zfs
zfs copied to clipboard
openzfs
ZFS Channel Programs cannot get_prop `encryption` or `encryptionroot` properties
System information
| Type | Version/Name |
|---|---|
| Distribution Name | NixOS |
| Distribution Version | 21.09 (unstable) |
| Linux Kernel | 5.10.45 |
| Architecture | x86_64 |
| ZFS Version | 2.1.0-1 |
| SPL Version | 2.1.0-1 |
and by @nshalman:
| Type | Version/Name |
|---|---|
| Distribution Name | SmartOS |
| Distribution Version | joyent_20210520T001536Z |
| Architecture | x86_64 |
Describe the problem you're observing
A ZFS Channel Program can't access, seemingly, just these two properties:
enc.lua:
dataset = "tank/safe/home"
result = {}
result["keyformat"] = zfs.get_prop(dataset, "keyformat")
result["keylocation"] = zfs.get_prop(dataset, "keylocation")
result["encryption"] = zfs.get_prop(dataset, "encryption")
result["encryptionroot"] = zfs.get_prop(dataset, "encryptionroot") == null
return result
results in:
grahamc@hyperchicken:~/ > zfs get encryption tank/safe/home
NAME PROPERTY VALUE SOURCE
tank/safe/home encryption aes-256-gcm -
grahamc@hyperchicken:~/ > zfs get encryptionroot tank/safe/home
NAME PROPERTY VALUE SOURCE
tank/safe/home encryptionroot tank -
grahamc@hyperchicken:~/ > sudo zfs program tank ./enc.lua
Channel program fully executed and produced output:
return:
encryptionroot: true
encryption: 'off'
keylocation: 'none'
keyformat: 'passphrase'
and for @nshalman:
# echo "passphrase" | zfs create -o encryption=aes-256-ccm -o keyformat=passphrase zones/deleteme
# zfs get all zones/deleteme | grep cryp
zones/deleteme encryption aes-256-ccm -
zones/deleteme encryptionroot zones/deleteme -
# zfs program zones ./enc.lua
Channel program fully executed and produced output:
return:
encryptionroot: true
keyformat: 'none'
keylocation: 'prompt'
encryption: 'off'
Describe how to reproduce the problem
Create an encrypted dataset:
echo "passphrase" | zfs create -o encryption=aes-256-ccm -o keyformat=passphrase zones/deleteme
then edit enc.lua from above to point to the dataset and execute it, note the encryption and encryptionroot fields are not correctly reported.
Include any warning/errors/backtraces from the system logs
none
I've opened PR #12335 adding a test to verify channel programs can access these two fields. As expected, the test fails in the sanity tests:
Test: /usr/share/zfs/zfs-tests/tests/functional/channel_program/lua_core/tst.encryption (run as root) [00:00] [FAIL]
When a solution is found for this bug, we should be sure not to let the work done in https://github.com/openzfs/zfs/pull/12335 be lost, and include those tests.
This issue has been automatically marked as "stale" because it has not had any activity for a while. It will be closed in 90 days if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue has been automatically marked as "stale" because it has not had any activity for a while. It will be closed in 90 days if no further activity occurs. Thank you for your contributions.
I don't think this is solved, and I wish it were, though I'm no longer pursuing this.
On Sun, Oct 15, 2023, at 11:37 AM, stale[bot] wrote:
This issue has been automatically marked as "stale" because it has not had any activity for a while. It will be closed in 90 days if no further activity occurs. Thank you for your contributions.
— Reply to this email directly, view it on GitHub https://github.com/openzfs/zfs/issues/12337#issuecomment-1763426662, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAASXLEHOHDMLGUMRT5EQ6TX7P7KBAVCNFSM5AA4DD32U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCNZWGM2DENRWGYZA. You are receiving this because you were mentioned.Message ID: @.***>