From owner-freebsd-fs@FreeBSD.ORG Mon Jun 20 19:17:06 2011 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 634D3106566B for ; Mon, 20 Jun 2011 19:17:06 +0000 (UTC) (envelope-from patrick.proniewski@univ-lyon2.fr) Received: from smtp.univ-lyon2.fr (smtp.univ-lyon2.fr [159.84.143.21]) by mx1.freebsd.org (Postfix) with ESMTP id 21AE48FC17 for ; Mon, 20 Jun 2011 19:17:05 +0000 (UTC) Received: from ru.univ-lyon2.fr (localhost [127.0.0.1]) by smtp.univ-lyon2.fr (Postfix) with ESMTP id 75E0414D909 for ; Mon, 20 Jun 2011 21:17:05 +0200 (CEST) X-Virus-Scanned: amavisd-new at univ-lyon2.fr Received: from amavis.at.univ-lyon2.fr ([127.0.0.1]) by ru.univ-lyon2.fr (smtp.univ-lyon2.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9KkrYrRCv56q for ; Mon, 20 Jun 2011 21:17:04 +0200 (CEST) Received: from co4 (co4.univ-lyon2.fr [159.84.143.67]) by smtp.univ-lyon2.fr (Postfix) with ESMTP for ; Mon, 20 Jun 2011 21:17:04 +0200 (CEST) Received: from [10.250.65.79] ([80.125.173.129]) by co4.univ-lyon2.fr for ;Mon, 20 Jun 2011 21:16:59 +0200 (CEST) Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 From: Patrick Proniewski In-Reply-To: <43CFBAB7-9383-4D18-A2FF-061766637CE7@univ-lyon2.fr> Date: Mon, 20 Jun 2011 21:16:49 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <16735164.54848.1308597423064.JavaMail.root@co4> References: <43CFBAB7-9383-4D18-A2FF-061766637CE7@univ-lyon2.fr> To: FreeBSD Filesystems X-Mailer: Apple Mail (2.1084) X-ContactOffice-Account: main:2117681 X-Mailman-Approved-At: Mon, 20 Jun 2011 19:44:18 +0000 Subject: Re: ZFS, noexec and snapshots X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jun 2011 19:17:06 -0000 Hello, Following Micheal's reply, I realise my english is not as clear as I wish := ) > On 19/06/2011 10:03, Patrick Proniewski wrote: >>=20 >> Every ZFS volume is made with noexec, but I've just find out that the au= tomount of .zfs/snapshot/* is not made with the noexec option. >>=20 >=20 > Just two days ago I was wondering why some of my snapshots are not=20 > visible in .zfs/snapshot/ after setting snapdir=3Dvisible. All of given= =20 > datasets have the noexec property set on. > I guess that is the answer then. >=20 > Michael What I intended to say is: Automount of .zfs/snapshot/* works, but snapshots are mounted without the o= ption "noexec", despite the fact that the property should be inherited from= parents (i think). Well, if you rely on "noexec" as a security feature, just don't use snapsho= ts, because it looks like snapshots are always mounted with "exec =3D on" Patrick PRONIEWSKI --=20 Administrateur Syst=E8me - DSI - Universit=E9 Lumi=E8re Lyon 2