I've seen a number of comments about the /var/empty dataset The reason this is not set readonly=on during the installation is that this causes the installation to fail (when the installer tries to create/set flags).
This can be set during the post install, or it might be worth considering Colin Percival's firstboot script as a way to set this after the fact. -- Allan Jude
signature.asc
Description: OpenPGP digital signature