diff options
-rw-r--r-- | cmd/zfs/zfs_main.c | 16 | ||||
-rwxr-xr-x | tests/zfs-tests/tests/functional/cli_root/zfs_mount/zfs_mount_encrypted.ksh | 13 |
2 files changed, 26 insertions, 3 deletions
diff --git a/cmd/zfs/zfs_main.c b/cmd/zfs/zfs_main.c index d148516f1..31376080b 100644 --- a/cmd/zfs/zfs_main.c +++ b/cmd/zfs/zfs_main.c @@ -6229,6 +6229,22 @@ share_mount_one(zfs_handle_t *zhp, int op, int flags, char *protocol, } /* + * If this filesystem is encrypted and does not have + * a loaded key, we can not mount it. + */ + if ((flags & MS_CRYPT) == 0 && + zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) != ZIO_CRYPT_OFF && + zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS) == + ZFS_KEYSTATUS_UNAVAILABLE) { + if (!explicit) + return (0); + + (void) fprintf(stderr, gettext("cannot %s '%s': " + "encryption key not loaded\n"), cmdname, zfs_get_name(zhp)); + return (1); + } + + /* * If this filesystem is inconsistent and has a receive resume * token, we can not mount it. */ diff --git a/tests/zfs-tests/tests/functional/cli_root/zfs_mount/zfs_mount_encrypted.ksh b/tests/zfs-tests/tests/functional/cli_root/zfs_mount/zfs_mount_encrypted.ksh index e81d6f2a5..9749a9b3a 100755 --- a/tests/zfs-tests/tests/functional/cli_root/zfs_mount/zfs_mount_encrypted.ksh +++ b/tests/zfs-tests/tests/functional/cli_root/zfs_mount/zfs_mount_encrypted.ksh @@ -29,9 +29,12 @@ # 1. Create an encrypted dataset # 2. Unmount and unload the dataset's key # 3. Verify the key is unloaded -# 4. Attempt to load the key while mounting the dataset -# 5. Verify the key is loaded -# 6. Verify the dataset is mounted +# 4. Attempt to mount all datasets in the pool +# 5. Verify that no error code is produced +# 6. Verify that the encrypted dataset is not mounted +# 7. Attempt to load the key while mounting the dataset +# 8. Verify the key is loaded +# 9. Verify the dataset is mounted # verify_runnable "both" @@ -53,6 +56,10 @@ log_must zfs unmount $TESTPOOL/$TESTFS1 log_must zfs unload-key $TESTPOOL/$TESTFS1 log_must key_unavailable $TESTPOOL/$TESTFS1 +log_must zfs mount -a +unmounted $TESTPOOL/$TESTFS1 || \ + log_fail "Filesystem $TESTPOOL/$TESTFS1 is mounted" + log_must eval "echo $PASSPHRASE | zfs mount -l $TESTPOOL/$TESTFS1" log_must key_available $TESTPOOL/$TESTFS1 |