1guestmount(1) Virtualization Support guestmount(1)
2
3
4
6 guestmount - Mount a guest filesystem on the host using FUSE and
7 libguestfs
8
10 guestmount [--options] -a disk.img -m device [--ro] mountpoint
11
12 guestmount [--options] -a disk.img -i [--ro] mountpoint
13
14 guestmount [--options] -d Guest -i [--ro] mountpoint
15
17 Using "guestmount" in write mode on live virtual machines, or
18 concurrently with other disk editing tools, can be dangerous,
19 potentially causing disk corruption. The virtual machine must be shut
20 down before you use this command, and disk images must not be edited
21 concurrently.
22
23 Use the --ro (read-only) option to use "guestmount" safely if the disk
24 image or virtual machine might be live. You may see strange or
25 inconsistent results if running concurrently with other changes, but
26 with this option you won't risk disk corruption.
27
29 The guestmount program can be used to mount virtual machine filesystems
30 and other disk images on the host. It uses libguestfs for access to
31 the guest filesystem, and FUSE (the "filesystem in userspace") to make
32 it appear as a mountable device.
33
34 Along with other options, you have to give at least one device (-a
35 option) or libvirt domain (-d option), and at least one mountpoint (-m
36 option) or use the -i inspection option or the --live option. How this
37 works is better explained in the guestfish(1) manual page, or by
38 looking at the examples below.
39
40 FUSE lets you mount filesystems as non-root. The mountpoint must be
41 owned by you. The filesystem will not be visible to any other users
42 unless you make configuration changes, see "NOTES" below.
43
44 To unmount the filesystem, use the guestunmount(1) command.
45
47 For a typical Windows guest which has its main filesystem on the first
48 partition:
49
50 guestmount -a windows.img -m /dev/sda1 --ro /mnt
51
52 For a typical Linux guest which has a /boot filesystem on the first
53 partition, and the root filesystem on a logical volume:
54
55 guestmount -a linux.img -m /dev/VG/LV -m /dev/sda1:/boot --ro /mnt
56
57 To get libguestfs to detect guest mountpoints for you:
58
59 guestmount -a guest.img -i --ro /mnt
60
61 For a libvirt guest called "Guest" you could do:
62
63 guestmount -d Guest -i --ro /mnt
64
65 If you don’t know what filesystems are contained in a guest or disk
66 image, use virt-filesystems(1) first:
67
68 virt-filesystems -d MyGuest
69
70 If you want to trace the libguestfs calls but without excessive
71 debugging information, we recommend:
72
73 guestmount [...] --trace /mnt
74
75 If you want to debug the program, we recommend:
76
77 guestmount [...] --trace --verbose /mnt
78
79 To unmount the filesystem after using it:
80
81 guestunmount /mnt
82
84 Other users cannot see the filesystem by default
85 If you mount a filesystem as one user (eg. root), then other users will
86 not be able to see it by default. The fix is to add the FUSE
87 "allow_other" option when mounting:
88
89 sudo guestmount [...] -o allow_other /mnt
90
91 and to enable this option in /etc/fuse.conf.
92
93 Enabling FUSE
94 On some distros, you may need to add yourself to a special group (eg.
95 "fuse") before you can use any FUSE filesystem. This is necessary on
96 Debian and derivatives.
97
98 On other distros, no special group is required. It is not necessary on
99 Fedora or Red Hat Enterprise Linux.
100
101 fusermount error: "Device or resource busy"
102 You can see this error when another process on the system jumps into
103 the mountpoint you have just created, holding it open and preventing
104 you from unmounting it. The usual culprits are various GUI "indexing"
105 programs.
106
107 The popular workaround for this problem is to retry the "fusermount -u"
108 command a few times until it works (guestunmount(1) does this for you).
109 Unfortunately this isn't a reliable fix if (for example) the mounted
110 filesystem is particularly large and the intruding program particularly
111 persistent.
112
113 A proper fix is to use a private mountpoint by creating a new mount
114 namespace using the Linux-specific clone(2)/unshare(2) flag
115 "CLONE_NEWNS". Unfortunately at the moment this requires root and we
116 would also probably need to add it as a feature to guestmount.
117
118 Race conditions possible when shutting down the connection
119 When guestunmount(1)/fusermount(1) exits, guestmount may still be
120 running and cleaning up the mountpoint. The disk image will not be
121 fully finalized.
122
123 This means that scripts like the following have a nasty race condition:
124
125 guestmount -a disk.img -i /mnt
126 # copy things into /mnt
127 guestunmount /mnt
128 # immediately try to use 'disk.img' ** UNSAFE **
129
130 The solution is to use the --pid-file option to write the guestmount
131 PID to a file, then after guestunmount spin waiting for this PID to
132 exit.
133
134 guestmount -a disk.img -i --pid-file guestmount.pid /mnt
135
136 # ...
137 # ...
138
139 # Save the PID of guestmount *before* calling guestunmount.
140 pid="$(cat guestmount.pid)"
141
142 # Unmount the filesystem.
143 guestunmount /mnt
144
145 timeout=10
146
147 count=$timeout
148 while kill -0 "$pid" 2>/dev/null && [ $count -gt 0 ]; do
149 sleep 1
150 ((count--))
151 done
152 if [ $count -eq 0 ]; then
153 echo "$0: wait for guestmount to exit failed after $timeout seconds"
154 exit 1
155 fi
156
157 # Now it is safe to use the disk image.
158
159 Note that if you use the "guestfs_mount_local" API directly (see "MOUNT
160 LOCAL" in guestfs(3)) then it is much easier to write a safe, race-free
161 program.
162
164 -a IMAGE
165 --add IMAGE
166 Add a block device or virtual machine image.
167
168 The format of the disk image is auto-detected. To override this
169 and force a particular format use the --format=.. option.
170
171 -a URI
172 --add URI
173 Add a remote disk. See "ADDING REMOTE STORAGE" in guestfish(1).
174
175 --blocksize=512
176 --blocksize=4096
177 --blocksize
178 This parameter sets the sector size of the disk image. It affects
179 all explicitly added subsequent disks after this parameter. Using
180 --blocksize with no argument switches the disk sector size to the
181 default value which is usually 512 bytes. See also
182 "guestfs_add_drive_opts" in guestfs(3).
183
184 -c URI
185 --connect URI
186 When used in conjunction with the -d option, this specifies the
187 libvirt URI to use. The default is to use the default libvirt
188 connection.
189
190 -d LIBVIRT-DOMAIN
191 --domain LIBVIRT-DOMAIN
192 Add disks from the named libvirt domain. If the --ro option is
193 also used, then any libvirt domain can be used. However in write
194 mode, only libvirt domains which are shut down can be named here.
195
196 Domain UUIDs can be used instead of names.
197
198 --dir-cache-timeout N
199 Set the readdir cache timeout to N seconds, the default being 60
200 seconds. The readdir cache [actually, there are several semi-
201 independent caches] is populated after a readdir(2) call with the
202 stat and extended attributes of the files in the directory, in
203 anticipation that they will be requested soon after.
204
205 There is also a different attribute cache implemented by FUSE (see
206 the FUSE option -o attr_timeout), but the FUSE cache does not
207 anticipate future requests, only cache existing ones.
208
209 --echo-keys
210 When prompting for keys and passphrases, guestfish normally turns
211 echoing off so you cannot see what you are typing. If you are not
212 worried about Tempest attacks and there is no one else in the room
213 you can specify this flag to see what you are typing.
214
215 --fd=FD
216 Specify a pipe or eventfd file descriptor. When the mountpoint is
217 ready to be used, guestmount writes a single byte to this file
218 descriptor. This can be used in conjunction with --no-fork in
219 order to run guestmount captive under another process.
220
221 --format=raw|qcow2|..
222 --format
223 The default for the -a option is to auto-detect the format of the
224 disk image. Using this forces the disk format for -a options which
225 follow on the command line. Using --format with no argument
226 switches back to auto-detection for subsequent -a options.
227
228 If you have untrusted raw-format guest disk images, you should use
229 this option to specify the disk format. This avoids a possible
230 security problem with malicious guests (CVE-2010-3851). See also
231 "guestfs_add_drive_opts" in guestfs(3).
232
233 --fuse-help
234 Display help on special FUSE options (see -o below).
235
236 --help
237 Display brief help and exit.
238
239 -i
240 --inspector
241 Using virt-inspector(1) code, inspect the disks looking for an
242 operating system and mount filesystems as they would be mounted on
243 the real virtual machine.
244
245 --key SELECTOR
246 Specify a key for LUKS, to automatically open a LUKS device when
247 using the inspection. "ID" can be either the libguestfs device
248 name, or the UUID of the LUKS device.
249
250 --key "ID":key:KEY_STRING
251 Use the specified "KEY_STRING" as passphrase.
252
253 --key "ID":file:FILENAME
254 Read the passphrase from FILENAME.
255
256 --keys-from-stdin
257 Read key or passphrase parameters from stdin. The default is to
258 try to read passphrases from the user by opening /dev/tty.
259
260 If there are multiple encrypted devices then you may need to supply
261 multiple keys on stdin, one per line.
262
263 --live
264 Connect to a live virtual machine. (Experimental, see "ATTACHING
265 TO RUNNING DAEMONS" in guestfs(3)).
266
267 -m dev[:mountpoint[:options[:fstype]]
268 --mount dev[:mountpoint[:options[:fstype]]]
269 Mount the named partition or logical volume on the given mountpoint
270 in the guest (this has nothing to do with mountpoints in the host).
271
272 If the mountpoint is omitted, it defaults to /. You have to mount
273 something on /.
274
275 The third (and rarely used) part of the mount parameter is the list
276 of mount options used to mount the underlying filesystem. If this
277 is not given, then the mount options are either the empty string or
278 "ro" (the latter if the --ro flag is used). By specifying the
279 mount options, you override this default choice. Probably the only
280 time you would use this is to enable ACLs and/or extended
281 attributes if the filesystem can support them:
282
283 -m /dev/sda1:/:acl,user_xattr
284
285 The fourth part of the parameter is the filesystem driver to use,
286 such as "ext3" or "ntfs". This is rarely needed, but can be useful
287 if multiple drivers are valid for a filesystem (eg: "ext2" and
288 "ext3"), or if libguestfs misidentifies a filesystem.
289
290 --no-fork
291 Don’t daemonize (or fork into the background).
292
293 -n
294 --no-sync
295 By default, we attempt to sync the guest disk when the FUSE
296 mountpoint is unmounted. If you specify this option, then we don't
297 attempt to sync the disk. See the discussion of autosync in the
298 guestfs(3) manpage.
299
300 -o OPTION
301 --option OPTION
302 Pass extra options to FUSE.
303
304 To get a list of all the extra options supported by FUSE, use the
305 command below. Note that only the FUSE -o options can be passed,
306 and only some of them are a good idea.
307
308 guestmount --fuse-help
309
310 Some potentially useful FUSE options:
311
312 -o allow_other
313 Allow other users to see the filesystem. This option has no
314 effect unless you enable it globally in /etc/fuse.conf.
315
316 -o attr_timeout=N
317 Enable attribute caching by FUSE, and set the timeout to N
318 seconds.
319
320 -o kernel_cache
321 Allow the kernel to cache files (reduces the number of reads
322 that have to go through the guestfs(3) API). This is generally
323 a good idea if you can afford the extra memory usage.
324
325 -o uid=N -o gid=N
326 Use these options to map all UIDs and GIDs inside the guest
327 filesystem to the chosen values.
328
329 -o use_ino
330 Preserve inode numbers from the underlying filesystem.
331
332 Without this option, FUSE makes up its own inode numbers. The
333 inode numbers you see in stat(2), "ls -i" etc aren't the inode
334 numbers of the underlying filesystem.
335
336 Note this option is potentially dangerous if the underlying
337 filesystem consists of multiple mountpoints, as you may see
338 duplicate inode numbers appearing through FUSE. Use of this
339 option can confuse some software.
340
341 --pid-file FILENAME
342 Write the PID of the guestmount worker process to "filename".
343
344 -r
345 --ro
346 Add devices and mount everything read-only. Also disallow writes
347 and make the disk appear read-only to FUSE.
348
349 This is highly recommended if you are not going to edit the guest
350 disk. If the guest is running and this option is not supplied,
351 then there is a strong risk of disk corruption in the guest. We
352 try to prevent this from happening, but it is not always possible.
353
354 See also "OPENING DISKS FOR READ AND WRITE" in guestfish(1).
355
356 --selinux
357 This option is provided for backwards compatibility and does
358 nothing.
359
360 -v
361 --verbose
362 Enable verbose messages from underlying libguestfs.
363
364 -V
365 --version
366 Display the program version and exit.
367
368 -w
369 --rw
370 This changes the -a, -d and -m options so that disks are added and
371 mounts are done read-write.
372
373 See "OPENING DISKS FOR READ AND WRITE" in guestfish(1).
374
375 -x
376 --trace
377 Trace libguestfs calls and entry into each FUSE function.
378
379 This also stops the daemon from forking into the background (see
380 --no-fork).
381
383 $XDG_CONFIG_HOME/libguestfs/libguestfs-tools.conf
384 $HOME/.libguestfs-tools.rc
385 $XDG_CONFIG_DIRS/libguestfs/libguestfs-tools.conf
386 /etc/libguestfs-tools.conf
387 This configuration file controls the default read-only or read-
388 write mode (--ro or --rw).
389
390 See libguestfs-tools.conf(5).
391
393 This program returns 0 if successful, or non-zero if there was an
394 error.
395
397 guestunmount(1), fusermount(1), guestfish(1), virt-inspector(1),
398 virt-cat(1), virt-edit(1), virt-tar(1), libguestfs-tools.conf(5),
399 "MOUNT LOCAL" in guestfs(3), http://libguestfs.org/,
400 http://fuse.sf.net/.
401
403 Richard W.M. Jones ("rjones at redhat dot com")
404
406 Copyright (C) 2009-2020 Red Hat Inc.
407
409 This program is free software; you can redistribute it and/or modify it
410 under the terms of the GNU General Public License as published by the
411 Free Software Foundation; either version 2 of the License, or (at your
412 option) any later version.
413
414 This program is distributed in the hope that it will be useful, but
415 WITHOUT ANY WARRANTY; without even the implied warranty of
416 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
417 General Public License for more details.
418
419 You should have received a copy of the GNU General Public License along
420 with this program; if not, write to the Free Software Foundation, Inc.,
421 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
422
424 To get a list of bugs against libguestfs, use this link:
425 https://bugzilla.redhat.com/buglist.cgi?component=libguestfs&product=Virtualization+Tools
426
427 To report a new bug against libguestfs, use this link:
428 https://bugzilla.redhat.com/enter_bug.cgi?component=libguestfs&product=Virtualization+Tools
429
430 When reporting a bug, please supply:
431
432 • The version of libguestfs.
433
434 • Where you got libguestfs (eg. which Linux distro, compiled from
435 source, etc)
436
437 • Describe the bug accurately and give a way to reproduce it.
438
439 • Run libguestfs-test-tool(1) and paste the complete, unedited output
440 into the bug report.
441
442
443
444libguestfs-1.45.4 2021-04-03 guestmount(1)