upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-11 01:30:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

libbe: avoid copying encryption-related props

Browse source 
libzfs insists that these be cloned from the origin, so avoid making a
deep copy of them ourselves to unbreak creating a new BE from a BE with
encrypted components -- in today's environment, without a loader that
does encryption, this means a deep BE setup where something underneath
the BE (e.g., home directories) are encrypted.

Reported and tested by:	arrowd
Reviewed by:	allanjude

(cherry picked from commit 181549c37f)
This commit is contained in:
Kyle Evans 2025-02-26 16:23:24 -06:00
parent 0da1817868
commit a5b392de86
1 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
lib/libbe/be.c
View file

@ -670,8 +670,20 @@ be_deep_clone_prop(int prop, void *cb)
dccb = cb;
/* Skip some properties we don't want to touch */
if (prop == ZFS_PROP_CANMOUNT)
switch (prop) {
/*
* libzfs insists on these being naturally inherited in the
* cloning process.
*/
case ZFS_PROP_KEYFORMAT:
case ZFS_PROP_KEYLOCATION:
case ZFS_PROP_ENCRYPTION:
case ZFS_PROP_PBKDF2_ITERS:
/* FALLTHROUGH */
case ZFS_PROP_CANMOUNT: /* Forced by libbe */
return (ZPROP_CONT);
}
/* Don't copy readonly properties */
if (zfs_prop_readonly(prop))