bugzilla-daemon at defect.opensolaris.org
2008-May-27 16:15 UTC
[Bug 2051] New: zpool key -c -o keyscope= doesn''t update keyscope
http://defect.opensolaris.org/bz/show_bug.cgi?id=2051
Summary: zpool key -c -o keyscope= doesn''t update keyscope
Classification: Development
Product: zfs-crypto
Version: unspecified
Platform: Other
OS/Version: Other
Status: NEW
Severity: minor
Priority: P4
Component: other
AssignedTo: darrenm at opensolaris.org
ReportedBy: darrenm at opensolaris.org
QAContact: hua.tang at sun.com
CC: zfs-crypto-discuss at opensolaris.org
Estimated Hours: 0.0
There is no code in zpool_change_key() to update the keyscope value if it is
supplied for being changed.
--
Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
bugzilla-daemon at defect.opensolaris.org
2008-May-27 16:43 UTC
[Bug 2051] zpool key -c -o keyscope= doesn''t update keyscope
http://defect.opensolaris.org/bz/show_bug.cgi?id=2051
Darren J Moffat <darrenm at opensolaris.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution| |FIXINSOURCE
--- Comment #1 from Darren J Moffat <darrenm at opensolaris.org>
2008-05-27 09:43:50 ---
This fix doesn''t allow:
# zpool set keysource=raw,file:///rmdisk/keys/mykey tank
# zpool key -c -o keyscope=passphrase,prompt tank
I think that is actually safe though. In the dataset case it isn''t
safe to
change the format of the key because it could be getting inherited by lower
datasets.
However in the case of the pool key I think this actually is safe and could be
allowed. For now I''m leaving this as a note in this bug it can be
fixed as an
RFE later if it is deemed both safe and useful to do.
--
Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.