11278 Encrypted ZFS filesystems should be mounted at boot where possible
Review Request #2025 — Created June 27, 2019 and updated — Latest diff uploaded
| Information | |
|---|---|
| citrus | |
| illumos-gate | |
| master | |
| 11278 | |
| e6d0b08... | |
| Reviewers | |
| general | |
11278 Encrypted ZFS filesystems should be mounted at boot where possible
bloody# zfs list -o name,encryption,keylocation | grep -v off NAME ENCRYPTION KEYLOCATION rpool/enc aes-256-ccm file:///e.key rpool/encb aes-256-ccm file:///f.key rpool/encp aes-256-ccm prompt bloody# ls -l /e.key /f.key /f.key: No such file or directory -rw-r--r-- 1 root root 32 Jun 26 12:34 /e.key bloody# df -h | grep enc bloody# zfs unload-keys -a bloody# tail -f `svcs -L filesystem/local` & bloody# svcadm restart filesystem/local bloody# [ Jun 27 10:47:19 Stopping because service restarting. ] [ Jun 27 10:47:19 Executing stop method (null). ] [ Jun 27 10:47:19 Executing start method ("/lib/svc/method/fs-local"). ] Loading encryption keys: rpool/enc Key load error: Failed to open key material file WARNING: Failed to load keys for rpool/encb Mounting encrypted filesystems [ Jun 27 10:47:20 Method "start" exited with status 0. ] bloody# df -h | grep enc rpool/enc 289G 320K 213G 1% /rpool/enc bloody# zfs mount -l rpool/encp Enter passphrase for 'rpool/encp': bloody# df -h | grep enc rpool/enc 289G 320K 213G 1% /rpool/enc rpool/encp 289G 320K 213G 1% /rpool/encp