ZFS snapshots and daily security checks

Lev Serebryakov lev at FreeBSD.org
Mon Apr 8 09:49:06 UTC 2013


Hello, Jeremy.
You wrote 8 апреля 2013 г., 13:30:17:

JC> My theory is that your "pool" filesystem has the snapdir property as
JC> visible, and therefore all filesystems under pool (ex. "pool/home")
JC> would inherit the value.
  Nope :) It is "hidden, default"

JC> Looking at the ZFS code, hidden **is** the default, even in r244958
JC> (which you're running):
JC> http://svnweb.freebsd.org/base/stable/9/sys/cddl/contrib/opensolaris/common/zfs/zfs_prop.c?view=annotate
JC> See line 218.  The 3rd parameter, ZFS_SNAPDIR_HIDDEN, is what defines
JC> the default value.
  Pool and FS was created long time ago :)
  Ok, it is not very interesting, why it was set to "visible".
  Now  we  understand why snapshots were "mounted" and why only `mount
  -p'  show  them. Last question is how to make them mounted (to allow
  users  use  them) and don't have bogus 25 line difference (24 hourly
  snapshots and 1 daily snapshot) in each daily security report...

  It  looks  like,  I  need  simply  add properly crafted "grep -v" to
  security script

-- 
// Black Lion AKA Lev Serebryakov <lev at FreeBSD.org>



More information about the freebsd-fs mailing list