Darren J Moffat wrote: >> + slabel=<internally encoded label | none> >> + This property is used with Trusted Extensions. This is >> + the internal encoding of a sensitivity label (also called >> + a hex label). (See label_to_str(3tsol), label_encodings(4), >> + hextoalabel(1M), atohexlabel(1M).) At mount time, this label >> + must match that of the zone where the dataset is being mounted, >> + or the mount fails. > > > I'm happy with everything in this case except that the user interface to > setting the property requires the use of an internally encoded label,
Scratch that comment, on further thought (prompted by MarkS) I'm actually not happy with using a dataset property for this. ZFS Crypto support doesn't encrypt the property names or values, this means that the sensitivity labels will not be encrypted on disk. That could be a serious issue for use cases that involve ZFS doing encryption and having TX enabled. I think this case needs some discussion with the ZFS core team and the ZFS crypto team before it can move forwards. -- Darren J Moffat
