Solved zfs set exec=off not inherited to snapshots

CyberCr33p

CyberCr33p

I run zfs set exec=off zroot/home/backup. After this command all snapshots show "temporary" as source. After a reboot then they show inherited from zroot/home/backup. But if I create a new snapshot without rebooting after it show it as "temporary".

Code: 
# zfs get all | grep zroot/home | grep exec

zroot/home                  exec                  on                     default
zroot/home/backup           exec                  off                    local
zroot/home/backup@20230120  exec                  off                    inherited from zroot/home/backup
zroot/home/backup@20230121  exec                  off                    inherited from zroot/home/backup
zroot/home/backup@20230122  exec                  off                    inherited from zroot/home/backup
zroot/home/backup@20230123  exec                  on                     temporary
This doesn't happen with setuid:
Code: 
# zfs get all | grep setuid | grep zroot/home

zroot/home                  setuid                off                    local
zroot/home/backup           setuid                off                    local
zroot/home/backup@20230120  setuid                off                    inherited from zroot/home/backup
zroot/home/backup@20230121  setuid                off                    inherited from zroot/home/backup
zroot/home/backup@20230122  setuid                off                    inherited from zroot/home/backup
zroot/home/backup@20230123  setuid                off                    inherited from zroot/home/backup
Any idea why it happens with exec?
 
i am not quite sure but looking at

/sys/contrib/openzfs/module/os/freebsd/spl/spl_vfs.c mount_snapshot it looks like snapshot mount flags are hard wired
IGNORE | READONLY | NOSUID...
 
You are correct. This is the comment:

/*
* We don't want snapshots to allow access to vulnerable setuid
* programs, so we turn off setuid when mounting snapshots.
*/
mp->mnt_flag |= MNT_NOSUID;
Click to expand...
 
You must log in or register to reply here.
Back
Top