[PATCH] document behavior of --selinux-relabel
by Lars Kellogg-Stedman
the description of the --selinux-relabel option suggests that it
perform an immediate relabel, when in fact it may (and probably will)
instead simply touch /.autorelabel on the image, which schedules a
relabel operation for the next time the image boots. This can be
surprising because it results both in an extended initial boot time
*and* results in an automatic reboot (on some distributions).
---
generator/customize.ml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/generator/customize.ml b/generator/customize.ml
index 36d185c..b146325 100644
--- a/generator/customize.ml
+++ b/generator/customize.ml
@@ -522,6 +522,9 @@ C</etc/pam.d/common-password> (Debian, Ubuntu).";
flag_shortdesc = "Relabel files with correct SELinux labels";
flag_pod_longdesc = "\
Relabel files in the guest so that they have the correct SELinux label.
+This will attempt to relabel files immediately, but if the operation fails
+this will instead touch C</.autorelabel> on the image to schedule a
+relabel operation for the next time the image boots.
You should only use this option for guests which support SELinux.";
};
--
2.5.5
8 years, 9 months
Re: [Libguestfs] [libvirt] Usability Enhancement: Import/Export VMs GUI
by Martin Kletzander
On Fri, Mar 04, 2016 at 04:23:18PM +0000, bancfc(a)openmailbox.org wrote:
>The single most important usability feature missed by our less technical
>users who migrate from VirtualBox is a one click import/export of VMs
>and their config settings.
>
>I was optimistic about the Gnome Boxes effort on Govf lib but
>unfortunately it was never realized and I would hesitate to recommend it
>because libvirt/virt-manager has the security advantages of sVirt.
>
>An ideal solution would work across all KVM frontends.
>
This is a great idea, but I don't know about such one-click solution.
This could be suitable for virt-manager and libguestfs projects (Cc'd
both projects). If nobody grabs it right now, it could be at least
suggested as GSoC and/or Outreachy project idea. Or were you looking
forward to adding such solution?
Have a nice day,
Martin
8 years, 9 months
Malformed XML if LIBGUESTFS_HV is defined.
by Richard W.M. Jones
I was going to post this as a patch, but I realize the patch is just
working around an actual bug in the libvirt backend [not in libvirt].
Anyway, posting it here so we don't forget about it.
Rich.
8 years, 9 months
[PATCH v4 0/5] v2v: more control over device types
by Roman Kagan
The decision on which device type to use for disks, network and video
cards on output used to be taken deep inside the converting functions.
This is not always desirable. In particular, there are scenarios when
this decision is made before the convertion takes place. E.g. in
in-place mode, the decisions are taken and the output VM configuration
is created outside of v2v tool.
This patchset adds support for such scenarios. Specifically,
- the input configuration parsers are taught to extract network and
video device models in addition to storage controllers
- the converting functions are taught to take the requested device types
into consideration
- the main routine in in-place mode takes the relevant data from the
input VM and passes it to the converter
The copying mode may eventually also profit from this patchset by taking
command-line options for controlling device types, but this isn't
included here.
---
v4:
- docs: add a section for in-place and describe things at length
v3:
- assume that source config in --in-place mode can't have more than one
storage, network, and video types
- add patch to better explain --in-place
v2:
- add catch-all string-valued variants for source network and video adapter
models
- use match instead of mixing match and if
Roman Kagan (5):
v2v: collect source network and video adapter types
v2v: introduce requested guestcaps type
v2v: take requested caps into account when converting
v2v: in-place: request caps based on source config
v2v: better explain --in-place
test-data/phony-guests/guests.xml.in | 8 ++++
v2v/convert_linux.ml | 49 ++++++++++++++-----
v2v/convert_windows.ml | 4 +-
v2v/input_disk.ml | 2 +
v2v/input_libvirtxml.ml | 27 +++++++++++
v2v/input_ova.ml | 2 +
v2v/modules_list.ml | 3 +-
v2v/modules_list.mli | 3 +-
v2v/test-v2v-i-ova-formats.expected | 1 +
v2v/test-v2v-i-ova-gz.expected | 1 +
v2v/test-v2v-i-ova-two-disks.expected | 1 +
v2v/test-v2v-print-source.sh | 4 +-
v2v/types.ml | 77 +++++++++++++++++++++++++-----
v2v/types.mli | 21 ++++++++-
v2v/v2v.ml | 66 ++++++++++++++++++++++++--
v2v/virt-v2v.pod | 31 +++++++++++-
v2v/windows_virtio.ml | 89 ++++++++++++++++++++++++++---------
v2v/windows_virtio.mli | 6 +++
18 files changed, 337 insertions(+), 58 deletions(-)
--
2.5.0
8 years, 9 months
[PATCH 1/2] rescue: Suggest using recursive bind mounts.
by Richard W.M. Jones
Since /dev and other directories contain sub-mounts, suggest using
--rbind instead of --bind. This also allows us to remove the /dev/pts
line.
---
rescue/rescue.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/rescue/rescue.c b/rescue/rescue.c
index 53afdae..9a7c988 100644
--- a/rescue/rescue.c
+++ b/rescue/rescue.c
@@ -453,10 +453,9 @@ do_suggestion (struct drv *drvs)
/* If it's Linux, print the bind-mounts. */
if (type && STREQ (type, "linux")) {
- printf ("mount --bind /dev /sysroot/dev\n");
- printf ("mount --bind /dev/pts /sysroot/dev/pts\n");
- printf ("mount --bind /proc /sysroot/proc\n");
- printf ("mount --bind /sys /sysroot/sys\n");
+ printf ("mount --rbind /dev /sysroot/dev\n");
+ printf ("mount --rbind /proc /sysroot/proc\n");
+ printf ("mount --rbind /sys /sysroot/sys\n");
}
printf ("\n");
--
2.7.4
8 years, 9 months
[PATCH v2] added find_inode API
by Matteo Cafasso
Renamed ffind API to find_inode.
Renamed tsknode struct to tsk_node.
Changed struct field from int64 to uint64.
As pointed out on IRC it would be better to agree on some naming convention.
One option would be to prefix all the forensics APIs with tsk_ as TSK (The Sleuth Kit) is the main tool used for implementing them.
Other option could be giving generic names allowing us to change underlying tools without the need of deprecating the old APIs.
Examples so far:
* icat
* tsk_icat
* download_inode
* blkcat
* tsk_blkcat
* download_blocks
* blkls
* tsk_blkls
* download_unused_blocks
* ffind
* tsk_ffind
* find_inode
...
If we come to some final decision before the next stable release, I'll be glad to rename all the functions accordingly.
Signed-off-by: Matteo Cafasso <noxdafox(a)gmail.com>
---
daemon/tsk.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++
generator/actions.ml | 20 ++++++++++++++++++
generator/structs.ml | 14 ++++++++++--
src/MAX_PROC_NR | 2 +-
4 files changed, 93 insertions(+), 3 deletions(-)
diff --git a/daemon/tsk.c b/daemon/tsk.c
index a00f3ee..b84dfae 100644
--- a/daemon/tsk.c
+++ b/daemon/tsk.c
@@ -30,6 +30,7 @@
#include "optgroups.h"
static int file_out (const char *cmd);
+static guestfs_int_tsk_node* parse_ffind (const char *out, int64_t inode);
GUESTFSD_EXT_CMD(str_sleuthkit_probe, icat);
@@ -113,6 +114,65 @@ do_blkls (const mountable_t *mountable, int64_t start, int64_t stop)
return file_out (cmd);
}
+guestfs_int_tsk_node*
+do_find_inode (const mountable_t *mountable, int64_t inode)
+{
+ int r;
+ char buf[32];
+ CLEANUP_FREE char *out = NULL, *err = NULL;
+
+ /* Inode must be greater than 0 */
+ if (inode < 0) {
+ reply_with_error ("inode must be >= 0");
+ return NULL;
+ }
+
+ snprintf (buf, sizeof buf, "%" PRIi64, inode);
+
+ r = command (&out, &err, "ffind", mountable->device, buf, NULL);
+ if (r == -1) {
+ reply_with_error ("%s", err);
+ return NULL;
+ }
+
+ return parse_ffind(out, inode);
+}
+
+static guestfs_int_tsk_node*
+parse_ffind (const char *out, int64_t inode)
+{
+ size_t len;
+ guestfs_int_tsk_node *ret;
+
+ ret = calloc (1, sizeof *ret);
+ if (ret == NULL) {
+ reply_with_perror ("calloc");
+ return NULL;
+ }
+
+ len = strlen(out) - 1;
+ ret->tsk_inode = inode;
+
+ if STRPREFIX (out, "File name not found for inode") {
+ reply_with_error ("%ld Inode not in use", inode);
+ return NULL;
+ }
+ else if STRPREFIX (out, "* ") {
+ ret->tsk_allocated = 0;
+ ret->tsk_name = strndup (&out[2], len - 2);
+ }
+ else if STRPREFIX (out, "//") {
+ ret->tsk_allocated = 1;
+ ret->tsk_name = strndup (&out[1], len - 1);
+ }
+ else {
+ ret->tsk_allocated = 1;
+ ret->tsk_name = strndup (out, len);
+ }
+
+ return ret;
+}
+
static int
file_out (const char *cmd)
{
diff --git a/generator/actions.ml b/generator/actions.ml
index 8ecdace..2d291fb 100644
--- a/generator/actions.ml
+++ b/generator/actions.ml
@@ -12995,6 +12995,26 @@ The size of a data unit varies across filesystem implementations.
On NTFS filesystems data units are referred as clusters
while on ExtX ones they are referred as fragments." };
+ { defaults with
+ name = "find_inode"; added = (1, 33, 14);
+ style = RStruct ("nodeinfo", "tsk_node"), [Mountable "device"; Int64 "inode";], [];
+ proc_nr = Some 467;
+ optional = Some "sleuthkit";
+ progress = true; cancellable = true;
+ tests = [
+ InitBasicFS, Always, TestResult (
+ [["find_inode"; "/dev/sdb1"; "2"]],
+ "STREQ (ret->tsk_name, \"/\") && "^
+ "ret->tsk_inode == 2 && "^
+ "ret->tsk_allocated == 1"), []
+ ];
+ shortdesc = "find the name of the file referenced by its inode";
+ longdesc = "\
+Resolves the name of a file or directory in a disk partition (eg. F</dev/sda1>)
+given its inode.
+
+On some filesystem, it can find deleted files." };
+
]
(* Non-API meta-commands available only in guestfish.
diff --git a/generator/structs.ml b/generator/structs.ml
index 6017ba6..9d2f309 100644
--- a/generator/structs.ml
+++ b/generator/structs.ml
@@ -442,8 +442,18 @@ let structs = [
"im_device", FString;
"im_volume", FString;
];
- s_camel_name = "InternalMountable";
- };
+ s_camel_name = "InternalMountable" };
+
+ (* The Sleuth Kit node info struct. *)
+ { defaults with
+ s_name = "tsk_node";
+ s_cols = [
+ "tsk_name", FString;
+ "tsk_inode", FUInt64;
+ "tsk_allocated", FUInt32;
+ ];
+ s_camel_name = "TSKNode" };
+
] (* end of structs *)
let lookup_struct name =
diff --git a/src/MAX_PROC_NR b/src/MAX_PROC_NR
index f27d46f..5873851 100644
--- a/src/MAX_PROC_NR
+++ b/src/MAX_PROC_NR
@@ -1 +1 @@
-466
+467
--
2.7.0
8 years, 9 months
[PATCH] appliance: use bash features for string matching in files
by Pino Toscano
Read the content of /proc/cmdline using bash features, and use its
[[ ... ]] expression to find texts in a variable.
This shaves off 5 grep invocations.
---
appliance/init | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/appliance/init b/appliance/init
index f6fe9b9..8d662fa 100755
--- a/appliance/init
+++ b/appliance/init
@@ -75,7 +75,9 @@ $UDEVD --daemon #--debug
udevadm trigger
udevadm settle --timeout=600
-if grep -sq selinux=1 /proc/cmdline; then
+cmdline=$(</proc/cmdline)
+
+if [[ $cmdline == *selinux=1* ]]; then
mount -t selinuxfs none /sys/fs/selinux
fi
@@ -91,16 +93,16 @@ shopt -u nullglob
hwclock -u -s
# Parse the kernel command line.
-if grep -sq guestfs_verbose=1 /proc/cmdline; then
+if [[ $cmdline == *guestfs_verbose=1* ]]; then
guestfs_verbose=1
fi
-if grep -sq guestfs_network=1 /proc/cmdline; then
+if [[ $cmdline == *guestfs_network=1* ]]; then
guestfs_network=1
fi
-if grep -sq guestfs_rescue=1 /proc/cmdline; then
+if [[ $cmdline == *guestfs_rescue=1* ]]; then
guestfs_rescue=1
fi
-if grep -sq guestfs_noreboot=1 /proc/cmdline; then
+if [[ $cmdline == *guestfs_noreboot=1* ]]; then
guestfs_noreboot=1
fi
eval `grep -Eo 'guestfs_channel=[^[:space:]]+' /proc/cmdline`
--
2.5.5
8 years, 9 months