5 guestfish - the libguestfs Filesystem Interactive SHell
9 guestfish [--options] [commands]
15 guestfish -a disk.img -m dev[:mountpoint]
17 guestfish -d libvirt-domain
19 guestfish -a disk.img -i
21 guestfish -d libvirt-domain -i
25 Using guestfish in read/write mode on live virtual machines can be
26 dangerous, potentially causing disk corruption. Use the I<--ro>
27 (read-only) option to use guestfish safely if the disk image or
28 virtual machine might be live.
32 Guestfish is a shell and command-line tool for examining and modifying
33 virtual machine filesystems. It uses libguestfs and exposes all of
34 the functionality of the guestfs API, see L<guestfs(3)>.
36 Guestfish gives you structured access to the libguestfs API, from
37 shell scripts or the command line or interactively. If you want to
38 rescue a broken virtual machine image, you should look at the
39 L<virt-rescue(1)> command.
43 =head2 As an interactive shell
47 Welcome to guestfish, the libguestfs filesystem interactive shell for
48 editing virtual machine filesystems.
50 Type: 'help' for a list of commands
51 'man' to read the manual
52 'quit' to quit the shell
56 ><fs> list-filesystems
58 /dev/vg_guest/lv_root: ext4
59 /dev/vg_guest/lv_swap: swap
60 ><fs> mount /dev/vg_guest/lv_root /
67 =head2 From shell scripts
69 Create a new C</etc/motd> file in a guest or disk image:
74 mount /dev/vg_guest/lv_root /
75 write /etc/motd "Welcome, new users"
78 List the LVM logical volumes in a disk image:
80 guestfish -a disk.img --ro <<_EOF_
85 List all the filesystems in a disk image:
87 guestfish -a disk.img --ro <<_EOF_
92 =head2 On one command line
94 Update C</etc/resolv.conf> in a guest:
97 add disk.img : run : mount /dev/vg_guest/lv_root / : \
98 write /etc/resolv.conf "nameserver 1.2.3.4"
100 Edit C</boot/grub/grub.conf> interactively:
102 guestfish --add disk.img \
103 --mount /dev/vg_guest/lv_root \
104 --mount /dev/sda1:/boot \
105 edit /boot/grub/grub.conf
107 =head2 Mount disks automatically
109 Use the I<-i> option to automatically mount the
110 disks from a virtual machine:
112 guestfish --ro -a disk.img -i cat /etc/group
114 guestfish --ro -d libvirt-domain -i cat /etc/group
116 Another way to edit C</boot/grub/grub.conf> interactively is:
118 guestfish -a disk.img -i edit /boot/grub/grub.conf
120 =head2 As a script interpreter
122 Create a 100MB disk containing an ext2-formatted partition:
124 #!/usr/bin/guestfish -f
125 sparse test1.img 100M
127 part-disk /dev/sda mbr
130 =head2 Start with a prepared disk
132 An alternate way to create a 100MB disk called C<test1.img> containing
133 a single ext2-formatted partition:
137 To list what is available do:
139 guestfish -N help | less
141 =head2 Remote control
143 eval `guestfish --listen`
144 guestfish --remote add-ro disk.img
145 guestfish --remote run
146 guestfish --remote lvs
154 Displays general help on options.
156 =item B<-h> | B<--cmd-help>
158 Lists all available guestfish commands.
160 =item B<-h cmd> | B<--cmd-help cmd>
162 Displays detailed help on a single command C<cmd>.
164 =item B<-a image> | B<--add image>
166 Add a block device or virtual machine image to the shell.
168 =item B<-c URI> | B<--connect URI>
170 When used in conjunction with the I<-d> option, this specifies
171 the libvirt URI to use. The default is to use the default libvirt
174 =item B<-d libvirt-domain> | B<--domain libvirt-domain>
176 Add disks from the named libvirt domain. If the I<--ro> option is
177 also used, then any libvirt domain can be used. However in write
178 mode, only libvirt domains which are shut down can be named here.
180 =item B<-D> | B<--no-dest-paths>
182 Don't tab-complete paths on the guest filesystem. It is useful to be
183 able to hit the tab key to complete paths on the guest filesystem, but
184 this causes extra "hidden" guestfs calls to be made, so this option is
185 here to allow this feature to be disabled.
189 When prompting for keys and passphrases, guestfish normally turns
190 echoing off so you cannot see what you are typing. If you are not
191 worried about Tempest attacks and there is no one else in the room
192 you can specify this flag to see what you are typing.
194 =item B<-f file> | B<--file file>
196 Read commands from C<file>. To write pure guestfish
199 #!/usr/bin/guestfish -f
201 =item B<-i> | B<--inspector>
203 Using L<virt-inspector(1)> code, inspect the disks looking for
204 an operating system and mount filesystems as they would be
205 mounted on the real virtual machine.
207 Typical usage is either:
209 guestfish -d myguest -i
211 (for an inactive libvirt domain called I<myguest>), or:
213 guestfish --ro -d myguest -i
215 (for active domains, readonly), or specify the block device directly:
217 guestfish -a /dev/Guests/MyGuest -i
219 Note that the command line syntax changed slightly over older
220 versions of guestfish. You can still use the old syntax:
222 guestfish [--ro] -i disk.img
224 guestfish [--ro] -i libvirt-domain
226 =item B<--keys-from-stdin>
228 Read key or passphrase parameters from stdin. The default is
229 to try to read passphrases from the user by opening C</dev/tty>.
233 Fork into the background and listen for remote commands. See section
234 L</REMOTE CONTROL GUESTFISH OVER A SOCKET> below.
236 =item B<-m dev[:mountpoint]> | B<--mount dev[:mountpoint]>
238 Mount the named partition or logical volume on the given mountpoint.
240 If the mountpoint is omitted, it defaults to C</>.
242 You have to mount something on C</> before most commands will work.
244 If any I<-m> or I<--mount> options are given, the guest is
245 automatically launched.
247 If you don't know what filesystems a disk image contains, you
248 can either run guestfish without this option, then list the partitions
249 and LVs available (see L</list-partitions> and L</lvs> commands),
250 or you can use the L<virt-list-filesystems(1)> program.
252 =item B<-n> | B<--no-sync>
254 Disable autosync. This is enabled by default. See the discussion
255 of autosync in the L<guestfs(3)> manpage.
257 =item B<-N type> | B<--new type> | B<-N help>
259 Prepare a fresh disk image formatted as "type". This is an
260 alternative to the I<-a> option: whereas I<-a> adds an existing disk,
261 I<-N> creates a preformatted disk with a filesystem and adds it.
262 See L</PREPARED DISK IMAGES> below.
264 =item B<--progress-bars>
266 Enable progress bars, even when guestfish is used non-interactively.
268 Progress bars are enabled by default when guestfish is used as an
271 =item B<--no-progress-bars>
273 Disable progress bars.
275 =item B<--remote[=pid]>
277 Send remote commands to C<$GUESTFISH_PID> or C<pid>. See section
278 L</REMOTE CONTROL GUESTFISH OVER A SOCKET> below.
280 =item B<-r> | B<--ro>
282 This changes the I<-a> and I<-m> options so that disks are added and
283 mounts are done read-only (see L<guestfs(3)/guestfs_mount_ro>).
285 The option must always be used if the disk image or virtual machine
286 might be running, and is generally recommended in cases where you
287 don't need write access to the disk.
289 Note that prepared disk images created with I<-N> are not affected by
294 Enable SELinux support for the guest. See L<guestfs(3)/SELINUX>.
296 =item B<-v> | B<--verbose>
298 Enable very verbose messages. This is particularly useful if you find
301 =item B<-V> | B<--version>
303 Display the guestfish / libguestfs version number and exit.
307 Echo each command before executing it.
311 =head1 COMMANDS ON COMMAND LINE
313 Any additional (non-option) arguments are treated as commands to
316 Commands to execute should be separated by a colon (C<:>), where the
317 colon is a separate parameter. Thus:
319 guestfish cmd [args...] : cmd [args...] : cmd [args...] ...
321 If there are no additional arguments, then we enter a shell, either an
322 interactive shell with a prompt (if the input is a terminal) or a
323 non-interactive shell.
325 In either command line mode or non-interactive shell, the first
326 command that gives an error causes the whole shell to exit. In
327 interactive mode (with a prompt) if a command fails, you can continue
330 =head1 USING launch (OR run)
332 As with L<guestfs(3)>, you must first configure your guest by adding
333 disks, then launch it, then mount any disks you need, and finally
334 issue actions/commands. So the general order of the day is:
356 C<run> is a synonym for C<launch>. You must C<launch> (or C<run>)
357 your guest before mounting or performing any other commands.
359 The only exception is that if any of the I<-i>, I<-m>, I<--mount>,
360 I<-N> or I<--new> options were given then C<run> is done
361 automatically, simply because guestfish can't perform the action you
362 asked for without doing this.
366 You can quote ordinary parameters using either single or double
369 add "file with a space.img"
375 A few commands require a list of strings to be passed. For these, use
376 a whitespace-separated list, enclosed in quotes. Strings containing whitespace
377 to be passed through must be enclosed in single quotes. A literal single quote
378 must be escaped with a backslash.
380 vgcreate VG "/dev/sda1 /dev/sdb1"
381 command "/bin/echo 'foo bar'"
382 command "/bin/echo \'foo\'"
384 =head1 OPTIONAL ARGUMENTS
386 Some commands take optional arguments. These arguments appear in this
387 documentation as C<[argname:..]>. You can use them as in these
390 add-drive-opts filename
392 add-drive-opts filename readonly:true
394 add-drive-opts filename format:qcow2 readonly:false
396 Each optional argument can appear at most once. All optional
397 arguments must appear after the required ones.
401 This section applies to all commands which can take integers
406 When the command takes a parameter measured in bytes, you can use one
407 of the following suffixes to specify kilobytes, megabytes and larger
412 =item B<k> or B<K> or B<KiB>
414 The size in kilobytes (multiplied by 1024).
418 The size in SI 1000 byte units.
422 The size in megabytes (multiplied by 1048576).
426 The size in SI 1000000 byte units.
430 The size in gigabytes (multiplied by 2**30).
434 The size in SI 10**9 byte units.
438 The size in terabytes (multiplied by 2**40).
442 The size in SI 10**12 byte units.
446 The size in petabytes (multiplied by 2**50).
450 The size in SI 10**15 byte units.
454 The size in exabytes (multiplied by 2**60).
458 The size in SI 10**18 byte units.
462 The size in zettabytes (multiplied by 2**70).
466 The size in SI 10**21 byte units.
470 The size in yottabytes (multiplied by 2**80).
474 The size in SI 10**24 byte units.
480 truncate-size /file 1G
482 would truncate the file to 1 gigabyte.
484 Be careful because a few commands take sizes in kilobytes or megabytes
485 (eg. the parameter to L</memsize> is specified in megabytes already).
486 Adding a suffix will probably not do what you expect.
488 =head2 OCTAL AND HEXADECIMAL NUMBERS
490 For specifying the radix (base) use the C convention: C<0> to prefix
491 an octal number or C<0x> to prefix a hexadecimal number. For example:
493 1234 decimal number 1234
494 02322 octal number, equivalent to decimal 1234
495 0x4d2 hexadecimal number, equivalent to decimal 1234
497 When using the C<chmod> command, you almost always want to specify an
498 octal number for the mode, and you must prefix it with C<0> (unlike
499 the Unix L<chmod(1)> program):
501 chmod 0777 /public # OK
502 chmod 777 /public # WRONG! This is mode 777 decimal = 01411 octal.
504 Commands that return numbers usually print them in decimal, but
505 some commands print numbers in other radices (eg. C<umask> prints
506 the mode in octal, preceeded by C<0>).
508 =head1 WILDCARDS AND GLOBBING
510 Neither guestfish nor the underlying guestfs API performs
511 wildcard expansion (globbing) by default. So for example the
512 following will not do what you expect:
516 Assuming you don't have a directory called literally C</home/*>
517 then the above command will return an error.
519 To perform wildcard expansion, use the C<glob> command.
523 runs C<rm-rf> on each path that matches (ie. potentially running
524 the command many times), equivalent to:
530 C<glob> only works on simple guest paths and not on device names.
532 If you have several parameters, each containing a wildcard, then glob
533 will perform a Cartesian product.
537 Any line which starts with a I<#> character is treated as a comment
538 and ignored. The I<#> can optionally be preceeded by whitespace,
539 but B<not> by a command. For example:
545 Blank lines are also ignored.
547 =head1 RUNNING COMMANDS LOCALLY
549 Any line which starts with a I<!> character is treated as a command
550 sent to the local shell (C</bin/sh> or whatever L<system(3)> uses).
554 tgz-out /remote local/remote-data.tar.gz
556 will create a directory C<local> on the host, and then export
557 the contents of C</remote> on the mounted filesystem to
558 C<local/remote-data.tar.gz>. (See C<tgz-out>).
560 To change the local directory, use the C<lcd> command. C<!cd> will
561 have no effect, due to the way that subprocesses work in Unix.
565 Use C<command E<lt>spaceE<gt> | command> to pipe the output of the
566 first command (a guestfish command) to the second command (any host
567 command). For example:
569 cat /etc/passwd | awk -F: '$3 == 0 { print }'
571 (where C<cat> is the guestfish cat command, but C<awk> is the host awk
572 program). The above command would list all accounts in the guest
573 filesystem which have UID 0, ie. root accounts including backdoors.
576 hexdump /bin/ls | head
577 list-devices | tail -1
578 tgz-out / - | tar ztf -
580 The space before the pipe symbol is required, any space after the pipe
581 symbol is optional. Everything after the pipe symbol is just passed
582 straight to the host shell, so it can contain redirections, globs and
583 anything else that makes sense on the host side.
585 To use a literal argument which begins with a pipe symbol, you have
590 =head1 HOME DIRECTORIES
592 If a parameter starts with the character C<~> then the tilde may be
593 expanded as a home directory path (either C<~> for the current user's
594 home directory, or C<~user> for another user).
596 Note that home directory expansion happens for users known I<on the
597 host>, not in the guest filesystem.
599 To use a literal argument which begins with a tilde, you have to quote
604 =head1 ENCRYPTED DISKS
606 Libguestfs has some support for Linux guests encrypted according to
607 the Linux Unified Key Setup (LUKS) standard, which includes nearly all
608 whole disk encryption systems used by modern Linux guests. Currently
609 only LVM-on-LUKS is supported.
611 Identify encrypted block devices and partitions using L</vfs-type>:
613 ><fs> vfs-type /dev/sda2
616 Then open those devices using L</luks-open>. This creates a
617 device-mapper device called C</dev/mapper/luksdev>.
619 ><fs> luks-open /dev/sda2 luksdev
620 Enter key or passphrase ("key"): <enter the passphrase>
622 Finally you have to tell LVM to scan for volume groups on
623 the newly created mapper device:
628 The logical volume(s) can now be mounted in the usual way.
630 Before closing a LUKS device you must unmount any logical volumes on
631 it and deactivate the volume groups by calling C<vg-activate false VG>
632 on each one. Then you can close the mapper device:
634 vg-activate false /dev/VG
635 luks-close /dev/mapper/luksdev
639 If a path is prefixed with C<win:> then you can use Windows-style
640 paths (with some limitations). The following commands are equivalent:
642 file /WINDOWS/system32/config/system.LOG
644 file win:/windows/system32/config/system.log
646 file win:\windows\system32\config\system.log
648 file WIN:C:\Windows\SYSTEM32\conFIG\SYSTEM.LOG
650 This syntax implicitly calls C<case-sensitive-path> (q.v.) so it also
651 handles case insensitivity like Windows would. This only works in
652 argument positions that expect a path.
654 =head1 UPLOADING AND DOWNLOADING FILES
656 For commands such as C<upload>, C<download>, C<tar-in>, C<tar-out> and
657 others which upload from or download to a local file, you can use the
658 special filename C<-> to mean "from stdin" or "to stdout". For example:
662 reads stdin and creates from that a file C</foo> in the disk image,
665 tar-out /etc - | tar tf -
667 writes the tarball to stdout and then pipes that into the external
668 "tar" command (see L</PIPES>).
670 When using C<-> to read from stdin, the input is read up to the end of
671 stdin. You can also use a special "heredoc"-like syntax to read up to
672 some arbitrary end marker:
680 Any string of characters can be used instead of C<END>. The end
681 marker must appear on a line of its own, without any preceeding or
682 following characters (not even spaces).
684 Note that the C<-E<lt>E<lt>> syntax only applies to parameters used to
685 upload local files (so-called "FileIn" parameters in the generator).
687 =head1 EXIT ON ERROR BEHAVIOUR
689 By default, guestfish will ignore any errors when in interactive mode
690 (ie. taking commands from a human over a tty), and will exit on the
691 first error in non-interactive mode (scripts, commands given on the
694 If you prefix a command with a I<-> character, then that command will
695 not cause guestfish to exit, even if that (one) command returns an
698 =head1 REMOTE CONTROL GUESTFISH OVER A SOCKET
700 Guestfish can be remote-controlled over a socket. This is useful
701 particularly in shell scripts where you want to make several different
702 changes to a filesystem, but you don't want the overhead of starting
703 up a guestfish process each time.
705 Start a guestfish server process using:
707 eval `guestfish --listen`
709 and then send it commands by doing:
711 guestfish --remote cmd [...]
713 To cause the server to exit, send it the exit command:
715 guestfish --remote exit
717 Note that the server will normally exit if there is an error in a
718 command. You can change this in the usual way. See section
719 L</EXIT ON ERROR BEHAVIOUR>.
721 =head2 CONTROLLING MULTIPLE GUESTFISH PROCESSES
723 The C<eval> statement sets the environment variable C<$GUESTFISH_PID>,
724 which is how the I<--remote> option knows where to send the commands.
725 You can have several guestfish listener processes running using:
727 eval `guestfish --listen`
729 eval `guestfish --listen`
732 guestfish --remote=$pid1 cmd
733 guestfish --remote=$pid2 cmd
735 =head2 REMOTE CONTROL DETAILS
737 Remote control happens over a Unix domain socket called
738 C</tmp/.guestfish-$UID/socket-$PID>, where C<$UID> is the effective
739 user ID of the process, and C<$PID> is the process ID of the server.
741 Guestfish client and server versions must match exactly.
743 =head1 PREPARED DISK IMAGES
745 Use the I<-N type> or I<--new type> parameter to select one of a set
746 of preformatted disk images that guestfish can make for you to save
747 typing. This is particularly useful for testing purposes. This
748 option is used instead of the I<-a> option, and like I<-a> can appear
749 multiple times (and can be mixed with I<-a>).
751 The new disk is called C<test1.img> for the first I<-N>, C<test2.img>
752 for the second and so on. Existing files in the current directory are
755 The type briefly describes how the disk should be sized, partitioned,
756 how filesystem(s) should be created, and how content should be added.
757 Optionally the type can be followed by extra parameters, separated by
758 C<:> (colon) characters. For example, I<-N fs> creates a default
759 100MB, sparsely-allocated disk, containing a single partition, with
760 the partition formatted as ext2. I<-N fs:ext4:1G> is the same, but
761 for an ext4 filesystem on a 1GB disk instead.
763 To list the available types and any extra parameters they take, run:
765 guestfish -N help | less
767 Note that the prepared filesystem is not mounted. You would usually
768 have to use the C<mount /dev/sda1 /> command or add the
769 I<-m /dev/sda1> option.
771 If any I<-N> or I<--new> options are given, the guest is automatically
776 Create a 100MB disk with an ext4-formatted partition:
780 Create a 32MB disk with a VFAT-formatted partition, and mount it:
782 guestfish -N fs:vfat:32M -m /dev/sda1
784 Create a blank 200MB disk:
786 guestfish -N disk:200M
790 Some (not all) long-running commands send progress notification
791 messages as they are running. Guestfish turns these messages into
794 When a command that supports progress bars takes longer than two
795 seconds to run, and if progress bars are enabled, then you will see
796 one appearing below the command:
798 ><fs> copy-size /large-file /another-file 2048M
799 / 10% [#####-----------------------------------------] 00:30
801 The spinner on the left hand side moves round once for every progress
802 notification received from the backend. This is a (reasonably) golden
803 assurance that the command is "doing something" even if the progress
804 bar is not moving, because the command is able to send the progress
805 notifications. When the bar reaches 100% and the command finishes,
806 the spinner disappears.
808 Progress bars are enabled by default when guestfish is used
809 interactively. You can enable them even for non-interactive modes
810 using I<--progress-bars>, and you can disable them completely using
811 I<--no-progress-bars>.
813 =head1 GUESTFISH COMMANDS
815 The commands in this section are guestfish convenience commands, in
816 other words, they are not part of the L<guestfs(3)> API.
823 Without any parameter, this lists all commands. With a C<cmd>
824 parameter, this displays detailed help for a command.
828 This exits guestfish. You can also use C<^D> key.
838 guestfish returns 0 if the commands completed without error, or
839 1 if there was an error.
841 =head1 ENVIRONMENT VARIABLES
847 The C<edit> command uses C<$EDITOR> as the editor. If not
852 Used with the I<--remote> option to specify the remote guestfish
853 process to control. See section
854 L</REMOTE CONTROL GUESTFISH OVER A SOCKET>.
858 The L</hexedit> command uses C<$HEXEDITOR> as the external hex
859 editor. If not specified, the external L<hexedit(1)> program
864 If compiled with GNU readline support, various files in the
865 home directory can be used. See L</FILES>.
867 =item LIBGUESTFS_APPEND
869 Pass additional options to the guest kernel.
871 =item LIBGUESTFS_DEBUG
873 Set C<LIBGUESTFS_DEBUG=1> to enable verbose messages. This has the
874 same effect as using the B<-v> option.
876 =item LIBGUESTFS_MEMSIZE
878 Set the memory allocated to the qemu process, in megabytes. For
881 LIBGUESTFS_MEMSIZE=700
883 =item LIBGUESTFS_PATH
885 Set the path that guestfish uses to search for kernel and initrd.img.
886 See the discussion of paths in L<guestfs(3)>.
888 =item LIBGUESTFS_QEMU
890 Set the default qemu binary that libguestfs uses. If not set, then
891 the qemu which was found at compile time by the configure script is
894 =item LIBGUESTFS_TRACE
896 Set C<LIBGUESTFS_TRACE=1> to enable command traces.
900 The C<more> command uses C<$PAGER> as the pager. If not
901 set, it uses C<more>.
905 Location of temporary directory, defaults to C</tmp>.
907 If libguestfs was compiled to use the supermin appliance then the
908 real appliance is cached in this directory, shared between all
909 handles belonging to the same EUID. You can use C<$TMPDIR> to
910 configure another directory to use in case C</tmp> is not large
919 =item $HOME/.guestfish
921 If compiled with GNU readline support, then the command history
922 is saved in this file.
928 If compiled with GNU readline support, then these files can be used to
929 configure readline. For further information, please see
930 L<readline(3)/INITIALIZATION FILE>.
932 To write rules which only apply to guestfish, use:
938 Variables that you can set in inputrc that change the behaviour
939 of guestfish in useful ways include:
943 =item completion-ignore-case (default: on)
945 By default, guestfish will ignore case when tab-completing
946 paths on the disk. Use:
948 set completion-ignore-case off
950 to make guestfish case sensitive.
956 =item test2.img (etc)
958 When using the C<-N> or C<--new> option, the prepared disk or
959 filesystem will be created in the file C<test1.img> in the current
960 directory. The second use of C<-N> will use C<test2.img> and so on.
961 Any existing file with the same name will be overwritten.
968 L<http://libguestfs.org/>,
972 L<virt-list-filesystems(1)>,
973 L<virt-list-partitions(1)>,
984 Richard W.M. Jones (C<rjones at redhat dot com>)
988 Copyright (C) 2009-2010 Red Hat Inc.
989 L<http://libguestfs.org/>
991 This program is free software; you can redistribute it and/or modify
992 it under the terms of the GNU General Public License as published by
993 the Free Software Foundation; either version 2 of the License, or
994 (at your option) any later version.
996 This program is distributed in the hope that it will be useful,
997 but WITHOUT ANY WARRANTY; without even the implied warranty of
998 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
999 GNU General Public License for more details.
1001 You should have received a copy of the GNU General Public License
1002 along with this program; if not, write to the Free Software
1003 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.