On Wed, Jul 29, 2015 at 06:32:15PM +0530, Raghu wrote:
Hi Richard,
guestfish shell has an ability to execute commands on the host such as
!mkdir local
tgz-out /remote local/remote-data.tar.gz
What is the best way to restrict access to host from guestfish ?
For instance,
- Allow readonly access to host.. i.e., !ls is allowed
but dont allow !rm or !mkdir
- commands such as tgz-out, or copy-out should be able to access just
/tmp, but nothing else in host filesystem
Appreciate your guidance on this,
There's no way to do this at the moment, and no concept of a
"restricted shell" in guestfish.
How about running the guestfish command in a container or using a
restrictive SELinux/AppArmor policy?
Rich.
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
Read my programming and virtualization blog:
http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html