On Tue, May 29, 2018 at 03:33:40PM +0300, Olga Levy wrote: > Hi, > > Nice to meet you. I'm a new security engineer and working on a prototype > using QEMU. > > What I need is to collect running image internal data (like running > processes, netstat, files modification, etc.) but without running any > process inside. I mean, doing it from "outside" (I need Qemu support). > > For example, > > How can I live view FS of a running image?
You might be interested in http://libvmi.com/ and https://github.com/KVM-VMI. In general these mechanisms are problematic because they go against the philosophy that the guest is a black box. They are invasive, difficult to maintain, and reduce performance. But if they are useful to enough people, then eventually they will mature and be integrated into QEMU/KVM after enough effort is invested into them. Stefan
signature.asc
Description: PGP signature
