1guestmount(1) Virtualization Support guestmount(1)
2
6 guestmount - Mount a guest filesystem on the host using FUSE and
7 libguestfs
8
10 guestmount [--options] -a disk.img -m device [--ro] mountpoint
11 guestmount [--options] -a disk.img -i [--ro] mountpoint
13 guestmount [--options] -d Guest -i [--ro] mountpoint
15
17 Using "guestmount" in write mode on live virtual machines, or
18 concurrently with other disk editing tools, can be dangerous,
19 potentially causing disk corruption. The virtual machine must be shut
20 down before you use this command, and disk images must not be edited
21 concurrently.
22 Use the --ro (read-only) option to use "guestmount" safely if the disk
24 image or virtual machine might be live. You may see strange or
25 inconsistent results if running concurrently with other changes, but
26 with this option you won't risk disk corruption.
27
29 The guestmount program can be used to mount virtual machine filesystems
30 and other disk images on the host. It uses libguestfs for access to
31 the guest filesystem, and FUSE (the "filesystem in userspace") to make
32 it appear as a mountable device.
33 Along with other options, you have to give at least one device (-a
35 option) or libvirt domain (-d option), and at least one mountpoint (-m
36 option) or use the -i inspection option. How this works is better
37 explained in the guestfish(1) manual page, or by looking at the
38 examples below.
39 FUSE lets you mount filesystems as non-root. The mountpoint must be
41 owned by you. The filesystem will not be visible to any other users
42 unless you make configuration changes, see "NOTES" below.
43 To unmount the filesystem, use the guestunmount(1) command.
45
47 For a typical Windows guest which has its main filesystem on the first
48 partition:
49 guestmount -a windows.img -m /dev/sda1 --ro /mnt
51 For a typical Linux guest which has a /boot filesystem on the first
53 partition, and the root filesystem on a logical volume:
54 guestmount -a linux.img -m /dev/VG/LV -m /dev/sda1:/boot --ro /mnt
56 To get libguestfs to detect guest mountpoints for you:
58 guestmount -a guest.img -i --ro /mnt
60 For a libvirt guest called "Guest" you could do:
62 guestmount -d Guest -i --ro /mnt
64 If you don’t know what filesystems are contained in a guest or disk
66 image, use virt-filesystems(1) first:
67 virt-filesystems -d MyGuest
69 If you want to trace the libguestfs calls but without excessive
71 debugging information, we recommend:
72 guestmount [...] --trace /mnt
74 If you want to debug the program, we recommend:
76 guestmount [...] --trace --verbose /mnt
78 To unmount the filesystem after using it:
80 guestunmount /mnt
82
84 Other users cannot see the filesystem by default
85 If you mount a filesystem as one user (eg. root), then other users will
86 not be able to see it by default. The fix is to add the FUSE
87 "allow_other" option when mounting:
88 sudo guestmount [...] -o allow_other /mnt
90 and to enable this option in /etc/fuse.conf.
92 Enabling FUSE
94 On some distros, you may need to add yourself to a special group (eg.
95 "fuse") before you can use any FUSE filesystem. This is necessary on
96 Debian and derivatives.
97 On other distros, no special group is required. It is not necessary on
99 Fedora or Red Hat Enterprise Linux.
100 fusermount error: "Device or resource busy"
102 You can see this error when another process on the system jumps into
103 the mountpoint you have just created, holding it open and preventing
104 you from unmounting it. The usual culprits are various GUI "indexing"
105 programs.
106 The popular workaround for this problem is to retry the "fusermount -u"
108 command a few times until it works (guestunmount(1) does this for you).
109 Unfortunately this isn't a reliable fix if (for example) the mounted
110 filesystem is particularly large and the intruding program particularly
111 persistent.
112 A proper fix is to use a private mountpoint by creating a new mount
114 namespace using the Linux-specific clone(2)/unshare(2) flag
115 "CLONE_NEWNS". Unfortunately at the moment this requires root and we
116 would also probably need to add it as a feature to guestmount.
117 Race conditions possible when shutting down the connection
119 When guestunmount(1)/fusermount(1) exits, guestmount may still be
120 running and cleaning up the mountpoint. The disk image will not be
121 fully finalized.
122 This means that scripts like the following have a nasty race condition:
124 guestmount -a disk.img -i /mnt
126 # copy things into /mnt
127 guestunmount /mnt
128 # immediately try to use 'disk.img' ** UNSAFE **
129 The solution is to use the --pid-file option to write the guestmount
131 PID to a file, then after guestunmount spin waiting for this PID to
132 exit.
133 guestmount -a disk.img -i --pid-file guestmount.pid /mnt
135 # ...
137 # ...
138 # Save the PID of guestmount *before* calling guestunmount.
140 pid="$(cat guestmount.pid)"
141 # Unmount the filesystem.
143 guestunmount /mnt
144 timeout=10
146 count=$timeout
148 while kill -0 "$pid" 2>/dev/null && [ $count -gt 0 ]; do
149 sleep 1
150 ((count--))
151 done
152 if [ $count -eq 0 ]; then
153 echo "$0: wait for guestmount to exit failed after $timeout seconds"
154 exit 1
155 fi
156 # Now it is safe to use the disk image.
158 Note that if you use the "guestfs_mount_local" API directly (see "MOUNT
160 LOCAL" in guestfs(3)) then it is much easier to write a safe, race-free
161 program.
162
164 -a IMAGE
165 --add IMAGE
166 Add a block device or virtual machine image.
167 The format of the disk image is auto-detected. To override this
169 and force a particular format use the --format=.. option.
170 -a URI
172 --add URI
173 Add a remote disk. See "ADDING REMOTE STORAGE" in guestfish(1).
174 --blocksize=512
176 --blocksize=4096
177 --blocksize
178 This parameter sets the sector size of the disk image. It affects
179 all explicitly added subsequent disks after this parameter. Using
180 --blocksize with no argument switches the disk sector size to the
181 default value which is usually 512 bytes. See also
182 "guestfs_add_drive_opts" in guestfs(3).
183 -c URI
185 --connect URI
186 When used in conjunction with the -d option, this specifies the
187 libvirt URI to use. The default is to use the default libvirt
188 connection.
189 -d LIBVIRT-DOMAIN
191 --domain LIBVIRT-DOMAIN
192 Add disks from the named libvirt domain. If the --ro option is
193 also used, then any libvirt domain can be used. However in write
194 mode, only libvirt domains which are shut down can be named here.
195 Domain UUIDs can be used instead of names.
197 --dir-cache-timeout N
199 Set the readdir cache timeout to N seconds, the default being 60
200 seconds. The readdir cache [actually, there are several semi-
201 independent caches] is populated after a readdir(2) call with the
202 stat and extended attributes of the files in the directory, in
203 anticipation that they will be requested soon after.
204 There is also a different attribute cache implemented by FUSE (see
206 the FUSE option -o attr_timeout), but the FUSE cache does not
207 anticipate future requests, only cache existing ones.
208 --echo-keys
210 When prompting for keys and passphrases, guestfish normally turns
211 echoing off so you cannot see what you are typing. If you are not
212 worried about Tempest attacks and there is no one else in the room
213 you can specify this flag to see what you are typing.
214 --fd=FD
216 Specify a pipe or eventfd file descriptor. When the mountpoint is
217 ready to be used, guestmount writes a single byte to this file
218 descriptor. This can be used in conjunction with --no-fork in
219 order to run guestmount captive under another process.
220 --format=raw|qcow2|..
222 --format
223 The default for the -a option is to auto-detect the format of the
224 disk image. Using this forces the disk format for -a options which
225 follow on the command line. Using --format with no argument
226 switches back to auto-detection for subsequent -a options.
227 If you have untrusted raw-format guest disk images, you should use
229 this option to specify the disk format. This avoids a possible
230 security problem with malicious guests (CVE-2010-3851). See also
231 "guestfs_add_drive_opts" in guestfs(3).
232 --fuse-help
234 Display help on special FUSE options (see -o below).
235 --help
237 Display brief help and exit.
238 -i
240 --inspector
241 Using virt-inspector(1) code, inspect the disks looking for an
242 operating system and mount filesystems as they would be mounted on
243 the real virtual machine.
244 --key SELECTOR
246 Specify a key for LUKS, to automatically open a LUKS device when
247 using the inspection. "ID" can be either the libguestfs device
248 name, or the UUID of the LUKS device.
249 --key "ID":key:KEY_STRING
251 Use the specified "KEY_STRING" as passphrase.
252 --key "ID":file:FILENAME
254 Read the passphrase from FILENAME.
255 --key "ID":clevis
257 Attempt passphrase-less unlocking for "ID" with Clevis, over
258 the network. Please refer to "ENCRYPTED DISKS" in guestfs(3)
259 for more information on network-bound disk encryption (NBDE).
260 Note that if any such option is present on the command line,
262 QEMU user networking will be automatically enabled for the
263 libguestfs appliance.
264 --keys-from-stdin
266 Read key or passphrase parameters from stdin. The default is to
267 try to read passphrases from the user by opening /dev/tty.
268 If there are multiple encrypted devices then you may need to supply
270 multiple keys on stdin, one per line.
271 -m dev[:mountpoint[:options[:fstype]]
273 --mount dev[:mountpoint[:options[:fstype]]]
274 Mount the named partition or logical volume on the given mountpoint
275 in the guest (this has nothing to do with mountpoints in the host).
276 If the mountpoint is omitted, it defaults to /. You have to mount
278 something on /.
279 The third (and rarely used) part of the mount parameter is the list
281 of mount options used to mount the underlying filesystem. If this
282 is not given, then the mount options are either the empty string or
283 "ro" (the latter if the --ro flag is used). By specifying the
284 mount options, you override this default choice. Probably the only
285 time you would use this is to enable ACLs and/or extended
286 attributes if the filesystem can support them:
287 -m /dev/sda1:/:acl,user_xattr
289 The fourth part of the parameter is the filesystem driver to use,
291 such as "ext3" or "ntfs". This is rarely needed, but can be useful
292 if multiple drivers are valid for a filesystem (eg: "ext2" and
293 "ext3"), or if libguestfs misidentifies a filesystem.
294 --no-fork
296 Don’t daemonize (or fork into the background).
297 -n
299 --no-sync
300 By default, we attempt to sync the guest disk when the FUSE
301 mountpoint is unmounted. If you specify this option, then we don't
302 attempt to sync the disk. See the discussion of autosync in the
303 guestfs(3) manpage.
304 -o OPTION
306 --option OPTION
307 Pass extra options to FUSE.
308 To get a list of all the extra options supported by FUSE, use the
310 command below. Note that only the FUSE -o options can be passed,
311 and only some of them are a good idea.
312 guestmount --fuse-help
314 Some potentially useful FUSE options:
316 -o allow_other
318 Allow other users to see the filesystem. This option has no
319 effect unless you enable it globally in /etc/fuse.conf.
320 -o attr_timeout=N
322 Enable attribute caching by FUSE, and set the timeout to N
323 seconds.
324 -o kernel_cache
326 Allow the kernel to cache files (reduces the number of reads
327 that have to go through the guestfs(3) API). This is generally
328 a good idea if you can afford the extra memory usage.
329 -o uid=N -o gid=N
331 Use these options to map all UIDs and GIDs inside the guest
332 filesystem to the chosen values.
333 -o use_ino
335 Preserve inode numbers from the underlying filesystem.
336 Without this option, FUSE makes up its own inode numbers. The
338 inode numbers you see in stat(2), "ls -i" etc aren't the inode
339 numbers of the underlying filesystem.
340 Note this option is potentially dangerous if the underlying
342 filesystem consists of multiple mountpoints, as you may see
343 duplicate inode numbers appearing through FUSE. Use of this
344 option can confuse some software.
345 --pid-file FILENAME
347 Write the PID of the guestmount worker process to "filename".
348 -r
350 --ro
351 Add devices and mount everything read-only. Also disallow writes
352 and make the disk appear read-only to FUSE.
353 This is highly recommended if you are not going to edit the guest
355 disk. If the guest is running and this option is not supplied,
356 then there is a strong risk of disk corruption in the guest. We
357 try to prevent this from happening, but it is not always possible.
358 See also "OPENING DISKS FOR READ AND WRITE" in guestfish(1).
360 --selinux
362 This option is provided for backwards compatibility and does
363 nothing.
364 -v
366 --verbose
367 Enable verbose messages from underlying libguestfs.
368 -V
370 --version
371 Display the program version and exit.
372 -w
374 --rw
375 This changes the -a, -d and -m options so that disks are added and
376 mounts are done read-write.
377 See "OPENING DISKS FOR READ AND WRITE" in guestfish(1).
379 -x
381 --trace
382 Trace libguestfs calls and entry into each FUSE function.
383 This also stops the daemon from forking into the background (see
385 --no-fork).
386
388 $XDG_CONFIG_HOME/libguestfs/libguestfs-tools.conf
389 $HOME/.libguestfs-tools.rc
390 $XDG_CONFIG_DIRS/libguestfs/libguestfs-tools.conf
391 /etc/libguestfs-tools.conf
392 This configuration file controls the default read-only or read-
393 write mode (--ro or --rw).
394 See libguestfs-tools.conf(5).
396
398 This program returns 0 if successful, or non-zero if there was an
399 error.
400
402 guestunmount(1), fusermount(1), guestfish(1), virt-inspector(1),
403 virt-cat(1), virt-edit(1), virt-tar(1), libguestfs-tools.conf(5),
404 "MOUNT LOCAL" in guestfs(3), http://libguestfs.org/,
405 http://fuse.sf.net/.
406
408 Richard W.M. Jones ("rjones at redhat dot com")
409
411 Copyright (C) 2009-2023 Red Hat Inc.
412
414 This program is free software; you can redistribute it and/or modify it
415 under the terms of the GNU General Public License as published by the
416 Free Software Foundation; either version 2 of the License, or (at your
417 option) any later version.
418 This program is distributed in the hope that it will be useful, but
420 WITHOUT ANY WARRANTY; without even the implied warranty of
421 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
422 General Public License for more details.
423 You should have received a copy of the GNU General Public License along
425 with this program; if not, write to the Free Software Foundation, Inc.,
426 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
427
429 To get a list of bugs against libguestfs, use this link:
430 https://bugzilla.redhat.com/buglist.cgi?component=libguestfs&product=Virtualization+Tools
431 To report a new bug against libguestfs, use this link:
433 https://bugzilla.redhat.com/enter_bug.cgi?component=libguestfs&product=Virtualization+Tools
434 When reporting a bug, please supply:
436 • The version of libguestfs.
438 • Where you got libguestfs (eg. which Linux distro, compiled from
440 source, etc)
441 • Describe the bug accurately and give a way to reproduce it.
443 • Run libguestfs-test-tool(1) and paste the complete, unedited output
445 into the bug report.
446libguestfs-1.51.9 2023-12-09 guestmount(1)