ZFS snapshots and daily security checks

John Theus john at theusgroup.com
Mon Apr 8 19:11:10 UTC 2013 

>
>JC> I don't know what to tell you -- my output clearly shows that after
>JC> creating a snapshot with "zfs snapshot -r filesystem at snapname" that
>JC> mount nor mount -p show anything.
>  What's  really wander me, why is here difference between `mount' and
> `mount -p' output on my system. It looks like `-p' option should be
> cosmetic one...
>
>JC> I wonder if you have either pool or filesystem-level attributes which
>JC> are causing your issue.
>
>JC> Here are mine, for the pool and filesystem I used in my previous mail
>JC> (pool "data" and filesystem "data/home"):
>
>JC> data/home  snapdir               hidden                 default
>pool/home  snapdir               visible                 default
>
>  It is only not size- and date-related difference. So, we know why
> here is difference between my and your `mount -p' outputs! (BTW, why
> both values are default?!)
>
>  And here is some conflict of interests: it is god to allow useres
>restore their files from snapshots without my help (and it is require
>visible snapshots), but it is very annoying output in security
>checks...
>
> And why output of mount depends on visual option? I need to read
> mount sources.
>
It doesn't. Snapdir is hidden and listsnapshots if off on all my pools and
filesystems, and I see snapshots listed on mount -p, but NOT all snapshots.

Running 9.1-STABLE #1 r248540M: Wed Mar 20 00:48:58 PDT 2013, but I've seen
this behavior since zfs version 15.

All my snapshots use the same format as zfSnap, and show their creation time
and time-to-live. On some filesystems, snapshots are made as frequently as
5 minutes, but only live a couple of hours. Other snapshots are made daily that
live weeks.

When I do a mount -p, the only snapshots that show up are the ones that were
made on the once per day and once per week schedule. These snapshots were used
for daily backups using zfs send. The snapshots that live for multiple days,
but are not used for a backup do not show up.

I have not looked any deeper, and took the easy route to clean up the security
reports but setting daily_status_security_chkmounts_enable="NO"
in periodic.conf.

John Theus
TheUsGroup.com

More information about the freebsd-fs mailing list