ZFS, noexec and snapshots
Patrick Proniewski
patrick.proniewski at univ-lyon2.fr
Mon Jun 20 19:17:06 UTC 2011
Hello,
Following Micheal's reply, I realise my english is not as clear as I wish :)
> On 19/06/2011 10:03, Patrick Proniewski wrote:
>>
>> Every ZFS volume is made with noexec, but I've just find out that the automount of .zfs/snapshot/* is not made with the noexec option.
>>
>
> Just two days ago I was wondering why some of my snapshots are not
> visible in .zfs/snapshot/ after setting snapdir=visible. All of given
> datasets have the noexec property set on.
> I guess that is the answer then.
>
> Michael
What I intended to say is:
Automount of .zfs/snapshot/* works, but snapshots are mounted without the option "noexec", despite the fact that the property should be inherited from parents (i think).
Well, if you rely on "noexec" as a security feature, just don't use snapshots, because it looks like snapshots are always mounted with "exec = on"
Patrick PRONIEWSKI
--
Administrateur Système - DSI - Université Lumière Lyon 2
More information about the freebsd-fs
mailing list