Friday Sep 05, 2008

ZFS Crypto Codereview starts today

Prelim codereview for the OpenSolaris ZFS Crypto project starts today (Friday 5th September 2008 at 1200 US/Pacific) and is scheduled to end on Friday 3rd October 2008 at 2359 US/Pacific. Comments recieved after this time will still be considered but unless there are serious in nature (data corruption, security issue, regression from existing ZFS) they may have to wait until post onnv-gate integration to be addressed; however every comment will be looked at and assessed on its own merit.

For the rest of the pointers to the review materials and how to send comments see the project codereview page.

Thursday Aug 14, 2008

Making files on ZFS Immutable (even by root!)

First lets look at the normal POSIX file permissions and show who we are and what privileges our shell is running with:

# ls -l /tank/fs/hamlet.txt 
-rw-rw-rw-   1 root     root      211179 Aug 14 13:00 /tank/fs/hamlet.txt

# pcred $$
100618: e/r/suid=0  e/r/sgid=0
        groups: 0 1 2 3 4 5 6 7 8 9 12

# ppriv $$
100618: -zsh
flags = 
        E: all
        I: all
        P: all
        L: all

So we are running as root and have all privileges in our process and are passing all on to our children. We also own the file (and it is on a local ZFS filesystem not over NFS), and it is writable by us and our group, everyone in fact. So lets try and modify it:

# echo "SCRIBBLE" > /tank/fs/hamlet.txt 
zsh: not owner: /tank/fs/hamlet.txt

That didn't work lets try and delete it, but first check the permissions of the containing directory:

# ls -ld /tank/fs
drwxr-xr-x   2 root     root           3 Aug 14 13:00 /tank/fs

# rm /tank/fs/hamlet.txt
rm: /tank/fs/hamlet.txt: override protection 666 (yes/no)? y
rm: /tank/fs/hamlet.txt not removed: Not owner

That is very strange, so what is going on here ?

Before I started this I made the file immutable. That means that regardless of what privileges(5) the process has and what POSIX permissions or NFSv4/ZFS ACL it has we can't delete it change it nor can we even change the POSIX permissions or the ACL. So how did we do that ? Without good old friend chmod:

# chmod S+ci /tank/fs/hamlet.txt
Or more verbosely:
# chmod chmod S+v immutable /tank/fs/hamlet.txt

See chmod(1) for more details. For those of you running OpenSolaris 2008.05 releases then you need to change the default PATH to have /usr/bin in front of /usr/gnu/bin or use the full path to /usr/bin/chmod. This is because these extensions are only part of the OpenSolaris chmod command not the GNU version. The same applies to my previous posting on the extended output from ls.

Heaps of info available on files via good old ls(1) [ But not encryption status ]

In "compact" form:

ls -V@ -/c -% all /tank/fs/hamlet.txt
-rw-r--r--+  1 root     root      211179 Aug 14 12:20 /tank/fs/hamlet.txt
                {AHRSa-i--u}
                timestamp: atime         Aug 14 12:37:37 2008 
                timestamp: ctime         Aug 14 12:32:58 2008 
                timestamp: mtime         Aug 14 12:20:08 2008 
                timestamp: crtime        Aug 14 12:19:41 2008 
                user:lp:r-------------:-------:deny
                 owner@:--x-----------:-------:deny
                 owner@:rw-p---A-W-Co-:-------:allow
                 group@:-wxp----------:-------:deny
                 group@:r-------------:-------:allow
              everyone@:-wxp---A-W-Co-:-------:deny
              everyone@:r-----a-R-c--s:-------:allow

In verbose form:

ls -v@ -/v -% all /tank/fs/hamlet.txt
-rw-r--r--+  1 root     root      211179 Aug 14 12:20 /tank/fs/hamlet.txt
                {archive,hidden,readonly,system,appendonly,nonodump,
                 immutable,noav_modified,noav_quarantined,nounlink}
                timestamp: atime         Aug 14 12:21:12 2008 
                timestamp: ctime         Aug 14 12:32:58 2008 
                timestamp: mtime         Aug 14 12:20:08 2008 
                timestamp: crtime        Aug 14 12:19:41 2008 
     0:user:lp:read_data:deny
     1:owner@:execute:deny
     2:owner@:read_data/write_data/append_data/write_xattr/write_attributes
         /write_acl/write_owner:allow
     3:group@:write_data/append_data/execute:deny
     4:group@:read_data:allow
     5:everyone@:write_data/append_data/write_xattr/execute/write_attributes
         /write_acl/write_owner:deny
     6:everyone@:read_data/read_xattr/read_attributes/read_acl/synchronize
         :allow

One interesting thing it doesn't tell me about this file is that it is that all that information is encrypted on disk. For that I have to use zfs(1):

# zfs get encryption tank/fs
NAME     PROPERTY    VALUE        SOURCE
tank/fs  encryption  on           local

Or a little more verbosely:

# zfs list -r -o name,encryption,keyscope,keystatus,mounted tank 
NAME           CRYPT  KEYSCOPE    KEYSTATUS  MOUNTED
tank             off      pool    undefined      yes
tank/fs           on      pool    available      yes

I wonder if it is worth having the verbose ls(1) output indicate that the file was encrypted on "disk" by the filesystem.

What would people do with that info if they had it ? Any ideas let me know.

Thursday Oct 04, 2007

ZFS Crypto Alpha Release

ZFS Crypto (Phase 1) Alpha Release binaries are now available. At the moment this is x86/x64 only and debugging a very strange (non crypto) problem on the SPARC binaries and will make them available when I can.

Monday Jul 02, 2007

ZFS Crypto Design Review

The design review for phase one of the OpenSolaris ZFS Crypto Project starts now, details on how to participate are here.

 

Wednesday May 02, 2007

ZFS under GPLv2 already exists - no kidding!

I'm getting really fed up with the constant rantings on all sides about what Sun should to about the license on the ZFS code so that Linux can use it.  Apparently Sun is the bad guy because ZFS is under CDDL and not GPLv2 and we are purposely doing that so Linux does not get ZFS, personally I don't agree but each to their own opinion and licensing is worse than religion in open software development. 

There is already a port to FreeBSD and rumours abound that it is in a future release of MacOS, without the CDDL those might not have happened. 

There is also a port of ZFS to FUSE which means Linux users can use it that way.  Performance won't be great with FUSE but it is probably acceptable.  FUSE is a great tool and I can't wait until the Solaris port is ready - because then Solaris can read Linux ext based filesystems that way!

Now about that headline, yes I really did say that ZFS code is already available under the GPLv2.  I will be completely honest though and make it clear that it isn't all of the ZFS source.  It is, sufficient amount to be able to boot an OpenSolaris based system from GRUB, that means that support for mirroring and the checksum and compression support is there but radiz isn't nor are the userland commands.   It is possible that this might be enough to get someone started.  Still don't believe me check out the updated GRUB source on opensolaris.org, specifically all the files with zfs in their name - every single one of them under the GPLv2 or later.

Update:  While I appreciate some of the comments posted I'm not going to let my blog be a place to post other peoples opinions on CDDL vs GPL.  So I've deleted some comments, if that annoys you because I deleted your comment, tough luck this is my blog and my policy and thats how it is.  Comments are now closed.
 

About

Darrenmoffat-Oracle

Search

Categories
Archives
« March 2015
MonTueWedThuFriSatSun
      
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
     
Today