DMU_OT_ACL and DMU_OT_OLDACL are both marked as objects that should be encrypted when the dataset has encryption enabled - because they are used for ZPL layer ACLs and are thus sensitive information. I need to know what DMU_OT_SYSACL is used for so I can determin if i should be an encrypted object for encrypted datasets. -- Darren J Moffat
Darren J Moffat wrote:> DMU_OT_ACL and DMU_OT_OLDACL are both marked as objects that should be > encrypted when the dataset has encryption enabled - because they are > used for ZPL layer ACLs and are thus sensitive information. > > I need to know what DMU_OT_SYSACL is used for so I can determin if i > should be an encrypted object for encrypted datasets. >DMU_OT_SYSACL is the bonus area of DMU_OT_ACL. Its currently not used, but may be used in the future to support CIFS system ACLs. -Mark
Mark Shellenbaum wrote:> Darren J Moffat wrote: >> DMU_OT_ACL and DMU_OT_OLDACL are both marked as objects that should be >> encrypted when the dataset has encryption enabled - because they are >> used for ZPL layer ACLs and are thus sensitive information. >> >> I need to know what DMU_OT_SYSACL is used for so I can determin if i >> should be an encrypted object for encrypted datasets. >> > > DMU_OT_SYSACL is the bonus area of DMU_OT_ACL. Its currently not used, > but may be used in the future to support CIFS system ACLs.Okay. I wonder if these CIFS system ACLs would be considered sensitive information or not - guess I need to talk to some CIFS people. What is more interesting though is how can I be sure that if this gets used after I putback that the correct TRUE/FALSE value for the encrypt field is used given the OT already exists. Thanks for the prompt response. -- Darren J Moffat