Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add 'zfs umount -u' for encrypted datasets
This patch adds the ability for the user to unload keys for datasets as they are being unmounted. This is analagous to 'zfs mount -l'. Signed-off-by: Tom Caputi <tcaputi@datto.com>
- Loading branch information
Tom Caputi
committed
Jun 24, 2019
1 parent
df24bcf
commit a3cba5e
Showing
5 changed files
with
114 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
79 changes: 79 additions & 0 deletions
79
tests/zfs-tests/tests/functional/cli_root/zfs_unmount/zfs_unmount_unload_keys.ksh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,79 @@ | ||
| #!/bin/ksh -p | ||
| # | ||
| # CDDL HEADER START | ||
| # | ||
| # The contents of this file are subject to the terms of the | ||
| # Common Development and Distribution License (the "License"). | ||
| # You may not use this file except in compliance with the License. | ||
| # | ||
| # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE | ||
| # or http://www.opensolaris.org/os/licensing. | ||
| # See the License for the specific language governing permissions | ||
| # and limitations under the License. | ||
| # | ||
| # When distributing Covered Code, include this CDDL HEADER in each | ||
| # file and include the License file at usr/src/OPENSOLARIS.LICENSE. | ||
| # If applicable, add the following below this CDDL HEADER, with the | ||
| # fields enclosed by brackets "[]" replaced with your own identifying | ||
| # information: Portions Copyright [yyyy] [name of copyright owner] | ||
| # | ||
| # CDDL HEADER END | ||
| # | ||
|
|
||
| # | ||
| # Copyright (c) 2017 Datto, Inc. All rights reserved. | ||
| # | ||
|
|
||
| . $STF_SUITE/include/libtest.shlib | ||
| . $STF_SUITE/tests/functional/cli_root/zfs_unmount/zfs_unmount.kshlib | ||
| . $STF_SUITE/tests/functional/cli_root/zfs_load-key/zfs_load-key_common.kshlib | ||
|
|
||
| # | ||
| # DESCRIPTION: | ||
| # "zfs unmount -u" should allow the user to unload their encryption | ||
| # keys while unmounting one or more datasets | ||
| # | ||
| # STRATEGY: | ||
| # 1. Create a hierarchy of encrypted datasets | ||
| # 2. Test that 'zfs unmount -u' unloads keys as it unmounts a dataset | ||
| # 3. Test that 'zfs unmount -u' unloads keys as it unmounts multiple datasets | ||
| # 4. Test that 'zfs unmount -u' returns an error if the key is still in | ||
| # use by a clone. | ||
| # | ||
|
|
||
| verify_runnable "both" | ||
|
|
||
| function cleanup | ||
| { | ||
| datasetexists $TESTPOOL/$TESTFS2 && \ | ||
| log_must zfs destroy -r $TESTPOOL/$TESTFS2 | ||
| datasetexists $TESTPOOL/$TESTFS2/newroot && \ | ||
| log_must zfs destroy -r $TESTPOOL/$TESTFS2/newroot | ||
| datasetexists $TESTPOOL/$TESTFS2/child && \ | ||
| log_must zfs destroy -r $TESTPOOL/$TESTFS2/child | ||
|
|
||
| } | ||
| log_onexit cleanup | ||
|
|
||
| log_assert "'zfs unmount -u' should unload keys for datasets as they are unmounted" | ||
| log_must eval "echo 'password' | zfs create -o encryption=on -o keyformat=passphrase $TESTPOOL/$TESTFS2" | ||
| log_must eval "echo 'password' | zfs create -o encryption=on -o keyformat=passphrase $TESTPOOL/$TESTFS2/newroot" | ||
| log_must zfs create $TESTPOOL/$TESTFS2/child | ||
|
|
||
| log_must zfs umount -u $TESTPOOL/$TESTFS2/newroot | ||
| log_must key_unavailable $TESTPOOL/$TESTFS2/newroot | ||
| log_must eval "echo 'password' | zfs mount -l $TESTPOOL/$TESTFS2/newroot" | ||
|
|
||
| log_must zfs umount -u $TESTPOOL/$TESTFS2 | ||
| log_must key_unavailable $TESTPOOL/$TESTFS2 | ||
| log_must key_unavailable $TESTPOOL/$TESTFS2/newroot | ||
| log_must key_unavailable $TESTPOOL/$TESTFS2/child | ||
| log_must eval "echo 'password' | zfs mount -l $TESTPOOL/$TESTFS2/newroot" | ||
|
|
||
| log_must zfs snap $TESTPOOL/$TESTFS2/newroot@1 | ||
| log_must zfs clone $TESTPOOL/$TESTFS2/newroot@1 $TESTPOOL/$TESTFS2/clone | ||
| log_mustnot zfs umount -u $TESTPOOL/$TESTFS2/newroot | ||
| log_must key_available $TESTPOOL/$TESTFS2/newroot | ||
| log_must mounted $TESTPOOL/$TESTFS2/newroot | ||
|
|
||
| log_pass "'zfs unmount -u' unloads keys for datasets as they are unmounted" |