SYNOPSIS
guestfish [--options] [commands]
guestfish
guestfish [--ro|--rw] -a disk.img
guestfish [--ro|--rw] -a disk.img -m dev[:mountpoint]
guestfish -d libvirt-domain
guestfish [--ro|--rw] -a disk.img -i
guestfish -d libvirt-domain -iWARNING
Using guestfish in write mode on live virtual machines, or concurrently with other disk editing tools, can be dangerous, potentially causing disk corruption. The virtual machine must be shut down before you use this command, and disk images must not be edited concurrently.
Use the –ro (read-only) option to use guestfish safely if the disk image or virtual machine might be live. You may see strange or inconsistent results if running concurrently with other changes, but with this option you won’t risk disk corruption.
DESCRIPTION
Guestfish is a shell and command-line tool for examining and modifying virtual machine filesystems. It uses libguestfs and exposes all of the functionality of the guestfs API, see guestfs(3).
Guestfish gives you structured access to the libguestfs API, from shell scripts or the command line or interactively. If you want to rescue a broken virtual machine image, you should look at the virt-rescue(1) command.
EXAMPLES
As an interactive shell
$ guestfish
Welcome to guestfish, the guest filesystem shell for
editing virtual machine filesystems.
Type: 'help' for a list of commands
'man' to read the manual
'quit' to quit the shell
><fs> add-ro disk.img
><fs> run
><fs> list-filesystems
/dev/sda1: ext4
/dev/vg_guest/lv_root: ext4
/dev/vg_guest/lv_swap: swap
><fs> mount /dev/vg_guest/lv_root /
><fs> cat /etc/fstab
# /etc/fstab
# Created by anaconda
[...]
><fs> exitFrom shell scripts
Create a new /etc/motd file in a guest or disk image:
guestfish <<_EOF_
add disk.img
run
mount /dev/vg_guest/lv_root /
write /etc/motd "Welcome, new users"
_EOF_List the LVM logical volumes in a disk image:
guestfish -a disk.img --ro <<_EOF_
run
lvs
_EOF_List all the filesystems in a disk image:
guestfish -a disk.img --ro <<_EOF_
run
list-filesystems
_EOF_On one command line
Update /etc/resolv.conf in a guest:
guestfish \
add disk.img : run : mount /dev/vg_guest/lv_root / : \
write /etc/resolv.conf "nameserver 1.2.3.4"Edit /boot/grub/grub.conf interactively:
guestfish --rw --add disk.img \
--mount /dev/vg_guest/lv_root \
--mount /dev/sda1:/boot \
edit /boot/grub/grub.confMount disks automatically
Use the -i option to automatically mount the disks from a virtual machine:
guestfish --ro -a disk.img -i cat /etc/group
guestfish --ro -d libvirt-domain -i cat /etc/groupAnother way to edit /boot/grub/grub.conf interactively is:
guestfish --rw -a disk.img -i edit /boot/grub/grub.confAs a script interpreter
Create a 100MB disk containing an ext2-formatted partition:
#!/usr/bin/guestfish -f
sparse test1.img 100M
run
part-disk /dev/sda mbr
mkfs ext2 /dev/sda1Start with a prepared disk
Create a 1G disk called test1.img containing a single ext2-formatted partition:
guestfish -N fsTo list what is available do:
guestfish -N help | lessRemote drives
Access a remote disk using ssh:
guestfish -a ssh://example.com/path/to/disk.imgRemote control
eval "`guestfish --listen`"
guestfish --remote add-ro disk.img
guestfish --remote run
guestfish --remote lvsOPTIONS
–help
Displays general help on options.-h–cmd-help
Lists all available guestfish commands.-h CMD–cmd-help CMD
Displays detailed help on a single command cmd.-a IMAGE–add IMAGE
Add a block device or virtual machine image to the shell.
The format of the disk image is auto-detected. To override this and force a particular format use the –format=.. option.
Using this flag is mostly equivalent to using the add command, with readonly:true if the –ro flag was given, and with format:... if the –format=… flag was given.-a URI–add URI
Add a remote disk. See “ADDING REMOTE STORAGE”.–blocksize=512–blocksize=4096–blocksize
This parameter sets the sector size of the disk image. It affects all explicitly added subsequent disks after this parameter. Using –blocksize with no argument switches the disk sector size to the default value which is usually 512 bytes. See also “guestfs_add_drive_opts” in guestfs(3).-c URI–connect URI
When used in conjunction with the -d option, this specifies the libvirt URI to use. The default is to use the default libvirt connection.–csh
If using the –listen option and a csh-like shell, use this option. See section “REMOTE CONTROL AND CSH” below.-d LIBVIRT-DOMAIN–domain LIBVIRT-DOMAIN
Add disks from the named libvirt domain. If the –ro option is also used, then any libvirt domain can be used. However in write mode, only libvirt domains which are shut down can be named here.
Domain UUIDs can be used instead of names.
Using this flag is mostly equivalent to using the add-domain command, with readonly:true if the –ro flag was given, and with format:... if the –format=… flag was given.–echo-keys
When prompting for keys and passphrases, guestfish normally turns echoing off so you cannot see what you are typing. If you are not worried about Tempest attacks and there is no one else in the room you can specify this flag to see what you are typing.-f FILE–file FILE
Read commands from FILE. To write pure guestfish scripts, use:
#!/usr/bin/guestfish -f–format=raw|qcow2|..–format
The default for the -a option is to auto-detect the format of the disk image. Using this forces the disk format for -a options which follow on the command line. Using –format with no argument switches back to auto-detection for subsequent -a options.
For example:
guestfish --format=raw -a disk.imgforces raw format (no auto-detection) for disk.img.
guestfish --format=raw -a disk.img --format -a another.imgforces raw format (no auto-detection) for disk.img and reverts to auto-detection for another.img.
If you have untrusted raw-format guest disk images, you should use this option to specify the disk format. This avoids a possible security problem with malicious guests (CVE-2010-3851). See also “add”.-i–inspector
Using virt-inspector(1) code, inspect the disks looking for an operating system and mount filesystems as they would be mounted on the real virtual machine.
Typical usage is either:
guestfish -d myguest -i(for an inactive libvirt domain called myguest), or:
guestfish --ro -d myguest -i(for active domains, readonly), or specify the block device directly:
guestfish --rw -a /dev/Guests/MyGuest -iNote that the command line syntax changed slightly over older versions of guestfish. You can still use the old syntax:
guestfish [--ro] -i disk.img
guestfish [--ro] -i libvirt-domainUsing this flag is mostly equivalent to using the inspect-os command and then using other commands to mount the filesystems that were found.–key SELECTOR
Specify a key for LUKS, to automatically open a LUKS device when using the inspection.–key NAME:key:KEY_STRING–key UUID:key:KEY_STRING–keyall:key:KEY_STRING
NAME is the libguestfs device name (eg. /dev/sda1). UUID is the device UUID. all means try the key against any encrypted device.
Use the specified KEY_STRING as passphrase.–key NAME:file:FILENAME–key UUID:file:FILENAME–keyall:file:FILENAME
Read the passphrase from FILENAME.–key NAME:clevis–key UUID:clevis–keyall:clevis
Attempt passphrase-less unlocking for the device with Clevis, over the network. Please refer to “ENCRYPTED DISKS” in guestfs(3) for more information on network-bound disk encryption (NBDE).
Note that if any such option is present on the command line, QEMU user networking will be automatically enabled for the libguestfs appliance.–keys-from-stdin
Read key or passphrase parameters from stdin. The default is to try to read passphrases from the user by opening /dev/tty.
If there are multiple encrypted devices then you may need to supply multiple keys on stdin, one per line.–listen
Fork into the background and listen for remote commands. See section “REMOTE CONTROL GUESTFISH OVER A SOCKET” below.-m dev[:mountpoint[:options[:fstype]]]–mount dev[:mountpoint[:options[:fstype]]]
Mount the named partition or logical volume on the given mountpoint.
If the mountpoint is omitted, it defaults to /.
You have to mount something on / before most commands will work.
If any -m or –mount options are given, the guest is automatically launched.
If you don’t know what filesystems a disk image contains, you can either run guestfish without this option, then list the partitions, filesystems and LVs available (see “list-partitions”, “list-filesystems” and “lvs” commands), or you can use the virt-filesystems(1) program.
The third (and rarely used) part of the mount parameter is the list of mount options used to mount the underlying filesystem. If this is not given, then the mount options are either the empty string or ro (the latter if the –ro flag is used). By specifying the mount options, you override this default choice. Probably the only time you would use this is to enable ACLs and/or extended attributes if the filesystem can support them:
-m /dev/sda1:/:acl,user_xattrUsing this flag is equivalent to using the mount-options command.
The fourth part of the parameter is the filesystem driver to use, such as ext3 or ntfs. This is rarely needed, but can be useful if multiple drivers are valid for a filesystem (eg: ext2 and ext3), or if libguestfs misidentifies a filesystem.–network
Enable QEMU user networking in the guest.-N [FILENAME=]TYPE–new [FILENAME=]TYPE-Nhelp
Prepare a fresh disk image formatted as TYPE. This is an alternative to the -a option: whereas -a adds an existing disk, -N creates a preformatted disk with a filesystem and adds it. See “PREPARED DISK IMAGES” below.-n–no-sync
Disable autosync. This is enabled by default. See the discussion of autosync in the guestfs(3) manpage.–no-dest-paths
Don’t tab-complete paths on the guest filesystem. It is useful to be able to hit the tab key to complete paths on the guest filesystem, but this causes extra “hidden” guestfs calls to be made, so this option is here to allow this feature to be disabled.–pipe-error
If writes fail to pipe commands (see “PIPES” below), then the command returns an error.
The default (also for historical reasons) is to ignore such errors so that:
><fs> command_with_lots_of_output | headdoesn’t give an error.–progress-bars
Enable progress bars, even when guestfish is used non-interactively.
Progress bars are enabled by default when guestfish is used as an interactive shell.–no-progress-bars
Disable progress bars.–remote–remote=PID
Send remote commands to $GUESTFISH_PID or pid. See section “REMOTE CONTROL GUESTFISH OVER A SOCKET” below.-r–ro
This changes the -a, -d and -m options so that disks are added and mounts are done read-only.
The option must always be used if the disk image or virtual machine might be running, and is generally recommended in cases where you don’t need write access to the disk.
Note that prepared disk images created with -N are not affected by this option. Also commands like add are not affected – you have to specify the readonly:true option explicitly if you need it.
See also “OPENING DISKS FOR READ AND WRITE” below.–selinux
This option is provided for backwards compatibility and does nothing.-v–verbose
Enable very verbose messages. This is particularly useful if you find a bug.-V–version
Display the guestfish / libguestfs version number and exit.-w–rw
This changes the -a, -d and -m options so that disks are added and mounts are done read-write.
See “OPENING DISKS FOR READ AND WRITE” below.-x
Echo each command before executing it.
COMMANDS ON COMMAND LINE
Any additional (non-option) arguments are treated as commands to execute.
Commands to execute should be separated by a colon (:), where the colon is a separate parameter. Thus:
guestfish cmd [args...] : cmd [args...] : cmd [args...] ...If there are no additional arguments, then we enter a shell, either an interactive shell with a prompt (if the input is a terminal) or a non-interactive shell.
In either command line mode or non-interactive shell, the first command that gives an error causes the whole shell to exit. In interactive mode (with a prompt) if a command fails, you can continue to enter commands.
Note that arguments of the commands will be considered as guestfish options if they start with a dash (-): you can always separate the guestfish options and the rest of the commands (with their arguments) using a double dash (--). For example:
guestfish -- disk_create overlay.qcow2 qcow2 -1 backingfile:image.imgUSING launch (OR run)
As with guestfs(3), you must first configure your guest by adding disks, then launch it, then mount any disks you need, and finally issue actions/commands. So the general order of the day is:
- add or -a/–add
- launch (aka run)
- mount or -m/–mount
- any other commands
run is a synonym for launch. You must launch (or run) your guest before mounting or performing any other commands.
The only exception is that if any of the -i, -m, –mount, -N or –new options were given then run is done automatically, simply because guestfish can’t perform the action you asked for without doing this.
OPENING DISKS FOR READ AND WRITE
The guestfish, guestmount(1) and virt-rescue(1) options –ro and –rw affect whether the other command line options -a, -c, -d, -i and -m open disk images read-only or for writing.
In libguestfs ≤ 1.10, guestfish, guestmount and virt-rescue defaulted to opening disk images supplied on the command line for write. To open a disk image read-only you have to do -a image –ro.
This matters: If you accidentally open a live VM disk image writable then you will cause irreversible disk corruption.
In a future libguestfs we intend to change the default the other way. Disk images will be opened read-only. You will have to either specify guestfish –rw, guestmount –rw, virt-rescue –rw, or change the configuration file in order to get write access for disk images specified by those other command line options.
This version of guestfish, guestmount and virt-rescue has a –rw option which does nothing (it is already the default). However it is highly recommended that you use this option to indicate that you need write access, and prepare your scripts for the day when this option will be required for write access.
Note: This does not affect commands like “add” and “mount”, or any other libguestfs program apart from guestfish and guestmount.
QUOTING
You can quote ordinary parameters using either single or double quotes. For example:
add "file with a space.img"
rm '/file name'
rm '/"'A few commands require a list of strings to be passed. For these, use a whitespace-separated list, enclosed in quotes. Strings containing whitespace to be passed through must be enclosed in single quotes. A literal single quote must be escaped with a backslash.
vgcreate VG "/dev/sda1 /dev/sdb1"
command "/bin/echo 'foo bar'"
command "/bin/echo \'foo\'"ESCAPE SEQUENCES IN DOUBLE QUOTED ARGUMENTS
In double-quoted arguments (only) use backslash to insert special characters:\a
Alert (bell) character.\b
Backspace character.\f
Form feed character.\n
Newline character.\r
Carriage return character.\t
Horizontal tab character.\v
Vertical tab character.\"
A literal double quote character.\ooo
A character with octal value ooo. There must be precisely 3 octal digits (unlike C).\xhh
A character with hex value hh. There must be precisely 2 hex digits.
In the current implementation \000 and \x00 cannot be used in strings.\\
A literal backslash character.
OPTIONAL ARGUMENTS
Some commands take optional arguments. These arguments appear in this documentation as [argname:..]. You can use them as in these examples:
add filename
add filename readonly:true
add filename format:qcow2 readonly:falseEach optional argument can appear at most once. All optional arguments must appear after the required ones.
NUMBERS
This section applies to all commands which can take integers as parameters.
SIZE SUFFIX
When the command takes a parameter measured in bytes, you can use one of the following suffixes to specify kilobytes, megabytes and larger sizes:k or K or KiB
The size in kilobytes (multiplied by 1024).KB
The size in SI 1000 byte units.M or MiB
The size in megabytes (multiplied by 1048576).MB
The size in SI 1000000 byte units.G or GiB
The size in gigabytes (multiplied by 2**30).GB
The size in SI 10**9 byte units.T or TiB
The size in terabytes (multiplied by 2**40).TB
The size in SI 10**12 byte units.P or PiB
The size in petabytes (multiplied by 2**50).PB
The size in SI 10**15 byte units.E or EiB
The size in exabytes (multiplied by 2**60).EB
The size in SI 10**18 byte units.Z or ZiB
The size in zettabytes (multiplied by 2**70).
ZB
The size in SI 10**21 byte units.Y or YiB
The size in yottabytes (multiplied by 2**80).YB
The size in SI 10**24 byte units.
For example:
truncate-size /file 1Gwould truncate the file to 1 gigabyte.
Be careful because a few commands take sizes in kilobytes or megabytes (eg. the parameter to “memsize” is specified in megabytes already). Adding a suffix will probably not do what you expect.
OCTAL AND HEXADECIMAL NUMBERS
For specifying the radix (base) use the C convention: 0 to prefix an octal number or 0x to prefix a hexadecimal number. For example:
1234 decimal number 1234
02322 octal number, equivalent to decimal 1234
0x4d2 hexadecimal number, equivalent to decimal 1234When using the chmod command, you almost always want to specify an octal number for the mode, and you must prefix it with 0 (unlike the Unix chmod(1) program):
chmod 0777 /public # OK
chmod 777 /public # WRONG! This is mode 777 decimal = 01411 octal.Commands that return numbers usually print them in decimal, but some commands print numbers in other radices (eg. umask prints the mode in octal, preceded by 0).
WILDCARDS AND GLOBBING
Neither guestfish nor the underlying guestfs API performs wildcard expansion (globbing) by default. So for example the following will not do what you expect:
rm-rf /home/*Assuming you don’t have a directory called literally /home/* then the above command will return an error.
To perform wildcard expansion, use the glob command.
glob rm-rf /home/*runs rm-rf on each path that matches (ie. potentially running the command many times), equivalent to:
rm-rf /home/jim
rm-rf /home/joe
rm-rf /home/maryglob only works on simple guest paths and not on device names.
If you have several parameters, each containing a wildcard, then glob will perform a Cartesian product.
COMMENTS
Any line which starts with a # character is treated as a comment and ignored. The # can optionally be preceded by whitespace, but not by a command. For example:
# this is a comment
# this is a comment
foo # NOT a commentBlank lines are also ignored.
RUNNING COMMANDS LOCALLY
Any line which starts with a ! character is treated as a command sent to the local shell (/bin/sh or whatever system(3) uses). For example:
!mkdir local
tgz-out /remote local/remote-data.tar.gzwill create a directory local on the host, and then export the contents of /remote on the mounted filesystem to local/remote-data.tar.gz. (See tgz-out).
To change the local directory, use the lcd command. !cd will have no effect, due to the way that subprocesses work in Unix.
LOCAL COMMANDS WITH INLINE EXECUTION
If a line starts with <! then the shell command is executed (as for !), but subsequently any output (stdout) of the shell command is parsed and executed as guestfish commands.
Thus you can use shell script to construct arbitrary guestfish commands which are then parsed by guestfish.
For example it is tedious to create a sequence of files (eg. /foo.1 through /foo.100) using guestfish commands alone. However this is simple if we use a shell script to create the guestfish commands for us:
<! for n in `seq 1 100`; do echo write /foo.$n $n; doneor with names like /foo.001:
<! for n in `seq 1 100`; do printf "write /foo.%03d %d\n" $n $n; doneWhen using guestfish interactively it can be helpful to just run the shell script first (ie. remove the initial < character so it is just an ordinary ! local command), see what guestfish commands it would run, and when you are happy with those prepend the < character to run the guestfish commands for real.
PIPES
Use command <space> | command to pipe the output of the first command (a guestfish command) to the second command (any host command). For example:
cat /etc/passwd | awk -F: '$3 == 0 { print }'(where cat is the guestfish cat command, but awk is the host awk program). The above command would list all accounts in the guest filesystem which have UID 0, ie. root accounts including backdoors. Other examples:
hexdump /bin/ls | head
list-devices | tail -1
tgz-out / - | tar ztf -The space before the pipe symbol is required, any space after the pipe symbol is optional. Everything after the pipe symbol is just passed straight to the host shell, so it can contain redirections, globs and anything else that makes sense on the host side.
To use a literal argument which begins with a pipe symbol, you have to quote it, eg:
echo "|"this source from : https://libguestfs.org/guestfish.1.html