From owner-freebsd-fs@FreeBSD.ORG Mon Apr 8 16:07:54 2013 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 3F78C830 for ; Mon, 8 Apr 2013 16:07:54 +0000 (UTC) (envelope-from freebsd-fs@m.gmane.org) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) by mx1.freebsd.org (Postfix) with ESMTP id 00ABF7FC for ; Mon, 8 Apr 2013 16:07:53 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1UPEbL-0002D2-Cm for freebsd-fs@freebsd.org; Mon, 08 Apr 2013 18:07:23 +0200 Received: from jtotz2.cs.ucl.ac.uk ([128.16.6.56]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 08 Apr 2013 18:07:23 +0200 Received: from johannes by jtotz2.cs.ucl.ac.uk with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 08 Apr 2013 18:07:23 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-fs@freebsd.org From: Johannes Totz Subject: Re: ZFS snapshots and daily security checks Date: Mon, 08 Apr 2013 17:06:59 +0100 Lines: 73 Message-ID: References: <20130408005438.GA66727@icarus.home.lan> <1504594172.20130408114200@serebryakov.spb.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: jtotz2.cs.ucl.ac.uk User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20130307 Thunderbird/17.0.4 In-Reply-To: <1504594172.20130408114200@serebryakov.spb.ru> X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Apr 2013 16:07:54 -0000 On 08/04/2013 08:42, Lev Serebryakov wrote: > Hello, Jeremy. > You wrote 8 апреля 2013 г., 4:54:38: > >>> Is it possible to exclude these snapshots from `mount -p' output or >>> don't mount them to hierarchy by default? > JC> Taken from my stable/9 r249160 system: > And here is my 9.1-STABLE r244958 (I'm filtering out all hourly > output, or this message will be infinite): > > % df -k > Filesystem 1024-blocks Used Avail Capacity Mounted on > /dev/mirror/root 2026028 675598 1188348 36% / > devfs 1 1 0 100% /dev > fdescfs 1 1 0 100% /dev/fd > procfs 4 4 0 100% /proc > /dev/mirror/var 16244332 6285320 8659466 42% /var > /dev/mirror/tmp 1012972 12290 919646 1% /tmp > /dev/mirror/usr 64995336 10259340 49536370 17% /usr > /dev/mirror/databases 101554148 174252 93255566 0% /var/databases > pool 487184219 21 487184198 0% /pool > pool/home 511417117 24232919 487184198 5% /usr/home > devfs 1 1 0 100% /var/named/dev > % mount > /dev/mirror/root on / (ufs, local) > devfs on /dev (devfs, local) > fdescfs on /dev/fd (fdescfs) > procfs on /proc (procfs, local) > /dev/mirror/var on /var (ufs, local, soft-updates) > /dev/mirror/tmp on /tmp (ufs, local, soft-updates) > /dev/mirror/usr on /usr (ufs, local, soft-updates) > /dev/mirror/databases on /var/databases (ufs, local, soft-updates) > pool on /pool (zfs, local, nfsv4acls) > pool/home on /usr/home (zfs, local, nfsv4acls) > devfs on /var/named/dev (devfs, local) > % zfs list -t snapshot | grep -v hourly > NAME USED AVAIL REFER MOUNTPOINT > pool/home@daily-2013-04-05_03.01.28--1m 544K - 23.1G - > pool/home@daily-2013-04-06_03.01.20--1m 688K - 23.1G - > pool/home@weekly-2013-04-06_04.15.34--1y 1.70M - 23.1G - > pool/home@daily-2013-04-07_03.04.44--1m 1.15M - 23.1G - > pool/home@daily-2013-04-08_03.01.31--1m 437K - 23.1G - > % mount -p | grep -v hourly > /dev/mirror/root / ufs rw 1 1 > devfs /dev devfs rw 0 0 > fdescfs /dev/fd fdescfs rw 0 0 > procfs /proc procfs rw 0 0 > /dev/mirror/var /var ufs rw 2 2 > /dev/mirror/tmp /tmp ufs rw 2 2 > /dev/mirror/usr /usr ufs rw 2 2 > /dev/mirror/databases /var/databases ufs rw 3 3 > pool /pool zfs rw,nfsv4acls 0 0 > pool/home /usr/home zfs rw,nfsv4acls 0 0 > devfs /var/named/dev devfs rw 0 0 > pool/home@daily-2013-04-05_03.01.28--1m /usr/home/.zfs/snapshot/daily-2013-04-05_03.01.28--1m zfs ro,nosuid,noatime,nfsv4acls 0 0 > pool/home@daily-2013-04-06_03.01.20--1m /usr/home/.zfs/snapshot/daily-2013-04-06_03.01.20--1m zfs ro,nosuid,noatime,nfsv4acls 0 0 > pool/home@weekly-2013-04-06_04.15.34--1y /usr/home/.zfs/snapshot/weekly-2013-04-06_04.15.34--1y zfs ro,nosuid,noatime,nfsv4acls 0 0 > pool/home@daily-2013-04-07_03.04.44--1m /usr/home/.zfs/snapshot/daily-2013-04-07_03.04.44--1m zfs ro,nosuid,noatime,nfsv4acls 0 0 > % > > JC> It seems to me mount and mount -p show the mounted snapshot. > I didn't mount snapshot specifically, and they are created by zfSnap > script from ports (sysutils/zfsnap). > As I can see in this script, snapshots are created with > > /sbin/zfs snapshot -r ${fs}@${snapshot} > Are your snapshots set to visible? zpool get listsnapshots pool If I remember correctly, daily security uses find to walk the file system tree...