Hi all,
I was wondering if you could help advise on an issue I have come across with
ecryptfs:
===================
Dec 8 11:16:14 ABCD kernel: Error opening lower file for lower_dentry
[0xffff88007c8f8d40] and lower_mnt [0xffff880075f0b8a0]; rc = [-13]
Dec 8 11:16:14 ABCD kernel: ecryptfs_open: Error attempting to initialize
the lower file for the dentry with name [snapshot]; rc = [-13]
===================
The scenario I have is a ZFS Volume, mounted to a different folder and have
snapshots occurring on ZFS Volume:
? ZFS volume (/storage/data-shares/test) mounted as /storage/ecryptfs/test
? /storage/data-shares/test on /storage/ecryptfs/test type ecryptfs
(rw,ecryptfs_sig=63f26cda65bc3115,ecryptfs_unlink_sigs,ecryptfs_cipher=aes,e
cryptfs_key_bytes=32,ecryptfs_fnek_sig=63f26cda65bc3115)
If I attempt to view the .zfs directory from under the
/storage/ecryptfs/test mount, this is when the error occurs.
I have also tested with ?ecryptfs_passthrough=y? mount option to accesses
directories / files not encrypted ? however the same error gets generated.
The importance of the .zfs snapshot side of things ? is that you can use
that under Samba to provide the Windows ?previous versions? feature for a
lightweight roll back to an older document if you accidentally delete /
change content inside the document.
I considered performing the snapshots on the /storage/ecryptfs/test itself,
but then that would mean the snapshots contain decrypted data ? which is not
what I would like ? as I want to send the snapshots to the cloud as backup ?
thus not secure if not encrypted.
The requirement for looking at ecryptfs is that ZFS on Linux currently does
not support encryption natively, thus need to look at using something like
ecryptfs to provide an encryption solution where possible.
Additional system information:
? Kernel 3.12.32
? ecryptfs-utils = 104-2
? ZFS on Linux 0.6.3 / Git Master
? Samba = 4.1.14
? Netatalk = 3.1.7
The snapshots are being generated for the ZFS side of things:
===================
-bash-4.1# zfs list -t snapshot
NAME USED AVAIL
REFER MOUNTPOINT
storage/data-shares/test@zfs-auto-snap_2014-12-08-111402 120K -
188K -
storage/data-shares/test@zfs-auto-snap_2014-12-08-111601 0 -
188K -
storage/data-shares/test@zfs-auto-snap_2014-12-08-111801 0 -
188K -
storage/data-shares/test@zfs-auto-snap_2014-12-08-112001 0 -
188K -
The data is there on the ZFS side in the snapshot folders. Note: The .zfs
folder is hidden, and does not display even with ls -la:
-bash-4.1# cd /storage/data-shares/test/
-bash-4.1# cd .zfs
-bash-4.1# ls -laR
.:
total 37
dr-xr-xr-x 1 root root 0 Dec 8 11:07 .
drwxrwxr-x 2 nobody sambausers 3 Dec 8 11:08 ..
dr-xr-xr-x 2 root root 2 Dec 8 11:21 shares
dr-xr-xr-x 2 root root 2 Dec 8 11:20 snapshot
./shares:
total 0
dr-xr-xr-x 2 root root 2 Dec 8 11:21 .
dr-xr-xr-x 1 root root 0 Dec 8 11:07 ..
./snapshot:
total 0
dr-xr-xr-x 2 root root 2 Dec 8 11:20 .
dr-xr-xr-x 1 root root 0 Dec 8 11:07 ..
dr-xr-xr-x 1 root root 0 Dec 8 11:21 zfs-auto-snap_2014-12-08-111402
dr-xr-xr-x 1 root root 0 Dec 8 11:21 zfs-auto-snap_2014-12-08-111601
dr-xr-xr-x 1 root root 0 Dec 8 11:21 zfs-auto-snap_2014-12-08-111801
dr-xr-xr-x 1 root root 0 Dec 8 11:21 zfs-auto-snap_2014-12-08-112001
./snapshot/zfs-auto-snap_2014-12-08-111402:
total 61
drwxrwxr-x 2 nobody sambausers 3 Dec 8 11:08 .
dr-xr-xr-x 3 root root 3 Dec 8 11:20 ..
-rwxrw-r-- 1 nobody sambausers 12288 Dec 8 11:08
ECRYPTFS_FNEK_ENCRYPTED.FWZXwanONPkl3EaOc1WYje2ffO7G6pexoKFiP-yDFI29rqO6Gc0Y
xLst9E--
./snapshot/zfs-auto-snap_2014-12-08-111601:
total 61
drwxrwxr-x 2 nobody sambausers 3 Dec 8 11:08 .
dr-xr-xr-x 4 root root 4 Dec 8 11:20 ..
-rwxrw-r-- 1 nobody sambausers 12288 Dec 8 11:15
ECRYPTFS_FNEK_ENCRYPTED.FWZXwanONPkl3EaOc1WYje2ffO7G6pexoKFiP-yDFI29rqO6Gc0Y
xLst9E--
./snapshot/zfs-auto-snap_2014-12-08-111801:
total 61
drwxrwxr-x 2 nobody sambausers 3 Dec 8 11:08 .
dr-xr-xr-x 5 root root 5 Dec 8 11:20 ..
-rwxrw-r-- 1 nobody sambausers 12288 Dec 8 11:15
ECRYPTFS_FNEK_ENCRYPTED.FWZXwanONPkl3EaOc1WYje2ffO7G6pexoKFiP-yDFI29rqO6Gc0Y
xLst9E--
./snapshot/zfs-auto-snap_2014-12-08-112001:
total 61
drwxrwxr-x 2 nobody sambausers 3 Dec 8 11:08 .
dr-xr-xr-x 6 root root 6 Dec 8 11:20 ..
-rwxrw-r-- 1 nobody sambausers 12288 Dec 8 11:15
ECRYPTFS_FNEK_ENCRYPTED.FWZXwanONPkl3EaOc1WYje2ffO7G6pexoKFiP-yDFI29rqO6Gc0Y
xLst9E--
===================
Additional info re ZFS volume:
===================
-bash-4.1# zfs get all storage/data-shares/test
NAME PROPERTY VALUE
SOURCE
storage/data-shares/test type filesystem -
storage/data-shares/test creation Sun Dec 7 20:20 2014 -
storage/data-shares/test used 96K -
storage/data-shares/test available 4.89G -
storage/data-shares/test referenced 96K -
storage/data-shares/test compressratio 1.00x -
storage/data-shares/test mounted yes -
storage/data-shares/test quota none
default
storage/data-shares/test reservation none
default
storage/data-shares/test recordsize 128K
default
storage/data-shares/test mountpoint /storage/data-shares/test
default
storage/data-shares/test sharenfs off
default
storage/data-shares/test checksum on
default
storage/data-shares/test compression off
default
storage/data-shares/test atime off
inherited from storage
storage/data-shares/test devices on
default
storage/data-shares/test exec on
default
storage/data-shares/test setuid on
default
storage/data-shares/test readonly off
default
storage/data-shares/test zoned off
default
storage/data-shares/test snapdir hidden
default
storage/data-shares/test aclinherit passthrough-x
local
storage/data-shares/test canmount on
default
storage/data-shares/test xattr sa
local
storage/data-shares/test copies 2
local
storage/data-shares/test version 5 -
storage/data-shares/test utf8only off -
storage/data-shares/test normalization none -
storage/data-shares/test casesensitivity mixed -
storage/data-shares/test vscan off
default
storage/data-shares/test nbmand off
default
storage/data-shares/test sharesmb off
default
storage/data-shares/test refquota none
default
storage/data-shares/test refreservation none
default
storage/data-shares/test primarycache all
default
storage/data-shares/test secondarycache all
default
storage/data-shares/test usedbysnapshots 0 -
storage/data-shares/test usedbydataset 96K -
storage/data-shares/test usedbychildren 0 -
storage/data-shares/test usedbyrefreservation 0 -
storage/data-shares/test logbias latency
default
storage/data-shares/test dedup off
default
storage/data-shares/test mlslabel none
default
storage/data-shares/test sync standard
default
storage/data-shares/test refcompressratio 1.00x -
storage/data-shares/test written 0 -
storage/data-shares/test logicalused 9.50K -
storage/data-shares/test logicalreferenced 9.50K -
storage/data-shares/test snapdev hidden
default
storage/data-shares/test acltype posixacl
local
storage/data-shares/test context none
default
storage/data-shares/test fscontext none
default
storage/data-shares/test defcontext none
default
storage/data-shares/test rootcontext none
default
storage/data-shares/test relatime off
default
storage/data-shares/test redundant_metadata all
default
storage/data-shares/test overlay off
default
-bash-4.1#
===================
Any advice this list can provide would be greatly appreciated.
Best regards,
Alex
ÿôèº{.nÇ+?·?®??+%?Ëÿ±éݶ�¥?wÿº{.nÇ+?·?r¼©µûÿ?{ayº�Ê?Ú?ë,j�¢f£¢·h??ï?êÿ?êçz_è®�(é???Ý¢j"?ú�¶�m§ÿÿ¾�«þG«?éÿ¢¸??¨èÚ&£ø§~?á
