Defining exceptions

Exceptions for the write filter can be defined by creating new datasets, since only the dataset zroot/ROOT/default is protected from write accesses; all other system datasets, including newly created datasets, are excluded from the protection.

This chapter shows an example of how a separate dataset can be created for the TwinCAT boot directory, thereby excluding this directory from the write filter protection.

Requirements:

Save the TwinCAT boot directory in advance if you follow this example.
Disable the write filter (see Enabling or disabling the write filter).

Proceed as follows:

1. Enter the command doas rm -rf /usr/local/etc/TwinCAT/3.1/Boot/*.

2. The directory usr/local/etc/TwinCAT/3.1/Boot is detached from the file hierarchy.

3. Enter the command doas zfs create -o mountpoint=/usr/local/etc/TwinCAT/3.1/Boot zroot/usr/TwinCAT-Boot to mount the new dataset zroot/usr/TwinCAT-Boot.

You have successfully created a new dataset for the TwinCAT boot directory. Use zfs mount to display all mounted datasets, including the new dataset zroot/usr/TwinCAT-Boot. From now on, all directories below this directory are no longer protected from write access by an active write filter.