You can use guestmount to mount VM filesystems safely, but it’s rather slow and doesn’t expose all the features available through libguestfs. However you can see that being done here.
That looks very cool. Does it work with running virtual machines? I have been thinking that tools like this would make malware research easier if you could see exactly what files in the file system have been touched. Especially if the browser got updated in real / near real time. I definitely need more hours in the day to play with this stuff.
Yes, it works on live VMs, but read only. You’ll get strange results if the disk is being heavily written to: it won’t “update in real time” like you think — there is no way to do that without using a guest agent or using something like NFS.
You cannot use libguestfs to write to running VMs at all.
I am Richard W.M. Jones, a computer programmer. I have strong opinions on how we write software, about Reason and the scientific method. Consequently I am an atheist [To nutcases: Please stop emailing me about this, I'm not interested in your views on it] By day I work for Red Hat on all things to do with virtualization. I am a "citizen of the world".
My motto is "often wrong". I don't mind being wrong (I'm often wrong), and I don't mind changing my mind.
This blog is not affiliated or endorsed by Red Hat and all views are entirely my own.
Richard WM Jones 
Its looking good, but I’m curious why not just mount it and allow usage via nautilus/dolphin/thunar
Loopback mounts on the host kernel are a security hole.
You can use guestmount to mount VM filesystems safely, but it’s rather slow and doesn’t expose all the features available through libguestfs. However you can see that being done here.
Edit: See also these two FAQ entries.
Thanks, I hadn’t considered security holes.
That looks very cool. Does it work with running virtual machines? I have been thinking that tools like this would make malware research easier if you could see exactly what files in the file system have been touched. Especially if the browser got updated in real / near real time. I definitely need more hours in the day to play with this stuff.
Yes, it works on live VMs, but read only. You’ll get strange results if the disk is being heavily written to: it won’t “update in real time” like you think — there is no way to do that without using a guest agent or using something like NFS.
You cannot use libguestfs to write to running VMs at all.