From a5b392de86f9e9949072ab4b7caf1439aa00a571 Mon Sep 17 00:00:00 2001 From: Kyle Evans Date: Wed, 26 Feb 2025 16:23:24 -0600 Subject: [PATCH] libbe: avoid copying encryption-related props libzfs insists that these be cloned from the origin, so avoid making a deep copy of them ourselves to unbreak creating a new BE from a BE with encrypted components -- in today's environment, without a loader that does encryption, this means a deep BE setup where something underneath the BE (e.g., home directories) are encrypted. Reported and tested by: arrowd Reviewed by: allanjude (cherry picked from commit 181549c37f1913f5ca292d8515a6e5e0068a9fe7) --- lib/libbe/be.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/lib/libbe/be.c b/lib/libbe/be.c index 38e5e44abb5..a9838f2200b 100644 --- a/lib/libbe/be.c +++ b/lib/libbe/be.c @@ -670,8 +670,20 @@ be_deep_clone_prop(int prop, void *cb) dccb = cb; /* Skip some properties we don't want to touch */ - if (prop == ZFS_PROP_CANMOUNT) + switch (prop) { + /* + * libzfs insists on these being naturally inherited in the + * cloning process. + */ + case ZFS_PROP_KEYFORMAT: + case ZFS_PROP_KEYLOCATION: + case ZFS_PROP_ENCRYPTION: + case ZFS_PROP_PBKDF2_ITERS: + + /* FALLTHROUGH */ + case ZFS_PROP_CANMOUNT: /* Forced by libbe */ return (ZPROP_CONT); + } /* Don't copy readonly properties */ if (zfs_prop_readonly(prop))