bugzilla-daemon at defect.opensolaris.org
2008-Apr-15 03:34 UTC
[Bug 1195] New: ''zfs set keysource'' should fail with encryption=off
http://defect.opensolaris.org/bz/show_bug.cgi?id=1195 Summary: ''zfs set keysource'' should fail with encryption=off Classification: Development Product: zfs-crypto Version: unspecified Platform: Other OS/Version: Solaris Status: NEW Severity: minor Priority: P4 Component: other AssignedTo: darrenm at opensolaris.org ReportedBy: hua.tang at sun.com QAContact: hua.tang at sun.com CC: zfs-crypto-discuss at opensolaris.org Estimated Hours: 0.0 # zpool create tank /export/home/testfile # zfs create -o encryption=off -o keyscope=dataset -o keysource=hex,prompt tank/fs # zfs set keysource=hex,file:///hex_key_file tank/fs # echo $? 0 # I think in this case keysource should be set to ''-'' during creation and can''t be set by ''zfs set''. -- Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
bugzilla-daemon at defect.opensolaris.org
2008-Apr-15 04:25 UTC
[Bug 1195] ''zfs set keysource'' should fail with encryption=off
http://defect.opensolaris.org/bz/show_bug.cgi?id=1195 ajscarp at yahoo.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|darrenm at opensolaris.org |ajscarp at yahoo.com Status|NEW |CLOSED Resolution| |INVALID --- Comment #1 from ajscarp at yahoo.com 2008-04-14 21:25:58 --- This is not a bug.. The keysource and keyscope can be set for the purposes of inheritance for dataset''s below tank/fs. tank/fs will not use these properties unless encryption is turned on. If you were to type "zfs create -o encryption=on tank/fs/enc". It would succeed, because tank/fs/enc will inherit the keysource and keyscope from tank/fs. If tank/fs/enc were given a keysource or keyscope, it would override the inheritance from tank/fs "zfs set" is allowed to change the keysource''s locator, but not the format. Changing it to ''raw'' or ''passphrase'' would have been a failure.. Changing the locator allows the user to change the filename or method (prompt <-> file), but it''s up to the user to make sure they are using the same key, as it''s not a formal key change, just a change in location of the same key -- Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.