Tag Archives: virtualization

Tip: Run virt-inspector on a compressed disk (with nbdkit)

virt-inspector is a very convenient tool to examine a disk image and find out if it contains an operating system, what applications are installed and so on.

If you have an xz-compressed disk image, you can run virt-inspector on it without uncompressing it, using the magic of captive nbdkit. Here’s how:

nbdkit xz file=win7.img.xz \
    -U - \
    --run 'virt-inspector --format=raw -a nbd://?socket=$unixsocket'

What’s happening here is we run nbdkit with the xz plugin, and tell it to serve NBD over a randomly named Unix domain socket (-U -).

We then run virt-inspector as a sub-process. This is called “captive nbdkit”. (Nbdkit is “captive” here, because it will exit as soon as virt-inspector exits, so there’s no need to clean anything up.)

The $unixsocket variable expands to the name of the randomly generated Unix domain socket, forming a libguestfs NBD URL which allows virt-inspector to examine the raw uncompressed data exported by nbdkit.

The nbdkit xz plugin only uncompresses those blocks of the data which are actually accessed, so this is quite efficient.


Filed under Uncategorized

virt-rescue fixes

Although libguestfs gives you a nice structured library and tools for manipulating disk images, sometimes you just want to run a few Linux commands like mke2fs and fdisk against a disk image. For those times there is another tool called virt-rescue. It gives you a “rescue shell” connected to the disk image, and the usual set of command line Linux tools:

$ truncate -s 10G disk.img
$ virt-rescue -a disk.img
The virt-rescue escape key is ‘^]’.  Type ‘^] h’ for help.


Welcome to virt-rescue, the libguestfs rescue shell.

Note: The contents of / (root) are the rescue appliance.
You have to mount the guest's partitions under /sysroot
before you can examine them.
><rescue> fdisk /dev/sda
><rescue> mke2fs /dev/sda1
><rescue> sync

Virt-rescue was a bit clumsy to use before because it didn’t (for example) pass Ctrl-C through to the rescue shell, so using that or other control keys would kill, stop or do other drastic things to the whole program.

I spent a bit of time last week fixing all of this, to make a really great, usable rescue shell.

The first thing is that ^C now works right:

><rescue> cat > /tmp/foo

The second most requested feature is support for automatically mounting up the guest’s filesystems (rather than having to tediously type mount commands at the shell prompt). As with guestfish, the -i option now does the right thing:

$ virt-builder debian-7
$ virt-rescue -a debian-7.img -i
><rescue> chroot /sysroot
><rescue> cat /etc/debian_version

Finally virt-rescue now comes with an escape key which lets you suspend the shell and come back to it, and do some other interesting operations:

><rescue> ^]?
 ^] ? - print this message
 ^] h - print this message
 ^] i - print inspection data
 ^] q - quit virt-rescue
 ^] s - sync the filesystems
 ^] u - unmount filesystems
 ^] x - quit virt-rescue
 ^] z - suspend virt-rescue
to pass the escape key through to the rescue shell, type it twice
attempting to sync filesystems ...
[1]+  Stopped         virt-rescue -a debian-7.img -i

This is all available in libguestfs ≥ 1.37.1.

Leave a comment

Filed under Uncategorized

Supernested on the QEMU Advent Calendar


I wrote supernested a few years ago to see if I could break nested KVM. It works by repeatedly nesting KVM guests until either something breaks or the whole thing grinds to a halt. Even on my very fastest machine I can only get to an L4 guest (L0 = host, L1 = normal guest).

Kashyap and Thomas Huth resurrected the QEMU Advent Calendar this year, and today (day 13) supernested is featured.

Please note that supernested should only be run on idle machines which aren’t doing anything else, and it can crash the machine.

1 Comment

Filed under Uncategorized

CentOS 7.3 available in virt-builder

CentOS 7.3 was announced today, and the x86_64 version is available in virt-builder already:

$ virt-builder centos-7.3

Leave a comment

Filed under Uncategorized

Fedora 25 is out, virt-builder images available

$ virt-builder -l | grep fedora-25
fedora-25                x86_64     Fedora® 25 Server
fedora-25                i686       Fedora® 25 Server (i686)
fedora-25                aarch64    Fedora® 25 Server (aarch64)
fedora-25                armv7l     Fedora® 25 Server (armv7l)
fedora-25                ppc64      Fedora® 25 Server (ppc64)
fedora-25                ppc64le    Fedora® 25 Server (ppc64le)
$ virt-builder fedora-25
$ qemu-system-x86_64 -machine accel=kvm:tcg \
      -cpu host -m 2048 \
      -drive file=fedora-25.img,format=raw,if=virtio

Or to try out Fedora on a different architecture:

$ virt-builder fedora-25 --arch ppc64le -o fedora-25-ppc64le.img
$ qemu-system-ppc64 -cpu POWER8 -m 2048 \
      -drive file=fedora-25-ppc64le.img,format=raw,if=virtio


Filed under Uncategorized

virt-builder RISC-V edition

$ file builder/virt-builder
builder/virt-builder: ELF 64-bit LSB executable, UCB RISC-V, version 1 (SYSV), dynamically linked, interpreter /lib/ld.so.1, for 
GNU/Linux 2.6.32, BuildID[sha1]=184c9522f22abc5c325ac5a1ee2d272b225d5503, not stripped

Probably the least useful copy of virt-builder since there’s no qemu and no network. However it does demonstrate that we can now build large mixed C / OCaml binaries on RISC-V successfully.

1 Comment

Filed under Uncategorized

libguestfs-based vulnerability scanner

Described here: https://www.redhat.com/archives/libguestfs/2016-August/msg00229.html

Leave a comment

Filed under Uncategorized