Make encrypted "zfs mount -a" failures consistent

Currently, "zfs mount -a" will print a warning and fail to mount
any encrypted datasets that do not have a key loaded. This patch
makes the behavior of this failure consistent with other failure
modes ("zfs mount -a" will silently continue, explict "zfs mount"
will print a message and return an error code.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #7382
This commit is contained in:
Tom Caputi 2018-04-06 16:28:15 -04:00 committed by Brian Behlendorf
parent 533ea0415b
commit 1bf9a552bb
2 changed files with 26 additions and 3 deletions

View File

@ -6228,6 +6228,22 @@ share_mount_one(zfs_handle_t *zhp, int op, int flags, char *protocol,
return (0);
}
/*
* If this filesystem is encrypted and does not have
* a loaded key, we can not mount it.
*/
if ((flags & MS_CRYPT) == 0 &&
zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) != ZIO_CRYPT_OFF &&
zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS) ==
ZFS_KEYSTATUS_UNAVAILABLE) {
if (!explicit)
return (0);
(void) fprintf(stderr, gettext("cannot %s '%s': "
"encryption key not loaded\n"), cmdname, zfs_get_name(zhp));
return (1);
}
/*
* If this filesystem is inconsistent and has a receive resume
* token, we can not mount it.

View File

@ -29,9 +29,12 @@
# 1. Create an encrypted dataset
# 2. Unmount and unload the dataset's key
# 3. Verify the key is unloaded
# 4. Attempt to load the key while mounting the dataset
# 5. Verify the key is loaded
# 6. Verify the dataset is mounted
# 4. Attempt to mount all datasets in the pool
# 5. Verify that no error code is produced
# 6. Verify that the encrypted dataset is not mounted
# 7. Attempt to load the key while mounting the dataset
# 8. Verify the key is loaded
# 9. Verify the dataset is mounted
#
verify_runnable "both"
@ -53,6 +56,10 @@ log_must zfs unmount $TESTPOOL/$TESTFS1
log_must zfs unload-key $TESTPOOL/$TESTFS1
log_must key_unavailable $TESTPOOL/$TESTFS1
log_must zfs mount -a
unmounted $TESTPOOL/$TESTFS1 || \
log_fail "Filesystem $TESTPOOL/$TESTFS1 is mounted"
log_must eval "echo $PASSPHRASE | zfs mount -l $TESTPOOL/$TESTFS1"
log_must key_available $TESTPOOL/$TESTFS1