1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
|
=encoding utf8
=head1 NAME
virt-edit - Edit a file in a virtual machine
=head1 SYNOPSIS
virt-edit [--options] -d domname file [file ...]
virt-edit [--options] -a disk.img [-a disk.img ...] file [file ...]
virt-edit [-d domname|-a disk.img] file -e 'expr'
Old-style:
virt-edit domname file
virt-edit disk.img [disk.img ...] file
=head1 WARNING
You must I<not> use C<virt-edit> on live virtual machines. If you do
this, you risk disk corruption in the VM. C<virt-edit> tries to stop
you from doing this, but doesn't catch all cases.
=head1 DESCRIPTION
C<virt-edit> is a command line tool to edit C<file> where each C<file>
exists in the named virtual machine (or disk image).
Multiple filenames can be given, in which case they are each edited in
turn. Each filename must be a full path, starting at the root
directory (starting with '/').
If you want to just view a file, use L<virt-cat(1)>.
For more complex cases you should look at the L<guestfish(1)> tool
(see L</USING GUESTFISH> below).
C<virt-edit> cannot be used to create a new file. L<guestfish(1)> can
do that and much more.
=head1 EXAMPLES
Edit the named files interactively:
virt-edit -d mydomain /boot/grub/grub.conf
virt-edit -d mydomain /etc/passwd
For Windows guests, some Windows paths are understood:
virt-edit -d mywindomain 'c:\autoexec.bat'
If Perl is installed, you can also edit files non-interactively (see
L</NON-INTERACTIVE EDITING> below).
To change the init default level to 5:
virt-edit -d mydomain /etc/inittab -e 's/^id:.*/id:5:initdefault:/'
=head1 OPTIONS
=over 4
=item B<--help>
Display brief help.
=item B<-a> file
=item B<--add> file
Add I<file> which should be a disk image from a virtual machine. If
the virtual machine has multiple block devices, you must supply all of
them with separate I<-a> options.
The format of the disk image is auto-detected. To override this and
force a particular format use the I<--format=..> option.
=item B<-b> extension
=item B<--backup> extension
Create a backup of the original file I<in the guest disk image>.
The backup has the original filename with C<extension> added.
Usually the first character of C<extension> would be a dot C<.>
so you would write:
virt-edit -b .orig [etc]
By default, no backup file is made.
=item B<-c URI>
=item B<--connect URI>
If using libvirt, connect to the given I<URI>. If omitted, then we
connect to the default libvirt hypervisor.
If you specify guest block devices directly, then libvirt is not used
at all.
=item B<-d> guest
=item B<--domain> guest
Add all the disks from the named libvirt guest. Domain UUIDs can be
used instead of names.
=item B<--echo-keys>
When prompting for keys and passphrases, virt-edit normally turns
echoing off so you cannot see what you are typing. If you are not
worried about Tempest attacks and there is no one else in the room you
can specify this flag to see what you are typing.
=item B<-e> EXPR
=item B<--expr> EXPR
Instead of launching the external editor, non-interactively
apply the Perl expression C<EXPR> to each line in the file.
See L</NON-INTERACTIVE EDITING> below.
Be careful to properly quote the expression to prevent it from
being altered by the shell.
Note that this option is only available when Perl 5 is installed.
=item B<--format> raw|qcow2|...
=item B<--format>
The default for the I<-a> option is to auto-detect the format of the
disk image. Using this forces the disk format for I<-a> options which
follow on the command line. Using I<--format> with no argument
switches back to auto-detection for subsequent I<-a> options.
For example:
virt-edit --format=raw -a disk.img file
forces raw format (no auto-detection) for C<disk.img>.
virt-edit --format=raw -a disk.img --format -a another.img file
forces raw format (no auto-detection) for C<disk.img> and reverts to
auto-detection for C<another.img>.
If you have untrusted raw-format guest disk images, you should use
this option to specify the disk format. This avoids a possible
security problem with malicious guests (CVE-2010-3851).
=item B<--keys-from-stdin>
Read key or passphrase parameters from stdin. The default is
to try to read passphrases from the user by opening C</dev/tty>.
=item B<-v>
=item B<--verbose>
Enable verbose messages for debugging.
=item B<-V>
=item B<--version>
Display version number and exit.
=item B<-x>
Enable tracing of libguestfs API calls.
=back
=head1 OLD-STYLE COMMAND LINE ARGUMENTS
Previous versions of virt-edit allowed you to write either:
virt-edit disk.img [disk.img ...] file
or
virt-edit guestname file
whereas in this version you should use I<-a> or I<-d> respectively
to avoid the confusing case where a disk image might have the same
name as a guest.
For compatibility the old style is still supported.
=head1 NON-INTERACTIVE EDITING
C<virt-edit> normally calls out to C<$EDITOR> (or vi) so
the system administrator can interactively edit the file.
There are two ways also to use C<virt-edit> from scripts in order to
make automated edits to files. (Note that although you I<can> use
C<virt-edit> like this, it's less error-prone to write scripts
directly using the libguestfs API and Augeas for configuration file
editing.)
The first method is to temporarily set C<$EDITOR> to any script or
program you want to run. The script is invoked as C<$EDITOR tmpfile>
and it should update C<tmpfile> in place however it likes.
The second method is to use the I<-e> parameter of C<virt-edit> to run
a short Perl snippet in the style of L<sed(1)>. For example to
replace all instances of C<foo> with C<bar> in a file:
virt-edit -d domname filename -e 's/foo/bar/'
The full power of Perl regular expressions can be used (see
L<perlre(1)>). For example to delete root's password you could do:
virt-edit -d domname /etc/passwd -e 's/^root:.*?:/root::/'
What really happens is that the snippet is evaluated as a Perl
expression for each line of the file. The line, including the final
C<\n>, is passed in C<$_> and the expression should update C<$_> or
leave it unchanged.
To delete a line, set C<$_> to the empty string. For example, to
delete the C<apache> user account from the password file you can do:
virt-edit -d mydomain /etc/passwd -e '$_ = "" if /^apache:/'
To insert a line, prepend or append it to C<$_>. However appending
lines to the end of the file is rather difficult this way since there
is no concept of "last line of the file" - your expression just
doesn't get called again. You might want to use the first method
(setting C<$EDITOR>) if you want to do this.
The variable C<$lineno> contains the current line number.
As is traditional, the first line in the file is number C<1>.
The return value from the expression is ignored, but the expression
may call C<die> in order to abort the whole program, leaving the
original file untouched.
Remember when matching the end of a line that C<$_> may contain the
final C<\n>, or (for DOS files) C<\r\n>, or if the file does not end
with a newline then neither of these. Thus to match or substitute
some text at the end of a line, use this regular expression:
/some text(\r?\n)?$/
Alternately, use the perl C<chomp> function, being careful not to
chomp C<$_> itself (since that would remove all newlines from the
file):
my $m = $_; chomp $m; $m =~ /some text$/
=head1 WINDOWS PATHS
C<virt-edit> has a limited ability to understand Windows drive letters
and paths (eg. C<E:\foo\bar.txt>).
If and only if the guest is running Windows then:
=over 4
=item *
Drive letter prefixes like C<C:> are resolved against the
Windows Registry to the correct filesystem.
=item *
Any backslash (C<\>) characters in the path are replaced
with forward slashes so that libguestfs can process it.
=item *
The path is resolved case insensitively to locate the file
that should be edited.
=back
There are some known shortcomings:
=over 4
=item *
Some NTFS symbolic links may not be followed correctly.
=item *
NTFS junction points that cross filesystems are not followed.
=back
=head1 USING GUESTFISH
L<guestfish(1)> is a more powerful, lower level tool which you can use
when C<virt-edit> doesn't work.
Using C<virt-edit> is approximately equivalent to doing:
guestfish --rw -i -d domname edit /file
where C<domname> is the name of the libvirt guest, and C</file> is the
full path to the file.
The command above uses libguestfs's guest inspection feature and so
does not work on guests that libguestfs cannot inspect, or on things
like arbitrary disk images that don't contain guests. To edit a file
on a disk image directly, use:
guestfish --rw -a disk.img -m /dev/sda1 edit /file
where C<disk.img> is the disk image, C</dev/sda1> is the filesystem
within the disk image to edit, and C</file> is the full path to the
file.
C<virt-edit> cannot create new files. Use the guestfish commands
C<touch>, C<write> or C<upload> instead:
guestfish --rw -i -d domname touch /newfile
guestfish --rw -i -d domname write /newfile "new content"
guestfish --rw -i -d domname upload localfile /newfile
=head1 CVE-2012-2690
Old versions of both virt-edit and the guestfish C<edit> command
created a new file containing the changes but did not set the
permissions, etc of the new file to match the old one. The result of
this was that if you edited a security sensitive file such as
C</etc/shadow> then it would be left world-readable after the edit.
This issue was assigned CVE-2012-2690, and is fixed in
libguestfs E<ge> 1.16.
For further information, see
L<https://bugzilla.redhat.com/show_bug.cgi?id=788642>
=head1 ENVIRONMENT VARIABLES
=over 4
=item C<EDITOR>
If set, this string is used as the editor. It may contain arguments,
eg. C<"emacs -nw">
If not set, C<vi> is used.
=back
=head1 SHELL QUOTING
Libvirt guest names can contain arbitrary characters, some of which
have meaning to the shell such as C<#> and space. You may need to
quote or escape these characters on the command line. See the shell
manual page L<sh(1)> for details.
=head1 EXIT STATUS
This program returns 0 if successful, or non-zero if there was an
error.
=head1 SEE ALSO
L<guestfs(3)>,
L<guestfish(1)>,
L<virt-cat(1)>,
L<virt-copy-in(1)>,
L<virt-tar-in(1)>,
L<Sys::Guestfs(3)>,
L<Sys::Guestfs::Lib(3)>,
L<Sys::Virt(3)>,
L<http://libguestfs.org/>,
L<perl(1)>,
L<perlre(1)>.
=head1 AUTHOR
Richard W.M. Jones L<http://people.redhat.com/~rjones/>
=head1 COPYRIGHT
Copyright (C) 2009-2012 Red Hat Inc.
|