> Message: 1 > Date: Mon, 17 Mar 2008 12:40:23 +0000 > From: Darren J Moffat <Darren.Moffat at Sun.COM> > Subject: [zfs-code] Property inheritance during dataset creation > To: zfs-code at opensolaris.org > Cc: zfs-crypto-discuss at opensolaris.org > Message-ID: <47DE66B7.1080408 at Sun.COM> > Content-Type: text/plain; format=flowed; charset=ISO-8859-1 > > Context: For the ZFS Crypto project we have a property keyscope that > determines wither or not the pool key or a per-dataset key should be used. > > For encryption=on and keyscope=pool we just require that the pool key > have been loaded already, and we can check that by looking at the > keystatus property on the pool. This works just fine. > > When creating datasets with keyscope=dataset we need to get the key > material *before* we call down to the kernel using ZFS_IOC_CREATE. If > encryption=off or keyscope=pool then there is nothing to do in terms of > getting keys. > > To do this I need to determine the value of the encryption > (PROP_ONETIME), keyscope (PROP_INHERIT) and keysource (PROP_INHERIT) > properties (in that order). If they are explicitly specified there is > no problem because the will be in the nvprops. However if they are to > be inherited they won't be in nvprops since inheritance hasn't happened > yet (since we are still in libzfs`zfs_create()).
It may be a silly question, but if properties you need are to be inherited, why not just call into the kernel to create dataset w/o specifying them? Equivalently, why would one want to set properties to be inherited *before* inheritance happens? Some specific constraints imposed by ZFS Crypto design? Regards, Andrey
