1virt-sysprep(1) Virtualization Support virt-sysprep(1)
2
3
4
6 virt-sysprep - Reset, unconfigure or customize a virtual machine so
7 clones can be made
8
10 virt-sysprep [--options] -d domname
11
12 virt-sysprep [--options] -a disk.img [-a disk.img ...]
13
15 Virt-sysprep can reset or unconfigure a virtual machine so that clones
16 can be made from it. Steps in this process include removing SSH host
17 keys, removing persistent network MAC configuration, and removing user
18 accounts. Virt-sysprep can also customize a virtual machine, for
19 instance by adding SSH keys, users or logos. Each step can be enabled
20 or disabled as required.
21
22 Virt-sysprep modifies the guest or disk image in place. The guest must
23 be shut down. If you want to preserve the existing contents of the
24 guest, you must snapshot, copy or clone the disk first. See "COPYING
25 AND CLONING" below.
26
27 You do not need to run virt-sysprep as root. In fact we'd generally
28 recommend that you don't. The time you might want to run it as root is
29 when you need root in order to access the disk image, but even in this
30 case it would be better to change the permissions on the disk image to
31 be writable as the non-root user running virt-sysprep.
32
33 "Sysprep" stands for "system preparation" tool. The name comes from
34 the Microsoft program "sysprep.exe" which is used to unconfigure
35 Windows machines in preparation for cloning them. Having said that,
36 virt-sysprep does not currently work on Microsoft Windows guests. We
37 plan to support Windows sysprepping in a future version, and we already
38 have code to do it.
39
41 --help
42 Display brief help.
43
44 -a file
45 --add file
46 Add file which should be a disk image from a virtual machine.
47
48 The format of the disk image is auto-detected. To override this
49 and force a particular format use the --format option.
50
51 -c URI
52 --connect URI
53 If using libvirt, connect to the given URI. If omitted, then we
54 connect to the default libvirt hypervisor.
55
56 If you specify guest block devices directly (-a), then libvirt is
57 not used at all.
58
59 -d guest
60 --domain guest
61 Add all the disks from the named libvirt guest. Domain UUIDs can
62 be used instead of names.
63
64 -n
65 --dry-run
66 Perform a read-only "dry run" on the guest. This runs the sysprep
67 operation, but throws away any changes to the disk at the end.
68
69 --enable operations
70 Choose which sysprep operations to perform. Give a comma-separated
71 list of operations, for example:
72
73 --enable ssh-hostkeys,udev-persistent-net
74
75 would enable ONLY "ssh-hostkeys" and "udev-persistent-net"
76 operations.
77
78 If the --enable option is not given, then we default to trying most
79 sysprep operations (see --list-operations to show which are
80 enabled).
81
82 Regardless of the --enable option, sysprep operations are skipped
83 for some guest types.
84
85 Use --list-operations to list operations supported by a particular
86 version of virt-sysprep.
87
88 See "OPERATIONS" below for a list and an explanation of each
89 operation.
90
91 --format raw|qcow2|..
92 --format auto
93 The default for the -a option is to auto-detect the format of the
94 disk image. Using this forces the disk format for -a options which
95 follow on the command line. Using --format auto switches back to
96 auto-detection for subsequent -a options.
97
98 For example:
99
100 virt-sysprep --format raw -a disk.img
101
102 forces raw format (no auto-detection) for "disk.img".
103
104 virt-sysprep --format raw -a disk.img --format auto -a another.img
105
106 forces raw format (no auto-detection) for "disk.img" and reverts to
107 auto-detection for "another.img".
108
109 If you have untrusted raw-format guest disk images, you should use
110 this option to specify the disk format. This avoids a possible
111 security problem with malicious guests (CVE-2010-3851).
112
113 --list-operations
114 List the operations supported by the virt-sysprep program.
115
116 These are listed one per line, with one or more single-space-
117 separated fields, eg:
118
119 $ virt-sysprep --list-operations
120 bash-history * Remove the bash history in the guest
121 cron-spool * Remove user at-jobs and cron-jobs
122 dhcp-client-state * Remove DHCP client leases
123 dhcp-server-state * Remove DHCP server leases
124 [etc]
125
126 The first field is the operation name, which can be supplied to
127 --enable. The second field is a "*" character if the operation is
128 enabled by default or blank if not. Subsequent fields on the same
129 line are the description of the operation.
130
131 Before libguestfs 1.17.33 only the first (operation name) field was
132 shown and all operations were enabled by default.
133
134 -q
135 --quiet
136 Don't print log messages.
137
138 To enable detailed logging of individual file operations, use -x.
139
140 --selinux-relabel
141 --no-selinux-relabel
142 --selinux-relabel forces SELinux relabelling next time the guest
143 boots. --no-selinux-relabel disables relabelling.
144
145 The default is to try to detect if SELinux relabelling is required.
146 See "SELINUX RELABELLING" below for more details.
147
148 -v
149 --verbose
150 Enable verbose messages for debugging.
151
152 -V
153 --version
154 Display version number and exit.
155
156 -x Enable tracing of libguestfs API calls.
157
158 --delete PATHNAME (see "delete" below)
159 Delete (recursively) the specified "PATHNAME" in the guest.
160
161 --firstboot SCRIPT (see "firstboot" below)
162 Run script(s) once next time the guest boots. You can supply the
163 --firstboot option as many times as needed.
164
165 --hostname HOSTNAME (see "hostname" below)
166 Change the hostname. If not given, defaults to
167 "localhost.localdomain".
168
169 --password USERNAME:SELECTOR (see "password" below)
170 Set a user password. The user must exist already (this option does
171 not create users).
172
173 The --password option takes "USERNAME:SELECTOR". The
174 --root-password option takes just the "SELECTOR". The format of
175 the "SELECTOR" is described below:
176
177 --password USERNAME:file:FILENAME
178 --root-password file:FILENAME
179 Read the password from "FILENAME". The whole first line of
180 this file is the replacement password. Any other lines are
181 ignored. You should create the file with mode 0600 to ensure
182 no one else can read it.
183
184 --password USERNAME:password:PASSWORD
185 --root-password password:PASSWORD
186 Set the password to the literal string "PASSWORD".
187
188 Note: this is not secure since any user on the same machine can
189 see the cleartext password using ps(1).
190
191 --password USERNAME:random
192 --root-password random
193 Choose a random password, which is printed on stdout. The
194 password has approximately 120 bits of randomness.
195
196 --password USERNAME:disabled
197 --root-password disabled
198 The account password is disabled. This is like putting "*" in
199 the password field.
200
201 --password USERNAME:locked:file:FILENAME
202 --password USERNAME:locked:password:PASSWORD
203 --password USERNAME:locked:random
204 --root-password locked:file:FILENAME
205 --root-password locked:password:PASSWORD
206 --root-password locked:random
207 The account is locked, but a password is placed on the account.
208 If first unlocked (using "passwd -u") then logins will use the
209 given password.
210
211 --password USERNAME:locked
212 --password USERNAME:locked:disabled
213 --root-password locked
214 --root-password locked:disabled
215 The account is locked and password is disabled.
216
217 --password-crypto md5|sha256|sha512 (see "password" below)
218 Set the password encryption to "md5", "sha256" or "sha512".
219
220 "sha256" and "sha512" require glibc ≥ 2.7 (check crypt(3) inside
221 the guest).
222
223 "md5" will work with relatively old Linux guests (eg. RHEL 3), but
224 is not secure against modern attacks.
225
226 The default is "sha512" unless libguestfs detects an old guest that
227 didn't have support for SHA-512, in which case it will use "md5".
228 You can override libguestfs by specifying this option.
229
230 --root-password SELECTOR (see "password" below)
231 Set the root password. See --password above for the format of
232 "SELECTOR".
233
234 --script SCRIPT (see "script" below)
235 Run the named "SCRIPT" (a shell script or program) against the
236 guest. The script can be any program on the host. The script's
237 current directory will be the guest's root directory.
238
239 Note: If the script is not on the $PATH, then you must give the
240 full absolute path to the script.
241
242 --scriptdir SCRIPTDIR (see "script" below)
243 The mount point (an empty directory on the host) used when the
244 "script" operation is enabled and one or more scripts are specified
245 using --script parameter(s).
246
247 Note: "SCRIPTDIR" must be an absolute path.
248
249 If --scriptdir is not specified then a temporary mountpoint will be
250 created.
251
253 If the --enable option is not given, then most sysprep operations are
254 enabled.
255
256 Use "virt-sysprep --list-operations" to list all operations for your
257 virt-sysprep binary. The ones which are enabled by default are marked
258 with a "*" character. Regardless of the --enable option, sysprep
259 operations are skipped for some guest types.
260
261 Operations can be individually enabled using the --enable option. Use
262 a comma-separated list, for example:
263
264 virt-sysprep --enable=ssh-hostkeys,udev-persistent-net [etc..]
265
266 Future versions of virt-sysprep may add more operations. If you are
267 using virt-sysprep and want predictable behaviour, specify only the
268 operations that you want to have enabled.
269
270 "*" = enabled by default when no --enable option is given.
271
272 abrt-data *
273 Remove the crash data generated by ABRT.
274
275 Remove the automatically generated ABRT crash data in
276 "/var/spool/abrt/".
277
278 bash-history *
279 Remove the bash history in the guest.
280
281 Remove the bash history of user "root" and any other users who have a
282 ".bash_history" file in their home directory.
283
284 Notes on bash-history
285
286 Currently this only looks in "/root" and "/home/*" for home
287 directories, so users with home directories in other locations won't
288 have the bash history removed.
289
290 blkid-tab *
291 Remove blkid tab in the guest.
292
293 ca-certificates
294 Remove CA certificates in the guest.
295
296 crash-data *
297 Remove the crash data generated by kexec-tools.
298
299 Remove the automatically generated kdump kernel crash data.
300
301 cron-spool *
302 Remove user at-jobs and cron-jobs.
303
304 delete *
305 Delete specified files or directories.
306
307 Delete specified files or directories.
308
309 Use the --delete option to specify a path to remove.
310
311 You can use shell glob characters in the specified path; note that such
312 metacharacters might require proper escape. For example:
313
314 virt-sysprep --delete '/var/log/*.log'.
315
316 dhcp-client-state *
317 Remove DHCP client leases.
318
319 dhcp-server-state *
320 Remove DHCP server leases.
321
322 dovecot-data *
323 Remove Dovecot (mail server) data.
324
325 firewall-rules
326 Remove the firewall rules.
327
328 This removes custom firewall rules by removing
329 "/etc/sysconfig/iptables" or custom firewalld configuration in
330 "/etc/firewalld/*/*".
331
332 Note this is not enabled by default since it may expose guests to
333 exploits. Use with care.
334
335 firstboot *
336 Add scripts to run once at next boot.
337
338 Supply one of more shell scripts (using the --firstboot option).
339
340 These are run the first time the guest boots, and then are deleted. So
341 these are useful for performing last minute configuration that must run
342 in the context of the guest operating system, for example "yum update".
343
344 Output or errors from the scripts are written to
345 "~root/virt-sysprep-firstboot.log" (in the guest).
346
347 Notes on firstboot
348
349 Currently this is only implemented for Linux guests using either
350 SysVinit-style scripts, Upstart or systemd.
351
352 flag-reconfiguration
353 Flag the system for reconfiguration.
354
355 Note that this may require user intervention when the guest is booted.
356
357 hostname *
358 Change the hostname of the guest.
359
360 This operation changes the hostname of the guest to the value given in
361 the --hostname parameter.
362
363 If the --hostname parameter is not given, then the hostname is changed
364 to "localhost.localdomain".
365
366 Notes on hostname
367
368 Currently this can only set the hostname on Linux guests.
369
370 kerberos-data
371 Remove Kerberos data in the guest.
372
373 logfiles *
374 Remove many log files from the guest.
375
376 On Linux the following files are removed:
377
378 /root/anaconda-ks.cfg
379 /root/install.log
380 /root/install.log.syslog
381 /var/cache/fontconfig/*
382 /var/cache/gdm/*
383 /var/cache/man/*
384 /var/lib/AccountService/users/*
385 /var/lib/fprint/*
386 /var/lib/logrotate.status
387 /var/log/*.log*
388 /var/log/BackupPC/LOG
389 /var/log/apache2/*_log
390 /var/log/apache2/*_log-*
391 /var/log/audit/*
392 /var/log/btmp*
393 /var/log/ceph/*.log
394 /var/log/chrony/*.log
395 /var/log/cron*
396 /var/log/cups/*_log
397 /var/log/dmesg*
398 /var/log/gdm/*
399 /var/log/glusterfs/*glusterd.vol.log
400 /var/log/glusterfs/glusterfs.log
401 /var/log/httpd/*log
402 /var/log/jetty/jetty-console.log
403 /var/log/lastlog*
404 /var/log/libvirt/libvirtd.log
405 /var/log/libvirt/lxc/*.log
406 /var/log/libvirt/qemu/*.log
407 /var/log/libvirt/uml/*.log
408 /var/log/mail/*
409 /var/log/maillog*
410 /var/log/messages*
411 /var/log/ntp
412 /var/log/ntpstats/*
413 /var/log/ppp/connect-errors
414 /var/log/sa/*
415 /var/log/secure*
416 /var/log/setroubleshoot/*.log
417 /var/log/spooler*
418 /var/log/squid/*.log
419 /var/log/tallylog*
420 /var/log/wtmp*
421 /var/named/data/named.run
422
423 lvm-uuids *
424 Change LVM2 PV and VG UUIDs.
425
426 On Linux guests that have LVM2 physical volumes (PVs) or volume groups
427 (VGs), new random UUIDs are generated and assigned to those PVs and
428 VGs.
429
430 machine-id *
431 Remove the local machine ID.
432
433 The machine ID is usually generated from a random source during system
434 installation and stays constant for all subsequent boots. Optionally,
435 for stateless systems it is generated during runtime at boot if it is
436 found to be empty.
437
438 mail-spool *
439 Remove email from the local mail spool directory.
440
441 net-hostname *
442 Remove HOSTNAME in network interface configuration.
443
444 For Fedora and Red Hat Enterprise Linux, this is removed from "ifcfg-*"
445 files.
446
447 net-hwaddr *
448 Remove HWADDR (hard-coded MAC address) configuration.
449
450 For Fedora and Red Hat Enterprise Linux, this is removed from "ifcfg-*"
451 files.
452
453 pacct-log *
454 Remove the process accounting log files.
455
456 The system wide process accounting will store to the pacct log files if
457 the process accounting is on.
458
459 package-manager-cache *
460 Remove package manager cache.
461
462 pam-data *
463 Remove the PAM data in the guest.
464
465 password *
466 Set root or user password.
467
468 Set root or another user's password.
469
470 Use the --root-password option to specify a replacement root password
471 for the guest. You can only use this option once.
472
473 Use the --password option to specify replacement user password(s). You
474 can use this option as many times as you want.
475
476 Use --password-crypto to change the password encryption used.
477
478 See "OPTIONS" above for details of these options.
479
480 This operation is enabled by default, but it only does something if
481 there is at least one --root-password or --password argument given.
482
483 Notes on password
484
485 Currently this only works for glibc-based Linux guests that use shadow
486 passwords.
487
488 puppet-data-log *
489 Remove the data and log files of puppet.
490
491 random-seed *
492 Generate random seed for guest.
493
494 Write some random bytes from the host into the random seed file of the
495 guest.
496
497 See "RANDOM SEED" below.
498
499 rhn-systemid *
500 Remove the RHN system ID.
501
502 rpm-db *
503 Remove host-specific RPM database files.
504
505 Remove host-specific RPM database files and locks. RPM will recreate
506 these files automatically if needed.
507
508 samba-db-log *
509 Remove the database and log files of Samba.
510
511 script *
512 Run arbitrary scripts against the guest.
513
514 The "script" module lets you run arbitrary shell scripts or programs
515 against the guest.
516
517 Note this feature requires FUSE support. You may have to enable this
518 in your host, for example by adding the current user to the "fuse"
519 group, or by loading a kernel module.
520
521 Use one or more --script parameters to specify scripts or programs that
522 will be run against the guest.
523
524 The script or program is run with its current directory being the
525 guest's root directory, so relative paths should be used. For example:
526 "rm etc/resolv.conf" in the script would remove a Linux guest's DNS
527 configuration file, but "rm /etc/resolv.conf" would (try to) remove the
528 host's file.
529
530 Normally a temporary mount point for the guest is used, but you can
531 choose a specific one by using the --scriptdir parameter.
532
533 Note: This is different from --firstboot scripts (which run in the
534 context of the guest when it is booting first time). --script scripts
535 run on the host, not in the guest.
536
537 smolt-uuid *
538 Remove the Smolt hardware UUID.
539
540 ssh-hostkeys *
541 Remove the SSH host keys in the guest.
542
543 The SSH host keys are regenerated (differently) next time the guest is
544 booted.
545
546 If, after cloning, the guest gets the same IP address, ssh will give
547 you a stark warning about the host key changing:
548
549 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
550 @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
551 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
552 IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
553
554 ssh-userdir *
555 Remove ".ssh" directories in the guest.
556
557 Remove the ".ssh" directory of user "root" and any other users who have
558 a ".ssh" directory in their home directory.
559
560 Notes on ssh-userdir
561
562 Currently this only looks in "/root" and "/home/*" for home
563 directories, so users with home directories in other locations won't
564 have the ssh files removed.
565
566 sssd-db-log *
567 Remove the database and log files of sssd.
568
569 tmp-files *
570 Remove temporary files.
571
572 This removes temporary files under "/tmp" and "/var/tmp".
573
574 udev-persistent-net *
575 Remove udev persistent net rules.
576
577 Remove udev persistent net rules which map the guest's existing MAC
578 address to a fixed ethernet device (eg. eth0).
579
580 After a guest is cloned, the MAC address usually changes. Since the
581 old MAC address occupies the old name (eg. eth0), this means the fresh
582 MAC address is assigned to a new name (eg. eth1) and this is usually
583 undesirable. Erasing the udev persistent net rules avoids this.
584
585 user-account
586 Remove the user accounts in the guest.
587
588 Remove all the user accounts and their home directories. The "root"
589 account is not removed.
590
591 utmp *
592 Remove the utmp file.
593
594 This file records who is currently logged in on a machine. In modern
595 Linux distros it is stored in a ramdisk and hence not part of the
596 virtual machine's disk, but it was stored on disk in older distros.
597
598 yum-uuid *
599 Remove the yum UUID.
600
601 Yum creates a fresh UUID the next time it runs when it notices that the
602 original UUID has been erased.
603
605 Virt-sysprep can be used as part of a process of cloning guests, or to
606 prepare a template from which guests can be cloned. There are many
607 different ways to achieve this using the virt tools, and this section
608 is just an introduction.
609
610 A virtual machine (when switched off) consists of two parts:
611
612 configuration
613 The configuration or description of the guest. eg. The libvirt XML
614 (see "virsh dumpxml"), the running configuration of the guest, or
615 another external format like OVF.
616
617 Some configuration items that might need to be changed:
618
619 · name
620
621 · UUID
622
623 · path to block device(s)
624
625 · network card MAC address
626
627 block device(s)
628 One or more hard disk images, themselves containing files,
629 directories, applications, kernels, configuration, etc.
630
631 Some things inside the block devices that might need to be changed:
632
633 · hostname and other net configuration
634
635 · UUID
636
637 · SSH host keys
638
639 · Windows unique security ID (SID)
640
641 · Puppet registration
642
643 COPYING THE BLOCK DEVICE
644 Starting with an original guest, you probably wish to copy the guest
645 block device and its configuration to make a template. Then once you
646 are happy with the template, you will want to make many clones from it.
647
648 virt-sysprep
649 |
650 v
651 original guest --------> template ---------->
652 \------> cloned
653 \-----> guests
654 \---->
655
656 You can, of course, just copy the block device on the host using cp(1)
657 or dd(1).
658
659 dd dd
660 original guest --------> template ---------->
661 \------> cloned
662 \-----> guests
663 \---->
664
665 There are some smarter (and faster) ways too:
666
667 snapshot
668 template ---------->
669 \------> cloned
670 \-----> guests
671 \---->
672
673 You may want to run virt-sysprep twice, once to reset the guest (to
674 make a template) and a second time to customize the guest for a
675 specific user:
676
677 virt-sysprep virt-sysprep
678 (reset) (add user, keys, logos)
679 | |
680 dd v dd v
681 original guest ----> template ---------> copied ------> custom
682 template guest
683
684 · Create a snapshot using qemu-img:
685
686 qemu-img create -f qcow2 -o backing_file=original snapshot.qcow
687
688 The advantage is that you don't need to copy the original (very
689 fast) and only changes are stored (less storage required).
690
691 Note that writing to the backing file once you have created guests
692 on top of it is not possible: you will corrupt the guests.
693
694 · Create a snapshot using "lvcreate --snapshot".
695
696 · Other ways to create snapshots include using filesystems-level
697 tools (for filesystems such as btrfs).
698
699 Most Network Attached Storage (NAS) devices can also create cheap
700 snapshots from files or LUNs.
701
702 · Get your NAS to duplicate the LUN. Most NAS devices can also
703 duplicate LUNs very cheaply (they copy them on-demand in the
704 background).
705
706 · Prepare your template using virt-sparsify(1). See below.
707
708 VIRT-CLONE
709 A separate tool, virt-clone(1), can be used to duplicate the block
710 device and/or modify the external libvirt configuration of a guest. It
711 will reset the name, UUID and MAC address of the guest in the libvirt
712 XML.
713
714 virt-clone(1) does not use libguestfs and cannot look inside the disk
715 image. This was the original motivation to write virt-sysprep.
716
717 SPARSIFY
718 virt-sparsify
719 original guest --------> template
720
721 virt-sparsify(1) can be used to make the cloning template smaller,
722 making it easier to compress and/or faster to copy.
723
724 Notice that since virt-sparsify also copies the image, you can use it
725 to make the initial copy (instead of "dd").
726
727 RESIZE
728 virt-resize
729 template ---------->
730 \------> cloned
731 \-----> guests
732 \---->
733
734 If you want to give people cloned guests, but let them pick the size of
735 the guest themselves (eg. depending on how much they are prepared to
736 pay for disk space), then instead of copying the template, you can run
737 virt-resize(1). Virt-resize performs a copy and resize, and thus is
738 ideal for cloning guests from a template.
739
741 The two options --firstboot and --script both supply shell scripts that
742 are run against the guest. However these two options are significantly
743 different.
744
745 --firstboot script uploads the file "script" into the guest and
746 arranges that it will run, in the guest, when the guest is next booted.
747 (The script will only run once, at the "first boot").
748
749 --script script runs the shell "script" on the host, with its current
750 directory inside the guest filesystem.
751
752 If you needed, for example, to "yum install" new packages, then you
753 must not use --script for this, since that would (a) run the "yum"
754 command on the host and (b) wouldn't have access to the same resources
755 (repositories, keys, etc.) as the guest. Any command that needs to run
756 on the guest must be run via --firstboot.
757
758 On the other hand if you need to make adjustments to the guest
759 filesystem (eg. copying in files), then --script is ideal since (a) it
760 has access to the host filesystem and (b) you will get immediate
761 feedback on errors.
762
763 Either or both options can be used multiple times on the command line.
764
766 Although virt-sysprep removes some sensitive information from the
767 guest, it does not pretend to remove all of it. You should examine the
768 "OPERATIONS" above and the guest afterwards.
769
770 Sensitive files are simply removed. The data they contained may still
771 exist on the disk, easily recovered with a hex editor or undelete tool.
772 Use virt-sparsify(1) as one way to remove this content. See also the
773 scrub(1) command to get rid of deleted content in directory entries and
774 inodes.
775
776 RANDOM SEED
777 (This section applies to Linux guests only)
778
779 The virt-sysprep "random-seed" operation writes a few bytes of
780 randomness from the host into the guest's random seed file.
781
782 If this is just done once and the guest is cloned from the same
783 template, then each guest will start with the same entropy, and things
784 like SSH host keys and TCP sequence numbers may be predictable.
785
786 Therefore you should arrange to add more randomness after cloning from
787 a template too, which can be done by just enabling the "random-seed"
788 operation:
789
790 cp template.img newguest.img
791 virt-sysprep --enable random-seed -a newguest.img
792
793 SELINUX RELABELLING
794 (This section applies to Linux guests using SELinux only)
795
796 If any new files are created by virt-sysprep, then virt-sysprep touches
797 "/.autorelabel" so that these will be correctly labelled by SELinux the
798 next time the guest is booted. This process interrupts boot and can
799 take some time.
800
801 You can force relabelling for all guests by supplying the
802 --selinux-relabel option.
803
804 You can disable relabelling entirely by supplying the
805 --no-selinux-relabel option.
806
807 Please note that if your guest uses SELinux, and you are doing
808 operations on it which might create new files or change existing ones,
809 you are recommended to use --selinux-relabel. This will help in making
810 sure that files have the right SELinux labels.
811
813 Windows 8 "fast startup" can prevent virt-sysprep from working. See
814 "WINDOWS HIBERNATION AND WINDOWS 8 FAST STARTUP" in guestfs(3).
815
817 Libvirt guest names can contain arbitrary characters, some of which
818 have meaning to the shell such as "#" and space. You may need to quote
819 or escape these characters on the command line. See the shell manual
820 page sh(1) for details.
821
823 This program returns 0 on success, or 1 if there was an error.
824
826 guestfs(3), guestfish(1), virt-clone(1), virt-rescue(1),
827 virt-resize(1), virt-sparsify(1), virsh(1), lvcreate(8), qemu-img(1),
828 scrub(1), http://libguestfs.org/, http://libvirt.org/.
829
831 Richard W.M. Jones http://people.redhat.com/~rjones/
832
833 Wanlong Gao, Fujitsu Ltd.
834
836 Copyright (C) 2011-2012 Red Hat Inc.
837
838 Copyright (C) 2012 Fujitsu Ltd.
839
841 This program is free software; you can redistribute it and/or modify it
842 under the terms of the GNU General Public License as published by the
843 Free Software Foundation; either version 2 of the License, or (at your
844 option) any later version.
845
846 This program is distributed in the hope that it will be useful, but
847 WITHOUT ANY WARRANTY; without even the implied warranty of
848 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
849 General Public License for more details.
850
851 You should have received a copy of the GNU General Public License along
852 with this program; if not, write to the Free Software Foundation, Inc.,
853 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
854
856 To get a list of bugs against libguestfs, use this link:
857 https://bugzilla.redhat.com/buglist.cgi?component=libguestfs&product=Virtualization+Tools
858
859 To report a new bug against libguestfs, use this link:
860 https://bugzilla.redhat.com/enter_bug.cgi?component=libguestfs&product=Virtualization+Tools
861
862 When reporting a bug, please supply:
863
864 · The version of libguestfs.
865
866 · Where you got libguestfs (eg. which Linux distro, compiled from
867 source, etc)
868
869 · Describe the bug accurately and give a way to reproduce it.
870
871 · Run libguestfs-test-tool(1) and paste the complete, unedited output
872 into the bug report.
873
874
875
876libguestfs-1.20.11 2013-08-27 virt-sysprep(1)