Darren Reed wrote:
Hmmm, well, I suppose the same problem might apply to encrypting data too...so maybe what I need is a zfs command that will walk the filesystem's data tree, read in data and write it back out according to the current data policy.
And if that file system is multiple terrabytes would you be okay with there being a read and write lock while this runs ?
This may not work so well for encrypted data if encryption is disabled, but I'm not sure that is such a good idea.
The current plan is that encryption must be turned on when the file system is created and can't be turned on later. This means that the zfs-crypto work depends on the RFE to set properties at file system creation time.
You also won't be able to turn crypto off for a given filesystem later (because you won't know when all the data is back in the clear again and you can safely destroy the key).
-- Darren J Moffat _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
