kldload — your Linux construction kit

ZFS Wiki

OpenZFS — the best filesystem on earth.

Distilled from thousands of pages of personal notes — years of running ZFS in production on FreeBSD, illumos, Proxmox, and now Linux via kldload. Not a copy of the manual. What I wish someone had told me when I started.

▸ Command Reference ▸ Pool Design & VDEVs ▸ Tuning for Workloads ▸ Memory & ARC ▸ Hardware Selection ▸ Snapshots & Replication ▸ Compression & Dedup ▸ Encryption ▸ ZFS vs Everything Else ▸ Common Myths ▸ illumos / FreeBSD / Linux / Proxmox ▸ Boot Chain (DKMS / Dracut)

What changes when you have ZFS on root

ZFS on root isn't just a different filesystem. It rewrites how you think about storage, data, security, and recovery. Linux people who've only known ext4 don't even realize what's possible because they've never had these capabilities.

Full disk encryption is obsolete

On ext4, encryption means LUKS — one key for the entire disk. Unlock it once and everything is exposed. Every file, every user, every secret — all decrypted at boot.

With ZFS: every single directory can have its own encryption key. /home/alice has Alice's key. /home/bob has Bob's key. /srv/secrets has a hardware token. The boot volume stays unencrypted. Only the datasets you need are unlocked, only when you need them. Bob can't read Alice's data even if he has root access — because her dataset is locked with a different key.

LUKS is a front door lock. ZFS encryption is a lock on every room, each with a different key.

Every directory is a dataset. Every dataset is independent.

On ext4, a directory is just a path in a tree. It shares the filesystem, the mount options, the encryption key, and the failure domain with everything else on the disk. The concept of a recursive directory structure — where everything lives under / in one big hierarchy — is the only model most Linux users have ever known.

With ZFS, that concept is gone. Every directory can be its own dataset with its own properties, its own encryption key, its own compression policy, its own snapshot schedule, and its own replication target. Datasets inherit properties from their parent but can override anything. /home/alice is not a folder — it's an independent, encryptable, replicable unit of storage.

This is exactly how Apple built macOS and iCloud. Your Apple ID is a dataset. Every device you register is its own dataset. When your iPhone connects, it checks the latest snapshot and syncs only the changes — block-level, encrypted, incremental. Each application is jailed into its own container backed by its own dataset. That's how macOS isolates every app, controls permissions per-app, and recovers from crashes without taking down the system. It's not magic — it's datasets all the way down.

ZFS gives you the same primitive. You can build any platform you like — with endless, reliable, secure disk space where every directory has its own identity, its own keys, and its own lifecycle. zfs send replicates any dataset to any machine, encrypted, block-level, only changed blocks. No rsync. No file-by-file crawl. The whole dataset — permissions, ACLs, timestamps, everything — in one stream.

Stop thinking in directories. Start thinking in datasets. That's the shift.

Every directory can have its own storage policy

On ext4, the entire disk has one set of options. One block size. One mount option set. Everything gets the same treatment.

With ZFS: /srv/database gets recordsize=8K and an SLOG. /srv/media gets recordsize=1M and ZSTD compression. /var/log gets a 10GB quota so logs can't fill the disk. /tmp gets excluded from snapshots. Each directory is tuned for its workload. Independently. Dynamically. No reformatting.

ext4 is a one-temperature building. ZFS gives every room its own thermostat.

Accidental deletion is undoable

On ext4, rm -rf is permanent. Your only hope is an external backup — if you have one, and if it's recent.

With ZFS: every dataset has a hidden .zfs/snapshot/ directory. Your hourly snapshots are right there. Deleted a file? cp /home/alice/.zfs/snapshot/hourly-1/oops.txt /home/alice/. No restore process. No backup software. The data never left the disk — the snapshot just remembers where it was.

ext4 is writing in pen. ZFS is writing in pencil with an undo button.

OS upgrades are risk-free

On ext4, a bad kernel upgrade means rescue USB, chroot, hope you can fix it. Or reinstall.

With ZFS: snapshot before upgrading. If it breaks, reboot into ZFSBootMenu, pick the old snapshot, boot in 15 seconds. Done. No rescue disk. No chroot. No reinstall. You can upgrade your kernel with the confidence of a git commit — if it's bad, just revert.

ext4 upgrades are jumping without a net. ZFS upgrades are jumping with a bungee cord.

Cloning is instant and free

On ext4, copying a 40GB VM disk takes minutes and doubles your storage usage.

With ZFS: zfs clone takes milliseconds and uses zero extra space. The clone shares all unchanged blocks with the original. Only divergent data costs space. Clone a VM, test a patch, destroy the clone if it's bad. Your original is untouched. Clone a user's home directory before they do something risky. Clone a database for testing. Clones are disposable copies that cost nothing until they change.

ext4 copies are photocopies. ZFS clones are shared Google Docs — same content, no extra paper, until someone edits.

You never run fsck again

On ext4, an unclean shutdown means fsck on next boot. On a large filesystem, that can take hours. And sometimes it fails, and you lose data anyway.

With ZFS: the on-disk state is always consistent. Copy-on-write means every write is atomic. Power failure mid-write? You have either the old data or the new data. Never a corrupted mess. Boot after a crash. It's fine. Always. No fsck. No journal replay. No waiting.

ext4 after a crash is a crime scene that needs investigation. ZFS after a crash is a crime that never happened.

Silent corruption is impossible

On ext4, if a disk sector goes bad or a cable flips a bit, your data is silently corrupted. You won't know until you open the file months later and it's garbage. No warning. No detection.

With ZFS: every block has a checksum. Every read is verified. If the data doesn't match, ZFS knows immediately. On a mirror or RAIDZ pool, it fetches the good copy and fixes the bad one. Automatically. While you sleep. zpool scrub proactively verifies every block on a schedule. You always know the state of your data.

ext4 trusts the disk. ZFS trusts math.

Partitioning is dead

On ext4, you decide at install time: 50GB for root, 200GB for home, 100GB for data. Guess wrong? Resize partitions — if you can. Usually you can't without downtime and risk.

With ZFS: there are no partitions. The entire pool is shared space. Datasets use what they need. Set quotas if you want limits, or let ZFS allocate dynamically. Add a disk to the pool and every dataset benefits. No resizing. No guessing. No resize2fs.

ext4 partitions are fixed walls. ZFS datasets are furniture — rearrange any time.

Cross-platform portability

On ext4, your data is trapped on the machine it lives on. Moving to another OS means rsync or tar.

With ZFS: datasets are self-contained and portable. zfs send from a Linux box in Paris, zfs recv on a FreeBSD box in Tokyo. Mount it immediately. Permissions, ACLs, timestamps, compression settings — all preserved. Your storage is not bound to an OS, a vendor, or a hardware stack.

ext4 is a house — it stays where you built it. ZFS datasets are shipping containers — they go anywhere.

These aren't future features. This is what you get today. Every kldload install has all of this out of the box. Per-dataset encryption. Instant clones. Snapshot rollback. Self-healing. No fsck. No partitions. The only thing that changes is how you think about your data.

← ZFS Wiki ↑ Top