aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--cmd/zfs/zfs_main.c16
-rwxr-xr-xtests/zfs-tests/tests/functional/cli_root/zfs_mount/zfs_mount_encrypted.ksh13
2 files changed, 26 insertions, 3 deletions
diff --git a/cmd/zfs/zfs_main.c b/cmd/zfs/zfs_main.c
index d148516f1..31376080b 100644
--- a/cmd/zfs/zfs_main.c
+++ b/cmd/zfs/zfs_main.c
@@ -6229,6 +6229,22 @@ share_mount_one(zfs_handle_t *zhp, int op, int flags, char *protocol,
}
/*
+ * If this filesystem is encrypted and does not have
+ * a loaded key, we can not mount it.
+ */
+ if ((flags & MS_CRYPT) == 0 &&
+ zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) != ZIO_CRYPT_OFF &&
+ zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS) ==
+ ZFS_KEYSTATUS_UNAVAILABLE) {
+ if (!explicit)
+ return (0);
+
+ (void) fprintf(stderr, gettext("cannot %s '%s': "
+ "encryption key not loaded\n"), cmdname, zfs_get_name(zhp));
+ return (1);
+ }
+
+ /*
* If this filesystem is inconsistent and has a receive resume
* token, we can not mount it.
*/
diff --git a/tests/zfs-tests/tests/functional/cli_root/zfs_mount/zfs_mount_encrypted.ksh b/tests/zfs-tests/tests/functional/cli_root/zfs_mount/zfs_mount_encrypted.ksh
index e81d6f2a5..9749a9b3a 100755
--- a/tests/zfs-tests/tests/functional/cli_root/zfs_mount/zfs_mount_encrypted.ksh
+++ b/tests/zfs-tests/tests/functional/cli_root/zfs_mount/zfs_mount_encrypted.ksh
@@ -29,9 +29,12 @@
# 1. Create an encrypted dataset
# 2. Unmount and unload the dataset's key
# 3. Verify the key is unloaded
-# 4. Attempt to load the key while mounting the dataset
-# 5. Verify the key is loaded
-# 6. Verify the dataset is mounted
+# 4. Attempt to mount all datasets in the pool
+# 5. Verify that no error code is produced
+# 6. Verify that the encrypted dataset is not mounted
+# 7. Attempt to load the key while mounting the dataset
+# 8. Verify the key is loaded
+# 9. Verify the dataset is mounted
#
verify_runnable "both"
@@ -53,6 +56,10 @@ log_must zfs unmount $TESTPOOL/$TESTFS1
log_must zfs unload-key $TESTPOOL/$TESTFS1
log_must key_unavailable $TESTPOOL/$TESTFS1
+log_must zfs mount -a
+unmounted $TESTPOOL/$TESTFS1 || \
+ log_fail "Filesystem $TESTPOOL/$TESTFS1 is mounted"
+
log_must eval "echo $PASSPHRASE | zfs mount -l $TESTPOOL/$TESTFS1"
log_must key_available $TESTPOOL/$TESTFS1