zdb -O fails for encrypted datasets

[w1kl4s]

System information

Type	Version/Name
Distribution Name	Void Linux
Distribution Version	rolling
Linux Kernel	5.10.10_1
Architecture	x86_64
ZFS Version	2.0.1-1
SPL Version	2.0.1-1

Describe the problem you're observing

command zdb -O fails for encrypted datasets with Permission denied error

Describe how to reproduce the problem

➜  ~ whoami
root
➜  ~ mkdir /mnt/testpool
➜  ~ dd if=/dev/zero of=/tmp/zpooltest.img bs=4M count=256
256+0 records in
256+0 records out
1073741824 bytes (1.1 GB, 1.0 GiB) copied, 0.302311 s, 3.6 GB/s
➜  ~ zpool create testpool /tmp/zpooltest.img    
➜  ~ zfs create testpool/unencrypted -o mountpoint=/mnt/testpool/unencrypted
➜  ~ zfs create testpool/encrypted -o mountpoint=/mnt/testpool/encrypted -o encryption=aes-256-gcm -o keyformat=passphrase
Enter passphrase:
Re-enter passphrase:
➜  ~ 
➜  ~ touch /mnt/testpool/unencrypted/test
➜  ~ touch /mnt/testpool/encrypted/test
➜  ~ zdb -O testpool/unencrypted test 

    Object  lvl   iblk   dblk  dsize  dnsize  lsize   %full  type
         2    1   128K    512      0     512    512    0.00  ZFS plain file
➜  ~ zdb -O testpool/encrypted test  
failed to lookup dataset=testpool/encrypted path=/test: Permission denied

Include any warning/errors/backtraces from the system logs

None observed.

[mhosken]

I concur. Makes it tricky to use zdb -O at all on an encrypted pool. zfs-2.0.2-1ubuntu5 zfs-kmod-2.0.3-8ubuntu6

[putnam]

Still occurs on 2.0.6 and 2.0.8. I'm surprised nobody has had the need to debug encrypted datasets in this way.

However, you can always mount the dataset and get the object number / inode with ls -i PATH and then call zdb -ddd NUM which I think is effectively the same thing.

[fryfrog]

And just to add a little more, it also still occurs on 2.1.1.

[stale]

This issue has been automatically marked as "stale" because it has not had any activity for a while. It will be closed in 90 days if no further activity occurs. Thank you for your contributions.