> -----Original Message----- > From: Darren.Moffat at Sun.COM [mailto:Darren.Moffat at Sun.COM] > Sent: Wednesday, March 19, 2008 5:40 PM > To: andrey.v.kuzmin at gmail.com > Cc: zfs-code at opensolaris.org > Subject: Re: zfs-code Digest, Vol 22, Issue 3 > > > I think you have misunderstood what I'm saying, so let me give some > examples: > > $ zfs create -o encryption=aes-128-ccm tank/home > $ zfs create tank/home/darrenm > $ zfs create -o keyscope=dataset -o keysource=passphrase,prompt \ > tank/home/darrenm/Documents > Enter passphrase for tank/home/darrenm/Documents: *********** > Re-enter passphrase for tank/home/darrenm/Documents: *********** > $ > > For the first two filesystems keyscope is the default which is pool. > They just require that the pool key is available to create them. > > For the third case I'm inheriting the encryption property but overriding > the keyscope to dataset and since I set keyscope I need to set keysource > because it isn't set in any of parents to inherit it from.
In the third case you can do create w/o setting overridden properties to inherit encryption, and then override necessary properties as well. Or there's no way to override crypto-properties once set? Regards, Andrey
