x SuSE Linux 13.1-RELEASE x
x SuSE Linux 13.1-RELEASEx
SYSTEMD-DISSECT(1) systemd-dissect SYSTEMD-DISSECT(1)
NAME
systemd-dissect, mount.ddi - Dissect Discoverable Disk Images (DDIs)
SYNOPSIS
systemd-dissect [OPTIONS...] IMAGE
systemd-dissect [OPTIONS...] --mount IMAGE PATH
systemd-dissect [OPTIONS...] --umount PATH
systemd-dissect [OPTIONS...] --attach IMAGE
systemd-dissect [OPTIONS...] --detach PATH
systemd-dissect [OPTIONS...] --list IMAGE
systemd-dissect [OPTIONS...] --mtree IMAGE
systemd-dissect [OPTIONS...] --with IMAGE [COMMAND...]
systemd-dissect [OPTIONS...] --copy-from IMAGE PATH [TARGET]
systemd-dissect [OPTIONS...] --copy-to IMAGE [SOURCE] PATH
systemd-dissect [OPTIONS...] --discover
systemd-dissect [OPTIONS...] --validate IMAGE
DESCRIPTION
systemd-dissect is a tool for introspecting and interacting with file
system OS disk images, specifically Discoverable Disk Images (DDIs). It
supports four different operations:
1. Show general OS image information, including the image's os-
release(5) data, machine ID, partition information and more.
2. Mount an OS image to a local directory. In this mode it will
dissect the OS image and mount the included partitions according to
their designation onto a directory and possibly sub-directories.
3. Unmount an OS image from a local directory. In this mode it will
recursively unmount the mounted partitions and remove the
underlying loop device, including all the partition sub-devices.
4. Copy files and directories in and out of an OS image.
The tool may operate on three types of OS images:
1. OS disk images containing a GPT partition table envelope, with
partitions marked according to the Discoverable Partitions
Specification[1].
2. OS disk images containing just a plain file-system without an
enveloping partition table. (This file system is assumed to be the
root file system of the OS.)
3. OS disk images containing a GPT or MBR partition table, with a
single partition only. (This partition is assumed to contain the
root file system of the OS.)
OS images may use any kind of Linux-supported file systems. In addition
they may make use of LUKS disk encryption, and contain Verity integrity
information. Note that qualifying OS images may be booted with systemd-
nspawn(1)'s --image= switch, and be used as root file system for system
service using the RootImage= unit file setting, see systemd.exec(5).
Note that the partition table shown when invoked without command switch
(as listed below) does not necessarily show all partitions included in
the image, but just the partitions that are understood and considered
part of an OS disk image. Specifically, partitions of unknown types are
ignored, as well as duplicate partitions (i.e. more than one per
partition type), as are root and /usr/ partitions of architectures not
compatible with the local system. In other words: this tool will
display what it operates with when mounting the image. To display the
complete list of partitions use a tool such as fdisk(8).
The systemd-dissect command may be invoked as mount.ddi in which case
it implements the mount(8) "external helper" interface. This ensures
disk images compatible with systemd-dissect can be mounted directly by
mount and fstab(5). For details see below.
COMMANDS
If neither of the command switches listed below are passed the
specified disk image is opened and general information about the image
and the contained partitions and their use is shown.
--mount, -m
Mount the specified OS image to the specified directory. This will
dissect the image, determine the OS root file system -- as well as
possibly other partitions -- and mount them to the specified
directory. If the OS image contains multiple partitions marked with
the Discoverable Partitions Specification[1] multiple nested mounts
are established. This command expects two arguments: a path to an
image file and a path to a directory where to mount the image.
To unmount an OS image mounted like this use the --umount
operation.
When the OS image contains LUKS encrypted or Verity integrity
protected file systems appropriate volumes are automatically set up
and marked for automatic disassembly when the image is unmounted.
The OS image may either be specified as path to an OS image stored
in a regular file or may refer to block device node (in the latter
case the block device must be the "whole" device, i.e. not a
partition device). (The other supported commands described here
support this, too.)
All mounted file systems are checked with the appropriate fsck(8)
implementation in automatic fixing mode, unless explicitly turned
off (--fsck=no) or read-only operation is requested (--read-only).
Note that this functionality is also available in mount(8) via a
command such as mount -t ddi myimage.raw targetdir/, as well as in
fstab(5). For details, see below.
-M
This is a shortcut for --mount --mkdir.
--umount, -u
Unmount an OS image from the specified directory. This command
expects one argument: a directory where an OS image was mounted.
All mounted partitions will be recursively unmounted, and the
underlying loop device will be removed, along with all its
partition sub-devices.
-U
This is a shortcut for --umount --rmdir.
--attach
Attach the specified disk image to an automatically allocated
loopback block device, and print the path to the loopback block
device to standard output. This is similar to an invocation of
losetup --find --show, but will validate the image as DDI before
attaching, and derive the correct sector size to use automatically.
Moreover, it ensures the per-partition block devices are created
before returning. Takes a path to a disk image file.
--detach
Detach the specified disk image from a loopback block device. This
undoes the effect of --attach above. This expects either a path to
a loopback block device as an argument, or the path to the backing
image file. In the latter case it will automatically determine the
right device to detach.
--list, -l
Prints the paths of all the files and directories in the specified
OS image or directory to standard output.
--mtree
Generates a BSD mtree(8) compatible file manifest of the specified
disk image or directory. This is useful for comparing image
contents in detail, including inode information and other metadata.
While the generated manifest will contain detailed inode
information, it currently excludes extended attributes, file system
capabilities, MAC labels, chattr(1) file flags, btrfs(5) subvolume
information, and various other file metadata. File content
information is shown via a SHA256 digest. Additional fields might
be added in future. Note that inode information such as link
counts, inode numbers and timestamps is excluded from the output on
purpose, as it typically complicates reproducibility.
--with
Runs the specified command with the specified OS image mounted.
This will mount the image to a temporary directory, switch the
current working directory to it, and invoke the specified command
line as child process. Once the process ends it will unmount the
image again, and remove the temporary directory. If no command is
specified a shell is invoked. The image is mounted writable, use
--read-only to switch to read-only operation. The invoked process
will have the $SYSTEMD_DISSECT_ROOT environment variable set,
containing the absolute path name of the temporary mount point,
i.e. the same directory that is set as the current working
directory.
--copy-from, -x
Copies a file or directory from the specified OS image or directory
into the specified location on the host file system. Expects three
arguments: a path to an image file or directory, a source path
(relative to the image's root directory) and a destination path
(relative to the current working directory, or an absolute path,
both outside of the image). If the destination path is omitted or
specified as dash ("-"), the specified file is written to standard
output. If the source path in the image file system refers to a
regular file it is copied to the destination path. In this case
access mode, extended attributes and timestamps are copied as well,
but file ownership is not. If the source path in the image refers
to a directory, it is copied to the destination path, recursively
with all containing files and directories. In this case the file
ownership is copied too.
--copy-to, -a
Copies a file or directory from the specified location in the host
file system into the specified OS image or directory. Expects three
arguments: a path to an image file or directory, a source path
(relative to the current working directory, or an absolute path,
both outside of the image) and a destination path (relative to the
image's root directory). If the source path is omitted or specified
as dash ("-"), the data to write is read from standard input. If
the source path in the host file system refers to a regular file,
it is copied to the destination path. In this case access mode,
extended attributes and timestamps are copied as well, but file
ownership is not. If the source path in the host file system refers
to a directory it is copied to the destination path, recursively
with all containing files and directories. In this case the file
ownership is copied too.
As with --mount file system checks are implicitly run before the
copy operation begins.
--discover
Show a list of DDIs in well-known directories. This will show
machine, portable service and system/configuration extension disk
images in the usual directories /usr/lib/machines/,
/usr/lib/portables/, /usr/lib/confexts/, /var/lib/machines/,
/var/lib/portables/, /var/lib/extensions/ and so on.
--validate
Validates the partition arrangement of a disk image (DDI), and
ensures it matches the image policy specified via --image-policy=,
if one is specified. This parses the partition table and probes the
file systems in the image, but does not attempt to mount them (nor
to set up disk encryption/authentication via LUKS/Verity). It does
this taking the configured image dissection policy into account.
Since this operation does not mount file systems, this command -
unlike all other commands implemented by this tool - requires no
privileges other than the ability to access the specified file.
Prints "OK" and returns zero if the image appears to be in order
and matches the specified image dissection policy. Otherwise prints
an error message and returns non-zero.
-h, --help
Print a short help text and exit.
--version
Print a short version string and exit.
OPTIONS
The following options are understood:
--read-only, -r
Operate in read-only mode. By default --mount will establish
writable mount points. If this option is specified they are
established in read-only mode instead.
--fsck=no
Turn off automatic file system checking. By default when an image
is accessed for writing (by --mount or --copy-to) the file systems
contained in the OS image are automatically checked using the
appropriate fsck(8) command, in automatic fixing mode. This
behavior may be switched off using --fsck=no.
--growfs=no
Turn off automatic growing of accessed file systems to their
partition size, if marked for that in the GPT partition table. By
default when an image is accessed for writing (by --mount or
--copy-to) the file systems contained in the OS image are
automatically grown to their partition sizes, if bit 59 in the GPT
partition flags is set for partition types that are defined by the
Discoverable Partitions Specification[1]. This behavior may be
switched off using --growfs=no. File systems are grown
automatically on access if all of the following conditions are met:
1. The file system is mounted writable
2. The file system currently is smaller than the partition it is
contained in (and thus can be grown)
3. The image contains a GPT partition table
4. The file system is stored on a partition defined by the
Discoverable Partitions Specification
5. Bit 59 of the GPT partition flags for this partition is set, as
per specification
6. The --growfs=no option is not passed.
--mkdir
If combined with --mount the directory to mount the OS image to is
created if it is missing. Note that the directory is not
automatically removed when the disk image is unmounted again.
--rmdir
If combined with --umount the specified directory where the OS
image is mounted is removed after unmounting the OS image.
--discard=
Takes one of "disabled", "loop", "all", "crypto". If "disabled" the
image is accessed with empty block discarding turned off. If "loop"
discarding is enabled if operating on a regular file. If "crypt"
discarding is enabled even on encrypted file systems. If "all"
discarding is unconditionally enabled.
--in-memory
If specified an in-memory copy of the specified disk image is used.
This may be used to operate with write-access on a (possibly
read-only) image, without actually modifying the original file.
This may also be used in order to operate on a disk image without
keeping the originating file system busy, in order to allow it to
be unmounted.
--root-hash=, --root-hash-sig=, --verity-data=
Configure various aspects of Verity data integrity for the OS
image. Option --root-hash= specifies a hex-encoded top-level Verity
hash to use for setting up the Verity integrity protection. Option
--root-hash-sig= specifies the path to a file containing a PKCS#7
signature for the hash. This signature is passed to the kernel
during activation, which will match it against signature keys
available in the kernel keyring. Option --verity-data= specifies a
path to a file with the Verity data to use for the OS image, in
case it is stored in a detached file. It is recommended to embed
the Verity data directly in the image, using the Verity mechanisms
in the Discoverable Partitions Specification[1].
--loop-ref=
Configures the "reference" string the kernel shall report as
backing file for the loopback block device. While this is supposed
to be a path or filename referencing the backing file, this is not
enforced and the kernel accepts arbitrary free-form strings, chosen
by the user. Accepts arbitrary strings up to a length of 63
characters. This sets the kernel's ".lo_file_name" field for the
block device. Note this is distinct from the
/sys/class/block/loopX/loop/backing_file attribute file that always
reports a path referring to the actual backing file. The latter is
subject to mount namespace translation, the former is not.
--mtree-hash=no
If combined with --mtree, turns off inclusion of file hashes in the
mtree output. This makes the --mtree faster when operating on large
images.
--image-policy=policy
Takes an image policy string as argument, as per systemd.image-
policy(7). The policy is enforced when operating on the disk image
specified via --image=, see above. If not specified defaults to the
"*" policy, i.e. all recognized file systems in the image are used.
--no-pager
Do not pipe output into a pager.
--no-legend
Do not print the legend, i.e. column headers and the footer with
hints.
--json=MODE
Shows output formatted as JSON. Expects one of "short" (for the
shortest possible output without any redundant whitespace or line
breaks), "pretty" (for a pretty version of the same, with
indentation and line breaks) or "off" (to turn off JSON output, the
default).
EXIT STATUS
On success, 0 is returned, a non-zero failure code otherwise. If the
--with command is used the exit status of the invoked command is
propagated.
INVOCATION AS /SBIN/MOUNT.DDI
The systemd-dissect executable may be symlinked to /sbin/mount.ddi. If
invoked through that it implements mount(8)'s "external helper"
interface for the (pseudo) file system type "ddi". This means
conformant disk images may be mounted directly via
# mount -t ddi myimage.raw targetdir/
in a fashion mostly equivalent to:
# systemd-dissect --mount myimage.raw targetdir/
Note that since a single DDI may contain multiple file systems it
should later be unmounted with umount -R targetdir/, for recursive
operation.
This functionality is particularly useful to mount DDIs automatically
at boot via simple /etc/fstab entries. For example:
/path/to/myimage.raw /images/myimage/ ddi defaults 0 0
When invoked this way the mount options "ro", "rw", "discard",
"nodiscard" map to the corresponding options listed above (i.e.
--read-only, --discard=all, --discard=disabled). Mount options are not
generically passed on to the file systems inside the images.
EXAMPLES
Example 1. Generate a tarball from an OS disk image
# systemd-dissect --with foo.raw tar cz . >foo.tar.gz
SEE ALSO
systemd(1), systemd-nspawn(1), systemd.exec(5), Discoverable Partitions
Specification[1], mount(8), umount(8), fdisk(8)
NOTES
1. Discoverable Partitions Specification
https://uapi-group.org/specifications/specs/discoverable_partitions_specification
systemd 254 SYSTEMD-DISSECT(1)
Want to link to this manual page? Use this URL:
<http://star2.abcm.com/cgi-bin/bsdi-man?query=systemd-dissect&sektion=1&manpath=>