Hi
Sorry for the cross-posting, I'd sent this to zfs-code originally. Wrong
forum.
I'm looking into forensic aspects of ZFS, in particular ways to use ZFS tools
to investigate ZFS file systems without writing to the pools. I'm working on
a test suite of file system images within VTOC partitions. At the moment,
these only have 1 file system per pool per VTOC partition for simplicity's
sake, and I'm using Solaris 10 6/06, which may not be the most up-to-date. At
the bottom are details of the tests.
The problem: I was not able to use a loopback device on a file system image
(see TEST section). Here are some questions:
* Am I missing a command or something?
* Is there support for lofiadm in a more recent version of ZFS?
* Or is there any way to safely mount a file system image?
Thanks for your help.
Regards
Mark
GOOD NEWS
It looks as if the zfs mount options can stop updates of file system metadata
(ie mount times etc) and file metadata (no writing of file access times).
Quote from man zfs 25 Apr 2006 p. 11 ("Temporary Mount Point Properties") :
... these options can be set on a per-mount basis
using the -o option, without affecting the property that is
stored on disk. The values specified on the command line
will override the values stored in the dataset. The -nosuid
option is an alias for "nodevices,nosetuid". These proper-
ties are reported as "temporary" by the "zfs get" command.
TEST
26.07.2007
Forensic mounting of ZFS File Systems.
Loopback device does not seem to work with ZFS using "zfs mount" or
legacy "mount".
However, temporary command-line options can prevent mounts from writing to a
file system.
MAKE COPY
[EMAIL PROTECTED] /export/home# cp t1_fs1.dd t1_fs1.COPY.dd
CHECKSUMS
[EMAIL PROTECTED] /export/home# gsha1sum t1*
5c08a7edfe3d04f5fff6d37c6691e85c3745629f t1_fs1.COPY.dd
5c08a7edfe3d04f5fff6d37c6691e85c3745629f t1_fs1.dd
CHECKSUM RAW DEV FOR FS1
[EMAIL PROTECTED] /export/home# gsha1sum /dev/dsk/c0t1d0s1
5c08a7edfe3d04f5fff6d37c6691e85c3745629f /dev/dsk/c0t1d0s1
[EMAIL PROTECTED] /export/home#
PREPARE LOOPBACK DEVICE
note need full path for file
[EMAIL PROTECTED] /export/home# lofiadm -a /export/home/t1_fs1.COPY.dd
/dev/lofi/1
[EMAIL PROTECTED] /export/home# lofiadm
Block Device File
/dev/lofi/1 /export/home/t1_fs1.COPY.dd
[EMAIL PROTECTED] /export/home#
ZFS MOUNT OF LOOPBACK DEVICE DOESNT WORK
[EMAIL PROTECTED] /export/home# zfs mount -o
noexec,nosuid,noatime,nodevices,ro /dev/lofi/1 /fs1
too many arguments
usage:
[...]
[EMAIL PROTECTED] /export/home# zfs mount -o ro,noatime /dev/lofi/1
cannot open '/dev/lofi/1': invalid filesystem name
NOR DOES LEGACY MOUNT
[EMAIL PROTECTED] /export/home# mount -F zfs -o
noexec,nosuid,noatime,nodevices,ro /dev/lofi/1 /fs1
cannot open '/dev/lofi/1': invalid filesystem name
TRY MOUNT OF NORMAL FS
[EMAIL PROTECTED] /export/home# mount -o noexec,nosuid,noatime,nodevices,ro fs1
/fs1
[EMAIL PROTECTED] /export/home# ls -lR /fs1
/fs1:
total 520
-rw-r--r-- 1 mark staff 234179 Jul 17 20:17
gutenberg.org_martin_luther_treatise_on_good_works_with_intro_gwork10.txt
drwxr-xr-x 3 root root 5 Jul 26 14:12 level_1
/fs1/level_1:
total 1822
-rwxr-xr-x 1 mark staff 834236 Jul 17 20:16 imgp2219.jpg
-rw-r--r-- 1 mark staff 1388 Jul 17 20:15
imgp2219.jpg.head.tail.xxd
drwxr-xr-x 2 root root 5 Jul 26 14:12 level_2
/fs1/level_1/level_2:
total 1038
-rw-r--r-- 1 mark staff 234179 Jul 17 20:17
gutenberg.org_martin_luther_treatise_on_good_works_with_intro_gwork10.txt
-rw-r--r-- 1 mark staff 173713 Jul 17 20:15 imgp2219.small.jpg
-rw-r--r-- 1 mark staff 1388 Jul 17 20:15
imgp2219.small.jpg.head.tail.xxd
MUCK AROUND A BIT
[EMAIL PROTECTED] /export/home#
file
/fs1/gutenberg.org_martin_luther_treatise_on_good_works_with_intro_gwork10.txt
/fs1/gutenberg.org_martin_luther_treatise_on_good_works_with_intro_gwork10.txt:
ascii text
[EMAIL PROTECTED] /export/home#
[EMAIL PROTECTED] /export/home#
head
/fs1/gutenberg.org_martin_luther_treatise_on_good_works_with_intro_gwork10.txt
*****The Project Gutenberg Etext of A treatise on Good Works*****
#2 in our series by Dr. Martin Luther
Copyright laws are changing all over the world, be sure to check
the copyright laws for your country before posting these files!
Please take a look at the important information in this header.
We encourage you to keep this file on your own disk, keeping an
electronic path open for the next readers. Do not remove this.
[EMAIL PROTECTED] /export/home#
[EMAIL PROTECTED] /export/home#
rm
/fs1/gutenberg.org_martin_luther_treatise_on_good_works_with_intro_gwork10.txt
rm:
/fs1/gutenberg.org_martin_luther_treatise_on_good_works_with_intro_gwork10.txt:
override protection 644 (yes/no)? y
rm:
/fs1/gutenberg.org_martin_luther_treatise_on_good_works_with_intro_gwork10.txt
not removed: Read-only file system
[EMAIL PROTECTED] /export/home#
[EMAIL PROTECTED] /export/home#
[EMAIL PROTECTED] /export/home# ls -la /fs1/
total 543
drwxr-xr-x 3 root sys 4 Jul 26 14:13 .
drwxr-xr-x 26 mark staff 512 Jul 26 14:06 ..
-rw-r--r-- 1 mark staff 234179 Jul 17 20:17
gutenberg.org_martin_luther_treatise_on_good_works_with_intro_gwork10.txt
drwxr-xr-x 3 root root 5 Jul 26 14:12 level_1
[EMAIL PROTECTED] /export/home#
UNMOUNT
[EMAIL PROTECTED] /export/home# umount /fs1
[EMAIL PROTECTED] /export/home#
CHECKSUM RAW DEV AGAIN: MATCHES (NO DATA WRITTEN)
[EMAIL PROTECTED] /export/home#
[EMAIL PROTECTED] /export/home# gsha1sum /dev/dsk/c0t1d0s1
5c08a7edfe3d04f5fff6d37c6691e85c3745629f /dev/dsk/c0t1d0s1
[EMAIL PROTECTED] /export/home#
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
