=encoding utf8

=head1 NAME

virt-edit - Edit a file in a virtual machine

=head1 SYNOPSIS

 virt-edit [--options] -d domname file [file ...]

 virt-edit [--options] -a disk.img [-a disk.img ...] file [file ...]

 virt-edit [-d domname|-a disk.img] file -e 'expr'

Old-style:

 virt-edit domname file

 virt-edit disk.img [disk.img ...] file

=head1 WARNING

You must I<not> use C<virt-edit> on live virtual machines.  If you do
this, you risk disk corruption in the VM.  C<virt-edit> tries to stop
you from doing this, but doesn't catch all cases.

=head1 DESCRIPTION

C<virt-edit> is a command line tool to edit C<file> where each C<file>
exists in the named virtual machine (or disk image).

Multiple filenames can be given, in which case they are each edited in
turn.  Each filename must be a full path, starting at the root
directory (starting with '/').

If you want to just view a file, use L<virt-cat(1)>.

For more complex cases you should look at the L<guestfish(1)> tool
(see L</USING GUESTFISH> below).

C<virt-edit> cannot be used to create a new file.  L<guestfish(1)> can
do that and much more.

=head1 EXAMPLES

Edit the named files interactively:

 virt-edit -d mydomain /boot/grub/grub.conf

 virt-edit -d mydomain /etc/passwd

For Windows guests, some Windows paths are understood:

 virt-edit -d mywindomain 'c:\autoexec.bat'

If Perl is installed, you can also edit files non-interactively (see
L</NON-INTERACTIVE EDITING> below).
To change the init default level to 5:

 virt-edit -d mydomain /etc/inittab -e 's/^id:.*/id:5:initdefault:/'

=head1 OPTIONS

=over 4

=item B<--help>

Display brief help.

=item B<-a> file

=item B<--add> file

Add I<file> which should be a disk image from a virtual machine.  If
the virtual machine has multiple block devices, you must supply all of
them with separate I<-a> options.

The format of the disk image is auto-detected.  To override this and
force a particular format use the I<--format=..> option.

=item B<-b> extension

=item B<--backup> extension

Create a backup of the original file I<in the guest disk image>.
The backup has the original filename with C<extension> added.

Usually the first character of C<extension> would be a dot C<.>
so you would write:

 virt-edit -b .orig [etc]

By default, no backup file is made.

=item B<-c URI>

=item B<--connect URI>

If using libvirt, connect to the given I<URI>.  If omitted, then we
connect to the default libvirt hypervisor.

If you specify guest block devices directly, then libvirt is not used
at all.

=item B<-d> guest

=item B<--domain> guest

Add all the disks from the named libvirt guest.  Domain UUIDs can be
used instead of names.

=item B<--echo-keys>

When prompting for keys and passphrases, virt-edit normally turns
echoing off so you cannot see what you are typing.  If you are not
worried about Tempest attacks and there is no one else in the room you
can specify this flag to see what you are typing.

=item B<-e> EXPR

=item B<--expr> EXPR

Instead of launching the external editor, non-interactively
apply the Perl expression C<EXPR> to each line in the file.
See L</NON-INTERACTIVE EDITING> below.

Be careful to properly quote the expression to prevent it from
being altered by the shell.

Note that this option is only available when Perl 5 is installed.

=item B<--format> raw|qcow2|...

=item B<--format>

The default for the I<-a> option is to auto-detect the format of the
disk image.  Using this forces the disk format for I<-a> options which
follow on the command line.  Using I<--format> with no argument
switches back to auto-detection for subsequent I<-a> options.

For example:

 virt-edit --format=raw -a disk.img file

forces raw format (no auto-detection) for C<disk.img>.

 virt-edit --format=raw -a disk.img --format -a another.img file

forces raw format (no auto-detection) for C<disk.img> and reverts to
auto-detection for C<another.img>.

If you have untrusted raw-format guest disk images, you should use
this option to specify the disk format.  This avoids a possible
security problem with malicious guests (CVE-2010-3851).

=item B<--keys-from-stdin>

Read key or passphrase parameters from stdin.  The default is
to try to read passphrases from the user by opening C</dev/tty>.

=item B<-v>

=item B<--verbose>

Enable verbose messages for debugging.

=item B<-V>

=item B<--version>

Display version number and exit.

=item B<-x>

Enable tracing of libguestfs API calls.

=back

=head1 OLD-STYLE COMMAND LINE ARGUMENTS

Previous versions of virt-edit allowed you to write either:

 virt-edit disk.img [disk.img ...] file

or

 virt-edit guestname file

whereas in this version you should use I<-a> or I<-d> respectively
to avoid the confusing case where a disk image might have the same
name as a guest.

For compatibility the old style is still supported.

=head1 NON-INTERACTIVE EDITING

C<virt-edit> normally calls out to C<$EDITOR> (or vi) so
the system administrator can interactively edit the file.

There are two ways also to use C<virt-edit> from scripts in order to
make automated edits to files.  (Note that although you I<can> use
C<virt-edit> like this, it's less error-prone to write scripts
directly using the libguestfs API and Augeas for configuration file
editing.)

The first method is to temporarily set C<$EDITOR> to any script or
program you want to run.  The script is invoked as C<$EDITOR tmpfile>
and it should update C<tmpfile> in place however it likes.

The second method is to use the I<-e> parameter of C<virt-edit> to run
a short Perl snippet in the style of L<sed(1)>.  For example to
replace all instances of C<foo> with C<bar> in a file:

 virt-edit -d domname filename -e 's/foo/bar/'

The full power of Perl regular expressions can be used (see
L<perlre(1)>).  For example to delete root's password you could do:

 virt-edit -d domname /etc/passwd -e 's/^root:.*?:/root::/'

What really happens is that the snippet is evaluated as a Perl
expression for each line of the file.  The line, including the final
C<\n>, is passed in C<$_> and the expression should update C<$_> or
leave it unchanged.

To delete a line, set C<$_> to the empty string.  For example, to
delete the C<apache> user account from the password file you can do:

 virt-edit -d mydomain /etc/passwd -e '$_ = "" if /^apache:/'

To insert a line, prepend or append it to C<$_>.  However appending
lines to the end of the file is rather difficult this way since there
is no concept of "last line of the file" - your expression just
doesn't get called again.  You might want to use the first method
(setting C<$EDITOR>) if you want to do this.

The variable C<$lineno> contains the current line number.
As is traditional, the first line in the file is number C<1>.

The return value from the expression is ignored, but the expression
may call C<die> in order to abort the whole program, leaving the
original file untouched.

Remember when matching the end of a line that C<$_> may contain the
final C<\n>, or (for DOS files) C<\r\n>, or if the file does not end
with a newline then neither of these.  Thus to match or substitute
some text at the end of a line, use this regular expression:

 /some text(\r?\n)?$/

Alternately, use the perl C<chomp> function, being careful not to
chomp C<$_> itself (since that would remove all newlines from the
file):

 my $m = $_; chomp $m; $m =~ /some text$/

=head1 WINDOWS PATHS

C<virt-edit> has a limited ability to understand Windows drive letters
and paths (eg. C<E:\foo\bar.txt>).

If and only if the guest is running Windows then:

=over 4

=item *

Drive letter prefixes like C<C:> are resolved against the
Windows Registry to the correct filesystem.

=item *

Any backslash (C<\>) characters in the path are replaced
with forward slashes so that libguestfs can process it.

=item *

The path is resolved case insensitively to locate the file
that should be edited.

=back

There are some known shortcomings:

=over 4

=item *

Some NTFS symbolic links may not be followed correctly.

=item *

NTFS junction points that cross filesystems are not followed.

=back

=head1 USING GUESTFISH

L<guestfish(1)> is a more powerful, lower level tool which you can use
when C<virt-edit> doesn't work.

Using C<virt-edit> is approximately equivalent to doing:

 guestfish --rw -i -d domname edit /file

where C<domname> is the name of the libvirt guest, and C</file> is the
full path to the file.

The command above uses libguestfs's guest inspection feature and so
does not work on guests that libguestfs cannot inspect, or on things
like arbitrary disk images that don't contain guests.  To edit a file
on a disk image directly, use:

 guestfish --rw -a disk.img -m /dev/sda1 edit /file

where C<disk.img> is the disk image, C</dev/sda1> is the filesystem
within the disk image to edit, and C</file> is the full path to the
file.

C<virt-edit> cannot create new files.  Use the guestfish commands
C<touch>, C<write> or C<upload> instead:

 guestfish --rw -i -d domname touch /newfile

 guestfish --rw -i -d domname write /newfile "new content"

 guestfish --rw -i -d domname upload localfile /newfile

=head1 CVE-2012-2690

Old versions of both virt-edit and the guestfish C<edit> command
created a new file containing the changes but did not set the
permissions, etc of the new file to match the old one.  The result of
this was that if you edited a security sensitive file such as
C</etc/shadow> then it would be left world-readable after the edit.

This issue was assigned CVE-2012-2690, and is fixed in
libguestfs E<ge> 1.16.

For further information, see
L<https://bugzilla.redhat.com/show_bug.cgi?id=788642>

=head1 ENVIRONMENT VARIABLES

=over 4

=item C<EDITOR>

If set, this string is used as the editor.  It may contain arguments,
eg. C<"emacs -nw">

If not set, C<vi> is used.

=back

=head1 SHELL QUOTING

Libvirt guest names can contain arbitrary characters, some of which
have meaning to the shell such as C<#> and space.  You may need to
quote or escape these characters on the command line.  See the shell
manual page L<sh(1)> for details.

=head1 EXIT STATUS

This program returns 0 if successful, or non-zero if there was an
error.

=head1 SEE ALSO

L<guestfs(3)>,
L<guestfish(1)>,
L<virt-cat(1)>,
L<virt-copy-in(1)>,
L<virt-tar-in(1)>,
L<Sys::Guestfs(3)>,
L<Sys::Guestfs::Lib(3)>,
L<Sys::Virt(3)>,
L<http://libguestfs.org/>,
L<perl(1)>,
L<perlre(1)>.

=head1 AUTHOR

Richard W.M. Jones L<http://people.redhat.com/~rjones/>

=head1 COPYRIGHT

Copyright (C) 2009-2012 Red Hat Inc.