Re: Should Fedora revisit the idea having "one " image to be used across the cloud providers?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Jun 28, 2013 at 08:37:17AM +0000, Collins, Robert (HPCS) wrote:
> Then, we build a fresh filesystem, so the only thing we do with the
> filesystem bits we receive is copy data out of them. You are right
> that there is a narrow attack vector there, [but see above]; we
> could use guestfs's fuse support to mount and copy out the data that
> way.

As a note: Don't use FUSE for this (or anything if possible).
libguestfs has an API for fetching a tarball from a disk image, which
is far more efficient.  From Python:

----------------------------------------------------------------------
#!/usr/bin/python

import sys
import guestfs

assert (len (sys.argv) >= 2)
disk = sys.argv[1]

g = guestfs.GuestFS (python_return_dict=True)
#g.set_trace (1)

for disk in sys.argv[1:]:
    g.add_drive_opts (disk, readonly=1)
g.launch ()

roots = g.inspect_os ()
if len (roots) != 1:
    raise (Error ("inspect_vm: no or multiple operating systems found"))

root = roots[0]

# Mount up the disks, like guestfish -i.
mps = g.inspect_get_mountpoints (root)
def compare (a, b): return len(a) - len(b)
for device in sorted (mps.keys(), compare):
    try:
        g.mount_ro (mps[device], device)
    except RuntimeError as msg:
        print "%s (ignored)" % msg

# Export whole filesystem.
g.tgz_out ("/", "/tmp/filesystem.tar.gz")
----------------------------------------------------------------------

$ ./disk2tar.py /tmp/winxp.img
$ ls -lh filesystem.tar.gz 
-rw-rw-r--. 1 rjones rjones 2.1G Jun 28 09:49 filesystem.tar.gz

Apart from the obviously much cleaner API, libguestfs doesn't require
root permissions, is more secure even for your use case, has a bunch
of mature tools for "sysprepping" images, and can create disk images
from tarballs.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
libguestfs lets you edit virtual machines.  Supports shell scripting,
bindings from many languages.  http://libguestfs.org
_______________________________________________
cloud mailing list
cloud@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/cloud
[Index of Archives]     [Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Big List of Linux Books]     [Yosemite News]     [Linux Apps]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]

  Powered by Linux