|
| From: | Eric Blake |
| Subject: | Re: [Qemu-devel] Live viewing qemu running image |
| Date: | Tue, 29 May 2018 14:53:38 -0500 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 |
On 05/29/2018 07:33 AM, Olga Levy wrote:
Hi, Nice to meet you. I'm a new security engineer and working on a prototype using QEMU. What I need is to collect running image internal data (like running processes, netstat, files modification, etc.) but without running any process inside. I mean, doing it from "outside" (I need Qemu support). For example, How can I live view FS of a running image?
In general, you can't - qemu does not know and does not care what operating system the guest code is running, let alone what file systems that guest has structured on top of the raw storage that qemu is emulating for the guest. What you are asking for is akin to asking Intel to add a new register to their chips that will tell you how many open files a bare-metal processor is managing, while telling the chip designers that they are not permitted to know whether the user will install Windows, Linux, or some other operating system on the machine using that chip.
With some effort and knowledge about specific types of guests, it IS possible to take snapshots of a guest, and then peek at specific memory locations or read the (hopefully consistent) state of the disk at the time of the snapshot to learn things about that guest. And in fact, the libguestfs project does a LOT of those hacks, for several mainstream operating systems where the effort of writing the hacks is not too much of a maintenance burden. But that's more a question for the libguestfs list, as interacting with the guest (or a snapshot of the guest) is outside the realm of things that qemu directly targets.
-- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
| [Prev in Thread] | Current Thread | [Next in Thread] |