From owner-freebsd-current@freebsd.org Sat Oct 17 16:48:49 2020 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 21CC043CAFA for ; Sat, 17 Oct 2020 16:48:49 +0000 (UTC) (envelope-from grahamperrin@gmail.com) Received: from mail-wm1-x32d.google.com (mail-wm1-x32d.google.com [IPv6:2a00:1450:4864:20::32d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CD89W6Np2z4P9N for ; Sat, 17 Oct 2020 16:48:47 +0000 (UTC) (envelope-from grahamperrin@gmail.com) Received: by mail-wm1-x32d.google.com with SMTP id d81so6393431wmc.1 for ; Sat, 17 Oct 2020 09:48:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=iz1WspmREk2+pxRE6LLgdcBeB1CtCVbadZLNsCDSxME=; b=L0y7Sc+qS/j2yyKdtT67toet5cmZInf+Etx0uRWS5RX1X98wDhfeiIIyspo/Kn7sQv ktHO1D1ukze6Pi7EGPmO20CSCINWV06xxKQRcG+pk9yFklb/LqdS8yPIMHKmWKRWY52l QxTH93M00mCYeX0qXDv/NWeVo3HTZO5BilEATeuKkfI+RjFlSA53a9s7DRZiF5nsdbkU gsLcpBqVQPR+GqjmarjB2/GChujj+OlgdaPxKdRUXEE6asigMCktkJMwOrTBsATxPb8l NFif7iYjOS9T642bAS3m9fB6TQgrVIHOxu5zJLP0jFf0PUWl+cU99kqwv0sgulpXF5bZ PYfw== X-Gm-Message-State: AOAM533sMUf/TZPWz8MYdGwCvbBlxQbCPUbAZYLWwpxhYatdJi9Zbhun OXa6hwnVVvr9BHTobxqrgz/iJbAMG/7g+Q== X-Google-Smtp-Source: ABdhPJyOka4oQNLArNgwPl0jpiUcgyX2V5K8ivCLe9oZlQ6t+cpmCb0v9hqb4pzsE+n+7/YUemaivg== X-Received: by 2002:a1c:7dc5:: with SMTP id y188mr8994791wmc.37.1602953325681; Sat, 17 Oct 2020 09:48:45 -0700 (PDT) Received: from [192.168.1.11] (79-66-147-78.dynamic.dsl.as9105.com. [79.66.147.78]) by smtp.gmail.com with ESMTPSA id g144sm8669304wmg.30.2020.10.17.09.48.44 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 17 Oct 2020 09:48:44 -0700 (PDT) Subject: OpenZFS: encrypted dataset confusion (PEBKAM) To: freebsd-current@freebsd.org References: <4fb31ed5-2281-13cf-e45e-28dae27f26b3@FreeBSD.org> <267214f8-a099-b16c-1a13-c082ec95c4b8@gmail.com> <208f93cb-1228-6631-aa9e-afb83c43d4e0@FreeBSD.org> From: Graham Perrin Message-ID: Date: Sat, 17 Oct 2020 17:48:44 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.3.2 MIME-Version: 1.0 In-Reply-To: <208f93cb-1228-6631-aa9e-afb83c43d4e0@FreeBSD.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Rspamd-Queue-Id: 4CD89W6Np2z4P9N X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.89 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RECEIVED_SPAMHAUS_PBL(0.00)[79.66.147.78:received]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; MID_RHS_MATCH_FROM(0.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.94)[-0.936]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-0.99)[-0.988]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_SPAM_SHORT(0.03)[0.033]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::32d:from]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-current] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Oct 2020 16:48:49 -0000 On 17/10/2020 14:08, Ryan Moeller wrote: > On 10/17/20 9:02 AM, Graham Perrin wrote: >> root@momh167-gjp4-8570p:~ # date ; uname -v ; uptime >> Sat Oct 17 14:00:10 BST 2020 >> FreeBSD 13.0-CURRENT #69 r366648: Tue Oct 13 05:49:05 BST 2020 >> root@momh167-gjp4-8570p:/usr/obj/usr/src/amd64.amd64/sys/GENERIC-NODEBUG >>  2:00PM  up 9 mins, 5 users, load averages: 0.29, 0.56, 0.31 >> root@momh167-gjp4-8570p:~ # zpool export Transcend && ls -hl >> /Volumes/t500/VirtualBox ; zpool import Transcend && ls -hl >> /Volumes/t500/VirtualBox >> ls: /Volumes/t500/VirtualBox: No such file or directory >> total 18 >> drwxr-xr-x  2 grahamperrin  grahamperrin     2B Sep 11 19:28 CloudReady >> drwxr-xr-x  6 grahamperrin  grahamperrin     6B May  8 09:04 FreeBSD >> drwxr-xr-x  4 grahamperrin  grahamperrin     4B Sep 20 17:03 Linux >> drwxr-xr-x  4 grahamperrin  grahamperrin     7B Oct 16 17:41 Windows >> root@momh167-gjp4-8570p:~ # zfs get all Transcend/VirtualBox | grep >> -e crypt -e key -e mountpoint | sort >> Transcend/VirtualBox  encryption aes-256-gcm               - >> Transcend/VirtualBox  encryptionroot Transcend/VirtualBox      - >> Transcend/VirtualBox  keyformat passphrase                - >> Transcend/VirtualBox  keylocation prompt local >> Transcend/VirtualBox  keystatus unavailable               - >> Transcend/VirtualBox  mountpoint /Volumes/t500/VirtualBox inherited >> from Transcend >> root@momh167-gjp4-8570p:~ # zfs --version >> zfs-0.8.0-1 >> zfs-kmod-v2020100400-zfs_79f0935fa >> root@momh167-gjp4-8570p:~ # > > > This doesn't necessarily mean the encrypted filesystem is mounted > though. The contents you are > seeing must be in the parent filesystem. > > Check the output of the mount command, you should find > Transcend/VirtualBox is not mounted. True! Thank you. I didn't realise that from the outset I had written to the non-encrypted parent. Fixed: ---- root@momh167-gjp4-8570p:~ # mount | grep Transcend Transcend on /Volumes/t500 (zfs, local, nfsv4acls) root@momh167-gjp4-8570p:~ # cd /Volumes/t500/ root@momh167-gjp4-8570p:/Volumes/t500 # mv VirtualBox vbox root@momh167-gjp4-8570p:/Volumes/t500 # zfs create -o encryption=on -o keyformat=passphrase Transcend/VirtualBox cannot create 'Transcend/VirtualBox': dataset already exists root@momh167-gjp4-8570p:/Volumes/t500 # zfs destroy Transcend/VirtualBox root@momh167-gjp4-8570p:/Volumes/t500 # ls -hl vbox total 18 drwxr-xr-x  2 grahamperrin  grahamperrin     2B Sep 11 19:28 CloudReady drwxr-xr-x  6 grahamperrin  grahamperrin     6B May  8 09:04 FreeBSD drwxr-xr-x  4 grahamperrin  grahamperrin     4B Sep 20 17:03 Linux drwxr-xr-x  4 grahamperrin  grahamperrin     7B Oct 16 17:41 Windows root@momh167-gjp4-8570p:/Volumes/t500 # zfs create -o encryption=on -o keyformat=passphrase Transcend/VirtualBox Enter passphrase: Re-enter passphrase: root@momh167-gjp4-8570p:/Volumes/t500 # mount | grep Transcend Transcend on /Volumes/t500 (zfs, local, nfsv4acls) Transcend/VirtualBox on /Volumes/t500/VirtualBox (zfs, local, nfsv4acls) root@momh167-gjp4-8570p:/Volumes/t500 # zpool status -v Transcend   pool: Transcend  state: ONLINE   scan: scrub repaired 0B in 01:11:28 with 0 errors on Sun Oct 11 12:35:27 2020 config:         NAME        STATE     READ WRITE CKSUM         Transcend   ONLINE       0     0     0           da0p1     ONLINE       0     0     0 errors: No known data errors root@momh167-gjp4-8570p:/Volumes/t500 # time mv vbox/* VirtualBox/ 0.630u 1378.236s 3:16:17.32 11.7%       15+167k 0+0io 235pf+0w root@momh167-gjp4-8570p:/Volumes/t500 #