5 guestfish - the libguestfs Filesystem Interactive SHell
9 guestfish [--options] [commands]
15 guestfish -a disk.img -m dev[:mountpoint]
17 guestfish -d libvirt-domain
19 guestfish -a disk.img -i
21 guestfish -d libvirt-domain -i
25 Using guestfish in read/write mode on live virtual machines can be
26 dangerous, potentially causing disk corruption. Use the I<--ro>
27 (read-only) option to use guestfish safely if the disk image or
28 virtual machine might be live.
32 =head2 As an interactive shell
36 Welcome to guestfish, the libguestfs filesystem interactive shell for
37 editing virtual machine filesystems.
39 Type: 'help' for a list of commands
40 'man' to read the manual
41 'quit' to quit the shell
45 =head2 From shell scripts
47 Create a new C</etc/motd> file in a guest:
52 mount /dev/vg_guest/lv_root /
53 write /etc/motd "Welcome, new users"
56 List the LVM logical volumes in a guest:
58 guestfish -a disk.img --ro <<_EOF_
63 =head2 On one command line
65 Update C</etc/resolv.conf> in a guest:
68 add disk.img : run : mount /dev/vg_guest/lv_root / : \
69 write /etc/resolv.conf "nameserver 1.2.3.4"
71 Edit C</boot/grub/grub.conf> interactively:
73 guestfish --add disk.img \
74 --mount /dev/vg_guest/lv_root \
75 --mount /dev/sda1:/boot \
76 edit /boot/grub/grub.conf
78 =head2 Mount disks automatically
80 Use the I<-i> option to automatically mount the
81 disks from a virtual machine:
83 guestfish --ro -a disk.img -i cat /etc/group
85 guestfish --ro -d libvirt-domain -i cat /etc/group
87 =head2 As a script interpreter
89 Create a 100MB disk containing an ext2-formatted partition:
91 #!/usr/bin/guestfish -f
94 part-disk /dev/sda mbr
97 =head2 Start with a prepared disk
99 An alternate way to create a 100MB disk called C<test1.img> containing
100 a single ext2-formatted partition:
104 To list what is available do:
106 guestfish -N help | less
108 =head2 Remote control
110 eval `guestfish --listen --ro`
111 guestfish --remote add disk.img
112 guestfish --remote run
113 guestfish --remote lvs
117 Guestfish is a shell and command-line tool for examining and modifying
118 virtual machine filesystems. It uses libguestfs and exposes all of
119 the functionality of the guestfs API, see L<guestfs(3)>.
121 Guestfish gives you structured access to the libguestfs API, from
122 shell scripts or the command line or interactively. If you want to
123 rescue a broken virtual machine image, you should look at the
124 L<virt-rescue(1)> command.
132 Displays general help on options.
134 =item B<-h> | B<--cmd-help>
136 Lists all available guestfish commands.
138 =item B<-h cmd> | B<--cmd-help cmd>
140 Displays detailed help on a single command C<cmd>.
142 =item B<-a image> | B<--add image>
144 Add a block device or virtual machine image to the shell.
146 =item B<-c URI> | B<--connect URI>
148 When used in conjunction with the I<-d> option, this specifies
149 the libvirt URI to use. The default is to use the default libvirt
152 =item B<-d libvirt-domain> | B<--domain libvirt-domain>
154 Add disks from the named libvirt domain. If the I<--ro> option is
155 also used, then any libvirt domain can be used. However in write
156 mode, only libvirt domains which are shut down can be named here.
158 =item B<-D> | B<--no-dest-paths>
160 Don't tab-complete paths on the guest filesystem. It is useful to be
161 able to hit the tab key to complete paths on the guest filesystem, but
162 this causes extra "hidden" guestfs calls to be made, so this option is
163 here to allow this feature to be disabled.
167 When prompting for keys and passphrases, guestfish normally turns
168 echoing off so you cannot see what you are typing. If you are not
169 worried about Tempest attacks and there is no one else in the room
170 you can specify this flag to see what you are typing.
172 =item B<-f file> | B<--file file>
174 Read commands from C<file>. To write pure guestfish
177 #!/usr/bin/guestfish -f
179 =item B<-i> | B<--inspector>
181 Using L<virt-inspector(1)> code, inspect the disks looking for
182 an operating system and mount filesystems as they would be
183 mounted on the real virtual machine.
185 Typical usage is either:
187 guestfish -d myguest -i
189 (for an inactive libvirt domain called I<myguest>), or:
191 guestfish --ro -d myguest -i
193 (for active domains, readonly), or specify the block device directly:
195 guestfish -a /dev/Guests/MyGuest -i
197 Note that the command line syntax changed slightly over older
198 versions of guestfish. You can still use the old syntax:
200 guestfish [--ro] -i disk.img
202 guestfish [--ro] -i libvirt-domain
204 =item B<--keys-from-stdin>
206 Read key or passphrase parameters from stdin. The default is
207 to try to read passphrases from the user by opening C</dev/tty>.
211 Fork into the background and listen for remote commands. See section
212 L</REMOTE CONTROL GUESTFISH OVER A SOCKET> below.
214 =item B<-m dev[:mountpoint]> | B<--mount dev[:mountpoint]>
216 Mount the named partition or logical volume on the given mountpoint.
218 If the mountpoint is omitted, it defaults to C</>.
220 You have to mount something on C</> before most commands will work.
222 If any I<-m> or I<--mount> options are given, the guest is
223 automatically launched.
225 If you don't know what filesystems a disk image contains, you
226 can either run guestfish without this option, then list the partitions
227 and LVs available (see L</list-partitions> and L</lvs> commands),
228 or you can use the L<virt-list-filesystems(1)> program.
230 =item B<-n> | B<--no-sync>
232 Disable autosync. This is enabled by default. See the discussion
233 of autosync in the L<guestfs(3)> manpage.
235 =item B<-N type> | B<--new type> | B<-N help>
237 Prepare a fresh disk image formatted as "type". This is an
238 alternative to the I<-a> option: whereas I<-a> adds an existing disk,
239 I<-N> creates a preformatted disk with a filesystem and adds it.
240 See L</PREPARED DISK IMAGES> below.
242 =item B<--progress-bars>
244 Enable progress bars, even when guestfish is used non-interactively.
246 Progress bars are enabled by default when guestfish is used as an
249 =item B<--no-progress-bars>
251 Disable progress bars.
253 =item B<--remote[=pid]>
255 Send remote commands to C<$GUESTFISH_PID> or C<pid>. See section
256 L</REMOTE CONTROL GUESTFISH OVER A SOCKET> below.
258 =item B<-r> | B<--ro>
260 This changes the I<-a> and I<-m> options so that disks are added and
261 mounts are done read-only (see L<guestfs(3)/guestfs_mount_ro>).
263 The option must always be used if the disk image or virtual machine
264 might be running, and is generally recommended in cases where you
265 don't need write access to the disk.
267 Note that prepared disk images created with I<-N> are not affected by
272 Enable SELinux support for the guest. See L<guestfs(3)/SELINUX>.
274 =item B<-v> | B<--verbose>
276 Enable very verbose messages. This is particularly useful if you find
279 =item B<-V> | B<--version>
281 Display the guestfish / libguestfs version number and exit.
285 Echo each command before executing it.
289 =head1 COMMANDS ON COMMAND LINE
291 Any additional (non-option) arguments are treated as commands to
294 Commands to execute should be separated by a colon (C<:>), where the
295 colon is a separate parameter. Thus:
297 guestfish cmd [args...] : cmd [args...] : cmd [args...] ...
299 If there are no additional arguments, then we enter a shell, either an
300 interactive shell with a prompt (if the input is a terminal) or a
301 non-interactive shell.
303 In either command line mode or non-interactive shell, the first
304 command that gives an error causes the whole shell to exit. In
305 interactive mode (with a prompt) if a command fails, you can continue
308 =head1 USING launch (OR run)
310 As with L<guestfs(3)>, you must first configure your guest by adding
311 disks, then launch it, then mount any disks you need, and finally
312 issue actions/commands. So the general order of the day is:
334 C<run> is a synonym for C<launch>. You must C<launch> (or C<run>)
335 your guest before mounting or performing any other commands.
337 The only exception is that if the I<-m> or I<--mount> option was
338 given, the guest is automatically run for you (simply because
339 guestfish can't mount the disks you asked for without doing this).
343 You can quote ordinary parameters using either single or double
346 add "file with a space.img"
352 A few commands require a list of strings to be passed. For these, use
353 a whitespace-separated list, enclosed in quotes. Strings containing whitespace
354 to be passed through must be enclosed in single quotes. A literal single quote
355 must be escaped with a backslash.
357 vgcreate VG "/dev/sda1 /dev/sdb1"
358 command "/bin/echo 'foo bar'"
359 command "/bin/echo \'foo\'"
363 This section applies to all commands which can take integers
368 When the command takes a parameter measured in bytes, you can use one
369 of the following suffixes to specify kilobytes, megabytes and larger
374 =item B<k> or B<K> or B<KiB>
376 The size in kilobytes (multiplied by 1024).
380 The size in SI 1000 byte units.
384 The size in megabytes (multiplied by 1048576).
388 The size in SI 1000000 byte units.
392 The size in gigabytes (multiplied by 2**30).
396 The size in SI 10**9 byte units.
400 The size in terabytes (multiplied by 2**40).
404 The size in SI 10**12 byte units.
408 The size in petabytes (multiplied by 2**50).
412 The size in SI 10**15 byte units.
416 The size in exabytes (multiplied by 2**60).
420 The size in SI 10**18 byte units.
424 The size in zettabytes (multiplied by 2**70).
428 The size in SI 10**21 byte units.
432 The size in yottabytes (multiplied by 2**80).
436 The size in SI 10**24 byte units.
442 truncate-size /file 1G
444 would truncate the file to 1 gigabyte.
446 Be careful because a few commands take sizes in kilobytes or megabytes
447 (eg. the parameter to L</memsize> is specified in megabytes already).
448 Adding a suffix will probably not do what you expect.
450 =head2 OCTAL AND HEXADECIMAL NUMBERS
452 For specifying the radix (base) use the C convention: C<0> to prefix
453 an octal number or C<0x> to prefix a hexadecimal number. For example:
455 1234 decimal number 1234
456 02322 octal number, equivalent to decimal 1234
457 0x4d2 hexadecimal number, equivalent to decimal 1234
459 When using the C<chmod> command, you almost always want to specify an
460 octal number for the mode, and you must prefix it with C<0> (unlike
461 the Unix L<chmod(1)> program):
463 chmod 0777 /public # OK
464 chmod 777 /public # WRONG! This is mode 777 decimal = 01411 octal.
466 Commands that return numbers usually print them in decimal, but
467 some commands print numbers in other radices (eg. C<umask> prints
468 the mode in octal, preceeded by C<0>).
470 =head1 WILDCARDS AND GLOBBING
472 Neither guestfish nor the underlying guestfs API performs
473 wildcard expansion (globbing) by default. So for example the
474 following will not do what you expect:
478 Assuming you don't have a directory literally called C</home/*>
479 then the above command will return an error.
481 To perform wildcard expansion, use the C<glob> command.
485 runs C<rm-rf> on each path that matches (ie. potentially running
486 the command many times), equivalent to:
492 C<glob> only works on simple guest paths and not on device names.
494 If you have several parameters, each containing a wildcard, then glob
495 will perform a cartesian product.
499 Any line which starts with a I<#> character is treated as a comment
500 and ignored. The I<#> can optionally be preceeded by whitespace,
501 but B<not> by a command. For example:
507 Blank lines are also ignored.
509 =head1 RUNNING COMMANDS LOCALLY
511 Any line which starts with a I<!> character is treated as a command
512 sent to the local shell (C</bin/sh> or whatever L<system(3)> uses).
516 tgz-out /remote local/remote-data.tar.gz
518 will create a directory C<local> on the host, and then export
519 the contents of C</remote> on the mounted filesystem to
520 C<local/remote-data.tar.gz>. (See C<tgz-out>).
522 To change the local directory, use the C<lcd> command. C<!cd> will
523 have no effect, due to the way that subprocesses work in Unix.
527 Use C<command E<lt>spaceE<gt> | command> to pipe the output of the
528 first command (a guestfish command) to the second command (any host
529 command). For example:
531 cat /etc/passwd | awk -F: '$3 == 0 { print }'
533 (where C<cat> is the guestfish cat command, but C<awk> is the host awk
534 program). The above command would list all accounts in the guest
535 filesystem which have UID 0, ie. root accounts including backdoors.
538 hexdump /bin/ls | head
539 list-devices | tail -1
540 tgz-out / - | tar ztf -
542 The space before the pipe symbol is required, any space after the pipe
543 symbol is optional. Everything after the pipe symbol is just passed
544 straight to the host shell, so it can contain redirections, globs and
545 anything else that makes sense on the host side.
547 To use a literal argument which begins with a pipe symbol, you have
552 =head1 HOME DIRECTORIES
554 If a parameter starts with the character C<~> then the tilde may be
555 expanded as a home directory path (either C<~> for the current user's
556 home directory, or C<~user> for another user).
558 Note that home directory expansion happens for users known I<on the
559 host>, not in the guest filesystem.
561 To use a literal argument which begins with a tilde, you have to quote
566 =head1 ENCRYPTED DISKS
568 Libguestfs has some support for Linux guests encrypted according to
569 the Linux Unified Key Setup (LUKS) standard, which includes nearly all
570 whole disk encryption systems used by modern Linux guests. Currently
571 only LVM-on-LUKS is supported.
573 Identify encrypted block devices and partitions using L</vfs-type>:
575 ><fs> vfs-type /dev/sda2
578 Then open those devices using L</luks-open>. This creates a
579 device-mapper device called C</dev/mapper/luksdev>.
581 ><fs> luks-open /dev/sda2 luksdev
582 Enter key or passphrase ("key"): <enter the passphrase>
584 Finally you have to tell LVM to scan for volume groups on
585 the newly created mapper device:
588 ><fs> vg-activate-all true
590 The logical volume(s) can now be mounted in the usual way.
592 Before closing a LUKS device you must unmount any logical volumes on
593 it and deactivate the volume groups by calling C<vg-activate false VG>
594 on each one. Then you can close the mapper device:
596 ><fs> vg-activate false /dev/VG
597 ><fs> luks-close /dev/mapper/luksdev
601 If a path is prefixed with C<win:> then you can use Windows-style
602 paths (with some limitations). The following commands are equivalent:
604 file /WINDOWS/system32/config/system.LOG
606 file win:/windows/system32/config/system.log
608 file win:\windows\system32\config\system.log
610 file WIN:C:\Windows\SYSTEM32\conFIG\SYSTEM.LOG
612 This syntax implicitly calls C<case-sensitive-path> (q.v.) so it also
613 handles case insensitivity like Windows would. This only works in
614 argument positions that expect a path.
616 =head1 UPLOADING AND DOWNLOADING FILES
618 For commands such as C<upload>, C<download>, C<tar-in>, C<tar-out> and
619 others which upload from or download to a local file, you can use the
620 special filename C<-> to mean "from stdin" or "to stdout". For example:
624 reads stdin and creates from that a file C</foo> in the disk image,
627 tar-out /etc - | tar tf -
629 writes the tarball to stdout and then pipes that into the external
630 "tar" command (see L</PIPES>).
632 When using C<-> to read from stdin, the input is read up to the end of
633 stdin. You can also use a special "heredoc"-like syntax to read up to
634 some arbitrary end marker:
642 Any string of characters can be used instead of C<END>. The end
643 marker must appear on a line of its own, without any preceeding or
644 following characters (not even spaces).
646 Note that the C<-E<lt>E<lt>> syntax only applies to parameters used to
647 upload local files (so-called "FileIn" parameters in the generator).
649 =head1 EXIT ON ERROR BEHAVIOUR
651 By default, guestfish will ignore any errors when in interactive mode
652 (ie. taking commands from a human over a tty), and will exit on the
653 first error in non-interactive mode (scripts, commands given on the
656 If you prefix a command with a I<-> character, then that command will
657 not cause guestfish to exit, even if that (one) command returns an
660 =head1 REMOTE CONTROL GUESTFISH OVER A SOCKET
662 Guestfish can be remote-controlled over a socket. This is useful
663 particularly in shell scripts where you want to make several different
664 changes to a filesystem, but you don't want the overhead of starting
665 up a guestfish process each time.
667 Start a guestfish server process using:
669 eval `guestfish --listen`
671 and then send it commands by doing:
673 guestfish --remote cmd [...]
675 To cause the server to exit, send it the exit command:
677 guestfish --remote exit
679 Note that the server will normally exit if there is an error in a
680 command. You can change this in the usual way. See section
681 L</EXIT ON ERROR BEHAVIOUR>.
683 =head2 CONTROLLING MULTIPLE GUESTFISH PROCESSES
685 The C<eval> statement sets the environment variable C<$GUESTFISH_PID>,
686 which is how the I<--remote> option knows where to send the commands.
687 You can have several guestfish listener processes running using:
689 eval `guestfish --listen`
691 eval `guestfish --listen`
694 guestfish --remote=$pid1 cmd
695 guestfish --remote=$pid2 cmd
697 =head2 REMOTE CONTROL DETAILS
699 Remote control happens over a Unix domain socket called
700 C</tmp/.guestfish-$UID/socket-$PID>, where C<$UID> is the effective
701 user ID of the process, and C<$PID> is the process ID of the server.
703 Guestfish client and server versions must match exactly.
705 =head1 PREPARED DISK IMAGES
707 Use the I<-N type> or I<--new type> parameter to select one of a set
708 of preformatted disk images that guestfish can make for you to save
709 typing. This is particularly useful for testing purposes. This
710 option is used instead of the I<-a> option, and like I<-a> can appear
711 multiple times (and can be mixed with I<-a>).
713 The new disk is called C<test1.img> for the first I<-N>, C<test2.img>
714 for the second and so on. Existing files in the current directory are
717 The type briefly describes how the disk should be sized, partitioned,
718 how filesystem(s) should be created, and how content should be added.
719 Optionally the type can be followed by extra parameters, separated by
720 C<:> (colon) characters. For example, I<-N fs> creates a default
721 100MB, sparsely-allocated disk, containing a single partition, with
722 the partition formatted as ext2. I<-N fs:ext4:1G> is the same, but
723 for an ext4 filesystem on a 1GB disk instead.
725 To list the available types and any extra parameters they take, run:
727 guestfish -N help | less
729 Note that the prepared filesystem is not mounted. You would usually
730 have to use the C<mount /dev/sda1 /> command or add the
731 I<-m /dev/sda1> option.
733 If any I<-N> or I<--new> options are given, the guest is automatically
738 Create a 100MB disk with an ext4-formatted partition:
742 Create a 32MB disk with a VFAT-formatted partition, and mount it:
744 guestfish -N fs:vfat:32M -m /dev/sda1
746 Create a blank 200MB disk:
748 guestfish -N disk:200M
752 Some (not all) long-running commands send progress notification
753 messages as they are running. Guestfish turns these messages into
756 When a command that supports progress bars takes longer than two
757 seconds to run, and if progress bars are enabled, then you will see
758 one appearing below the command:
760 ><fs> copy-size /large-file /another-file 2048M
761 / 10% [#####-----------------------------------------] 00:30
763 The spinner on the left hand side moves round once for every progress
764 notification received from the backend. This is a (reasonably) golden
765 assurance that the command is "doing something" even if the progress
766 bar is not moving, because the command is able to send the progress
767 notifications. When the bar reaches 100% and the command finishes,
768 the spinner disappears.
770 Progress bars are enabled by default when guestfish is used
771 interactively. You can enable them even for non-interactive modes
772 using I<--progress-bars>, and you can disable them completely using
773 I<--no-progress-bars>.
775 =head1 GUESTFISH COMMANDS
777 The commands in this section are guestfish convenience commands, in
778 other words, they are not part of the L<guestfs(3)> API.
785 Without any parameter, this lists all commands. With a C<cmd>
786 parameter, this displays detailed help for a command.
790 This exits guestfish. You can also use C<^D> key.
800 guestfish returns 0 if the commands completed without error, or
801 1 if there was an error.
803 =head1 ENVIRONMENT VARIABLES
809 The C<edit> command uses C<$EDITOR> as the editor. If not
814 Used with the I<--remote> option to specify the remote guestfish
815 process to control. See section
816 L</REMOTE CONTROL GUESTFISH OVER A SOCKET>.
820 If compiled with GNU readline support, various files in the
821 home directory can be used. See L</FILES>.
823 =item LIBGUESTFS_APPEND
825 Pass additional options to the guest kernel.
827 =item LIBGUESTFS_DEBUG
829 Set C<LIBGUESTFS_DEBUG=1> to enable verbose messages. This has the
830 same effect as using the B<-v> option.
832 =item LIBGUESTFS_MEMSIZE
834 Set the memory allocated to the qemu process, in megabytes. For
837 LIBGUESTFS_MEMSIZE=700
839 =item LIBGUESTFS_PATH
841 Set the path that guestfish uses to search for kernel and initrd.img.
842 See the discussion of paths in L<guestfs(3)>.
844 =item LIBGUESTFS_QEMU
846 Set the default qemu binary that libguestfs uses. If not set, then
847 the qemu which was found at compile time by the configure script is
850 =item LIBGUESTFS_TRACE
852 Set C<LIBGUESTFS_TRACE=1> to enable command traces.
856 The C<more> command uses C<$PAGER> as the pager. If not
857 set, it uses C<more>.
861 Location of temporary directory, defaults to C</tmp>.
863 If libguestfs was compiled to use the supermin appliance then each
864 handle will require rather a large amount of space in this directory
865 for short periods of time (~ 80 MB). You can use C<$TMPDIR> to
866 configure another directory to use in case C</tmp> is not large
875 =item $HOME/.guestfish
877 If compiled with GNU readline support, then the command history
878 is saved in this file.
884 If compiled with GNU readline support, then these files can be used to
885 configure readline. For further information, please see
886 L<readline(3)/INITIALIZATION FILE>.
888 To write rules which only apply to guestfish, use:
894 Variables that you can set in inputrc that change the behaviour
895 of guestfish in useful ways include:
899 =item completion-ignore-case (default: on)
901 By default, guestfish will ignore case when tab-completing
902 paths on the disk. Use:
904 set completion-ignore-case off
906 to make guestfish case sensitive.
912 =item test2.img (etc)
914 When using the C<-N> or C<--new> option, the prepared disk or
915 filesystem will be created in the file C<test1.img> in the current
916 directory. The second use of C<-N> will use C<test2.img> and so on.
917 Any existing file with the same name will be overwritten.
924 L<http://libguestfs.org/>,
928 L<virt-list-filesystems(1)>,
929 L<virt-list-partitions(1)>,
939 Richard W.M. Jones (C<rjones at redhat dot com>)
943 Copyright (C) 2009-2010 Red Hat Inc.
944 L<http://libguestfs.org/>
946 This program is free software; you can redistribute it and/or modify
947 it under the terms of the GNU General Public License as published by
948 the Free Software Foundation; either version 2 of the License, or
949 (at your option) any later version.
951 This program is distributed in the hope that it will be useful,
952 but WITHOUT ANY WARRANTY; without even the implied warranty of
953 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
954 GNU General Public License for more details.
956 You should have received a copy of the GNU General Public License
957 along with this program; if not, write to the Free Software
958 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.