Eric Schrock wrote: > Yes, this would be useful. See: > > 6364688 method to preserve properties when making a clone
Thanks for that pointer. I'd say it should be the default - but then that was basically the topic of this thread :-) > The infrastructure is all there (zfs_clone() takes an nvlist of > properties), it just hasn't been implemented yet. Yep I spotted that. > Note that 'volblocksize' is special because it is a create-time property > and cannot be changed once it is set. It doesn't make sense to > 'inherit' volblocksize from the new parent, as the resulting volume > would be unusable. I believe that 'volsize', while changeable, is also > preserved with a snapshot for a similar purpose. It is exactly because it is create-time that I used that for my comparison. > Can the encryption properties be changed once a filesystem is created? There are currently three separate properties for a dataset that deals with encryption and none of them can be changed by the end user after creation and they must all be the same in the clone. For context they are: "encryption": should be create time only since changing this changes policy and could result in a mix of clear text and cipher text. Even changes between "on" values aren't allowed since it is too hard to rationalise about the overall security of the dataset. "keytype": This is currently create time only. In theory some future project could allow it to be changed (ie the same clear text key is available via a different key management system). For the first delivery it will be create time only. Need not be identical in the clone but see below, realistically it should always be identical in the clone [I haven't found a real world case yet where it would be useful to have different key management but the same key value in the clone]. "wrappedkey": This is a hidden property that is an implementation artefact rather than a property exposed via zfs(1) [we may not even allow it to be exposed over the ioctl but that depends on the future of zfs send/recv with properties and is a much more complex issue ]. This is the encrypted per data set key. The clear text of this must be identical in the clone and currently I'm planning for the actual property value to be identical too. -- Darren J Moffat _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
