Date: Mon, 20 Jun 2011 21:16:49 +0200 From: Patrick Proniewski <patrick.proniewski@univ-lyon2.fr> To: FreeBSD Filesystems <freebsd-fs@freebsd.org> Subject: Re: ZFS, noexec and snapshots Message-ID: <16735164.54848.1308597423064.JavaMail.root@co4> In-Reply-To: <43CFBAB7-9383-4D18-A2FF-061766637CE7@univ-lyon2.fr> References: <43CFBAB7-9383-4D18-A2FF-061766637CE7@univ-lyon2.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Following Micheal's reply, I realise my english is not as clear as I wish :) > On 19/06/2011 10:03, Patrick Proniewski wrote: >> >> Every ZFS volume is made with noexec, but I've just find out that the automount of .zfs/snapshot/* is not made with the noexec option. >> > > Just two days ago I was wondering why some of my snapshots are not > visible in .zfs/snapshot/ after setting snapdir=visible. All of given > datasets have the noexec property set on. > I guess that is the answer then. > > Michael What I intended to say is: Automount of .zfs/snapshot/* works, but snapshots are mounted without the option "noexec", despite the fact that the property should be inherited from parents (i think). Well, if you rely on "noexec" as a security feature, just don't use snapshots, because it looks like snapshots are always mounted with "exec = on" Patrick PRONIEWSKI -- Administrateur Système - DSI - Université Lumière Lyon 2
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?16735164.54848.1308597423064.JavaMail.root>