On Wed, Jul 29, 2015 at 06:32:15PM +0530, Raghu wrote: > Hi Richard, > > guestfish shell has an ability to execute commands on the host such as > > !mkdir local > tgz-out /remote local/remote-data.tar.gz > > What is the best way to restrict access to host from guestfish ? > > For instance, > > - Allow readonly access to host.. i.e., !ls is allowed > but dont allow !rm or !mkdir > > - commands such as tgz-out, or copy-out should be able to access just > /tmp, but nothing else in host filesystem > > Appreciate your guidance on this,
There's no way to do this at the moment, and no concept of a "restricted shell" in guestfish. How about running the guestfish command in a container or using a restrictive SELinux/AppArmor policy? Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-builder quickly builds VMs from scratch http://libguestfs.org/virt-builder.1.html _______________________________________________ Libguestfs mailing list [email protected] https://www.redhat.com/mailman/listinfo/libguestfs
