Should Fedora revisit the idea having "one " image to be used across the cloud providers?

Richard W.M. Jones rjones at
Fri Jun 28 08:55:27 UTC 2013

On Fri, Jun 28, 2013 at 08:37:17AM +0000, Collins, Robert (HPCS) wrote:
> Then, we build a fresh filesystem, so the only thing we do with the
> filesystem bits we receive is copy data out of them. You are right
> that there is a narrow attack vector there, [but see above]; we
> could use guestfs's fuse support to mount and copy out the data that
> way.

As a note: Don't use FUSE for this (or anything if possible).
libguestfs has an API for fetching a tarball from a disk image, which
is far more efficient.  From Python:


import sys
import guestfs

assert (len (sys.argv) >= 2)
disk = sys.argv[1]

g = guestfs.GuestFS (python_return_dict=True)
#g.set_trace (1)

for disk in sys.argv[1:]:
    g.add_drive_opts (disk, readonly=1)
g.launch ()

roots = g.inspect_os ()
if len (roots) != 1:
    raise (Error ("inspect_vm: no or multiple operating systems found"))

root = roots[0]

# Mount up the disks, like guestfish -i.
mps = g.inspect_get_mountpoints (root)
def compare (a, b): return len(a) - len(b)
for device in sorted (mps.keys(), compare):
        g.mount_ro (mps[device], device)
    except RuntimeError as msg:
        print "%s (ignored)" % msg

# Export whole filesystem.
g.tgz_out ("/", "/tmp/filesystem.tar.gz")

$ ./ /tmp/winxp.img
$ ls -lh filesystem.tar.gz 
-rw-rw-r--. 1 rjones rjones 2.1G Jun 28 09:49 filesystem.tar.gz

Apart from the obviously much cleaner API, libguestfs doesn't require
root permissions, is more secure even for your use case, has a bunch
of mature tools for "sysprepping" images, and can create disk images
from tarballs.


Richard Jones, Virtualization Group, Red Hat
libguestfs lets you edit virtual machines.  Supports shell scripting,
bindings from many languages.

More information about the cloud mailing list