ZFS Channel Programs cannot get_prop `encryption` or `encryptionroot` properties

[grahamc]

System information

Type	Version/Name
Distribution Name	NixOS
Distribution Version	21.09 (unstable)
Linux Kernel	5.10.45
Architecture	x86_64
ZFS Version	2.1.0-1
SPL Version	2.1.0-1

and by @nshalman:

Type	Version/Name
Distribution Name	SmartOS
Distribution Version	joyent_20210520T001536Z
Architecture	x86_64

Describe the problem you're observing

A ZFS Channel Program can't access, seemingly, just these two properties:

enc.lua:

dataset = "tank/safe/home"

result = {}
result["keyformat"] = zfs.get_prop(dataset, "keyformat")
result["keylocation"] = zfs.get_prop(dataset, "keylocation")
result["encryption"] = zfs.get_prop(dataset, "encryption")
result["encryptionroot"] = zfs.get_prop(dataset, "encryptionroot") == null
return result

results in:

grahamc@hyperchicken:~/ > zfs get encryption tank/safe/home
NAME            PROPERTY    VALUE        SOURCE
tank/safe/home  encryption  aes-256-gcm  -

grahamc@hyperchicken:~/ > zfs get encryptionroot tank/safe/home
NAME            PROPERTY        VALUE    SOURCE
tank/safe/home  encryptionroot  tank     -

grahamc@hyperchicken:~/ > sudo zfs program tank ./enc.lua
Channel program fully executed and produced output:
    return:
        encryptionroot: true
        encryption: 'off'
        keylocation: 'none'
        keyformat: 'passphrase'

and for @nshalman:

# echo "passphrase" | zfs create -o encryption=aes-256-ccm -o keyformat=passphrase zones/deleteme
# zfs get all zones/deleteme | grep cryp
zones/deleteme  encryption            aes-256-ccm            -
zones/deleteme  encryptionroot        zones/deleteme         -
# zfs program zones ./enc.lua
Channel program fully executed and produced output:
    return:
        encryptionroot: true
        keyformat: 'none'
        keylocation: 'prompt'
        encryption: 'off'

Describe how to reproduce the problem

Create an encrypted dataset:

echo "passphrase" | zfs create -o encryption=aes-256-ccm -o keyformat=passphrase zones/deleteme

then edit enc.lua from above to point to the dataset and execute it, note the encryption and encryptionroot fields are not correctly reported.

Include any warning/errors/backtraces from the system logs

none

---

I've opened PR #12335 adding a test to verify channel programs can access these two fields. As expected, the test fails in the sanity tests:

Test: /usr/share/zfs/zfs-tests/tests/functional/channel_program/lua_core/tst.encryption (run as root) [00:00] [FAIL]

[jwk404]

When a solution is found for this bug, we should be sure not to let the work done in https://github.com/openzfs/zfs/pull/12335 be lost, and include those tests.

[stale[bot]]

This issue has been automatically marked as "stale" because it has not had any activity for a while. It will be closed in 90 days if no further activity occurs. Thank you for your contributions.

[nshalman]

I don't think this is resolved. @grahamc this should remain open, right?

[stale[bot]]

This issue has been automatically marked as "stale" because it has not had any activity for a while. It will be closed in 90 days if no further activity occurs. Thank you for your contributions.

[grahamc]

I don't think this is solved, and I wish it were, though I'm no longer pursuing this.

On Sun, Oct 15, 2023, at 11:37 AM, stale[bot] wrote:

This issue has been automatically marked as "stale" because it has not had any activity for a while. It will be closed in 90 days if no further activity occurs. Thank you for your contributions.

— Reply to this email directly, view it on GitHub https://github.com/openzfs/zfs/issues/12337#issuecomment-1763426662, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAASXLEHOHDMLGUMRT5EQ6TX7P7KBAVCNFSM5AA4DD32U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCNZWGM2DENRWGYZA. You are receiving this because you were mentioned.Message ID: @.***>