1virt-ls(1) Virtualization Support virt-ls(1)
2
3
4
6 virt-ls - List files in a virtual machine
7
9 virt-ls [--options] -d domname directory [directory ...]
10
11 virt-ls [--options] -a disk.img [-a disk.img ...] directory [directory ...]
12
13 Old style:
14
15 virt-ls [--options] domname directory
16
17 virt-ls [--options] disk.img [disk.img ...] directory
18
20 "virt-ls" lists filenames, file sizes, checksums, extended attributes
21 and more from a virtual machine or disk image.
22
23 Multiple directory names can be given, in which case the output from
24 each is concatenated.
25
26 To list directories from a libvirt guest use the -d option to specify
27 the name of the guest. For a disk image, use the -a option.
28
29 "virt-ls" can do many simple file listings. For more complicated cases
30 you may need to use guestfish(1), or write a program directly to the
31 guestfs(3) API.
32
34 Get a list of all files and directories in a virtual machine:
35
36 virt-ls -R -d guest /
37
38 List all setuid or setgid programs in a Linux virtual machine:
39
40 virt-ls -lR -d guest / | grep '^- [42]'
41
42 List all public-writable directories in a Linux virtual machine:
43
44 virt-ls -lR -d guest / | grep '^d ...7'
45
46 List all Unix domain sockets in a Linux virtual machine:
47
48 virt-ls -lR -d guest / | grep '^s'
49
50 List all regular files with filenames ending in ‘.png’:
51
52 virt-ls -lR -d guest / | grep -i '^-.*\.png$'
53
54 To display files larger than 10MB in home directories:
55
56 virt-ls -lR -d guest /home | awk '$3 > 10*1024*1024'
57
58 Find everything modified in the last 7 days:
59
60 virt-ls -lR -d guest --time-days / | awk '$6 <= 7'
61
62 Find regular files modified in the last 24 hours:
63
64 virt-ls -lR -d guest --time-days / | grep '^-' | awk '$6 < 1'
65
66 DIFFERENCES IN SNAPSHOTS AND BACKING FILES
67 Although it is possible to use virt-ls to look for differences, since
68 libguestfs ≥ 1.26 a new tool is available called virt-diff(1).
69
71 "virt-ls" has four output modes, controlled by different combinations
72 of the -l and -R options.
73
74 SIMPLE LISTING
75 A simple listing is like the ordinary ls(1) command:
76
77 $ virt-ls -d guest /
78 bin
79 boot
80 [etc.]
81
82 LONG LISTING
83 With the -l (--long) option, the output is like the "ls -l" command
84 (more specifically, like the "guestfs_ll" function).
85
86 $ virt-ls -l -d guest /
87 total 204
88 dr-xr-xr-x. 2 root root 4096 2009-08-25 19:06 bin
89 dr-xr-xr-x. 5 root root 3072 2009-08-25 19:06 boot
90 [etc.]
91
92 Note that while this is useful for displaying a directory, do not try
93 parsing this output in another program. Use "RECURSIVE LONG LISTING"
94 instead.
95
96 RECURSIVE LISTING
97 With the -R (--recursive) option, "virt-ls" lists the names of files
98 and directories recursively:
99
100 $ virt-ls -R -d guest /tmp
101 foo
102 foo/bar
103 [etc.]
104
105 To generate this output, "virt-ls" runs the "guestfs_find0" function
106 and converts "\0" characters to "\n".
107
108 RECURSIVE LONG LISTING
109 Using -lR options together changes the output to display directories
110 recursively, with file stats, and optionally other features such as
111 checksums and extended attributes.
112
113 Most of the interesting features of "virt-ls" are only available when
114 using -lR mode.
115
116 The fields are normally space-separated. Filenames are not quoted, so
117 you cannot use the output in another program (because filenames can
118 contain spaces and other unsafe characters). If the guest was
119 untrusted and someone knew you were using "virt-ls" to analyze the
120 guest, they could play tricks on you by creating filenames with
121 embedded newline characters. To safely parse the output in another
122 program, use the --csv (Comma-Separated Values) option.
123
124 Note that this output format is completely unrelated to the "ls -lR"
125 command.
126
127 $ virt-ls -lR -d guest /bin
128 d 0555 4096 /bin
129 - 0755 123 /bin/alsaunmute
130 - 0755 28328 /bin/arch
131 l 0777 4 /bin/awk -> gawk
132 - 0755 27216 /bin/basename
133 - 0755 943360 /bin/bash
134 [etc.]
135
136 These basic fields are always shown:
137
138 type
139 The file type, one of: "-" (regular file), "d" (directory), "c"
140 (character device), "b" (block device), "p" (named pipe), "l"
141 (symbolic link), "s" (socket) or "u" (unknown).
142
143 permissions
144 The Unix permissions, displayed as a 4 digit octal number.
145
146 size
147 The size of the file. This is shown in bytes unless -h or
148 --human-readable option is given, in which case this is shown as a
149 human-readable number.
150
151 path
152 The full path of the file or directory.
153
154 link
155 For symbolic links only, the link target.
156
157 In -lR mode, additional command line options enable the display of more
158 fields.
159
160 With the --uids flag, these additional fields are displayed before the
161 path:
162
163 uid
164 gid The UID and GID of the owner of the file (displayed numerically).
165 Note these only make sense in the context of a Unix-like guest.
166
167 With the --times flag, these additional fields are displayed:
168
169 atime
170 The time of last access.
171
172 mtime
173 The time of last modification.
174
175 ctime
176 The time of last status change.
177
178 The time fields are displayed as string dates and times, unless one of
179 the --time-t, --time-relative or --time-days flags is given.
180
181 With the --extra-stats flag, these additional fields are displayed:
182
183 device
184 The device containing the file (displayed as major:minor). This
185 may not match devices as known to the guest.
186
187 inode
188 The inode number.
189
190 nlink
191 The number of hard links.
192
193 rdev
194 For block and char special files, the device (displayed as
195 major:minor).
196
197 blocks
198 The number of 512 byte blocks allocated to the file.
199
200 With the --checksum flag, the checksum of the file contents is shown
201 (only for regular files). Computing file checksums can take a
202 considerable amount of time.
203
205 --help
206 Display brief help.
207
208 -a file
209 --add file
210 Add file which should be a disk image from a virtual machine. If
211 the virtual machine has multiple block devices, you must supply all
212 of them with separate -a options.
213
214 The format of the disk image is auto-detected. To override this
215 and force a particular format use the --format=.. option.
216
217 -a URI
218 --add URI
219 Add a remote disk. See "ADDING REMOTE STORAGE" in guestfish(1).
220
221 --blocksize=512
222 --blocksize=4096
223 --blocksize
224 This parameter sets the sector size of the disk image. It affects
225 all explicitly added subsequent disks after this parameter. Using
226 --blocksize with no argument switches the disk sector size to the
227 default value which is usually 512 bytes. See also
228 "guestfs_add_drive_opts" in guestfs(3).
229
230 --checksum
231 --checksum=crc|md5|sha1|sha224|sha256|sha384|sha512
232 Display checksum over file contents for regular files. With no
233 argument, this defaults to using md5. Using an argument, you can
234 select the checksum type to use.
235
236 This option only has effect in -lR output mode. See "RECURSIVE
237 LONG LISTING" above.
238
239 -c URI
240 --connect URI
241 If using libvirt, connect to the given URI. If omitted, then we
242 connect to the default libvirt hypervisor.
243
244 If you specify guest block devices directly (-a), then libvirt is
245 not used at all.
246
247 --csv
248 Write out the results in CSV format (comma-separated values). This
249 format can be imported easily into databases and spreadsheets, but
250 read "NOTE ABOUT CSV FORMAT" below.
251
252 -d guest
253 --domain guest
254 Add all the disks from the named libvirt guest. Domain UUIDs can
255 be used instead of names.
256
257 --echo-keys
258 When prompting for keys and passphrases, virt-ls normally turns
259 echoing off so you cannot see what you are typing. If you are not
260 worried about Tempest attacks and there is no one else in the room
261 you can specify this flag to see what you are typing.
262
263 --extra-stats
264 Display extra stats.
265
266 This option only has effect in -lR output mode. See "RECURSIVE
267 LONG LISTING" above.
268
269 --format=raw|qcow2|..
270 --format
271 The default for the -a option is to auto-detect the format of the
272 disk image. Using this forces the disk format for -a options which
273 follow on the command line. Using --format with no argument
274 switches back to auto-detection for subsequent -a options.
275
276 For example:
277
278 virt-ls --format=raw -a disk.img /dir
279
280 forces raw format (no auto-detection) for disk.img.
281
282 virt-ls --format=raw -a disk.img --format -a another.img /dir
283
284 forces raw format (no auto-detection) for disk.img and reverts to
285 auto-detection for another.img.
286
287 If you have untrusted raw-format guest disk images, you should use
288 this option to specify the disk format. This avoids a possible
289 security problem with malicious guests (CVE-2010-3851).
290
291 -h
292 --human-readable
293 Display file sizes in human-readable format.
294
295 This option only has effect in -lR output mode. See "RECURSIVE
296 LONG LISTING" above.
297
298 --key SELECTOR
299 Specify a key for LUKS, to automatically open a LUKS device when
300 using the inspection. "ID" can be either the libguestfs device
301 name, or the UUID of the LUKS device.
302
303 --key "ID":key:KEY_STRING
304 Use the specified "KEY_STRING" as passphrase.
305
306 --key "ID":file:FILENAME
307 Read the passphrase from FILENAME.
308
309 --keys-from-stdin
310 Read key or passphrase parameters from stdin. The default is to
311 try to read passphrases from the user by opening /dev/tty.
312
313 If there are multiple encrypted devices then you may need to supply
314 multiple keys on stdin, one per line.
315
316 -m dev[:mountpoint[:options[:fstype]]]
317 --mount dev[:mountpoint[:options[:fstype]]]
318 Mount the named partition or logical volume on the given
319 mountpoint.
320
321 If the mountpoint is omitted, it defaults to /.
322
323 Specifying any mountpoint disables the inspection of the guest and
324 the mount of its root and all of its mountpoints, so make sure to
325 mount all the mountpoints needed to work with the filenames given
326 as arguments.
327
328 If you don’t know what filesystems a disk image contains, you can
329 either run guestfish without this option, then list the partitions,
330 filesystems and LVs available (see "list-partitions", "list-
331 filesystems" and "lvs" commands), or you can use the
332 virt-filesystems(1) program.
333
334 The third (and rarely used) part of the mount parameter is the list
335 of mount options used to mount the underlying filesystem. If this
336 is not given, then the mount options are either the empty string or
337 "ro" (the latter if the --ro flag is used). By specifying the
338 mount options, you override this default choice. Probably the only
339 time you would use this is to enable ACLs and/or extended
340 attributes if the filesystem can support them:
341
342 -m /dev/sda1:/:acl,user_xattr
343
344 Using this flag is equivalent to using the "mount-options" command.
345
346 The fourth part of the parameter is the filesystem driver to use,
347 such as "ext3" or "ntfs". This is rarely needed, but can be useful
348 if multiple drivers are valid for a filesystem (eg: "ext2" and
349 "ext3"), or if libguestfs misidentifies a filesystem.
350
351 -l
352 --long
353 -R
354 --recursive
355 Select the mode. With neither of these options, "virt-ls" produces
356 a simple, flat list of the files in the named directory. See
357 "SIMPLE LISTING".
358
359 "virt-ls -l" produces a "long listing", which shows more detail.
360 See "LONG LISTING".
361
362 "virt-ls -R" produces a recursive list of files starting at the
363 named directory. See "RECURSIVE LISTING".
364
365 "virt-ls -lR" produces a recursive long listing which can be more
366 easily parsed. See "RECURSIVE LONG LISTING".
367
368 --times
369 Display time fields.
370
371 This option only has effect in -lR output mode. See "RECURSIVE
372 LONG LISTING" above.
373
374 --time-days
375 Display time fields as days before now (negative if in the future).
376
377 Note that 0 in output means "up to 1 day before now", or that the
378 age of the file is between 0 and 86399 seconds.
379
380 This option only has effect in -lR output mode. See "RECURSIVE
381 LONG LISTING" above.
382
383 --time-relative
384 Display time fields as seconds before now (negative if in the
385 future).
386
387 This option only has effect in -lR output mode. See "RECURSIVE
388 LONG LISTING" above.
389
390 --time-t
391 Display time fields as seconds since the Unix epoch.
392
393 This option only has effect in -lR output mode. See "RECURSIVE
394 LONG LISTING" above.
395
396 --uids
397 Display UID and GID fields.
398
399 This option only has effect in -lR output mode. See "RECURSIVE
400 LONG LISTING" above.
401
402 -v
403 --verbose
404 Enable verbose messages for debugging.
405
406 -V
407 --version
408 Display version number and exit.
409
410 -x Enable tracing of libguestfs API calls.
411
413 Previous versions of virt-ls allowed you to write either:
414
415 virt-ls disk.img [disk.img ...] /dir
416
417 or
418
419 virt-ls guestname /dir
420
421 whereas in this version you should use -a or -d respectively to avoid
422 the confusing case where a disk image might have the same name as a
423 guest.
424
425 For compatibility the old style is still supported.
426
428 Comma-separated values (CSV) is a deceptive format. It seems like it
429 should be easy to parse, but it is definitely not easy to parse.
430
431 Myth: Just split fields at commas. Reality: This does not work
432 reliably. This example has two columns:
433
434 "foo,bar",baz
435
436 Myth: Read the file one line at a time. Reality: This does not work
437 reliably. This example has one row:
438
439 "foo
440 bar",baz
441
442 For shell scripts, use "csvtool" (https://github.com/Chris00/ocaml-csv
443 also packaged in major Linux distributions).
444
445 For other languages, use a CSV processing library (eg. "Text::CSV" for
446 Perl or Python’s built-in csv library).
447
448 Most spreadsheets and databases can import CSV directly.
449
451 This program returns 0 if successful, or non-zero if there was an
452 error.
453
455 guestfs(3), guestfish(1), virt-cat(1), virt-copy-out(1), virt-diff(1),
456 virt-tar-out(1), http://libguestfs.org/.
457
459 Richard W.M. Jones http://people.redhat.com/~rjones/
460
462 Copyright (C) 2009-2020 Red Hat Inc.
463
465 This program is free software; you can redistribute it and/or modify it
466 under the terms of the GNU General Public License as published by the
467 Free Software Foundation; either version 2 of the License, or (at your
468 option) any later version.
469
470 This program is distributed in the hope that it will be useful, but
471 WITHOUT ANY WARRANTY; without even the implied warranty of
472 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
473 General Public License for more details.
474
475 You should have received a copy of the GNU General Public License along
476 with this program; if not, write to the Free Software Foundation, Inc.,
477 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
478
480 To get a list of bugs against libguestfs, use this link:
481 https://bugzilla.redhat.com/buglist.cgi?component=libguestfs&product=Virtualization+Tools
482
483 To report a new bug against libguestfs, use this link:
484 https://bugzilla.redhat.com/enter_bug.cgi?component=libguestfs&product=Virtualization+Tools
485
486 When reporting a bug, please supply:
487
488 • The version of libguestfs.
489
490 • Where you got libguestfs (eg. which Linux distro, compiled from
491 source, etc)
492
493 • Describe the bug accurately and give a way to reproduce it.
494
495 • Run libguestfs-test-tool(1) and paste the complete, unedited output
496 into the bug report.
497
498
499
500guestfs-tools-1.47.2 2021-07-22 virt-ls(1)