Discussion in 'Storage & Backup' started by ae00711, Apr 28, 2020.
ZFS only sees the image file, and will only scrub that data. It's still verified data though, and Veracypt won't decrypt corrupt data, so there's some level of protection.
ZFS has no ability to peer inside of loopback mounted file systems. It considers that data a simple file like any other.
You need not care about scrub. This will detect any corruption and repair it from redundancy. You must care of the ZFS write cache. On a crash during a write up to 5s (Oracle Solaris with native ZFS) or 2GB (Open-ZFS) of last writes can be lost. On the ZFS filesystem this is uncritical as with Copy on Write an atomic write (data+metadata) is done completely or discarded so there is no corruption on ZFS itself. This is different to a filesystem within a file or zvol on ZFS be it a foreign encrypted folder or a VM filesystem. This file can become corrupt on a crash during a write. To be save you must enable sync write. With a disk based pool performance can go down to 10% of unsync value when you enable sync. You also need powerloss save SSDs with a flash array. A fast Slog can reduce the performance degration with disks.
Use ZFS encryption for encrypted data with full ZFS protection. This is available on Solaris, Illumos (free Solaris fork ex OmniOS,OI) or Linux, currently not Free-BSD.