Richard W.M. Jones
2010-Nov-08 12:02 UTC
[Libguestfs] [PATCH] fish: Add --rw option (does nothing yet).
This patch is meant for discussion of the issues involved.
I'd like to change the default for guestfish -a / -m command line
options to open read-only. This creates less opportunity to corrupt
disk images by opening them for write while another VM might be using
them.
With this patch you can specify:
guestfish --rw ...
which in itself does nothing since the default is currently read/write
anyway.
But it allows us in future to add a configuration file that controls
the default ("default" being the case where you use guestfish or
guestmount with neither --ro nor --rw options). We can then change
the configuration file in 1.8 to make read-only the default.
By backporting this patch to the other stable branches we can start
introducing scripts that use 'guestfish --rw' in readiness for a
future change to the default.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://et.redhat.com/~rjones/libguestfs/
See what it can do: http://et.redhat.com/~rjones/libguestfs/recipes.html
-------------- next part -------------->From 2c4a7ef92a4583a1217213573ad406eb5d745990 Mon Sep 17 00:00:00 2001
From: Richard W.M. Jones <rjones at redhat.com>
Date: Fri, 5 Nov 2010 18:36:02 +0000
Subject: [PATCH] fish: Add --rw option (does nothing yet).
This adds the guestfish --rw option, intended in future
to be required for writing to disk images.
At the moment this does not change the default and so does
nothing. This patch is intended for backporting to the
stable branches so that we can start to introduce scripts
which use 'guestfish --rw'.
---
fish/fish.c | 7 ++++++-
fish/guestfish.pod | 46 ++++++++++++++++++++++++++++++++++++++++------
fish/options.h | 7 +++++++
fuse/guestmount.c | 7 ++++++-
fuse/guestmount.pod | 7 +++++++
5 files changed, 66 insertions(+), 8 deletions(-)
diff --git a/fish/fish.c b/fish/fish.c
index 9f20bba..5d7aac6 100644
--- a/fish/fish.c
+++ b/fish/fish.c
@@ -150,7 +150,7 @@ main (int argc, char *argv[])
enum { HELP_OPTION = CHAR_MAX + 1 };
- static const char *options = "a:c:d:Df:h::im:nN:rv?Vx";
+ static const char *options = "a:c:d:Df:h::im:nN:rv?Vwx";
static const struct option long_options[] = {
{ "add", 1, 0, 'a' },
{ "cmd-help", 2, 0, 'h' },
@@ -172,6 +172,7 @@ main (int argc, char *argv[])
{ "no-progress-bars", 0, 0, 0 },
{ "remote", 2, 0, 0 },
{ "ro", 0, 0, 'r' },
+ { "rw", 0, 0, 'w' },
{ "selinux", 0, 0, 0 },
{ "verbose", 0, 0, 'v' },
{ "version", 0, 0, 'V' },
@@ -362,6 +363,10 @@ main (int argc, char *argv[])
OPTION_V;
break;
+ case 'w':
+ OPTION_w;
+ break;
+
case 'x':
OPTION_x;
break;
diff --git a/fish/guestfish.pod b/fish/guestfish.pod
index d265a3d..c52b773 100644
--- a/fish/guestfish.pod
+++ b/fish/guestfish.pod
@@ -10,13 +10,13 @@ guestfish - the libguestfs Filesystem Interactive SHell
guestfish
- guestfish -a disk.img
+ guestfish [--ro|--rw] -a disk.img
- guestfish -a disk.img -m dev[:mountpoint]
+ guestfish [--ro|--rw] -a disk.img -m dev[:mountpoint]
guestfish -d libvirt-domain
- guestfish -a disk.img -i
+ guestfish [--ro|--rw] -a disk.img -i
guestfish -d libvirt-domain -i
@@ -99,7 +99,7 @@ Update C</etc/resolv.conf> in a guest:
Edit C</boot/grub/grub.conf> interactively:
- guestfish --add disk.img \
+ guestfish --rw --add disk.img \
--mount /dev/vg_guest/lv_root \
--mount /dev/sda1:/boot \
edit /boot/grub/grub.conf
@@ -115,7 +115,7 @@ disks from a virtual machine:
Another way to edit C</boot/grub/grub.conf> interactively is:
- guestfish -a disk.img -i edit /boot/grub/grub.conf
+ guestfish --rw -a disk.img -i edit /boot/grub/grub.conf
=head2 As a script interpreter
@@ -245,7 +245,7 @@ Typical usage is either:
(for active domains, readonly), or specify the block device directly:
- guestfish -a /dev/Guests/MyGuest -i
+ guestfish --rw -a /dev/Guests/MyGuest -i
Note that the command line syntax changed slightly over older
versions of guestfish. You can still use the old syntax:
@@ -320,6 +320,8 @@ don't need write access to the disk.
Note that prepared disk images created with I<-N> are not affected by
the I<--ro> option.
+See also L</OPENING DISKS FOR READ AND WRITE> below.
+
=item B<--selinux>
Enable SELinux support for the guest. See L<guestfs(3)/SELINUX>.
@@ -333,6 +335,11 @@ a bug.
Display the guestfish / libguestfs version number and exit.
+=item B<-w> | B<--rw>
+
+This option does nothing at the moment.
+See L</OPENING DISKS FOR READ AND WRITE> below.
+
=item B<-x>
Echo each command before executing it.
@@ -392,6 +399,33 @@ I<-N> or I<--new> options were given then
C<run> is done
automatically, simply because guestfish can't perform the action you
asked for without doing this.
+=head1 OPENING DISKS FOR READ AND WRITE
+
+The guestfish (and L<guestmount(1)>) options I<--ro> and
I<--rw>
+affect whether the other command line options I<-a>, I<-c>,
I<-d>,
+I<-i> and I<-m> open disk images read-only or for writing.
+
+In libguestfs E<lt> 1.6.2, guestfish and guestmount defaulted to
+opening disk images supplied on the command line for write. To open a
+disk image read-only you have to do I<-a image --ro>.
+
+This matters: If you accidentally open a live VM disk image writable
+then you will cause irreversible disk corruption.
+
+By libguestfs 1.8 we intend to change the default the other way. Disk
+images will be opened read-only. You will have to either specify
+I<guestfish --rw> or change a configuration file in order to get write
+access for disk images specified by those other command line options.
+
+This version of guestfish has a I<--rw> option which does nothing (it
+is already the default). However it is highly recommended that you
+use this option to indicate that guestfish needs write access, and to
+prepare your scripts for the day when this option will be required for
+write access.
+
+B<Note:> This does I<not> affect commands like L</add> and
L</mount>,
+or any other libguestfs program apart from guestfish and guestmount.
+
=head1 QUOTING
You can quote ordinary parameters using either single or double
diff --git a/fish/options.h b/fish/options.h
index e36c57a..9cb7f4b 100644
--- a/fish/options.h
+++ b/fish/options.h
@@ -185,6 +185,13 @@ extern int add_libvirt_drives (const char *guest);
exit (EXIT_SUCCESS); \
}
+#define OPTION_w \
+ if (read_only) { \
+ fprintf (stderr, _("%s: cannot mix --ro and --rw options\n"),
\
+ program_name); \
+ exit (EXIT_FAILURE); \
+ }
+
#define OPTION_x \
guestfs_set_trace (g, 1)
diff --git a/fuse/guestmount.c b/fuse/guestmount.c
index 55b71d7..1b3abf9 100644
--- a/fuse/guestmount.c
+++ b/fuse/guestmount.c
@@ -884,7 +884,7 @@ main (int argc, char *argv[])
/* The command line arguments are broadly compatible with (a subset
* of) guestfish. Thus we have to deal mainly with -a, -m and --ro.
*/
- static const char *options = "a:c:d:im:no:rv?Vx";
+ static const char *options = "a:c:d:im:no:rv?Vwx";
static const struct option long_options[] = {
{ "add", 1, 0, 'a' },
{ "connect", 1, 0, 'c' },
@@ -900,6 +900,7 @@ main (int argc, char *argv[])
{ "no-sync", 0, 0, 'n' },
{ "option", 1, 0, 'o' },
{ "ro", 0, 0, 'r' },
+ { "rw", 0, 0, 'w' },
{ "selinux", 0, 0, 0 },
{ "trace", 0, 0, 'x' },
{ "verbose", 0, 0, 'v' },
@@ -1043,6 +1044,10 @@ main (int argc, char *argv[])
OPTION_V;
break;
+ case 'w':
+ OPTION_w;
+ break;
+
case 'x':
OPTION_x;
ADD_FUSE_ARG ("-f");
diff --git a/fuse/guestmount.pod b/fuse/guestmount.pod
index 4ddea5f..e86d76c 100644
--- a/fuse/guestmount.pod
+++ b/fuse/guestmount.pod
@@ -203,6 +203,8 @@ disk. If the guest is running and this option is
I<not> supplied,
then there is a strong risk of disk corruption in the guest. We try
to prevent this from happening, but it is not always possible.
+See also L<guestfish(1)/OPENING DISKS FOR READ AND WRITE>.
+
=item B<--selinux>
Enable SELinux support for the guest.
@@ -215,6 +217,11 @@ Enable verbose messages from underlying libguestfs.
Display the program version and exit.
+=item B<-w> | B<--rw>
+
+This option does nothing at the moment.
+See L<guestfish(1)/OPENING DISKS FOR READ AND WRITE>.
+
=item B<-x> | B<--trace>
Trace libguestfs calls.
--
1.7.3.2
Matthew Booth
2010-Nov-08 12:39 UTC
[Libguestfs] [PATCH] fish: Add --rw option (does nothing yet).
On 11/08/2010 12:02 PM, Richard W.M. Jones wrote:>> From 2c4a7ef92a4583a1217213573ad406eb5d745990 Mon Sep 17 00:00:00 2001 > From: Richard W.M. Jones<rjones at redhat.com> > Date: Fri, 5 Nov 2010 18:36:02 +0000 > Subject: [PATCH] fish: Add --rw option (does nothing yet). > > This adds the guestfish --rw option, intended in future > to be required for writing to disk images. > > At the moment this does not change the default and so does > nothing. This patch is intended for backporting to the > stable branches so that we can start to introduce scripts > which use 'guestfish --rw'. > --- > fish/fish.c | 7 ++++++- > fish/guestfish.pod | 46 ++++++++++++++++++++++++++++++++++++++++------ > fish/options.h | 7 +++++++ > fuse/guestmount.c | 7 ++++++- > fuse/guestmount.pod | 7 +++++++ > 5 files changed, 66 insertions(+), 8 deletions(-) >> --- a/fish/options.h > +++ b/fish/options.h > @@ -185,6 +185,13 @@ extern int add_libvirt_drives (const char *guest); > exit (EXIT_SUCCESS); \ > } > > +#define OPTION_w \ > + if (read_only) { \ > + fprintf (stderr, _("%s: cannot mix --ro and --rw options\n"), \ > + program_name); \ > + exit (EXIT_FAILURE); \ > + } > +This will display an error if the user does: guestfish --ro --rw but not: guestfish --rw --ro> #define OPTION_x \ > guestfs_set_trace (g, 1) >Otherwise, it looks fine. Matt -- Matthew Booth, RHCA, RHCSS Red Hat Engineering, Virtualisation Team GPG ID: D33C3490 GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490