This affects all my TrueNAS Core 13.0U3 and 13.0U3.1.
I encrypt my pool/root dataset using ZFS native encryption with key. Child datasets inherit encryption from parents.
No I want to keep sensitive data inside dataset that can be easily locked - that is why I create child dataset encrypted with pathphrase. Until now all is ok.
Wired things start when I lock dataset protected by passphrase. No matter if I select "Force unount" or not while locking dataset it is still visible in file system. What is more I can simply enter this dataset and create new files inside (despite te fact that in UI I can see padlock closed indicating dataset is locked). Then when I unlock this dataset, new direcory with dataset name appended with unlock date, time and some random characters is created. This new folder contains all data that was put inside passprase protected dataset whlie it was locked. New folder is created everytiem I put anything inside dataset while it is locked. This is 100% reproducible.
So basically lock/unlock work fine and content of passphrase dataset is ok. But while locked dataset is still available in file system in rw mode and this can misslead users.
Is that a bug and I should file ticket to fix? Or I am doing something wrong?
I encrypt my pool/root dataset using ZFS native encryption with key. Child datasets inherit encryption from parents.
No I want to keep sensitive data inside dataset that can be easily locked - that is why I create child dataset encrypted with pathphrase. Until now all is ok.
Wired things start when I lock dataset protected by passphrase. No matter if I select "Force unount" or not while locking dataset it is still visible in file system. What is more I can simply enter this dataset and create new files inside (despite te fact that in UI I can see padlock closed indicating dataset is locked). Then when I unlock this dataset, new direcory with dataset name appended with unlock date, time and some random characters is created. This new folder contains all data that was put inside passprase protected dataset whlie it was locked. New folder is created everytiem I put anything inside dataset while it is locked. This is 100% reproducible.
So basically lock/unlock work fine and content of passphrase dataset is ok. But while locked dataset is still available in file system in rw mode and this can misslead users.
Is that a bug and I should file ticket to fix? Or I am doing something wrong?