tue, Dec 23, 2008 at 10:09:13 +0200,
Nikolay Vladimirov <nikolay(a)vladimiroff.com> wrote:
2008/12/23 Bruno Wolff III <bruno(a)wolff.to>:
> On Mon, Dec 22, 2008 at 18:48:47 +0200,
> Nikolay Vladimirov <nikolay(a)vladimiroff.com> wrote:
>>
>> It's good to have an option to do both encrypted home and dedicated
>> encrypted dir in home.
>
> What threat are you trying to counter by having a separate encrypted
> directory in your home directory? I would expect selinux to be a better
> solution for the kind of problem one might try to solve with an encrypted
> directory in their home directory.
>
No, because selinux is useless if someone has physical access to my computer.
Booting another os(think live cds) or just doing "single selinux=0".
That's what full disk (well really partition) encryption is for and which
already works nicely. Being able to encrypt just some directories is an
inferior solution to that problem.