Prep for release 0.9.6.3

Fix for CVE-2012-4423.

When generating RPC protocol messages, it's strictly needed to have a
continuous line of numbers or RPC messages. However in case anyone
tries backporting some functionality and will skip a number, there is
a possibility to make the daemon segfault with newer virsh (version of
the library, rpc call, etc.) even unintentionally.

The problem is that the skipped numbers will get func filled with
NULLs, but there is no check whether these are set before the daemon
tries to run them. This patch very simply enhances one check and fixes
that.
(cherry picked from commit b7ff9e6960)

.ctags

@@ -1,5 +0,0 @@
---recurse
---exclude=*.orig
---exclude=*.html
---exclude=*.html.in
---langmap=c:+.h.in

.dir-locals.el

@@ -14,7 +14,4 @@
  (nxml-mode . (
 	       (indent-tabs-mode . nil)
 	       ))
- (perl-mode . (
-	       (indent-tabs-mode . nil)
-	       ))
  )

.gitignore

@@ -1,34 +1,22 @@
 *#*#
 *.#*#
 *.a
-*.cov
 *.exe
 *.gcda
 *.gcno
 *.gcov
-*.html
-*.i
 *.la
 *.lo
-*.loT
 *.o
 *.orig
-*.pyc
 *.rej
-*.s
 *~
-.#*
-.deps
-.dirstamp
-.gdb_history
 .git
 .git-module-status
-.libs
 .lvimrc
-.memdump
 .sc-start-sc_*
 /ABOUT-NLS
-/AUTHORS
+/COPYING
 /ChangeLog
 /GNUmakefile
 /INSTALL
@@ -49,35 +37,12 @@
 /configure
 /configure.lineno
 /daemon/*_dispatch.h
-/daemon/libvirt_qemud
-/daemon/libvirtd
-/daemon/libvirtd*.logrotate
-/daemon/libvirtd.8
-/daemon/libvirtd.8.in
-/daemon/libvirtd.init
-/daemon/libvirtd.pod
-/daemon/libvirtd.policy
-/daemon/libvirtd.service
-/daemon/test_libvirtd.aug
-/docs/aclperms.htmlinc
 /docs/apibuild.py.stamp
-/docs/devhelp/libvirt.devhelp
 /docs/hvsupport.html.in
-/docs/libvirt-api.xml
-/docs/libvirt-lxc-*.xml
 /docs/libvirt-qemu-*.xml
-/docs/libvirt-refs.xml
-/docs/search.php
-/docs/todo.html.in
-/examples/domain-events/events-c/event-test
-/examples/dominfo/info1
-/examples/domsuspend/suspend
-/examples/hellolibvirt/hellolibvirt
-/examples/openauth/openauth
 /gnulib/lib/*
 /gnulib/m4/*
 /gnulib/tests/*
-/include/libvirt/libvirt.h
 /libtool
 /libvirt-*.tar.gz
 /libvirt-[0-9]*
@@ -87,164 +52,41 @@
 /ltmain.sh
 /m4/*
 /maint.mk
-/mingw-libvirt.spec
+/mingw32-libvirt.spec
 /mkinstalldirs
 /po/*
 /proxy/
-/python/generated.stamp
 /python/generator.py.stamp
-/python/libvirt-export.c
-/python/libvirt-lxc-export.c
-/python/libvirt-lxc.[ch]
 /python/libvirt-qemu-export.c
 /python/libvirt-qemu.[ch]
-/python/libvirt.[ch]
-/python/libvirt.py
-/python/libvirt_lxc.py
 /python/libvirt_qemu.py
-/run
 /sc_*
-/src/.*.stamp
-/src/access/org.libvirt.api.policy
-/src/access/viraccessapicheck.c
-/src/access/viraccessapicheck.h
-/src/access/viraccessapichecklxc.c
-/src/access/viraccessapichecklxc.h
-/src/access/viraccessapicheckqemu.c
-/src/access/viraccessapicheckqemu.h
-/src/esx/*.generated.*
 /src/hyperv/*.generated.*
-/src/libvirt*.def
-/src/libvirt.syms
-/src/libvirt_access.syms
-/src/libvirt_access.xml
-/src/libvirt_access_lxc.syms
-/src/libvirt_access_lxc.xml
-/src/libvirt_access_qemu.syms
-/src/libvirt_access_qemu.xml
-/src/libvirt_*.stp
-/src/libvirt_*helper
-/src/libvirt_*probes.h
-/src/libvirt_lxc
-/src/locking/lock_daemon_dispatch_stubs.h
-/src/locking/lock_protocol.[ch]
-/src/locking/qemu-lockd.conf
+/src/libvirt_iohelper
 /src/locking/qemu-sanlock.conf
-/src/locking/test_libvirt_sanlock.aug
-/src/lxc/lxc_controller_dispatch.h
-/src/lxc/lxc_monitor_dispatch.h
-/src/lxc/lxc_monitor_protocol.c
-/src/lxc/lxc_monitor_protocol.h
-/src/lxc/lxc_protocol.[ch]
-/src/lxc/test_libvirtd_lxc.aug
-/src/qemu/test_libvirtd_qemu.aug
 /src/remote/*_client_bodies.h
 /src/remote/*_protocol.[ch]
-/src/rpc/virkeepaliveprotocol.[ch]
 /src/rpc/virnetprotocol.[ch]
-/src/test_libvirt*.aug
-/src/test_virtlockd.aug
 /src/util/virkeymaps.h
-/src/virt-aa-helper
-/src/virtlockd
-/src/virtlockd.8
-/src/virtlockd.8.in
-/src/virtlockd.init
 /tests/*.log
-/tests/*.pid
-/tests/*.trs
-/tests/*xml2*test
-/tests/commandhelper
-/tests/commandtest
-/tests/conftest
 /tests/cputest
-/tests/domainsnapshotxml2xmltest
-/tests/esxutilstest
-/tests/eventtest
-/tests/fchosttest
-/tests/fdstreamtest
 /tests/hashtest
 /tests/jsontest
-/tests/libvirtdconftest
-/tests/metadatatest
 /tests/networkxml2argvtest
-/tests/nodeinfotest
 /tests/nwfilterxml2xmltest
-/tests/object-locking
-/tests/object-locking-files.txt
-/tests/object-locking.cm[ix]
 /tests/openvzutilstest
-/tests/qemuagenttest
-/tests/qemuargv2xmltest
-/tests/qemuhelptest
-/tests/qemuhotplugtest
-/tests/qemumonitorjsontest
-/tests/qemumonitortest
-/tests/qemuxmlnstest
-/tests/qparamtest
-/tests/reconnect
-/tests/secaatest
-/tests/seclabeltest
-/tests/securityselinuxlabeltest
-/tests/securityselinuxtest
-/tests/sexpr2xmltest
 /tests/shunloadtest
-/tests/sockettest
-/tests/ssh
-/tests/statstest
-/tests/storagebackendsheepdogtest
-/tests/sysinfotest
-/tests/test_conf
-/tests/utiltest
-/tests/viratomictest
-/tests/virauthconfigtest
-/tests/virbitmaptest
-/tests/virbuftest
-/tests/vircgrouptest
-/tests/virdbustest
-/tests/virdrivermoduletest
-/tests/virendiantest
-/tests/virhashtest
-/tests/viridentitytest
-/tests/virkeycodetest
-/tests/virkeyfiletest
-/tests/virlockspacetest
-/tests/virlogtest
-/tests/virnet*test
-/tests/virportallocatortest
-/tests/virshtest
-/tests/virstoragetest
-/tests/virstringtest
-/tests/virsystemdtest
-/tests/virtimetest
-/tests/viruritest
-/tests/vmwarevertest
-/tests/vmx2xmltest
-/tests/xencapstest
-/tests/xmconfigtest
-/tools/*.[18]
-/tools/libvirt-guests.init
-/tools/libvirt-guests.service
-/tools/libvirt-guests.sh
-/tools/virt-login-shell
-/tools/virsh
-/tools/virsh-*-edit.c
-/tools/virt-*-validate
-/tools/virt-sanlock-cleanup
 /update.log
 Makefile
 Makefile.in
 TAGS
 coverage
 cscope.files
-cscope.in.out
 cscope.out
-cscope.po.out
 results.log
 stamp-h
 stamp-h.in
 stamp-h1
-tags
 !/gnulib/lib/Makefile.am
 !/gnulib/tests/Makefile.am
 !/m4/virt-*.m4

.mailmap

@@ -3,6 +3,7 @@
 # Email consolidation:
 # <Preferred address in AUTHORS> <other alias used by same author>
 
+<amy.griffis@hp.com> <aron.griffis@hp.com>
 <bozzolan@gmail.com> <redshift@gmx.com>
 <charles_duffy@messageone.com> <charles@dyfis.net>
 <dfj@redhat.com> <dfj@dfj.bne.redhat.com>
@@ -25,34 +26,7 @@
 <fsimonce@redhat.com> <federico.simoncelli@gmail.com>
 <marcandre.lureau@redhat.com> <marcandre.lureau@gmail.com>
 <supriyak@linux.vnet.ibm.com> <supriyak@in.ibm.com>
-<neil@aldur.co.uk> <neil@brightbox.co.uk>
-<stefanb@us.ibm.com> <stefanb@linux.vnet.ibm.com>
-<stefanb@us.ibm.com> <stefannb@linux.vnet.ibm.com>
-<josh.durgin@inktank.com> <joshd@hq.newdream.net>
-<josh.durgin@inktank.com> <josh.durgin@dreamhost.com>
-<gerd@egidy.de> <lists@egidy.de>
-<gerd@egidy.de> <gerd.von.egidy@intra2net.com>
-<benoar@dolka.fr> <benjamin.cama@telecom-bretagne.eu>
-<zhlcindy@linux.vnet.ibm.com> <zhlcindy@gmail.com>
-<serge.hallyn@canonical.com> <serue@us.ibm.com>
-<pritesh.kothari@sun.com> <Pritesh.Kothari@Sun.COM>
 
 # Name consolidation:
 # Preferred author spelling <preferred email>
 Alex Jia <ajia@redhat.com>
-Royce Lv <lvroyce@linux.vnet.ibm.com>
-Daniel J Walsh <dwalsh@redhat.com>
-Ján Tomko <jtomko@redhat.com>
-Gerd von Egidy <gerd@egidy.de>
-MATSUDA Daiki <matsudadik@intellilink.co.jp>
-Tang Chen <tangchen@cn.fujitsu.com>
-Peng Zhou <ailvpeng25@gmail.com>
-Dirk Herrendoerfer <d.herrendoerfer@herrendoerfer.name>
-Thibault VINCENT <thibault.vincent@smartjog.com>
-Aurelien Rougemont <beorn@binaries.fr>
-Serge E. Hallyn <serge.hallyn@canonical.com>
-Henrik Persson E <henrik.e.persson@ericsson.com>
-Philipp Hahn <hahn@univention.de>
-Marco Bozzolan <bozzolan@gmail.com>
-Marco Bozzolan <redshift@gmx.com>
-Pritesh Kothari <pritesh.kothari@sun.com>

AUTHORS

@@ -0,0 +1,209 @@
+   libvirt Authors
+   ===============
+
+The libvirt project was initiated by:
+
+  Daniel Veillard      <veillard@redhat.com> or <daniel@veillard.com>
+
+The primary maintainers and people with commit access rights:
+
+  Daniel Veillard      <veillard@redhat.com>
+  Daniel Berrange      <berrange@redhat.com>
+  Richard W.M. Jones   <rjones@redhat.com>
+  Mark McLoughlin      <markmc@redhat.com>
+  Anthony Liguori      <aliguori@us.ibm.com>
+  Jim Meyering         <meyering@redhat.com>
+  Jim Fehlig           <jfehlig@suse.com>
+  Chris Lalancette     <clalance@redhat.com>
+  Cole Robinson        <crobinso@redhat.com>
+  Guido Günther        <agx@sigxcpu.org>
+  John Levon           <john.levon@sun.com>
+  Matthias Bolte       <matthias.bolte@googlemail.com>
+  Jiří Denemark        <jdenemar@redhat.com>
+  Dave Allan           <dallan@redhat.com>
+  Laine Stump          <laine@redhat.com>
+  Stefan Berger        <stefanb@us.ibm.com>
+  Eric Blake           <eblake@redhat.com>
+  Justin Clift         <jclift@redhat.com>
+  Osier Yang           <jyang@redhat.com>
+  Wen Congyang         <wency@cn.fujitsu.com>
+  Michal Prívozník     <mprivozn@redhat.com>
+
+Previous maintainers:
+  Karel Zak            <kzak@redhat.com>
+  Atsushi SAKAI        <sakaia@jp.fujitsu.com>
+  Dave Leskovec        <dlesko@linux.vnet.ibm.com>
+  Dan Smith            <danms@us.ibm.com>
+
+Patches have also been contributed by:
+
+  David Lutterkort     <dlutter@redhat.com>
+  Andrew Puch          <apuch@redhat.com>
+  Philippe Berthault   <philippe.berthault@Bull.net>
+  Hugh Brock           <hbrock@redhat.com>
+  Michel Ponceau       <michel.ponceau@bull.net>
+  Jeremy Katz          <katzj@redhat.com>
+  Pete Vetere          <pvetere@redhat.com>
+  Kazuki Mizushima     <mizushima.kazuk@jp.fujitsu.com>
+  Saori Fukuta         <fukuta.saori@jp.fujitsu.com>
+  Tatsuro Enokura      <fj7716hz@aa.jp.fujitsu.com>
+  Takahashi Tomohiro   <takatom@jp.fujitsu.com>
+  Nobuhiro Itou        <fj0873gn@aa.jp.fujitsu.com>
+  Masayuki Sunou       <fj1826dm@aa.jp.fujitsu.com>
+  Mark Johnson         <johnson.nh@gmail.com>
+  Christian Ehrhardt   <ehrhardt@linux.vnet.ibm.com>
+  Shuveb Hussain       <shuveb@binarykarma.com>
+  Jim Paris            <jim@jtan.com>
+  Daniel Hokka Zakrisson <daniel@hozac.com>
+  Mads Chr. Olesen     <shiyee@shiyee.dk>
+  Anton Protopopov     <aspsk2@gmail.com>
+  Stefan de Konink     <dekonink@kinkrsoftware.nl>
+  Kaitlin Rupert       <kaitlin@linux.vnet.ibm.com>
+  Evgeniy Sokolov      <evg@openvz.org>
+  David Lively         <dlively@virtualiron.com>
+  Charles Duffy        <Charles_Duffy@messageone.com>
+  Nguyen Anh Quynh     <aquynh@gmail.com>
+  James Morris         <jmorris@namei.org>
+  Chris Wright         <chrisw@redhat.com>
+  Ben Guthro           <ben.guthro@gmail.com>
+  Shigeki Sakamoto     <fj0588di@aa.jp.fujitsu.com>
+  Gerd von Egidy       <lists@egidy.de>
+  Itamar Heim          <iheim@redhat.com>
+  Markus Armbruster    <armbru@redhat.com>
+  Ryota Ozaki          <ozaki.ryota@gmail.com>
+  James Morris         <jmorris@namei.org>
+  Daniel J Walsh       <dwalsh@redhat.com>
+  Maximilian Wilhelm   <max@rfc2324.org>
+  Pritesh Kothari      <Pritesh.Kothari@Sun.COM>
+  Amit Shah            <amit.shah@redhat.com>
+  Florian Vichot       <florian.vichot@diateam.net>
+  Takahashi Tomohiro   <takatom@jp.fujitsu.com>
+  Serge E. Hallyn      <serue@us.ibm.com>
+  Soren Hansen         <soren@linux2go.dk>
+  Abel Míguez Rodríguez<amiguezr@pdi.ucm.es>
+  Doug Goldstein       <cardoe@cardoe.com>
+  Javier Fontan        <jfontan@gmail.com>
+  Federico Simoncelli  <fsimonce@redhat.com>
+  Amy Griffis          <amy.griffis@hp.com>
+  Henrik Persson E     <henrik.e.persson@ericsson.com>
+  Satoru SATOH         <satoru.satoh@gmail.com>
+  Paolo Bonzini        <pbonzini@redhat.com>
+  Miloslav Trmač       <mitr@redhat.com>
+  Jamie Strandboge     <jamie@canonical.com>
+  Gerhard Stenzel      <gerhard.stenzel@de.ibm.com>
+  Matthew Booth        <mbooth@redhat.com>
+  Diego Elio Pettenò   <flameeyes@gmail.com>
+  Adam Litke           <agl@us.ibm.com>
+  Steve Yarmie         <steve.yarmie@gmail.com>
+  Dan Kenigsberg       <danken@redhat.com>
+  Yuji NISHIDA         <nishidy@nict.go.jp>
+  Dustin Xiong         <x_k_123@hotmail.com>
+  Rolf Eike Beer       <eike@sf-mail.de>
+  Wolfgang Mauerer     <wolfgang.mauerer@siemens.com>
+  Philipp Hahn         <hahn@univention.de>
+  Ed Swierk            <eswierk@aristanetworks.com>
+  Paolo Smiraglia      <paolo.smiraglia@gmail.com>
+  Sharadha Prabhakar   <sharadha.prabhakar@citrix.com>
+  Chris Wong           <wongc-redhat@hoku.net>
+  Daniel Berteaud      <daniel@firewall-services.com>
+  Dustin Kirkland      <kirkland@canonical.com>
+  Luiz Capitulino      <lcapitulino@redhat.com>
+  Ryan Harper          <ryanh@us.ibm.com>
+  Spencer Shimko       <sshimko@tresys.com>
+  Marco Bozzolan       <bozzolan@gmail.com>
+  Alex Williamson      <alex.williamson@redhat.com>
+  Ersek Laszlo         <lacos@caesar.elte.hu>
+  Kenneth Nagin        <NAGIN@il.ibm.com>
+  Klaus Ethgen         <Klaus@Ethgen.de>
+  Bryan Kearney        <bkearney@redhat.com>
+  Darry L. Pierce      <dpierce@redhat.com>
+  David Jorm           <dfj@redhat.com>
+  Eduardo Otubo        <otubo@linux.vnet.ibm.com>
+  Garry Dolley         <gdolley@arpnetworks.com>
+  Harshavardhana       <harsha@gluster.com>
+  Jonas Eriksson       <jonas.j.eriksson@ericsson.com>
+  Jun Koi              <junkoi2004@gmail.com>
+  Olivier Fourdan      <ofourdan@redhat.com>
+  Ron Yorston          <rmy@tigress.co.uk>
+  Shahar Klein         <shaharklein@yahoo.com>
+  Taizo ITO            <taizo.ito@hde.co.jp>
+  Thomas Treutner      <thomas@scripty.at>
+  Jean-Baptiste Rouault <jean-baptiste.rouault@diateam.net>
+  Марк Коренберг       <socketpair@gmail.com>
+  Alan Pevec           <apevec@redhat.com>
+  Aurelien Rougemont   <beorn@binaries.fr>
+  Patrick Dignan       <pat_dignan@dell.com>
+  Serge Hallyn         <serge.hallyn@canonical.com>
+  Nikunj A. Dadhania   <nikunj@linux.vnet.ibm.com>
+  Lai Jiangshan        <laijs@cn.fujitsu.com>
+  Harsh Prateek Bora   <harsh@linux.vnet.ibm.com>
+  John Morrissey       <jwm@horde.net>
+  KAMEZAWA Hiroyuki    <kamezawa.hiroyu@jp.fujitsu.com>
+  Hu Tao               <hutao@cn.fujitsu.com>
+  Laurent Léonard      <laurent@open-minds.org>
+  MORITA Kazutaka      <morita.kazutaka@lab.ntt.co.jp>
+  Josh Durgin          <joshd@hq.newdream.net>
+  Roopa Prabhu         <roprabhu@cisco.com>
+  Paweł Krześniak      <pawel.krzesniak@gmail.com>
+  Kay Schubert         <kayegypt@web.de>
+  Marc-André Lureau    <marcandre.lureau@redhat.com>
+  Juerg Haefliger      <juerg.haefliger@hp.com>
+  Matthias Dahl        <mdvirt@designassembly.de>
+  Niels de Vos         <ndevos@redhat.com>
+  Davidlohr Bueso      <dave@gnu.org>
+  Alon Levy            <alevy@redhat.com>
+  Hero Phương          <herophuong93@gmail.com>
+  Zdenek Styblik       <stybla@turnovfree.net>
+  Gui Jianfeng         <guijianfeng@cn.fujitsu.com>
+  Michal Novotny       <minovotn@redhat.com>
+  Christophe Fergeau   <cfergeau@redhat.com>
+  Markus Groß          <gross@univention.de>
+  Phil Petty           <phpetty@cisco.com>
+  Taku Izumi           <izumi.taku@jp.fujitsu.com>
+  Minoru Usui          <usui@mxm.nes.nec.co.jp>
+  Tiziano Mueller      <dev-zero@gentoo.org>
+  Thibault VINCENT     <thibault.vincent@smartjog.com>
+  Naoya Horiguchi      <n-horiguchi@ah.jp.nec.com>
+  Jesse Cook           <code.crashenx@gmail.com>
+  Alexander Todorov    <atodorov@otb.bg>
+  Richard Laager       <rlaager@wiktel.com>
+  Mark Wu              <dwu@redhat.com>
+  Yufang Zhang         <yuzhang@redhat.com>
+  Supriya Kannery      <supriyak@linux.vnet.ibm.com>
+  Dirk Herrendoerfer   <d.herrendoerfer@herrendoerfer.name>
+  Taisuke Yamada       <tai@rakugaki.org>
+  Heath Petersen       <HeathPetersen@Kandre.com>
+  Neil Wilson          <neil@aldur.co.uk>
+  Ohad Levy            <ohadlevy@gmail.com>
+  Michael Chapman      <mike@very.puzzling.org>
+  Daniel Gollub        <gollub@b1-systems.de>
+  David S. Wang        <dwang2@cisco.com>
+  Ruben Kerkhof        <ruben@rubenkerkhof.com>
+  Scott Moser          <smoser@ubuntu.com>
+  Guannan Ren          <gren@redhat.com>
+  John Williams        <john.williams@petalogix.com>
+  Michael Santos       <michael.santos@gmail.com>
+  Alex Jia             <ajia@redhat.com>
+  Oskari Saarenmaa     <os@ohmu.fi>
+  Peter Krempa         <pkrempa@redhat.com>
+  Nan Zhang            <nzhang@redhat.com>
+  Wieland Hoffmann     <themineo@googlemail.com>
+  Douglas Schilling Landgraf <dougsland@redhat.com>
+  Tom Vijlbrief        <tom.vijlbrief@xs4all.nl>
+  Shradha Shah         <sshah@solarflare.com>
+  Steve Hodgson        <shodgson@solarflare.com>
+  Xu He Jie            <xuhj@linux.vnet.ibm.com>
+  Lei Li               <lilei@linux.vnet.ibm.com>
+  Matthias Witte       <witte@netzquadrat.de>
+  Radu Caragea         <dmns_serp@yahoo.com>
+  Stefan Bader         <stefan.bader@canonical.com>
+  Martin Kletzander    <mkletzan@redhat.com>
+
+  [....send patches to get your name here....]
+
+The libvirt Logo was designed by Diana Fong
+
+-- End
+;; Local Variables:
+;; coding: utf-8
+;; End:

AUTHORS.in

@@ -1,93 +0,0 @@
-   libvirt Authors
-   ===============
-
-The libvirt project was initiated by:
-
-Daniel Veillard <veillard@redhat.com> or <daniel@veillard.com>
-
-The primary maintainers and people with commit access rights:
-
-Alex Jia <ajia@redhat.com>
-Anthony Liguori <aliguori@us.ibm.com>
-Chris Lalancette <clalance@redhat.com>
-Christophe Fergeau <cfergeau@redhat.com>
-Claudio Bley <cbley@av-test.de>
-Cole Robinson <crobinso@redhat.com>
-Daniel Berrange <berrange@redhat.com>
-Daniel Veillard <veillard@redhat.com>
-Dave Allan <dallan@redhat.com>
-Doug Goldstein <cardoe@gentoo.org>
-Eric Blake <eblake@redhat.com>
-Guannan Ren <gren@redhat.com>
-Guido Günther <agx@sigxcpu.org>
-Ján Tomko <jtomko@redhat.com>
-Jim Fehlig <jfehlig@suse.com>
-Jim Meyering <meyering@redhat.com>
-Jiří Denemark <jdenemar@redhat.com>
-John Ferlan <jferlan@redhat.com>
-John Levon <john.levon@sun.com>
-Justin Clift <jclift@redhat.com>
-Laine Stump <laine@redhat.com>
-Mark McLoughlin <markmc@redhat.com>
-Martin Kletzander <mkletzan@redhat.com>
-Matthias Bolte <matthias.bolte@googlemail.com>
-Michal Prívozník <mprivozn@redhat.com>
-Osier Yang <jyang@redhat.com>
-Peter Krempa <pkrempa@redhat.com>
-Richard W.M. Jones <rjones@redhat.com>
-Stefan Berger <stefanb@us.ibm.com>
-Wen Congyang <wency@cn.fujitsu.com>
-
-Previous maintainers:
-
-Atsushi SAKAI <sakaia@jp.fujitsu.com>
-Dan Smith <danms@us.ibm.com>
-Dave Leskovec <dlesko@linux.vnet.ibm.com>
-Karel Zak <kzak@redhat.com>
-
-Patches have also been contributed by:
-
-Abel Míguez Rodríguez <amiguezr@pdi.ucm.es>
-Amit Shah <amit.shah@redhat.com>
-Andrew Puch <apuch@redhat.com>
-Anton Protopopov <aspsk2@gmail.com>
-Ben Guthro <ben.guthro@gmail.com>
-Christian Ehrhardt <ehrhardt@linux.vnet.ibm.com>
-Daniel Hokka Zakrisson <daniel@hozac.com>
-Dan Wendlandt <dan@nicira.com>
-David Lively <dlively@virtualiron.com>
-David Lutterkort <dlutter@redhat.com>
-Evgeniy Sokolov <evg@openvz.org>
-Hugh Brock <hbrock@redhat.com>
-Itamar Heim <iheim@redhat.com>
-James Morris <jmorris@namei.org>
-Javier Fontan <jfontan@gmail.com>
-Jeremy Katz <katzj@redhat.com>
-Kaitlin Rupert <kaitlin@linux.vnet.ibm.com>
-Kazuki Mizushima <mizushima.kazuk@jp.fujitsu.com>
-Mads Chr. Olesen <shiyee@shiyee.dk>
-Mark Johnson <johnson.nh@gmail.com>
-Markus Armbruster <armbru@redhat.com>
-Masayuki Sunou <fj1826dm@aa.jp.fujitsu.com>
-Matthias Witte <witte@netzquadrat.de>
-Michel Ponceau <michel.ponceau@bull.net>
-Nobuhiro Itou <fj0873gn@aa.jp.fujitsu.com>
-Pete Vetere <pvetere@redhat.com>
-Philippe Berthault <philippe.berthault@Bull.net>
-Saori Fukuta <fukuta.saori@jp.fujitsu.com>
-Shigeki Sakamoto <fj0588di@aa.jp.fujitsu.com>
-Shuveb Hussain <shuveb@binarykarma.com>
-Stefan de Konink <dekonink@kinkrsoftware.nl>
-Takahashi Tomohiro <takatom@jp.fujitsu.com>
-Tatsuro Enokura <fj7716hz@aa.jp.fujitsu.com>
-
-#authorslist#
-
-[....send patches to get your name here....]
-
-The libvirt logo was designed by Diana Fong
-
--- End
-;; Local Variables:
-;; coding: utf-8
-;; End:

COPYING

@@ -1,339 +0,0 @@
-                    GNU GENERAL PUBLIC LICENSE
-                       Version 2, June 1991
-
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-                            Preamble
-
-  The licenses for most software are designed to take away your
-freedom to share and change it.  By contrast, the GNU General Public
-License is intended to guarantee your freedom to share and change free
-software--to make sure the software is free for all its users.  This
-General Public License applies to most of the Free Software
-Foundation's software and to any other program whose authors commit to
-using it.  (Some other Free Software Foundation software is covered by
-the GNU Lesser General Public License instead.)  You can apply it to
-your programs, too.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-this service if you wish), that you receive source code or can get it
-if you want it, that you can change the software or use pieces of it
-in new free programs; and that you know you can do these things.
-
-  To protect your rights, we need to make restrictions that forbid
-anyone to deny you these rights or to ask you to surrender the rights.
-These restrictions translate to certain responsibilities for you if you
-distribute copies of the software, or if you modify it.
-
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must give the recipients all the rights that
-you have.  You must make sure that they, too, receive or can get the
-source code.  And you must show them these terms so they know their
-rights.
-
-  We protect your rights with two steps: (1) copyright the software, and
-(2) offer you this license which gives you legal permission to copy,
-distribute and/or modify the software.
-
-  Also, for each author's protection and ours, we want to make certain
-that everyone understands that there is no warranty for this free
-software.  If the software is modified by someone else and passed on, we
-want its recipients to know that what they have is not the original, so
-that any problems introduced by others will not reflect on the original
-authors' reputations.
-
-  Finally, any free program is threatened constantly by software
-patents.  We wish to avoid the danger that redistributors of a free
-program will individually obtain patent licenses, in effect making the
-program proprietary.  To prevent this, we have made it clear that any
-patent must be licensed for everyone's free use or not licensed at all.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-                    GNU GENERAL PUBLIC LICENSE
-   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
-  0. This License applies to any program or other work which contains
-a notice placed by the copyright holder saying it may be distributed
-under the terms of this General Public License.  The "Program", below,
-refers to any such program or work, and a "work based on the Program"
-means either the Program or any derivative work under copyright law:
-that is to say, a work containing the Program or a portion of it,
-either verbatim or with modifications and/or translated into another
-language.  (Hereinafter, translation is included without limitation in
-the term "modification".)  Each licensee is addressed as "you".
-
-Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope.  The act of
-running the Program is not restricted, and the output from the Program
-is covered only if its contents constitute a work based on the
-Program (independent of having been made by running the Program).
-Whether that is true depends on what the Program does.
-
-  1. You may copy and distribute verbatim copies of the Program's
-source code as you receive it, in any medium, provided that you
-conspicuously and appropriately publish on each copy an appropriate
-copyright notice and disclaimer of warranty; keep intact all the
-notices that refer to this License and to the absence of any warranty;
-and give any other recipients of the Program a copy of this License
-along with the Program.
-
-You may charge a fee for the physical act of transferring a copy, and
-you may at your option offer warranty protection in exchange for a fee.
-
-  2. You may modify your copy or copies of the Program or any portion
-of it, thus forming a work based on the Program, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
-    a) You must cause the modified files to carry prominent notices
-    stating that you changed the files and the date of any change.
-
-    b) You must cause any work that you distribute or publish, that in
-    whole or in part contains or is derived from the Program or any
-    part thereof, to be licensed as a whole at no charge to all third
-    parties under the terms of this License.
-
-    c) If the modified program normally reads commands interactively
-    when run, you must cause it, when started running for such
-    interactive use in the most ordinary way, to print or display an
-    announcement including an appropriate copyright notice and a
-    notice that there is no warranty (or else, saying that you provide
-    a warranty) and that users may redistribute the program under
-    these conditions, and telling the user how to view a copy of this
-    License.  (Exception: if the Program itself is interactive but
-    does not normally print such an announcement, your work based on
-    the Program is not required to print an announcement.)
-
-These requirements apply to the modified work as a whole.  If
-identifiable sections of that work are not derived from the Program,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works.  But when you
-distribute the same sections as part of a whole which is a work based
-on the Program, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Program.
-
-In addition, mere aggregation of another work not based on the Program
-with the Program (or with a work based on the Program) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
-  3. You may copy and distribute the Program (or a work based on it,
-under Section 2) in object code or executable form under the terms of
-Sections 1 and 2 above provided that you also do one of the following:
-
-    a) Accompany it with the complete corresponding machine-readable
-    source code, which must be distributed under the terms of Sections
-    1 and 2 above on a medium customarily used for software interchange; or,
-
-    b) Accompany it with a written offer, valid for at least three
-    years, to give any third party, for a charge no more than your
-    cost of physically performing source distribution, a complete
-    machine-readable copy of the corresponding source code, to be
-    distributed under the terms of Sections 1 and 2 above on a medium
-    customarily used for software interchange; or,
-
-    c) Accompany it with the information you received as to the offer
-    to distribute corresponding source code.  (This alternative is
-    allowed only for noncommercial distribution and only if you
-    received the program in object code or executable form with such
-    an offer, in accord with Subsection b above.)
-
-The source code for a work means the preferred form of the work for
-making modifications to it.  For an executable work, complete source
-code means all the source code for all modules it contains, plus any
-associated interface definition files, plus the scripts used to
-control compilation and installation of the executable.  However, as a
-special exception, the source code distributed need not include
-anything that is normally distributed (in either source or binary
-form) with the major components (compiler, kernel, and so on) of the
-operating system on which the executable runs, unless that component
-itself accompanies the executable.
-
-If distribution of executable or object code is made by offering
-access to copy from a designated place, then offering equivalent
-access to copy the source code from the same place counts as
-distribution of the source code, even though third parties are not
-compelled to copy the source along with the object code.
-
-  4. You may not copy, modify, sublicense, or distribute the Program
-except as expressly provided under this License.  Any attempt
-otherwise to copy, modify, sublicense or distribute the Program is
-void, and will automatically terminate your rights under this License.
-However, parties who have received copies, or rights, from you under
-this License will not have their licenses terminated so long as such
-parties remain in full compliance.
-
-  5. You are not required to accept this License, since you have not
-signed it.  However, nothing else grants you permission to modify or
-distribute the Program or its derivative works.  These actions are
-prohibited by law if you do not accept this License.  Therefore, by
-modifying or distributing the Program (or any work based on the
-Program), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Program or works based on it.
-
-  6. Each time you redistribute the Program (or any work based on the
-Program), the recipient automatically receives a license from the
-original licensor to copy, distribute or modify the Program subject to
-these terms and conditions.  You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties to
-this License.
-
-  7. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Program at all.  For example, if a patent
-license would not permit royalty-free redistribution of the Program by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Program.
-
-If any portion of this section is held invalid or unenforceable under
-any particular circumstance, the balance of the section is intended to
-apply and the section as a whole is intended to apply in other
-circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system, which is
-implemented by public license practices.  Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-
-  8. If the distribution and/or use of the Program is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Program under this License
-may add an explicit geographical distribution limitation excluding
-those countries, so that distribution is permitted only in or among
-countries not thus excluded.  In such case, this License incorporates
-the limitation as if written in the body of this License.
-
-  9. The Free Software Foundation may publish revised and/or new versions
-of the General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-Each version is given a distinguishing version number.  If the Program
-specifies a version number of this License which applies to it and "any
-later version", you have the option of following the terms and conditions
-either of that version or of any later version published by the Free
-Software Foundation.  If the Program does not specify a version number of
-this License, you may choose any version ever published by the Free Software
-Foundation.
-
-  10. If you wish to incorporate parts of the Program into other free
-programs whose distribution conditions are different, write to the author
-to ask for permission.  For software which is copyrighted by the Free
-Software Foundation, write to the Free Software Foundation; we sometimes
-make exceptions for this.  Our decision will be guided by the two goals
-of preserving the free status of all derivatives of our free software and
-of promoting the sharing and reuse of software generally.
-
-                            NO WARRANTY
-
-  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
-FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
-OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
-PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
-OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
-TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
-PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
-REPAIR OR CORRECTION.
-
-  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
-REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
-OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
-TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
-YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
-PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGES.
-
-                     END OF TERMS AND CONDITIONS
-
-            How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-convey the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; either version 2 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License along
-    with this program; if not, write to the Free Software Foundation, Inc.,
-    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-
-Also add information on how to contact you by electronic and paper mail.
-
-If the program is interactive, make it output a short notice like this
-when it starts in an interactive mode:
-
-    Gnomovision version 69, Copyright (C) year name of author
-    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, the commands you use may
-be called something other than `show w' and `show c'; they could even be
-mouse-clicks or menu items--whatever suits your program.
-
-You should also get your employer (if you work as a programmer) or your
-school, if any, to sign a "copyright disclaimer" for the program, if
-necessary.  Here is a sample; alter the names:
-
-  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
-  `Gnomovision' (which makes passes at compilers) written by James Hacker.
-
-  <signature of Ty Coon>, 1 April 1989
-  Ty Coon, President of Vice
-
-This General Public License does not permit incorporating your program into
-proprietary programs.  If your program is a subroutine library, you may
-consider it more useful to permit linking proprietary applications with the
-library.  If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.

COPYING.LIB

@@ -1,8 +1,9 @@
+
                   GNU LESSER GENERAL PUBLIC LICENSE
                        Version 2.1, February 1999
 
  Copyright (C) 1991, 1999 Free Software Foundation, Inc.
- 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+     59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
@@ -22,7 +23,8 @@ specially designated software packages--typically libraries--of the
 Free Software Foundation and other authors who decide to use it.  You
 can use it too, but we suggest you first think carefully about whether
 this license or the ordinary General Public License is the better
-strategy to use in any particular case, based on the explanations below.
+strategy to use in any particular case, based on the explanations
+below.
 
   When we speak of free software, we are referring to freedom of use,
 not price.  Our General Public Licenses are designed to make sure that
@@ -55,7 +57,7 @@ modified by someone else and passed on, the recipients should know
 that what they have is not the original version, so that the original
 author's reputation will not be affected by problems that might be
 introduced by others.
-
+^L
   Finally, software patents pose a constant threat to the existence of
 any free program.  We wish to make sure that a company cannot
 effectively restrict the users of a free program by obtaining a
@@ -87,9 +89,9 @@ libraries.  However, the Lesser license provides advantages in certain
 special circumstances.
 
   For example, on rare occasions, there may be a special need to
-encourage the widest possible use of a certain library, so that it becomes
-a de-facto standard.  To achieve this, non-free programs must be
-allowed to use the library.  A more frequent case is that a free
+encourage the widest possible use of a certain library, so that it
+becomes a de-facto standard.  To achieve this, non-free programs must
+be allowed to use the library.  A more frequent case is that a free
 library does the same job as widely used non-free libraries.  In this
 case, there is little to gain by limiting the free library to free
 software only, so we use the Lesser General Public License.
@@ -111,7 +113,7 @@ modification follow.  Pay close attention to the difference between a
 "work based on the library" and a "work that uses the library".  The
 former contains code derived from the library, whereas the latter must
 be combined with the library in order to run.
-
+^L
                   GNU LESSER GENERAL PUBLIC LICENSE
    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 
@@ -136,8 +138,8 @@ included without limitation in the term "modification".)
   "Source code" for a work means the preferred form of the work for
 making modifications to it.  For a library, complete source code means
 all the source code for all modules it contains, plus any associated
-interface definition files, plus the scripts used to control compilation
-and installation of the library.
+interface definition files, plus the scripts used to control
+compilation and installation of the library.
 
   Activities other than copying, distribution and modification are not
 covered by this License; they are outside its scope.  The act of
@@ -216,7 +218,7 @@ instead of to this License.  (If a newer version than version 2 of the
 ordinary GNU General Public License has appeared, then you can specify
 that version instead if you wish.)  Do not make any other change in
 these notices.
-
+^L
   Once this change is made in a given copy, it is irreversible for
 that copy, so the ordinary GNU General Public License applies to all
 subsequent copies and derivative works made from that copy.
@@ -267,7 +269,7 @@ Library will still fall under Section 6.)
 distribute the object code for the work under the terms of Section 6.
 Any executables containing that work also fall under Section 6,
 whether or not they are linked directly with the Library itself.
-
+^L
   6. As an exception to the Sections above, you may also combine or
 link a "work that uses the Library" with the Library to produce a
 work containing portions of the Library, and distribute that work
@@ -303,10 +305,10 @@ of these things:
     the user installs one, as long as the modified version is
     interface-compatible with the version that the work was made with.
 
-    c) Accompany the work with a written offer, valid for at
-    least three years, to give the same user the materials
-    specified in Subsection 6a, above, for a charge no more
-    than the cost of performing this distribution.
+    c) Accompany the work with a written offer, valid for at least
+    three years, to give the same user the materials specified in
+    Subsection 6a, above, for a charge no more than the cost of
+    performing this distribution.
 
     d) If distribution of the work is made by offering access to copy
     from a designated place, offer equivalent access to copy the above
@@ -329,7 +331,7 @@ restrictions of other proprietary libraries that do not normally
 accompany the operating system.  Such a contradiction means you cannot
 use both them and the Library together in an executable that you
 distribute.
-
+^L
   7. You may place library facilities that are a work based on the
 Library side-by-side in a single library together with other library
 facilities not covered by this License, and distribute such a combined
@@ -370,7 +372,7 @@ subject to these terms and conditions.  You may not impose any further
 restrictions on the recipients' exercise of the rights granted herein.
 You are not responsible for enforcing compliance by third parties with
 this License.
-
+^L
   11. If, as a consequence of a court judgment or allegation of patent
 infringement or for any other reason (not limited to patent issues),
 conditions are imposed on you (whether by court order, agreement or
@@ -384,9 +386,10 @@ all those who receive copies directly or indirectly through you, then
 the only way you could satisfy both it and this License would be to
 refrain entirely from distribution of the Library.
 
-If any portion of this section is held invalid or unenforceable under any
-particular circumstance, the balance of the section is intended to apply,
-and the section as a whole is intended to apply in other circumstances.
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply, and the section as a whole is intended to apply in other
+circumstances.
 
 It is not the purpose of this section to induce you to infringe any
 patents or other property right claims or to contest validity of any
@@ -404,11 +407,11 @@ be a consequence of the rest of this License.
 
   12. If the distribution and/or use of the Library is restricted in
 certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Library under this License may add
-an explicit geographical distribution limitation excluding those countries,
-so that distribution is permitted only in or among countries not thus
-excluded.  In such case, this License incorporates the limitation as if
-written in the body of this License.
+original copyright holder who places the Library under this License
+may add an explicit geographical distribution limitation excluding those
+countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
 
   13. The Free Software Foundation may publish revised and/or new
 versions of the Lesser General Public License from time to time.
@@ -422,7 +425,7 @@ conditions either of that version or of any later version published by
 the Free Software Foundation.  If the Library does not specify a
 license version number, you may choose any version ever published by
 the Free Software Foundation.
-
+^L
   14. If you wish to incorporate parts of the Library into other free
 programs whose distribution conditions are incompatible with these,
 write to the author to ask for permission.  For software which is
@@ -456,19 +459,21 @@ SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
 DAMAGES.
 
                      END OF TERMS AND CONDITIONS
-
+^L
            How to Apply These Terms to Your New Libraries
 
   If you develop a new library, and you want it to be of the greatest
 possible use to the public, we recommend making it free software that
 everyone can redistribute and change.  You can do so by permitting
-redistribution under these terms (or, alternatively, under the terms of the
-ordinary General Public License).
+redistribution under these terms (or, alternatively, under the terms
+of the ordinary General Public License).
+
+  To apply these terms, attach the following notices to the library.
+It is safest to attach them to the start of each source file to most
+effectively convey the exclusion of warranty; and each file should
+have at least the "copyright" line and a pointer to where the full
+notice is found.
 
-  To apply these terms, attach the following notices to the library.  It is
-safest to attach them to the start of each source file to most effectively
-convey the exclusion of warranty; and each file should have at least the
-"copyright" line and a pointer to where the full notice is found.
 
     <one line to give the library's name and a brief idea of what it does.>
     Copyright (C) <year>  <name of author>
@@ -485,16 +490,17 @@ convey the exclusion of warranty; and each file should have at least the
 
     You should have received a copy of the GNU Lesser General Public
     License along with this library; if not, write to the Free Software
-    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
 
 Also add information on how to contact you by electronic and paper mail.
 
-You should also get your employer (if you work as a programmer) or your
-school, if any, to sign a "copyright disclaimer" for the library, if
-necessary.  Here is a sample; alter the names:
+You should also get your employer (if you work as a programmer) or
+your school, if any, to sign a "copyright disclaimer" for the library,
+if necessary.  Here is a sample; alter the names:
 
   Yoyodyne, Inc., hereby disclaims all copyright interest in the
-  library `Frob' (a library for tweaking knobs) written by James Random Hacker.
+  library `Frob' (a library for tweaking knobs) written by James
+  Random Hacker.
 
   <signature of Ty Coon>, 1 April 1990
   Ty Coon, President of Vice

ChangeLog-old

@@ -882,7 +882,7 @@ Wed May 13 18:06:17 CEST 2009 Daniel Veillard <veillard@redhat.com>
 Wed May 13 12:34:06 BST 2009 Daniel P. Berrange <berrange@redhat.com>
 
 	* src/lxc_container.c: Replace sys/capability.h with
-	linux/capability.h, to avoid unnecessary dependency
+	linux/capability.h, to avoid unneccessary dependancy
 	on the libcap package.
 
 Tue May 12 16:39:06 EDT 2009 Cole Robinson <crobinso@redhat.com>
@@ -3351,7 +3351,7 @@ Tue Jan 20 20:22:53 GMT 2009 Daniel P. Berrange <berrange@redhat.com>
 Tue Jan 20 19:49:53 GMT 2009 Daniel P. Berrange <berrange@redhat.com>
 
 	* .x-sc_prohibit_nonreentrant: Blacklist some places where
-	use of non-threadsafe APIs are not necessary to check
+	use of non-threadsafe APIs are not neccessary to check
 	* Makefile.am, Makefile.maint, Makefile.nonreentrant: Add
 	check for non-reentrant safe API calls
 	* Makefile.cfg: Temporarily disable non-reentrant check
@@ -3591,7 +3591,7 @@ Thu Jan 15 19:54:19 GMT 2009  Daniel P. Berrange <berrange@redhat.com>
 	* src/Makefile.am, src/threads.c, src/threads.h: Generic internal API for threads
 	* src/threads-pthread.c, src/threads-pthread.h: UNIX pthreads impl
 	* src/threads-win32.c, src/threads-win32.h: Win32 threads impl
-	* src/internal.h: Remove unnecessary pthreads macros
+	* src/internal.h: Remove unnneccessary pthreads macros
 	* src/libvirt_private.syms: Add symbols for internal threads API
 	* po/POTFILES.in: Add node_device_conf.c
 	* proxy/Makefile.am: Add threads.c to build
@@ -4262,7 +4262,7 @@ Thu Dec 18 11:50:58 GMT 2008 Daniel P. Berrange <berrange@redhat.com>
 
 	Misc daemon bug fixes (John Levon)
 	* qemud/qemud.c: Fix conditional for node devices
-	* qemud/remote.c: Remove unnecessary path.h include
+	* qemud/remote.c: Remove unneccessary path.h include
 
 Thu Dec 18 07:47:58 +0100 2008 Jim Meyering <meyering@redhat.com>
 
@@ -5032,7 +5032,7 @@ Tue Nov 25 11:17:40 GMT 2008 Daniel P. Berrange <berrange@redhat.com>
 
 Tue Nov 25 10:49:40 GMT 2008 Daniel P. Berrange <berrange@redhat.com>
 
-	* src/Makefile.am: Remove unnecessary $(builddir) usage which
+	* src/Makefile.am: Remove unneccessary $(builddir) usage which
 	breaks on older automake. Remove duplicate CFLAGS from merge
 	error
 	* src/xen_unified.c: Wire up XM driver for autostart
@@ -5093,7 +5093,7 @@ Mon Nov 24 19:22:40 GMT 2008 Daniel P. Berrange <berrange@redhat.com>
 	* tests/Makefile.am, tests/sexpr2xmltest.c,
 	tests/testutilsxen.c, tests/xencapstest.c,
 	tests/xmconfigtest.c, tests/xml2sexprtest.c: Disable all
-	Xen tests when Xen driver build is disabled. Remove unnecessary
+	Xen tests when Xen driver build is disabled. Remove unneccessary
 	WITH_XEN conditionals from source, since the entire build
 	is disabled in Makefile.am
 
@@ -5504,7 +5504,7 @@ Tue Nov 11 15:51:42 GMT 2008 Daniel P. Berrange <berrange@redhat.com>
 
 Mon Nov 10 12:05:42 GMT 2008 Daniel P. Berrange <berrange@redhat.com>
 
-	* src/openvz_conf.c: Read filesystem template name from config
+	* src/openvz_conf.c: Read filesytem template name from config
 	files. Increase buffer size when parsing vzctl version number
 
 Thu Nov  6 20:45:42 CET 2008 Jim Meyering <meyering@redhat.com>
@@ -6822,7 +6822,7 @@ Wed Aug 20 21:05:09 BST 2008 Daniel P. Berrange <berrange@redhat.com>
 	src/xen_unified.h, src/xend_internal.c, src/xend_internal.h,
 	src/xm_internal.c, src/xs_internal.c, src/xs_internal.h
 	tests/testutils.h: Remove preprocessor conditions for driver
-	compilation. Remove unnecessary "extern C" declarations.
+	compilation. Remove unneccessary "extern C" declarations.
 
 Wed Aug 20 20:42:09 BST 2008 Daniel P. Berrange <berrange@redhat.com>
 
@@ -7008,7 +7008,7 @@ Fri Aug  8 16:41:24 BST 2008 Daniel Berrange <berrange@redhat.com>
 	src/storage_backend_fs.c, src/storage_backend_iscsi.c,
 	src/storage_backend_logical.c, src/util.c, src/util.h,
 	src/veth.c, tests/qemuxml2argvtest.c: Fix const-correctness
-	of virRun and virExec, and remove unnecessary casts in callers
+	of virRun and virExec, and remove unneccessary casts in callers
 
 Fri Aug  8 16:53:24 CEST 2008 Daniel Veillard <veillard@redhat.com>
 
@@ -7530,7 +7530,7 @@ Wed Jul 16 16:44:27 CEST 2008 Daniel Veillard <veillard@redhat.com>
 
 Sat Jul 12 14:52:59 BST 2008 Daniel P. Berrange <berrange@redhat.com>
 
-	* src/qemu_conf.c: Remove unnecessary c-ctype.h include
+	* src/qemu_conf.c: Remove unneccessary c-ctype.h include
 
 Fri Jul 11 20:32:59 BST 2008 Daniel P. Berrange <berrange@redhat.com>
 
@@ -8612,7 +8612,7 @@ Thu May  1 14:10:28 EST 2008 Daniel P. Berrange <berrange@redhat.com>
 
 Tue Apr 29 12:32:28 EST 2008 Daniel P. Berrange <berrange@redhat.com>
 
-	* configure.in: Remove compatibility macros AC_CHECK_*_ONCE for
+	* configure.in: Remove compatability macros AC_CHECK_*_ONCE for
 	now part of onceonly.m4 in gnulib/m4/
 
 Wed Apr 29 18:10:00 CEST 2008 Jim Meyering <meyering@redhat.com>
@@ -8628,7 +8628,7 @@ Wed Apr 29 18:10:00 CEST 2008 Jim Meyering <meyering@redhat.com>
 
 Tue Apr 29 11:54:28 EST 2008 Daniel P. Berrange <berrange@redhat.com>
 
-	* configure.in: Add compatibility macros AC_CHECK_*_ONCE for
+	* configure.in: Add compatability macros AC_CHECK_*_ONCE for
 	older autoconf (RHEL-5 vintage)
 
 Tue Apr 29 08:13:28 EST 2008 Daniel P. Berrange <berrange@redhat.com>
@@ -10247,7 +10247,7 @@ Fri Jan 25 12:00:00 BST 2008 Richard W.M. Jones <rjones@redhat.com>
 
 Fri Jan 25 10:46:32 CET 2008 Daniel Veillard <veillard@redhat.com>
 
-	* src/xen_internal.c: fix an erroneous use of VIR_DOMAIN_NONE instead
+	* src/xen_internal.c: fix an erronous use of VIR_DOMAIN_NONE instead
 	  of VIR_DOMAIN_NOSTATE (both defined as 0, no regression)
 
 Thu Jan 24 18:08:28 CET 2008 Daniel Veillard <veillard@redhat.com>
@@ -10283,8 +10283,8 @@ Tue Jan 22 16:27:47 EST 2008 Daniel P. Berrange <berrange@redhat.com>
 
 	* configure.ac: Remove use of PKG_CHECK_EXISTS macro. Avoid
 	lines going over 80 chars wide. Make sasl check automatic
-	enable/disable as necessary.
-	* acinclude.m4: Added compatibility macro for old pkg-config
+	enable/disable as neccessary.
+	* acinclude.m4: Added compatability macro for old pkg-config
 	* src/gnutls_1_0_compat.h: Add compat for gnutls_cipher_algorithm_t
 
 Mon Jan 21 18:03:47 CET 2008  Jim Meyering  <meyering@redhat.com>
@@ -11617,7 +11617,7 @@ Tue Oct 23 17:30:52 CEST 2007 Daniel Veillard <veillard@redhat.com>
 Mon Oct 22 22:33:59 CEST 2007 Daniel Veillard <veillard@redhat.com>
 
 	* src/xen_internal.c src/xen_unified.c src/xen_unified.h
-	  src/xend_internal.c src/xml.c src/xml.h: committed erroneously
+	  src/xend_internal.c src/xml.c src/xml.h: commited erronously
 	  the NUMA patches sent for review on the list in last commit.
 	  But that should not affect non NUMA users so early push should
 	  not be a problem.
@@ -12117,7 +12117,7 @@ Mon Aug 13 21:18:48 EST 2007 Daniel P. Berrange <berrange@redhat.com>
 	* src/util.h, src/util.c: Allow a file descriptor to be supplied
 	for STDIN when calling virExec(), or if -1, redirect from /dev/null
 	* src/qemu_driver.c, src/openvz_driver.c: Pass in -1 for new stdin
-	parameter above where necessary. Patch from Jim Paris
+	parameter above where neccessary. Patch from Jim Paris
 
 Mon Aug 13 20:13:48 EST 2007 Daniel P. Berrange <berrange@redhat.com>
 
@@ -15485,7 +15485,7 @@ Fri Aug  4 20:19:23 EDT 2006 Daniel Berrange <berrange@redhat.com>
 	* src/libvirt.c: Fix off-by-one in validated VCPU number (it is
 	zero based, not one based).
 	* include/libvirt/libvirt.h: Add some convenience macros for
-	calculating necessary CPU map lengths & total host CPUs
+	calculating neccessary CPU map lengths & total host CPUs
 	* src/virsh.c: Add 'vcpuinfo' and 'vcpumap' commands
 
 Fri Aug  4 14:45:25 CEST 2006 Daniel Veillard <veillard@redhat.com>
@@ -15708,7 +15708,7 @@ Wed Jun 14 13:10:03 EDT 2006 Daniel Veillard <veillard@redhat.com>
 Tue Jun 13 14:06:01 EDT 2006 Daniel P. Berrange <berrange@redhat.com>
 
 	* src/virsh.c: use 'double' instead of 'float' when calculating
-	'CPU time' field for dominfo command, to ensure no unnecessary
+	'CPU time' field for dominfo command, to ensure no unneccessary
 	loss of precision converting from nanoseconds to seconds.
 
 Tue Jun 13 18:35:22 EDT 2006 Daniel Veillard <veillard@redhat.com>

HACKING

@@ -1,6 +1,5 @@
 -*- buffer-read-only: t -*- vi: set ro:
-DO NOT EDIT THIS FILE!  IT IS GENERATED AUTOMATICALLY
-from docs/hacking.html.in!
+DO NOT EDIT THIS FILE!  IT IS GENERATED AUTOMATICALLY!
 
 
 
@@ -14,12 +13,7 @@ General tips for contributing patches
 (1) Discuss any large changes on the mailing list first. Post patches early and
 listen to feedback.
 
-(2) Post patches in unified diff format, with git rename detection enabled. You
-need a one-time setup of:
-
-  git config diff.renames true
-
-After that, a command similar to this should work:
+(2) Post patches in unified diff format. A command similar to this should work:
 
   diff -urp libvirt.orig/ libvirt.modified/ > libvirt-myfeature.patch
 
@@ -27,76 +21,17 @@ or:
 
   git diff > libvirt-myfeature.patch
 
-Also, for code motion patches, you may find that "git diff --patience"
-provides an easier-to-read patch. However, the usual workflow of libvirt
-developer is:
-
-  git checkout master
-  git pull
-  git checkout -t origin -b workbranch
-  Hack, committing any changes along the way
-
-More hints on compiling can be found here <compiling.html>. When you want to
-post your patches:
-
-  git pull --rebase
-  (fix any conflicts)
-  git send-email --cover-letter --no-chain-reply-to --annotate \
-                 --to=libvir-list@redhat.com master
-
-(Note that the "git send-email" subcommand may not be in the main git package
-and using it may require installion of a separate package, for example the
-"git-email" package in Fedora.) For a single patch you can omit
-"--cover-letter", but a series of two or more patches needs a cover letter. If
-you get tired of typing "--to=libvir-list@redhat.com" designation you can set
-it in git config:
-
-  git config sendemail.to libvir-list@redhat.com
-
-Please follow this as close as you can, especially the rebase and git
-send-email part, as it makes life easier for other developers to review your
-patch set. One should avoid sending patches as attachments, but rather send
-them in email body along with commit message. If a developer is sending
-another version of the patch (e.g. to address review comments), he is advised
-to note differences to previous versions after the "---" line in the patch so
-that it helps reviewers but doesn't become part of git history. Moreover, such
-patch needs to be prefixed correctly with "--subject-prefix=PATCHv2" appended
-to "git send-email" (substitute "v2" with the correct version if needed
-though).
-
-
-
-(3) In your commit message, make the summary line reasonably short (60 characters
-is typical), followed by a blank line, followed by any longer description of
-why your patch makes sense. If the patch fixes a regression, and you know what
-commit introduced the problem, mentioning that is useful. If the patch
-resolves a bugzilla report, mentioning the URL of the bug number is useful;
-but also summarize the issue rather than making all readers follow the link.
-You can use 'git shortlog -30' to get an idea of typical summary lines.
-Libvirt does not currently attach any meaning to Signed-off-by: lines, so it
-is up to you if you want to include or omit them in the commit message.
-
-
-
-(4) Split large changes into a series of smaller patches, self-contained if
+(3) Split large changes into a series of smaller patches, self-contained if
 possible, with an explanation of each patch and an explanation of how the
-sequence of patches fits together. Moreover, please keep in mind that it's
-required to be able to compile cleanly (*including* "make check" and "make
-syntax-check") after each patch. A feature does not have to work until the end
-of a series, but intermediate patches must compile and not cause test-suite
-failures (this is to preserve the usefulness of "git bisect", among other
-things).
+sequence of patches fits together.
 
-
-
-(5) Make sure your patches apply against libvirt GIT. Developers only follow GIT
+(4) Make sure your patches apply against libvirt GIT. Developers only follow GIT
 and don't care much about released versions.
 
-(6) Run the automated tests on your code before submitting any changes. In
-particular, configure with compile warnings set to -Werror. This is done
-automatically for a git checkout; from a tarball, use:
+(5) Run the automated tests on your code before submitting any changes. In
+particular, configure with compile warnings set to -Werror:
 
-  ./configure --enable-werror
+  ./configure --enable-compile-warnings=error
 
 and run the tests:
 
@@ -104,17 +39,7 @@ and run the tests:
   make syntax-check
   make -C tests valgrind
 
-Valgrind <http://valgrind.org/> is a test that checks for memory management
-issues, such as leaks or use of uninitialized variables.
-
-Some tests are skipped by default in a development environment, based on the
-time they take in comparison to the likelihood that those tests will turn up
-problems during incremental builds. These tests default to being run when when
-building from a tarball or with the configure option --enable-expensive-tests;
-you can also force a one-time toggle of these tests by setting
-VIR_TEST_EXPENSIVE to 0 or 1 at make time, as in:
-
-  make check VIR_TEST_EXPENSIVE=1
+The latter test checks for memory leaks.
 
 If you encounter any failing tests, the VIR_TEST_DEBUG environment variable
 may provide extra information to debug the failures. Larger values of
@@ -123,105 +48,20 @@ VIR_TEST_DEBUG may provide larger amounts of information:
   VIR_TEST_DEBUG=1 make check    (or)
   VIR_TEST_DEBUG=2 make check
 
-When debugging failures during development, it is possible to focus in on just
-the failing subtests by using TESTS and VIR_TEST_RANGE:
-
-  make check VIR_TEST_DEBUG=1 VIR_TEST_RANGE=3-5 TESTS=qemuxml2argvtest
-
 Also, individual tests can be run from inside the "tests/" directory, like:
 
   ./qemuxml2xmltest
 
-There is also a "./run" script at the top level, to make it easier to run
-programs that have not yet been installed, as well as to wrap invocations of
-various tests under gdb or Valgrind.
-
-
-
-(7) The Valgrind test should produce similar output to "make check". If the output
-has traces within libvirt API's, then investigation is required in order to
-determine the cause of the issue. Output such as the following indicates some
-sort of leak:
-
-==5414== 4 bytes in 1 blocks are definitely lost in loss record 3 of 89
-==5414==    at 0x4A0881C: malloc (vg_replace_malloc.c:270)
-==5414==    by 0x34DE0AAB85: xmlStrndup (in /usr/lib64/libxml2.so.2.7.8)
-==5414==    by 0x4CC97A6: virDomainVideoDefParseXML (domain_conf.c:7410)
-==5414==    by 0x4CD581D: virDomainDefParseXML (domain_conf.c:10188)
-==5414==    by 0x4CD8C73: virDomainDefParseNode (domain_conf.c:10640)
-==5414==    by 0x4CD8DDB: virDomainDefParse (domain_conf.c:10590)
-==5414==    by 0x41CB1D: testCompareXMLToArgvHelper (qemuxml2argvtest.c:100)
-==5414==    by 0x41E20F: virtTestRun (testutils.c:161)
-==5414==    by 0x41C7CB: mymain (qemuxml2argvtest.c:866)
-==5414==    by 0x41E84A: virtTestMain (testutils.c:723)
-==5414==    by 0x34D9021734: (below main) (in /usr/lib64/libc-2.15.so)
-
-In this example, the "virDomainDefParseXML()" had an error path where the
-"virDomainVideoDefPtr video" pointer was not properly disposed. By simply
-adding a "virDomainVideoDefFree(video);" in the error path, the issue was
-resolved.
-
-Another common mistake is calling a printing function, such as "VIR_DEBUG()"
-without initializing a variable to be printed. The following example involved
-a call which could return an error, but not set variables passed by reference
-to the call. The solution was to initialize the variables prior to the call.
-
-==4749== Use of uninitialised value of size 8
-==4749==    at 0x34D904650B: _itoa_word (in /usr/lib64/libc-2.15.so)
-==4749==    by 0x34D9049118: vfprintf (in /usr/lib64/libc-2.15.so)
-==4749==    by 0x34D9108F60: __vasprintf_chk (in /usr/lib64/libc-2.15.so)
-==4749==    by 0x4CAEEF7: virVasprintf (stdio2.h:199)
-==4749==    by 0x4C8A55E: virLogVMessage (virlog.c:814)
-==4749==    by 0x4C8AA96: virLogMessage (virlog.c:751)
-==4749==    by 0x4DA0056: virNetTLSContextCheckCertKeyUsage (virnettlscontext.c:225)
-==4749==    by 0x4DA06DB: virNetTLSContextCheckCert (virnettlscontext.c:439)
-==4749==    by 0x4DA1620: virNetTLSContextNew (virnettlscontext.c:562)
-==4749==    by 0x4DA26FC: virNetTLSContextNewServer (virnettlscontext.c:927)
-==4749==    by 0x409C39: testTLSContextInit (virnettlscontexttest.c:467)
-==4749==    by 0x40AB8F: virtTestRun (testutils.c:161)
-
-Valgrind will also find some false positives or code paths which cannot be
-resolved by making changes to the libvirt code. For these paths, it is
-possible to add a filter to avoid the errors. For example:
-
-==4643== 7 bytes in 1 blocks are possibly lost in loss record 4 of 20
-==4643==    at 0x4A0881C: malloc (vg_replace_malloc.c:270)
-==4643==    by 0x34D90853F1: strdup (in /usr/lib64/libc-2.15.so)
-==4643==    by 0x34EEC2C08A: ??? (in /usr/lib64/libnl.so.1.1)
-==4643==    by 0x34EEC15B81: ??? (in /usr/lib64/libnl.so.1.1)
-==4643==    by 0x34D8C0EE15: call_init.part.0 (in /usr/lib64/ld-2.15.so)
-==4643==    by 0x34D8C0EECF: _dl_init (in /usr/lib64/ld-2.15.so)
-==4643==    by 0x34D8C01569: ??? (in /usr/lib64/ld-2.15.so)
-
-
-In this instance, it is acceptable to modify the "tests/.valgrind.supp" file
-in order to add a suppression filter. The filter should be unique enough to
-not suppress real leaks, but it should be generic enough to cover multiple
-code paths. The format of the entry can be found in the documentation found at
-the Valgrind home page <http://valgrind.org/>. The following trace was added
-to "tests/.valgrind.supp" in order to suppress the warning:
-
-{
-    dlInitMemoryLeak1
-    Memcheck:Leak
-    fun:?alloc
-    ...
-    fun:call_init.part.0
-    fun:_dl_init
-    ...
-    obj:*/lib*/ld-2.*so*
-}
-
-
-
-(8) Update tests and/or documentation, particularly if you are adding a new
+(6) Update tests and/or documentation, particularly if you are adding a new
 feature or changing the output of a program.
 
 
 
 There is more on this subject, including lots of links to background reading
-on the subject, on Richard Jones' guide to working with open source projects
-<http://et.redhat.com/~rjones/how-to-supply-code-to-open-source-projects/>.
+on the subject, on
+
+  Richard Jones' guide to working with open source projects
+  http://et.redhat.com/~rjones/how-to-supply-code-to-open-source-projects/
 
 
 Code indentation
@@ -294,60 +134,6 @@ otherwise. For example, it is preferable to use "/* */" comments rather than
 declare them at the beginning of a scope, rather than immediately before use.
 
 
-Bracket spacing
-===============
-The keywords "if", "for", "while", and "switch" must have a single space
-following them before the opening bracket. E.g.
-
-      if(foo)   // Bad
-      if (foo)  // Good
-
-Function implementations mustnothave any whitespace between the function name and the opening bracket. E.g.
-
-      int foo (int wizz)  // Bad
-      int foo(int wizz)   // Good
-
-Function calls mustnothave any whitespace between the function name and the opening bracket. E.g.
-
-      bar = foo (wizz);  // Bad
-      bar = foo(wizz);   // Good
-
-Function typedefs mustnothave any whitespace between the closing bracket of the function name and
-opening bracket of the arg list. E.g.
-
-      typedef int (*foo) (int wizz);  // Bad
-      typedef int (*foo)(int wizz);   // Good
-
-There must not be any whitespace immediately following any opening bracket, or
-immediately prior to any closing bracket. E.g.
-
-      int foo( int wizz );  // Bad
-      int foo(int wizz);    // Good
-
-
-Semicolons
-==========
-Semicolons should never have a space beforehand. Inside the condition of a
-"for" loop, there should always be a space or line break after each semicolon,
-except for the special case of an infinite loop (although more infinite loops
-use "while"). While not enforced, loop counters generally use post-increment.
-
-      for (i = 0 ;i < limit ; ++i) { // Bad
-      for (i = 0; i < limit; i++) { // Good
-      for (;;) { // ok
-      while (1) { // Better
-
-Empty loop bodies are better represented with curly braces and a comment,
-although use of a semicolon is not currently rejected.
-
-      while ((rc = waitpid(pid, &st, 0) == -1) &&
-             errno == EINTR); // ok
-      while ((rc = waitpid(pid, &st, 0) == -1) &&
-             errno == EINTR) { // Better
-          /* nothing */
-      }
-
-
 Curly braces
 ============
 Omit the curly braces around an "if", "while", "for" etc. body only when that
@@ -360,7 +146,7 @@ Omitting braces with a single-line body is fine:
   while (expr) // one-line body -> omitting curly braces is ok
       single_line_stmt();
 
-However, the moment your loop/if/else body extends on to a second line, for
+However, the moment your loop/if/else body extends onto a second line, for
 whatever reason (even if it's just an added comment), then you should add
 braces. Otherwise, it would be too easy to insert a statement just before that
 comment (without adding braces), thinking it is already a multi-statement loop:
@@ -448,11 +234,6 @@ But if negating a complex condition is too ugly, then at least add braces:
 
 Preprocessor
 ============
-Macros defined with an ALL_CAPS name should generally be assumed to be unsafe
-with regards to arguments with side-effects (that is, MAX(a++, b--) might
-increment a or decrement b too many or too few times). Exceptions to this rule
-are explicitly documented for macros in viralloc.h and virstring.h.
-
 For variadic macros, stick with C99 syntax:
 
   #define vshPrint(_ctl, ...) fprintf(stdout, __VA_ARGS__)
@@ -536,14 +317,16 @@ Low level memory management
 Use of the malloc/free/realloc/calloc APIs is deprecated in the libvirt
 codebase, because they encourage a number of serious coding bugs and do not
 enable compile time verification of checks for NULL. Instead of these
-routines, use the macros from viralloc.h.
+routines, use the macros from memory.h.
 
 - To allocate a single object:
 
   virDomainPtr domain;
 
-  if (VIR_ALLOC(domain) < 0)
+  if (VIR_ALLOC(domain) < 0) {
+      virReportOOMError();
       return NULL;
+  }
 
 
 
@@ -552,8 +335,10 @@ routines, use the macros from viralloc.h.
   virDomainPtr domains;
   size_t ndomains = 10;
 
-  if (VIR_ALLOC_N(domains, ndomains) < 0)
+  if (VIR_ALLOC_N(domains, ndomains) < 0) {
+      virReportOOMError();
       return NULL;
+  }
 
 
 
@@ -562,8 +347,10 @@ routines, use the macros from viralloc.h.
   virDomainPtr *domains;
   size_t ndomains = 10;
 
-  if (VIR_ALLOC_N(domains, ndomains) < 0)
+  if (VIR_ALLOC_N(domains, ndomains) < 0) {
+      virReportOOMError();
       return NULL;
+  }
 
 
 
@@ -574,8 +361,10 @@ recommended only for smaller arrays):
   virDomainPtr domains;
   size_t ndomains = 0;
 
-  if (VIR_EXPAND_N(domains, ndomains, 1) < 0)
+  if (VIR_EXPAND_N(domains, ndomains, 1) < 0) {
+      virReportOOMError();
       return NULL;
+  }
   domains[ndomains - 1] = domain;
 
 
@@ -587,8 +376,10 @@ scales better, but requires tracking allocation separately from usage)
   size_t ndomains = 0;
   size_t ndomains_max = 0;
 
-  if (VIR_RESIZE_N(domains, ndomains_max, ndomains, 1) < 0)
+  if (VIR_RESIZE_N(domains, ndomains_max, ndomains, 1) < 0) {
+      virReportOOMError();
       return NULL;
+  }
   domains[ndomains++] = domain;
 
 
@@ -625,7 +416,7 @@ File handling
 =============
 Usage of the "fdopen()", "close()", "fclose()" APIs is deprecated in libvirt
 code base to help avoiding double-closing of files or file descriptors, which
-is particularly dangerous in a multi-threaded application. Instead of these
+is particulary dangerous in a multi-threaded applications. Instead of these
 APIs, use the macros from virfile.h
 
 - Open a file from a file descriptor:
@@ -705,13 +496,6 @@ following semantically named macros
 
 
 
-- To avoid having to check if a or b are NULL:
-
-  STREQ_NULLABLE(a, b)
-  STRNEQ_NULLABLE(a, b)
-
-
-
 
 
 
@@ -744,17 +528,6 @@ sizeof(dest) returns something meaningful). Note that this is a macro, so
 arguments could be evaluated more than once. This is equivalent to
 virStrncpy(dest, src, strlen(src), sizeof(dest)).
 
-  VIR_STRDUP(char *dst, const char *src);
-  VIR_STRNDUP(char *dst, const char *src, size_t n);
-
-You should avoid using strdup or strndup directly as they do not report
-out-of-memory error, and do not allow a NULL source. Use VIR_STRDUP or
-VIR_STRNDUP macros instead, which return 0 for NULL source, 1 for successful
-copy, and -1 for allocation failure with the error already reported. In very
-specific cases, when you don't want to report the out-of-memory error, you can
-use VIR_STRDUP_QUIET or VIR_STRNDUP_QUIET, but such usage is very rare and
-usually considered a flaw.
-
 
 Variable length string buffer
 =============================
@@ -808,7 +581,7 @@ stick to the following general plan for all *.c source files:
   #include <string.h>
   #include <limits.h>
 
-  #if WITH_NUMACTL                Some system includes aren't supported
+  #if HAVE_NUMACTL                Some system includes aren't supported
   # include <numa.h>              everywhere so need these #if guards.
   #endif
 
@@ -822,12 +595,9 @@ stick to the following general plan for all *.c source files:
   {
       ...
 
-Of particular note: *Do not* include libvirt/libvirt.h, libvirt/virterror.h,
-libvirt/libvirt-qemu.h, or libvirt/libvirt-lxc.h. They are included by
-"internal.h" already and there are some special reasons why you cannot include
-these files explicitly. One of the special cases, "libvirt/libvirt.h" is
-included prior to "internal.h" in "remote_protocol.x", to avoid exposing
-*_LAST enum elements.
+Of particular note: *Do not* include libvirt/libvirt.h or libvirt/virterror.h.
+It is included by "internal.h" already and there are some special reasons why
+you cannot include these files explicitly.
 
 
 Printf-style functions
@@ -890,7 +660,9 @@ logic would be better pulled out into a helper function.
 
 Although libvirt does not encourage the Linux kernel wind/unwind style of
 multiple labels, there's a good general discussion of the issue archived at
-KernelTrap <http://kerneltrap.org/node/553/2131>
+
+  KernelTrap
+  http://kerneltrap.org/node/553/2131
 
 When using goto, please use one of these standard labels if it makes sense:
 

Makefile.am

@@ -1,25 +1,12 @@
 ## Process this file with automake to produce Makefile.in
 
-## Copyright (C) 2005-2013 Red Hat, Inc.
-##
-## This library is free software; you can redistribute it and/or
-## modify it under the terms of the GNU Lesser General Public
-## License as published by the Free Software Foundation; either
-## version 2.1 of the License, or (at your option) any later version.
-##
-## This library is distributed in the hope that it will be useful,
-## but WITHOUT ANY WARRANTY; without even the implied warranty of
-## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-## Lesser General Public License for more details.
-##
-## You should have received a copy of the GNU Lesser General Public
-## License along with this library.  If not, see
-## <http://www.gnu.org/licenses/>.
+## Copyright (C) 2005-2011 Red Hat, Inc.
+## See COPYING.LIB for the License of this software
 
 LCOV = lcov
 GENHTML = genhtml
 
-SUBDIRS = . gnulib/lib include src daemon tools docs gnulib/tests \
+SUBDIRS = gnulib/lib include src daemon tools docs gnulib/tests \
   python tests po examples/domain-events/events-c examples/hellolibvirt \
   examples/dominfo examples/domsuspend examples/python examples/apparmor \
   examples/xml/nwfilter examples/openauth examples/systemtap
@@ -31,41 +18,35 @@ XML_EXAMPLES = \
 					test/*.xml storage/*.xml)))
 
 EXTRA_DIST = \
-  config-post.h \
   ChangeLog-old \
   libvirt.spec libvirt.spec.in \
-  mingw-libvirt.spec.in \
+  mingw32-libvirt.spec.in \
   libvirt.pc.in \
   autobuild.sh \
   Makefile.nonreentrant \
   autogen.sh \
   cfg.mk \
   examples/domain-events/events-python \
-  run.in \
-  AUTHORS.in \
   $(XML_EXAMPLES)
 
 pkgconfigdir = $(libdir)/pkgconfig
 pkgconfig_DATA = libvirt.pc
 
 NEWS: $(top_srcdir)/docs/news.xsl $(top_srcdir)/docs/news.html.in
-	$(AM_V_GEN)if [ -x $(XSLTPROC) ] ; then			\
+	-@(if [ -x $(XSLTPROC) ] ; then				\
 	  $(XSLTPROC) --nonet $(top_srcdir)/docs/news.xsl	\
 	     $(top_srcdir)/docs/news.html.in			\
 	   | perl -0777 -pe 's/\n\n+$$/\n/'			\
 	   | perl -pe 's/[ \t]+$$//'				\
-	   > $@-t && mv $@-t $@ ; fi
+	   > $@-t && mv $@-t $@ ; fi );
 
-$(top_srcdir)/HACKING: $(top_srcdir)/docs/hacking1.xsl \
-			$(top_srcdir)/docs/hacking2.xsl \
-			$(top_srcdir)/docs/wrapstring.xsl \
-			$(top_srcdir)/docs/hacking.html.in
-	$(AM_V_GEN)if [ -x $(XSLTPROC) ] ; then \
-	   $(XSLTPROC) --nonet $(top_srcdir)/docs/hacking1.xsl \
-		$(top_srcdir)/docs/hacking.html.in | \
+$(top_srcdir)/HACKING: $(top_srcdir)/docs/hacking1.xsl $(top_srcdir)/docs/hacking2.xsl \
+                       $(top_srcdir)/docs/wrapstring.xsl $(top_srcdir)/docs/hacking.html.in
+	-@(if [ -x $(XSLTPROC) ] ; then \
+	   $(XSLTPROC) --nonet $(top_srcdir)/docs/hacking1.xsl $(top_srcdir)/docs/hacking.html.in | \
 	   $(XSLTPROC) --nonet $(top_srcdir)/docs/hacking2.xsl - \
 	   | perl -0777 -pe 's/\n\n+$$/\n/' \
-	   > $@-t && mv $@-t $@ ; fi;
+	   > $@-t && mv $@-t $@ ; fi );
 
 rpm: clean
 	@(unset CDPATH ; $(MAKE) dist && rpmbuild -ta $(distdir).tar.gz)
@@ -96,25 +77,16 @@ MAINTAINERCLEANFILES = .git-module-status
 # disable this check
 distuninstallcheck:
 
-dist-hook: gen-ChangeLog gen-AUTHORS
+dist-hook: gen-ChangeLog
 
 # Generate the ChangeLog file (with all entries since the switch to git)
 # and insert it into the directory we're about to use to create a tarball.
 gen_start_date = 2009-07-04
 .PHONY: gen-ChangeLog
 gen-ChangeLog:
-	$(AM_V_GEN)if test -d .git; then			\
+	if test -d .git; then					\
 	  $(top_srcdir)/build-aux/gitlog-to-changelog		\
 	    --since=$(gen_start_date) > $(distdir)/cl-t;	\
 	  rm -f $(distdir)/ChangeLog;				\
 	  mv $(distdir)/cl-t $(distdir)/ChangeLog;		\
 	fi
-
-.PHONY: gen-AUTHORS
-gen-AUTHORS:
-	$(AM_V_GEN)if test -d $(srcdir)/.git; then \
-	    out="`cd $(srcdir) && git log --pretty=format:'%aN <%aE>' | sort -u`" && \
-	    perl -p -e "s/#authorslist#// and print '$$out'" \
-	      < $(srcdir)/AUTHORS.in > $(distdir)/AUTHORS-tmp && \
-	    mv -f $(distdir)/AUTHORS-tmp $(distdir)/AUTHORS ; \
-	fi

Makefile.nonreentrant

@@ -1,18 +1,3 @@
-## Copyright (C) 2009-2010, 2013 Red Hat, Inc.
-##
-## This library is free software; you can redistribute it and/or
-## modify it under the terms of the GNU Lesser General Public
-## License as published by the Free Software Foundation; either
-## version 2.1 of the License, or (at your option) any later version.
-##
-## This library is distributed in the hope that it will be useful,
-## but WITHOUT ANY WARRANTY; without even the implied warranty of
-## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-## Lesser General Public License for more details.
-##
-## You should have received a copy of the GNU Lesser General Public
-## License along with this library.  If not, see
-## <http://www.gnu.org/licenses/>.
 
 #
 # Generated by running the following on Fedora 9:

autobuild.sh

@@ -8,13 +8,6 @@ set -v
 test -n "$1" && RESULTS=$1 || RESULTS=results.log
 : ${AUTOBUILD_INSTALL_ROOT=$HOME/builder}
 
-# If run under the autobuilder, we must use --nodeps with rpmbuild;
-# but this can lead to odd error diagnosis for normal development.
-nodeps=
-if test "${AUTOBUILD_COUNTER+set}"; then
-  nodeps=--nodeps
-fi
-
 test -f Makefile && make -k distclean || :
 rm -rf coverage
 
@@ -22,14 +15,9 @@ rm -rf build
 mkdir build
 cd build
 
-# Run with options not normally exercised by the rpm build, for
-# more complete code coverage.
 ../autogen.sh --prefix="$AUTOBUILD_INSTALL_ROOT" \
-  --enable-expensive-tests \
   --enable-test-coverage \
-  --disable-nls \
-  --enable-werror \
-  --enable-static
+  --enable-compile-warnings=error
 
 # If the MAKEFLAGS envvar does not yet include a -j option,
 # add -jN where N depends on the number of processors.
@@ -59,68 +47,56 @@ test -x /usr/bin/lcov && make cov
 rm -f *.tar.gz
 make dist
 
-if test -n "$AUTOBUILD_COUNTER" ; then
+if [ -n "$AUTOBUILD_COUNTER" ]; then
   EXTRA_RELEASE=".auto$AUTOBUILD_COUNTER"
 else
   NOW=`date +"%s"`
   EXTRA_RELEASE=".$USER$NOW"
 fi
 
-if test -f /usr/bin/rpmbuild ; then
-  rpmbuild $nodeps \
+if [ -f /usr/bin/rpmbuild ]; then
+  rpmbuild --nodeps \
      --define "extra_release $EXTRA_RELEASE" \
      --define "_sourcedir `pwd`" \
      -ba --clean libvirt.spec
 fi
 
-# Test mingw32 cross-compile
-if test -x /usr/bin/i686-w64-mingw32-gcc ; then
+if [ -x /usr/bin/i686-pc-mingw32-gcc ]; then
   make distclean
 
-  PKG_CONFIG_LIBDIR="/usr/i686-w64-mingw32/sys-root/mingw/lib/pkgconfig:/usr/i686-w64-mingw32/sys-root/mingw/share/pkgconfig" \
-  PKG_CONFIG_PATH="$AUTOBUILD_INSTALL_ROOT/i686-w64-mingw32/sys-root/mingw/lib/pkgconfig" \
-  CC="i686-w64-mingw32-gcc" \
+  PKG_CONFIG_PATH="$AUTOBUILD_INSTALL_ROOT/i686-pc-mingw32/sys-root/mingw/lib/pkgconfig" \
+  CC="i686-pc-mingw32-gcc" \
   ../configure \
-    --build=$(uname -m)-w64-linux \
-    --host=i686-w64-mingw32 \
-    --prefix="$AUTOBUILD_INSTALL_ROOT/i686-w64-mingw32/sys-root/mingw" \
-    --enable-expensive-tests \
-    --enable-werror \
-    --without-libvirtd \
-    --without-python
+    --build=$(uname -m)-pc-linux \
+    --host=i686-pc-mingw32 \
+    --prefix="$AUTOBUILD_INSTALL_ROOT/i686-pc-mingw32/sys-root/mingw" \
+    --enable-compile-warnings=error \
+    --without-sasl \
+    --without-avahi \
+    --without-polkit \
+    --without-python \
+    --without-xen \
+    --without-qemu \
+    --without-lxc \
+    --without-uml \
+    --without-vbox \
+    --without-openvz \
+    --without-phyp \
+    --without-netcf \
+    --without-audit \
+    --without-dtrace \
+    --without-libvirtd
 
   make
   make install
 
-fi
+  #set -o pipefail
+  #make check 2>&1 | tee "$RESULTS"
 
-# Test mingw64 cross-compile
-if test -x /usr/bin/x86_64-w64-mingw32-gcc ; then
-  make distclean
-
-  PKG_CONFIG_LIBDIR="/usr/x86_64-w64-mingw32/sys-root/mingw/lib/pkgconfig:/usr/x86_64-w64-mingw32/sys-root/mingw/share/pkgconfig" \
-  PKG_CONFIG_PATH="$AUTOBUILD_INSTALL_ROOT/x86_64-w64-mingw32/sys-root/mingw/lib/pkgconfig" \
-  CC="x86_64-w64-mingw32-gcc" \
-  ../configure \
-    --build=$(uname -m)-w64-linux \
-    --host=x86_64-w64-mingw32 \
-    --prefix="$AUTOBUILD_INSTALL_ROOT/x86_64-w64-mingw32/sys-root/mingw" \
-    --enable-expensive-tests \
-    --enable-werror \
-    --without-libvirtd \
-    --without-python
-
-  make
-  make install
-
-fi
-
-
-if test -x /usr/bin/i686-w64-mingw32-gcc && test -x /usr/bin/x86_64-w64-mingw32-gcc ; then
-  if test -f /usr/bin/rpmbuild ; then
-    rpmbuild $nodeps \
+  if [ -f /usr/bin/rpmbuild ]; then
+    rpmbuild --nodeps \
        --define "extra_release $EXTRA_RELEASE" \
        --define "_sourcedir `pwd`" \
-       -ba --clean mingw-libvirt.spec
+       -ba --clean mingw32-libvirt.spec
   fi
 fi

autogen.sh

@@ -1,8 +1,6 @@
 #!/bin/sh
 # Run this to generate all the initial makefiles, etc.
 
-set -e
-
 srcdir=`dirname "$0"`
 test -z "$srcdir" && srcdir=.
 
@@ -21,8 +19,7 @@ if test "x$1" = "x--no-git"; then
   no_git=" $1"
   shift
 fi
-if test -z "$NOCONFIGURE" ; then
-  if test "x$1" = "x--system"; then
+if test "x$1" = "x--system"; then
     shift
     prefix=/usr
     libdir=$prefix/lib
@@ -33,29 +30,21 @@ if test -z "$NOCONFIGURE" ; then
     fi
     EXTRA_ARGS="--prefix=$prefix --sysconfdir=$sysconfdir --localstatedir=$localstatedir --libdir=$libdir"
     echo "Running ./configure with $EXTRA_ARGS $@"
-  else
+else
     if test -z "$*" && test ! -f "$THEDIR/config.status"; then
         echo "I am going to run ./configure with no arguments - if you wish "
         echo "to pass any to it, please specify them on the $0 command line."
     fi
-  fi
 fi
 
 # Compute the hash we'll use to determine whether rerunning bootstrap
 # is required.  The first is just the SHA1 that selects a gnulib snapshot.
 # The second ensures that whenever we change the set of gnulib modules used
 # by this package, we rerun bootstrap to pull in the matching set of files.
-# The third ensures that whenever we change the set of local gnulib diffs,
-# we rerun bootstrap to pull in those diffs.
 bootstrap_hash()
 {
-    if test "$no_git"; then
-        echo no-git
-        return
-    fi
     git submodule status | sed 's/^[ +-]//;s/ .*//'
     git hash-object bootstrap.conf
-    git ls-tree -d HEAD gnulib/local | awk '{print $3}'
 }
 
 # Ensure that whenever we pull in a gnulib update or otherwise change to a
@@ -64,38 +53,20 @@ bootstrap_hash()
 # like to run 'git clean -x -f po' to fix it; but only ./bootstrap regenerates
 # the required file po/Makevars.
 # Only run bootstrap from a git checkout, never from a tarball.
-if test -d .git || test -f .git; then
-    curr_status=.git-module-status t=
-    if test "$no_git"; then
-        t=no-git
-    elif test -d .gnulib; then
-        t=$(bootstrap_hash; git diff .gnulib)
-    fi
-    case $t:${CLEAN_SUBMODULE+set} in
-        *:set) ;;
-        *-dirty*)
-            echo "error: gnulib submodule is dirty, please investigate" 2>&1
-            echo "set env-var CLEAN_SUBMODULE to discard gnulib changes" 2>&1
-            exit 1 ;;
-    esac
-    # Keep this test in sync with cfg.mk:_update_required
+if test -d .git; then
+    curr_status=.git-module-status
+    t=$(bootstrap_hash; git diff .gnulib)
     if test "$t" = "$(cat $curr_status 2>/dev/null)" \
-        && test -f "po/Makevars" && test -f AUTHORS; then
+        && test -f "po/Makevars"; then
         # good, it's up to date, all we need is autoreconf
         autoreconf -if
     else
-        if test -z "$no_git" && test ${CLEAN_SUBMODULE+set}; then
-            echo cleaning up submodules...
-            git submodule foreach 'git clean -dfqx && git reset --hard'
-        fi
         echo running bootstrap$no_git...
         ./bootstrap$no_git --bootstrap-sync && bootstrap_hash > $curr_status \
             || { echo "Failed to bootstrap, please investigate."; exit 1; }
     fi
 fi
 
-test -n "$NOCONFIGURE" && exit 0
-
 cd "$THEDIR"
 
 if test "x$OBJ_DIR" != x; then
@@ -103,7 +74,7 @@ if test "x$OBJ_DIR" != x; then
     cd "$OBJ_DIR"
 fi
 
-if test -z "$*" && test -z "$EXTRA_ARGS" && test -f config.status; then
+if test -z "$*" && test -f config.status; then
     ./config.status --recheck
 else
     $srcdir/configure $EXTRA_ARGS "$@"

bootstrap

@@ -1,10 +1,10 @@
 #! /bin/sh
 # Print a version string.
-scriptversion=2013-08-15.22; # UTC
+scriptversion=2012-07-19.14; # UTC
 
 # Bootstrap this package from checked-out sources.
 
-# Copyright (C) 2003-2013 Free Software Foundation, Inc.
+# Copyright (C) 2003-2012 Free Software Foundation, Inc.
 
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -140,21 +140,20 @@ po_download_command_format2=\
 "wget --mirror -nd -q -np -A.po -P '%s' \
  http://translationproject.org/latest/%s/"
 
-# Prefer a non-empty tarname (4th argument of AC_INIT if given), else
-# fall back to the package name (1st argument with munging)
 extract_package_name='
-  /^AC_INIT(\[*/{
-     s///
-     /^[^,]*,[^,]*,[^,]*,[ []*\([^][ ,)]\)/{
-       s//\1/
-       s/[],)].*//
+  /^AC_INIT(/{
+     /.*,.*,.*, */{
+       s///
+       s/[][]//g
+       s/)$//
        p
        q
      }
-     s/[],)].*//
+     s/AC_INIT(\[*//
+     s/]*,.*//
      s/^GNU //
      y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/
-     s/[^abcdefghijklmnopqrstuvwxyz0123456789_]/-/g
+     s/[^A-Za-z0-9_]/-/g
      p
   }
 '
@@ -209,16 +208,12 @@ bootstrap_sync=false
 # Use git to update gnulib sources
 use_git=true
 
-check_exists() {
-  ($1 --version </dev/null) >/dev/null 2>&1
-  test $? -lt 126
-}
-
 # find_tool ENVVAR NAMES...
 # -------------------------
 # Search for a required program.  Use the value of ENVVAR, if set,
-# otherwise find the first of the NAMES that can be run.
-# If found, set ENVVAR to the program name, die otherwise.
+# otherwise find the first of the NAMES that can be run (i.e.,
+# supports --version).  If found, set ENVVAR to the program name,
+# die otherwise.
 #
 # FIXME: code duplication, see also gnu-web-doc-update.
 find_tool ()
@@ -228,21 +223,27 @@ find_tool ()
   find_tool_names=$@
   eval "find_tool_res=\$$find_tool_envvar"
   if test x"$find_tool_res" = x; then
-    for i; do
-      if check_exists $i; then
-        find_tool_res=$i
-        break
+    for i
+    do
+      if ($i --version </dev/null) >/dev/null 2>&1; then
+       find_tool_res=$i
+       break
       fi
     done
+  else
+    find_tool_error_prefix="\$$find_tool_envvar: "
   fi
-  if test x"$find_tool_res" = x; then
-    warn_ "one of these is required: $find_tool_names;"
-    die   "alternatively set $find_tool_envvar to a compatible tool"
-  fi
+  test x"$find_tool_res" != x \
+    || die "one of these is required: $find_tool_names"
+  ($find_tool_res --version </dev/null) >/dev/null 2>&1 \
+    || die "${find_tool_error_prefix}cannot run $find_tool_res --version"
   eval "$find_tool_envvar=\$find_tool_res"
   eval "export $find_tool_envvar"
 }
 
+# Find sha1sum, named gsha1sum on MacPorts, and shasum on Mac OS X 10.6.
+find_tool SHA1SUM sha1sum gsha1sum shasum
+
 # Override the default configuration, if necessary.
 # Make sure that bootstrap.conf is sourced from the current directory
 # if we were invoked as "sh bootstrap".
@@ -254,12 +255,12 @@ esac
 # Extra files from gnulib, which override files from other sources.
 test -z "${gnulib_extra_files}" && \
   gnulib_extra_files="
-        build-aux/install-sh
-        build-aux/mdate-sh
-        build-aux/texinfo.tex
-        build-aux/depcomp
-        build-aux/config.guess
-        build-aux/config.sub
+        $build_aux/install-sh
+        $build_aux/mdate-sh
+        $build_aux/texinfo.tex
+        $build_aux/depcomp
+        $build_aux/config.guess
+        $build_aux/config.sub
         doc/INSTALL
 "
 
@@ -305,34 +306,34 @@ if test -n "$checkout_only_file" && test ! -r "$checkout_only_file"; then
   die "Bootstrapping from a non-checked-out distribution is risky."
 fi
 
-# Strip blank and comment lines to leave significant entries.
-gitignore_entries() {
-  sed '/^#/d; /^$/d' "$@"
+# Ensure that lines starting with ! sort last, per gitignore conventions
+# for whitelisting exceptions after a more generic blacklist pattern.
+sort_patterns() {
+  sort -u "$@" | sed '/^!/ {
+    H
+    d
+  }
+  $ {
+    P
+    x
+    s/^\n//
+  }' | sed '/^$/d'
 }
 
-# If $STR is not already on a line by itself in $FILE, insert it at the start.
-# Entries are inserted at the start of the ignore list to ensure existing
-# entries starting with ! are not overridden.  Such entries support
-# whitelisting exceptions after a more generic blacklist pattern.
-insert_if_absent() {
+# If $STR is not already on a line by itself in $FILE, insert it,
+# sorting the new contents of the file and replacing $FILE with the result.
+insert_sorted_if_absent() {
   file=$1
   str=$2
   test -f $file || touch $file
-  test -r $file || die "Error: failed to read ignore file: $file"
-  duplicate_entries=$(gitignore_entries $file | sort | uniq -d)
-  if [ "$duplicate_entries" ] ; then
-    die "Error: Duplicate entries in $file: " $duplicate_entries
-  fi
-  linesold=$(gitignore_entries $file | wc -l)
-  linesnew=$( { echo "$str"; cat $file; } | gitignore_entries | sort -u | wc -l)
-  if [ $linesold != $linesnew ] ; then
-    { echo "$str" | cat - $file > $file.bak && mv $file.bak $file; } \
-      || die "insert_if_absent $file $str: failed"
-  fi
+  echo "$str" | sort_patterns - $file | cmp -s - $file > /dev/null \
+    || { echo "$str" | sort_patterns - $file > $file.bak \
+      && mv $file.bak $file; } \
+    || die "insert_sorted_if_absent $file $str: failed"
 }
 
 # Adjust $PATTERN for $VC_IGNORE_FILE and insert it with
-# insert_if_absent.
+# insert_sorted_if_absent.
 insert_vc_ignore() {
   vc_ignore_file="$1"
   pattern="$2"
@@ -343,7 +344,7 @@ insert_vc_ignore() {
     # .gitignore entry.
     pattern=$(echo "$pattern" | sed s,^,/,);;
   esac
-  insert_if_absent "$vc_ignore_file" "$pattern"
+  insert_sorted_if_absent "$vc_ignore_file" "$pattern"
 }
 
 # Die if there is no AC_CONFIG_AUX_DIR($build_aux) line in configure.ac.
@@ -467,7 +468,8 @@ check_versions() {
     if [ "$req_ver" = "-" ]; then
       # Merely require app to exist; not all prereq apps are well-behaved
       # so we have to rely on $? rather than get_version.
-      if ! check_exists $app; then
+      $app --version >/dev/null 2>&1
+      if [ 126 -le $? ]; then
         warn_ "Error: '$app' not found"
         ret=1
       fi
@@ -500,12 +502,6 @@ print_versions() {
   # can't depend on column -t
 }
 
-# Find sha1sum, named gsha1sum on MacPorts, shasum on Mac OS X 10.6.
-# Also find the compatible sha1 utility on the BSDs
-if test x"$SKIP_PO" = x; then
-  find_tool SHA1SUM sha1sum gsha1sum shasum sha1
-fi
-
 use_libtool=0
 # We'd like to use grep -E, to see if any of LT_INIT,
 # AC_PROG_LIBTOOL, AM_PROG_LIBTOOL is used in configure.ac,
@@ -554,10 +550,10 @@ fi
 echo "$0: Bootstrapping from checked-out $package sources..."
 
 # See if we can use gnulib's git-merge-changelog merge driver.
-if $use_git && test -d .git && check_exists git; then
+if test -d .git && (git --version) >/dev/null 2>/dev/null ; then
   if git config merge.merge-changelog.driver >/dev/null ; then
     :
-  elif check_exists git-merge-changelog; then
+  elif (git-merge-changelog --version) >/dev/null 2>/dev/null ; then
     echo "$0: initializing git-merge-changelog driver"
     git config merge.merge-changelog.name 'GNU-style ChangeLog merge driver'
     git config merge.merge-changelog.driver 'git-merge-changelog %O %A %B'
@@ -577,17 +573,13 @@ git_modules_config () {
   test -f .gitmodules && git config --file .gitmodules "$@"
 }
 
-if $use_git; then
-  gnulib_path=$(git_modules_config submodule.gnulib.path)
-  test -z "$gnulib_path" && gnulib_path=gnulib
-fi
+gnulib_path=$(git_modules_config submodule.gnulib.path)
+test -z "$gnulib_path" && gnulib_path=gnulib
 
-# Get gnulib files.  Populate $GNULIB_SRCDIR, possibly updating a
-# submodule, for use in the rest of the script.
+# Get gnulib files.
 
 case ${GNULIB_SRCDIR--} in
 -)
-  # Note that $use_git is necessarily true in this case.
   if git_modules_config submodule.gnulib.url >/dev/null; then
     echo "$0: getting gnulib files..."
     git submodule init || exit $?
@@ -608,8 +600,8 @@ case ${GNULIB_SRCDIR--} in
   GNULIB_SRCDIR=$gnulib_path
   ;;
 *)
-  # Use GNULIB_SRCDIR directly or as a reference.
-  if $use_git && test -d "$GNULIB_SRCDIR"/.git && \
+  # Use GNULIB_SRCDIR as a reference.
+  if test -d "$GNULIB_SRCDIR"/.git && \
         git_modules_config submodule.gnulib.url >/dev/null; then
     echo "$0: getting gnulib files..."
     if git submodule -h|grep -- --reference > /dev/null; then
@@ -635,19 +627,12 @@ case ${GNULIB_SRCDIR--} in
   ;;
 esac
 
-# $GNULIB_SRCDIR now points to the version of gnulib to use, and
-# we no longer need to use git or $gnulib_path below here.
-
 if $bootstrap_sync; then
   cmp -s "$0" "$GNULIB_SRCDIR/build-aux/bootstrap" || {
     echo "$0: updating bootstrap and restarting..."
-    case $(sh -c 'echo "$1"' -- a) in
-      a) ignored=--;;
-      *) ignored=ignored;;
-    esac
     exec sh -c \
       'cp "$1" "$2" && shift && exec "${CONFIG_SHELL-/bin/sh}" "$@"' \
-      $ignored "$GNULIB_SRCDIR/build-aux/bootstrap" \
+      -- "$GNULIB_SRCDIR/build-aux/bootstrap" \
       "$0" "$@" --no-bootstrap-sync
   }
 fi
@@ -695,10 +680,11 @@ update_po_files() {
     cksum_file="$ref_po_dir/$po.s1"
     if ! test -f "$cksum_file" ||
         ! test -f "$po_dir/$po.po" ||
-        ! $SHA1SUM -c "$cksum_file" < "$new_po" > /dev/null 2>&1; then
+        ! $SHA1SUM -c --status "$cksum_file" \
+            < "$new_po" > /dev/null; then
       echo "$me: updated $po_dir/$po.po..."
       cp "$new_po" "$po_dir/$po.po" \
-          && $SHA1SUM < "$new_po" > "$cksum_file" || return
+          && $SHA1SUM < "$new_po" > "$cksum_file"
     fi
   done
 }
@@ -903,21 +889,20 @@ find "$m4_base" "$source_base" \
   -depth \( -name '*.m4' -o -name '*.[ch]' \) \
   -type l -xtype l -delete > /dev/null 2>&1
 
-# Invoke autoreconf with --force --install to ensure upgrades of tools
-# such as ylwrap.
-AUTORECONFFLAGS="--verbose --install --force -I $m4_base $ACLOCAL_FLAGS"
-
 # Some systems (RHEL 5) are using ancient autotools, for which the
 # --no-recursive option had not been invented.  Detect that lack and
 # omit the option when it's not supported.  FIXME in 2017: remove this
 # hack when RHEL 5 autotools are updated, or when they become irrelevant.
+no_recursive=
 case $($AUTORECONF --help) in
-  *--no-recursive*) AUTORECONFFLAGS="$AUTORECONFFLAGS --no-recursive";;
+  *--no-recursive*) no_recursive=--no-recursive;;
 esac
 
 # Tell autoreconf not to invoke autopoint or libtoolize; they were run above.
-echo "running: AUTOPOINT=true LIBTOOLIZE=true $AUTORECONF $AUTORECONFFLAGS"
-AUTOPOINT=true LIBTOOLIZE=true $AUTORECONF $AUTORECONFFLAGS \
+echo "running: AUTOPOINT=true LIBTOOLIZE=true " \
+    "$AUTORECONF --verbose --install $no_recursive -I $m4_base $ACLOCAL_FLAGS"
+AUTOPOINT=true LIBTOOLIZE=true \
+    $AUTORECONF --verbose --install $no_recursive -I $m4_base $ACLOCAL_FLAGS \
   || die "autoreconf failed"
 
 # Get some extra files from gnulib, overriding existing files.

bootstrap.conf

@@ -1,6 +1,6 @@
 # Bootstrap configuration.
 
-# Copyright (C) 2010-2013 Red Hat, Inc.
+# Copyright (C) 2010-2012 Red Hat, Inc.
 
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -13,17 +13,16 @@
 # GNU General Public License for more details.
 
 # You should have received a copy of the GNU Lesser General Public
-# License along with this library.  If not, see
-# <http://www.gnu.org/licenses/>.
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+
 
 # gnulib modules used by this package.
 gnulib_modules='
 accept
 areadlink
-autobuild
 base64
 bind
-bitrotate
 byteswap
 c-ctype
 c-strcase
@@ -31,22 +30,17 @@ c-strcasestr
 calloc-posix
 canonicalize-lgpl
 chown
-clock-time
 close
 connect
 configmake
 count-one-bits
 crypto/md5
-crypto/sha256
 dirname-lgpl
 environ
-execinfo
 fclose
 fcntl
 fcntl-h
-fdatasync
 ffs
-ffsl
 fnmatch
 fsync
 func
@@ -66,20 +60,14 @@ intprops
 ioctl
 isatty
 largefile
-ldexp
 listen
-localeconv
 maintainer-makefile
 manywarnings
-mgetgroups
-mkdtemp
-mkostemp
-mkostemps
+mkstemp
+mkstemps
 mktempd
-net_if
 netdb
 nonblocking
-openpty
 passfd
 perror
 physmem
@@ -93,15 +81,12 @@ recv
 regex
 random_r
 sched
-secure_getenv
 send
-setenv
 setsockopt
 sigaction
 sigpipe
 snprintf
 socket
-stat-time
 stdarg
 stpcpy
 strchrnul
@@ -117,7 +102,6 @@ sys_wait
 termios
 time_r
 timegm
-ttyname_r
 uname
 useless-if-before-free
 usleep
@@ -175,10 +159,9 @@ fi
 
 # Tell gnulib to:
 #   require LGPLv2+
-#   apply any local diffs in gnulib/local/ dir
 #   put *.m4 files in new gnulib/m4/ dir
-#   put *.[ch] files in new gnulib/lib/ dir
-#   import gnulib tests in new gnulib/tests/ dir
+#   put *.[ch] files in new gnulib/lib/ dir.
+#   import gnulib tests in new gnulib/tests/ dir.
 gnulib_name=libgnu
 m4_base=gnulib/m4
 source_base=gnulib/lib
@@ -187,10 +170,7 @@ gnulib_tool_option_extras="\
  --lgpl=2\
  --with-tests\
  --makefile-name=gnulib.mk\
- --avoid=pt_chown\
- --avoid=lock-tests\
 "
-local_gl_dir=gnulib/local
 
 # Convince bootstrap to use multiple m4 directories.
 : ${ACLOCAL=aclocal}
@@ -198,12 +178,6 @@ ACLOCAL="$ACLOCAL -I m4"
 export ACLOCAL
 
 # Build prerequisites
-# Note that some of these programs are only required for 'make dist' to
-# succeed from a fresh git checkout; not all of these programs are
-# required to run 'make dist' on a tarball.  As a special case, we want
-# to require the equivalent of the Fedora python-devel package, but
-# RHEL 5 lacks the witness python-config package; we hack around that
-# old environment below.
 buildreq="\
 autoconf   2.59
 automake   1.9.6
@@ -212,41 +186,31 @@ gettext    0.17
 git        1.5.5
 gzip       -
 libtool    -
-patch      -
 perl       5.5
 pkg-config -
-python-config -
 rpcgen     -
 tar        -
-xmllint	   -
-xsltproc   -
 "
-# Use rpm as a fallback to bypass the bootstrap probe for python-config,
-# for the sake of RHEL 5; without requiring it on newer systems that
-# have python-config to begin with.
-if `(${PYTHON_CONFIG-python-config} --version;
-     test $? -lt 126 || rpm -q python-devel) >/dev/null 2>&1`; then
-  PYTHON_CONFIG=true
-fi
 
-# Automake requires that ChangeLog and AUTHORS exist.
-touch AUTHORS ChangeLog || exit 1
+# Automake requires that ChangeLog exist.
+touch ChangeLog || exit 1
 
 # Override bootstrap's list - we don't use mdate-sh or texinfo.tex.
 gnulib_extra_files="
-        build-aux/install-sh
-        build-aux/depcomp
-        build-aux/config.guess
-        build-aux/config.sub
+        $build_aux/install-sh
+        $build_aux/depcomp
+        $build_aux/config.guess
+        $build_aux/config.sub
         doc/INSTALL
 "
 
 
-bootstrap_post_import_hook()
+bootstrap_epilogue()
 {
   # Change paths in gnulib/tests/gnulib.mk from "../../.." to "../..",
-  # and make tests conditional by changing "TESTS" to "GNULIB_TESTS".
+  # then ensure that gnulib/tests/Makefile.in is up-to-date.
   m=gnulib/tests/gnulib.mk
-  sed 's,\.\./\.\./\.\.,../..,g; s/^TESTS /GNULIB_TESTS /' $m > $m-t
+  sed 's,\.\./\.\./\.\.,../..,g' $m > $m-t
   mv -f $m-t $m
+  ${AUTOMAKE-automake} gnulib/tests/Makefile
 }

build-aux/augeas-gentest.pl

@@ -1,71 +0,0 @@
-#!/usr/bin/perl
-#
-# augeas-gentest.pl: Generate an augeas test file, from an
-#                    example config file + test file template
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library.  If not, see
-# <http://www.gnu.org/licenses/>.
-#
-# Authors:
-#     Daniel P. Berrange <berrange@redhat.com>
-
-use strict;
-use warnings;
-
-die "syntax: $0 CONFIG TEMPLATE AUGTEST\n" unless @ARGV == 3;
-
-my $config = shift @ARGV;
-my $template = shift @ARGV;
-my $augtest = shift @ARGV;
-
-open AUGTEST, ">", $augtest or die "cannot create $augtest: $!";
-
-$SIG{__DIE__} = sub {
-    unlink $augtest;
-};
-
-open CONFIG, "<", $config or die "cannot read $config: $!";
-open TEMPLATE, "<", $template or die "cannot read $template: $!";
-
-my $group = 0;
-while (<TEMPLATE>) {
-    if (/::CONFIG::/) {
-        my $group = 0;
-        print AUGTEST "  let conf = \"";
-        while (<CONFIG>) {
-            if (/^#\w/) {
-                s/^#//;
-                s/\"/\\\"/g;
-                print AUGTEST $_;
-                $group = /\[\s$/;
-            } elsif ($group) {
-                s/\"/\\\"/g;
-                if (/#\s*\]/) {
-                    $group = 0;
-                }
-                if (/^#/) {
-                    s/^#//;
-                    print AUGTEST $_;
-                }
-            }
-        }
-        print AUGTEST "\"\n";
-    } else {
-        print AUGTEST $_;
-    }
-}
-
-close TEMPLATE;
-close CONFIG;
-close AUGTEST or die "cannot save $augtest: $!";

build-aux/bracket-spacing.pl

@@ -1,144 +0,0 @@
-#!/usr/bin/perl
-#
-# bracket-spacing.pl: Report any usage of 'function (..args..)'
-# Also check for other syntax issues, such as correct use of ';'
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library.  If not, see
-# <http://www.gnu.org/licenses/>.
-#
-# Authors:
-#     Daniel P. Berrange <berrange@redhat.com>
-
-use strict;
-use warnings;
-
-my $ret = 0;
-my $incomment = 0;
-
-foreach my $file (@ARGV) {
-    open FILE, $file;
-
-    while (defined (my $line = <FILE>)) {
-        my $data = $line;
-
-        # Kill any quoted ; or "
-        $data =~ s,'[";]','X',g;
-
-        # Kill any quoted strings
-        $data =~ s,"([^\\\"]|\\.)*","XXX",g;
-
-        # Kill any C++ style comments
-        $data =~ s,//.*$,//,;
-
-        next if $data =~ /^#/;
-
-        # Kill contents of multi-line comments
-        # and detect end of multi-line comments
-        if ($incomment) {
-            if ($data =~ m,\*/,) {
-                $incomment = 0;
-                $data =~ s,^.*\*/,*/,;
-            } else {
-                $data = "";
-            }
-        }
-
-        # Kill single line comments, and detect
-        # start of multi-line comments
-        if ($data =~ m,/\*.*\*/,) {
-            $data =~ s,/\*.*\*/,/* */,;
-        } elsif ($data =~ m,/\*,) {
-            $incomment = 1;
-            $data =~ s,/\*.*,/*,;
-        }
-
-        # We need to match things like
-        #
-        #  int foo (int bar, bool wizz);
-        #  foo (bar, wizz);
-        #
-        # but not match things like:
-        #
-        #  typedef int (*foo)(bar wizz)
-        #
-        # we can't do this (efficiently) without
-        # missing things like
-        #
-        #  foo (*bar, wizz);
-        #
-        while ($data =~ /(\w+)\s\((?!\*)/) {
-            my $kw = $1;
-
-            # Allow space after keywords only
-            if ($kw =~ /^(if|for|while|switch|return)$/) {
-                $data =~ s/($kw\s\()/XXX(/;
-            } else {
-                print "$file:$.: $line";
-                $ret = 1;
-                last;
-            }
-        }
-
-        # Require whitespace immediately after keywords,
-        # but none after the opening bracket
-        while ($data =~ /\b(if|for|while|switch|return)\(/ ||
-               $data =~ /\b(if|for|while|switch|return)\s+\(\s/) {
-            print "$file:$.: $line";
-            $ret = 1;
-            last;
-        }
-
-        # Forbid whitespace between )( of a function typedef
-        while ($data =~ /\(\*\w+\)\s+\(/) {
-            print "$file:$.: $line";
-            $ret = 1;
-            last;
-        }
-
-        # Forbid whitespace following ( or prior to )
-        while ($data =~ /\S\s+\)/ ||
-               $data =~ /\(\s+\S/) {
-            print "$file:$.: $line";
-            $ret = 1;
-            last;
-        }
-
-        # Forbid whitespace before ";". Things like below are allowed:
-        #
-        # 1) The expression is empty for "for" loop. E.g.
-        #   for (i = 0; ; i++)
-        #
-        # 2) An empty statement. E.g.
-        #   while (write(statuswrite, &status, 1) == -1 &&
-        #          errno == EINTR)
-        #       ;
-        #
-        while ($data =~ /[^;\s]\s+;/) {
-            print "$file:$.: $line";
-            $ret = 1;
-            last;
-        }
-
-        # Require EOL, macro line continuation, or whitespace after ";".
-        # Allow "for (;;)" as an exception.
-        while ($data =~ /;[^	 \\\n;)]/) {
-            print "$file:$.: $line";
-            $ret = 1;
-            last;
-        }
-    }
-    close FILE;
-}
-
-exit $ret;

cfg.mk

@@ -1,5 +1,5 @@
 # Customize Makefile.maint.                           -*- makefile -*-
-# Copyright (C) 2008-2013 Red Hat, Inc.
+# Copyright (C) 2008-2011 Red Hat, Inc.
 # Copyright (C) 2003-2008 Free Software Foundation, Inc.
 
 # This program is free software: you can redistribute it and/or modify
@@ -13,8 +13,7 @@
 # GNU General Public License for more details.
 
 # You should have received a copy of the GNU General Public License
-# along with this program.  If not, see
-# <http://www.gnu.org/licenses/>.
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 # Use alpha.gnu.org for alpha and beta releases.
 # Use ftp.gnu.org for major releases.
@@ -33,17 +32,14 @@ gnulib_dir = $(srcdir)/.gnulib
 # This is all gnulib files, as well as generated files for RPC code.
 generated_files = \
   $(srcdir)/daemon/*_dispatch.h \
-  $(srcdir)/src/*/*_dispatch.h \
   $(srcdir)/src/remote/*_client_bodies.h \
-  $(srcdir)/src/*/*_protocol.[ch] \
+  $(srcdir)/src/remote/*_protocol.[ch] \
   $(srcdir)/gnulib/lib/*.[ch]
 
-# We haven't converted all scripts to using gnulib's init.sh yet.
-_test_script_regex = \<\(init\|test-lib\)\.sh\>
-
 # Tests not to run as part of "make distcheck".
 local-checks-to-skip =			\
   changelog-check			\
+  check-AUTHORS				\
   makefile-check			\
   makefile_path_separator_check		\
   patch-check				\
@@ -85,7 +81,7 @@ local-checks-to-skip =			\
 ifeq ($(filter dist%, $(MAKECMDGOALS)), )
 local-checks-to-skip +=	sc_vulnerable_makefile_CVE-2012-3386
 else
-distdir: sc_vulnerable_makefile_CVE-2012-3386.z
+distdir: sc_vulnerable_makefile_CVE-2012-3386
 endif
 
 # Files that should never cause syntax check failures.
@@ -94,15 +90,11 @@ VC_LIST_ALWAYS_EXCLUDE_REGEX = \
 
 # Functions like free() that are no-ops on NULL arguments.
 useless_free_options =				\
-  --name=VBOX_UTF16_FREE			\
-  --name=VBOX_UTF8_FREE				\
-  --name=VBOX_COM_UNALLOC_MEM			\
   --name=VIR_FREE				\
   --name=qemuCapsFree				\
   --name=qemuMigrationCookieFree                \
   --name=qemuMigrationCookieGraphicsFree        \
   --name=sexpr_free				\
-  --name=usbFreeDevice                          \
   --name=virBandwidthDefFree			\
   --name=virBitmapFree                          \
   --name=virCPUDefFree				\
@@ -149,9 +141,20 @@ useless_free_options =				\
   --name=virJSONValueFree			\
   --name=virLastErrFreeData			\
   --name=virNetMessageFree                      \
+  --name=virNetClientFree                       \
+  --name=virNetClientProgramFree                \
+  --name=virNetClientStreamFree                 \
+  --name=virNetServerFree                       \
+  --name=virNetServerClientFree                 \
   --name=virNetServerMDNSFree                   \
   --name=virNetServerMDNSEntryFree              \
   --name=virNetServerMDNSGroupFree              \
+  --name=virNetServerProgramFree                \
+  --name=virNetServerServiceFree                \
+  --name=virNetSocketFree                       \
+  --name=virNetSASLContextFree                  \
+  --name=virNetSASLSessionFree                  \
+  --name=virNetTLSSessionFree                   \
   --name=virNWFilterDefFree			\
   --name=virNWFilterEntryFree			\
   --name=virNWFilterHashTableFree		\
@@ -164,9 +167,6 @@ useless_free_options =				\
   --name=virNetworkObjFree			\
   --name=virNodeDeviceDefFree			\
   --name=virNodeDeviceObjFree			\
-  --name=virObjectUnref                         \
-  --name=virObjectFreeCallback                  \
-  --name=virPCIDeviceFree                       \
   --name=virSecretDefFree			\
   --name=virStorageEncryptionFree		\
   --name=virStorageEncryptionSecretFree		\
@@ -179,7 +179,6 @@ useless_free_options =				\
   --name=xmlBufferFree				\
   --name=xmlFree				\
   --name=xmlFreeDoc				\
-  --name=xmlFreeNode				\
   --name=xmlXPathFreeContext			\
   --name=xmlXPathFreeObject
 
@@ -308,7 +307,6 @@ sc_flags_usage:
 	@test "$$(cat $(srcdir)/include/libvirt/libvirt.h.in		\
 	    $(srcdir)/include/libvirt/virterror.h			\
 	    $(srcdir)/include/libvirt/libvirt-qemu.h			\
-	    $(srcdir)/include/libvirt/libvirt-lxc.h			\
 	  | grep -c '\(long\|unsigned\) flags')" != 4 &&		\
 	  { echo '$(ME): new API should use "unsigned int flags"' 1>&2;	\
 	    exit 1; } || :
@@ -321,16 +319,10 @@ sc_flags_usage:
 
 # Avoid functions that should only be called via macro counterparts.
 sc_prohibit_internal_functions:
-	@prohibit='vir(Free|AllocN?|ReallocN|(Insert|Delete)ElementsN|File(Close|Fclose|Fdopen)) *\(' \
+	@prohibit='vir(Free|AllocN?|ReallocN|File(Close|Fclose|Fdopen)) *\(' \
 	halt='use VIR_ macros instead of internal functions'		\
 	  $(_sc_search_regexp)
 
-# Avoid raw malloc and free, except in documentation comments.
-sc_prohibit_raw_allocation:
-	@prohibit='^.[^*].*\<((m|c|re)alloc|free) *\([^)]'		\
-	halt='use VIR_ macros from viralloc.h instead of malloc/free'	\
-	  $(_sc_search_regexp)
-
 # Avoid functions that can lead to double-close bugs.
 sc_prohibit_close:
 	@prohibit='([^>.]|^)\<[fp]?close *\('				\
@@ -346,12 +338,6 @@ sc_prohibit_fork_wrappers:
 	halt='use virCommand for child processes'			\
 	  $(_sc_search_regexp)
 
-# Prefer mkostemp with O_CLOEXEC.
-sc_prohibit_mkstemp:
-	@prohibit='[^"]\<mkstemps? *\('					\
-	halt='use mkostemp with O_CLOEXEC instead of mkstemp'		\
-	  $(_sc_search_regexp)
-
 # access with X_OK accepts directories, but we can't exec() those.
 # access with F_OK or R_OK is okay, though.
 sc_prohibit_access_xok:
@@ -361,38 +347,18 @@ sc_prohibit_access_xok:
 
 # Similar to the gnulib maint.mk rule for sc_prohibit_strcmp
 # Use STREQLEN or STRPREFIX rather than comparing strncmp == 0, or != 0.
-snp_ = strncmp *\(.+\)
 sc_prohibit_strncmp:
-	@prohibit='! *strncmp *\(|\<$(snp_) *[!=]=|[!=]= *$(snp_)'	\
-	exclude=':# *define STR(N?EQLEN|PREFIX)\('			\
-	halt='use STREQLEN or STRPREFIX instead of str''ncmp'		\
-	  $(_sc_search_regexp)
-
-# strtol and friends are too easy to misuse
-sc_prohibit_strtol:
-	@prohibit='\bstrto(u?ll?|[ui]max) *\('				\
-	exclude='exempt from syntax-check'				\
-	halt='use virStrToLong_*, not strtol variants'			\
-	  $(_sc_search_regexp)
-	@prohibit='\bstrto[df] *\('					\
-	exclude='exempt from syntax-check'				\
-	halt='use virStrToDouble, not strtod variants'			\
-	  $(_sc_search_regexp)
+	@grep -nE '! *str''ncmp *\(|\<str''ncmp *\(.+\) *[!=]='		\
+	    $$($(VC_LIST_EXCEPT))					\
+	  | grep -vE ':# *define STR(N?EQLEN|PREFIX)\(' &&		\
+	  { echo '$(ME): use STREQLEN or STRPREFIX instead of str''ncmp' \
+		1>&2; exit 1; } || :
 
 # Use virAsprintf rather than as'printf since *strp is undefined on error.
-# But for plain %s, virAsprintf is overkill compared to strdup.
 sc_prohibit_asprintf:
 	@prohibit='\<v?a[s]printf\>'					\
 	halt='use virAsprintf, not as'printf				\
 	  $(_sc_search_regexp)
-	@prohibit='virAsprintf.*, *"%s",'				\
-	halt='use VIR_STRDUP instead of virAsprintf with "%s"'		\
-	  $(_sc_search_regexp)
-
-sc_prohibit_strdup:
-	@prohibit='\<strn?dup\> *\('					\
-	halt='use VIR_STRDUP, not strdup'				\
-	  $(_sc_search_regexp)
 
 # Prefer virSetUIDGID.
 sc_prohibit_setuid:
@@ -400,12 +366,6 @@ sc_prohibit_setuid:
 	halt='use virSetUIDGID, not raw set*id'				\
 	  $(_sc_search_regexp)
 
-# Don't compare *id_t against raw -1.
-sc_prohibit_risky_id_promotion:
-	@prohibit='\b(user|group|[ug]id) *[=!]= *-'			\
-	halt='cast -1 to ([ug]id_t) before comparing against id'	\
-	  $(_sc_search_regexp)
-
 # Use snprintf rather than s'printf, even if buffer is provably large enough,
 # since gnulib has more guarantees for snprintf portability
 sc_prohibit_sprintf:
@@ -414,7 +374,7 @@ sc_prohibit_sprintf:
 	  $(_sc_search_regexp)
 
 sc_prohibit_readlink:
-	@prohibit='\<readlink *\('					\
+	@prohibit='readlink *\('					\
 	halt='use virFileResolveLink, not readlink'			\
 	  $(_sc_search_regexp)
 
@@ -433,11 +393,6 @@ sc_prohibit_VIR_ERR_NO_MEMORY:
 	halt='use virReportOOMError, not V'IR_ERR_NO_MEMORY		\
 	  $(_sc_search_regexp)
 
-sc_prohibit_PATH_MAX:
-	@prohibit='\<P''ATH_MAX\>'				\
-	halt='dynamically allocate paths, do not use P'ATH_MAX	\
-	  $(_sc_search_regexp)
-
 # Use a subshell for each function, to give the optimal warning message.
 include $(srcdir)/Makefile.nonreentrant
 sc_prohibit_nonreentrant:
@@ -451,37 +406,20 @@ sc_prohibit_nonreentrant:
 	done ; \
 	exit $$fail
 
-sc_prohibit_select:
-	@prohibit="\\<select *\\("					\
-	halt="use poll(), not se""lect()"				\
-	  $(_sc_search_regexp)
-
 # Prohibit the inclusion of <ctype.h>.
 sc_prohibit_ctype_h:
 	@prohibit='^# *include  *<ctype\.h>'				\
 	halt="don't use ctype.h; instead, use c-ctype.h"		\
 	  $(_sc_search_regexp)
 
-# Insist on correct types for [pug]id.
-sc_correct_id_types:
-	@prohibit='\<(int|long) *[pug]id\>'				\
-	halt="use pid_t for pid, uid_t for uid, gid_t for gid"		\
-	  $(_sc_search_regexp)
-
-# Forbid sizeof foo or sizeof (foo), require sizeof(foo)
-sc_size_of_brackets:
-	@prohibit='sizeof\s'						\
-	halt='use sizeof(foo), not sizeof (foo) or sizeof foo'		\
-	  $(_sc_search_regexp)
-
 # Ensure that no C source file, docs, or rng schema uses TABs for
 # indentation.  Also match *.h.in files, to get libvirt.h.in.  Exclude
 # files in gnulib, since they're imported.
-space_indent_files=(\.(rng|s?[ch](\.in)?|html.in|py|pl|syms)|(daemon|tools)/.*\.in)
+space_indent_files=(\.(rng|s?[ch](\.in)?|html.in|py)|(daemon|tools)/.*\.in)
 sc_TAB_in_indentation:
 	@prohibit='^ *	'						\
 	in_vc_files='$(space_indent_files)$$'				\
-	halt='indent with space, not TAB, in C, sh, html, py, syms and RNG schemas' \
+	halt='indent with space, not TAB, in C, sh, html, py, and RNG schemas' \
 	  $(_sc_search_regexp)
 
 ctype_re = isalnum|isalpha|isascii|isblank|iscntrl|isdigit|isgraph|islower\
@@ -502,11 +440,6 @@ sc_prohibit_virBufferAdd_with_string_literal:
 	halt='use virBufferAddLit, not virBufferAdd, with a string literal' \
 	  $(_sc_search_regexp)
 
-sc_prohibit_virBufferAsprintf_with_string_literal:
-	@prohibit='\<virBufferAsprintf *\([^,]+, *"([^%"\]|\\.|%%)*"\)'		\
-	halt='use virBufferAddLit, not virBufferAsprintf, with a string literal' \
-	  $(_sc_search_regexp)
-
 # Not only do they fail to deal well with ipv6, but the gethostby*
 # functions are also not thread-safe.
 sc_prohibit_gethostby:
@@ -514,30 +447,12 @@ sc_prohibit_gethostby:
 	halt='use getaddrinfo, not gethostby*'				\
 	  $(_sc_search_regexp)
 
-# dirname and basename from <libgen.h> are not required to be thread-safe
-sc_prohibit_libgen:
-	@prohibit='( (base|dir)name *\(|include .libgen\.h)'		\
-	halt='use functions from gnulib "dirname.h", not <libgen.h>'	\
-	  $(_sc_search_regexp)
-
 # raw xmlGetProp requires some nasty casts
 sc_prohibit_xmlGetProp:
 	@prohibit='\<xmlGetProp *\('					\
 	halt='use virXMLPropString, not xmlGetProp'			\
 	  $(_sc_search_regexp)
 
-# xml(ParseURI|SaveUri) doesn't handle IPv6 URIs well
-sc_prohibit_xmlURI:
-	@prohibit='\<xml(ParseURI|SaveUri) *\('				\
-	halt='use virURI(Parse|Format), not xml(ParseURI|SaveUri)'	\
-	  $(_sc_search_regexp)
-
-# we don't want old old-style return with parentheses around argument
-sc_prohibit_return_as_function:
-	@prohibit='\<return *\(([^()]*(\([^()]*\)[^()]*)*)\) *;'    \
-	halt='avoid extra () with return statements'                \
-	  $(_sc_search_regexp)
-
 # ATTRIBUTE_UNUSED should only be applied in implementations, not
 # header declarations
 sc_avoid_attribute_unused_in_header:
@@ -546,35 +461,52 @@ sc_avoid_attribute_unused_in_header:
 	halt='use ATTRIBUTE_UNUSED in .c rather than .h files'		\
 	  $(_sc_search_regexp)
 
-sc_prohibit_int_ijk:
-	@prohibit='\<(int|unsigned) ([^(]* )*(i|j|k)(\s|,|;)'		\
-	halt='use size_t, not int/unsigned int for loop vars i, j, k'	\
-	  $(_sc_search_regexp)
-
-sc_prohibit_loop_iijjkk:
-	@prohibit='\<(int|unsigned) ([^=]+ )*(ii|jj|kk)(\s|,|;)'	\
-	halt='use i, j, k for loop iterators, not ii, jj, kk' 		\
-	  $(_sc_search_regexp)
-
-# RHEL 5 gcc can't grok "for (int i..."
-sc_prohibit_loop_var_decl:
-	@prohibit='\<for *\(\w+[ *]+\w+'				\
-	in_vc_files='\.[ch]$$'						\
-	halt='declare loop iterators outside the for statement'		\
-	  $(_sc_search_regexp)
-
 # Many of the function names below came from this filter:
 # git grep -B2 '\<_('|grep -E '\.c- *[[:alpha:]_][[:alnum:]_]* ?\(.*[,;]$' \
 # |sed 's/.*\.c-  *//'|perl -pe 's/ ?\(.*//'|sort -u \
 # |grep -vE '^(qsort|if|close|assert|fputc|free|N_|vir.*GetName|.*Unlock|virNodeListDevices|virHashRemoveEntry|freeaddrinfo|.*[fF]ree|xdrmem_create|xmlXPathFreeObject|virUUIDFormat|openvzSetProgramSentinal|polkit_action_unref)$'
 
 msg_gen_function =
+msg_gen_function += ESX_ERROR
+msg_gen_function += ESX_VI_ERROR
+msg_gen_function += HYPERV_ERROR
+msg_gen_function += PHYP_ERROR
 msg_gen_function += VIR_ERROR
+msg_gen_function += VMX_ERROR
+msg_gen_function += XENXS_ERROR
+msg_gen_function += eventReportError
+msg_gen_function += ifaceError
+msg_gen_function += interfaceReportError
+msg_gen_function += iptablesError
 msg_gen_function += lxcError
+msg_gen_function += libxlError
+msg_gen_function += macvtapError
+msg_gen_function += networkReportError
+msg_gen_function += nodeReportError
+msg_gen_function += openvzError
+msg_gen_function += pciReportError
+msg_gen_function += qemuReportError
+msg_gen_function += qemudDispatchClientFailure
 msg_gen_function += regerror
+msg_gen_function += remoteError
+msg_gen_function += remoteDispatchFormatError
+msg_gen_function += statsError
+msg_gen_function += streamsReportError
+msg_gen_function += usbReportError
+msg_gen_function += umlReportError
 msg_gen_function += vah_error
 msg_gen_function += vah_warning
+msg_gen_function += vboxError
+msg_gen_function += virCommandError
+msg_gen_function += virConfError
+msg_gen_function += virCPUReportError
+msg_gen_function += virEventError
+msg_gen_function += virDomainReportError
 msg_gen_function += virGenericReportError
+msg_gen_function += virHashError
+msg_gen_function += virHookReportError
+msg_gen_function += virInterfaceReportError
+msg_gen_function += virJSONError
 msg_gen_function += virLibConnError
 msg_gen_function += virLibDomainError
 msg_gen_function += virLibDomainSnapshotError
@@ -585,21 +517,39 @@ msg_gen_function += virLibNWFilterError
 msg_gen_function += virLibSecretError
 msg_gen_function += virLibStoragePoolError
 msg_gen_function += virLibStorageVolError
+msg_gen_function += virNetworkReportError
+msg_gen_function += virNodeDeviceReportError
+msg_gen_function += virNWFilterReportError
 msg_gen_function += virRaiseError
-msg_gen_function += virReportError
 msg_gen_function += virReportErrorHelper
 msg_gen_function += virReportSystemError
+msg_gen_function += virSecretReportError
+msg_gen_function += virSecurityReportError
+msg_gen_function += virSexprError
+msg_gen_function += virSmbiosReportError
+msg_gen_function += virSocketError
+msg_gen_function += virStatsError
+msg_gen_function += virStorageReportError
+msg_gen_function += virUtilError
+msg_gen_function += virXMLError
+msg_gen_function += virXenInotifyError
+msg_gen_function += virXenStoreError
+msg_gen_function += virXendError
+msg_gen_function += vmwareError
 msg_gen_function += xenapiSessionErrorHandler
+msg_gen_function += xenUnifiedError
+msg_gen_function += xenXMError
 
 # Uncomment the following and run "make syntax-check" to see diagnostics
 # that are not yet marked for translation, but that need to be rewritten
 # so that they are translatable.
 # msg_gen_function += fprintf
 # msg_gen_function += testError
+# msg_gen_function += virXenError
 # msg_gen_function += vshPrint
 # msg_gen_function += vshError
 
-func_or := $(shell echo $(msg_gen_function)|tr -s ' ' '|')
+func_or := $(shell printf '$(msg_gen_function)'|tr -s '[[:space:]]' '|')
 func_re := ($(func_or))
 
 # Look for diagnostics that aren't marked for translation.
@@ -608,13 +558,14 @@ func_re := ($(func_or))
 #    _("...: "
 #    "%s", _("no storage vol w..."
 sc_libvirt_unmarked_diagnostics:
-	@prohibit='\<$(func_re) *\([^"]*"[^"]*[a-z]{3}'			\
-	exclude='_\('							\
-	halt='found unmarked diagnostic(s)'				\
-	  $(_sc_search_regexp)
+	@grep -nE							\
+	    '\<$(func_re) *\([^"]*"[^"]*[a-z]{3}' $$($(VC_LIST_EXCEPT))	\
+	  | grep -v '_''(' &&						\
+	  { echo '$(ME): found unmarked diagnostic(s)' 1>&2;		\
+	    exit 1; } || :
 	@{ grep     -nE '\<$(func_re) *\(.*;$$' $$($(VC_LIST_EXCEPT));   \
 	   grep -A1 -nE '\<$(func_re) *\(.*,$$' $$($(VC_LIST_EXCEPT)); } \
-	   | sed 's/_("\([^\"]\|\\.\)\+"//;s/[	 ]"%s"//'		\
+	   | sed 's/_("[^"][^"]*"//;s/[	 ]"%s"//'			\
 	   | grep '[	 ]"' &&						\
 	  { echo '$(ME): found unmarked diagnostic(s)' 1>&2;		\
 	    exit 1; } || :
@@ -633,39 +584,6 @@ sc_prohibit_newline_at_end_of_diagnostic:
 	  && { echo '$(ME): newline at end of message(s)' 1>&2;		\
 	    exit 1; } || :
 
-# Look for diagnostics that lack a % in the format string, except that we
-# allow VIR_ERROR to do this, and ignore functions that take a single
-# string rather than a format argument.
-sc_prohibit_diagnostic_without_format:
-	@{ grep     -nE '\<$(func_re) *\(.*;$$' $$($(VC_LIST_EXCEPT));   \
-	   grep -A2 -nE '\<$(func_re) *\(.*,$$' $$($(VC_LIST_EXCEPT)); } \
-	   | sed -rn -e ':l; /[,"]$$/ {N;b l;}'				 \
-		-e '/(xenapiSessionErrorHandler|vah_(error|warning))/d'	 \
-		-e '/\<$(func_re) *\([^"]*"([^%"]|"\n[^"]*")*"[,)]/p'	 \
-           | grep -vE 'VIR_ERROR' &&					 \
-	  { echo '$(ME): found diagnostic without %' 1>&2;		 \
-	    exit 1; } || :
-
-# The strings "" and "%s" should never be marked for translation.
-# Files under tests/ and examples/ should not be translated.
-sc_prohibit_useless_translation:
-	@prohibit='_\("(%s)?"\)'					\
-	halt='found useless translation'				\
-	  $(_sc_search_regexp)
-	@prohibit='\<N?_ *\('						\
-	in_vc_files='^(tests|examples)/'				\
-	halt='no translations in tests or examples'			\
-	  $(_sc_search_regexp)
-
-# When splitting a diagnostic across lines, ensure that there is a space
-# or \n on one side of the split.
-sc_require_whitespace_in_translation:
-	@grep -n -A1 '"$$' $$($(VC_LIST_EXCEPT))   			\
-	   | sed -ne ':l; /"$$/ {N;b l;}; s/"\n[^"]*"/""/g; s/\\n/ /g'	\
-		-e '/_(.*[^\ ]""[^\ ]/p' | grep . &&			\
-	  { echo '$(ME): missing whitespace at line split' 1>&2;	\
-	    exit 1; } || :
-
 # Enforce recommended preprocessor indentation style.
 sc_preprocessor_indentation:
 	@if cppi --version >/dev/null 2>&1; then			\
@@ -676,44 +594,6 @@ sc_preprocessor_indentation:
 	  echo '$(ME): skipping test $@: cppi not installed' 1>&2;	\
 	fi
 
-# Enforce similar spec file indentation style, by running cppi on a
-# (comment-only) C file that mirrors the same layout as the spec file.
-sc_spec_indentation:
-	@if cppi --version >/dev/null 2>&1; then			\
-	  for f in $$($(VC_LIST_EXCEPT) | grep '\.spec\.in$$'); do	\
-	    sed -e 's|#|// #|; s|%ifn*\(arch\)* |#if a // |'		\
-		-e 's/%\(else\|endif\|define\)/#\1/'			\
-		-e 's/^\( *\)\1\1\1#/#\1/'				\
-		-e 's|^\( *[^#/ ]\)|// \1|; s|^\( */[^/]\)|// \1|' $$f	\
-	    | cppi -a -c 2>&1 | sed "s|standard input|$$f|";		\
-	  done | { if grep . >&2; then false; else :; fi; }		\
-	    || { echo '$(ME): incorrect preprocessor indentation' 1>&2;	\
-		exit 1; };						\
-	else								\
-	  echo '$(ME): skipping test $@: cppi not installed' 1>&2;	\
-	fi
-
-# Nested conditionals are easier to understand if we enforce that endifs
-# can be paired back to the if
-sc_makefile_conditionals:
-	@prohibit='(else|endif)($$| *#)'				\
-	in_vc_files='Makefile\.am'					\
-	halt='match "if FOO" with "endif FOO" in Makefiles'		\
-	  $(_sc_search_regexp)
-
-# Long lines can be harder to diff; too long, and git send-email chokes.
-# For now, only enforce line length on files where we have intentionally
-# fixed things and don't want to regress.
-sc_prohibit_long_lines:
-	@prohibit='.{90}'						\
-	in_vc_files='\.arg[sv]'						\
-	halt='Wrap long lines in expected output files'			\
-	  $(_sc_search_regexp)
-	@prohibit='.{80}'						\
-	in_vc_files='Makefile\.am'					\
-	halt='Wrap long lines in Makefiles'				\
-	  $(_sc_search_regexp)
-
 sc_copyright_format:
 	@require='Copyright .*Red 'Hat', Inc\.'				\
 	containing='Copyright .*Red 'Hat				\
@@ -726,24 +606,6 @@ sc_copyright_format:
 	halt='spell Red Hat as two words'				\
 	  $(_sc_search_regexp)
 
-# Prefer the new URL listing over the old street address listing when
-# calling out where to get a copy of the [L]GPL.  Also, while we have
-# to ship COPYING (GPL) alongside COPYING.LESSER (LGPL), we want any
-# source file that calls out a top-level file to call out the LGPL
-# version.  Note that our typical copyright boilerplate refers to the
-# license by name, not by reference to a top-level file.
-sc_copyright_usage:
-	@prohibit=Boston,' MA'						\
-	halt='Point to <http://www.gnu.org/licenses/>, not an address'	\
-	  $(_sc_search_regexp)
-	@require='COPYING\.LESSER'					\
-	containing='COPYING'						\
-	halt='Refer to COPYING.LESSER for LGPL'				\
-	  $(_sc_search_regexp)
-	@prohibit='COPYING\.LIB'					\
-	halt='Refer to COPYING.LESSER for LGPL'				\
-	  $(_sc_search_regexp)
-
 # Some functions/macros produce messages intended solely for developers
 # and maintainers.  Do not mark them for translation.
 sc_prohibit_gettext_markup:
@@ -751,112 +613,6 @@ sc_prohibit_gettext_markup:
 	halt='do not mark these strings for translation'		\
 	  $(_sc_search_regexp)
 
-# Our code is divided into modular subdirectories for a reason, and
-# lower-level code must not include higher-level headers.
-cross_dirs=$(patsubst $(srcdir)/src/%.,%,$(wildcard $(srcdir)/src/*/.))
-cross_dirs_re=($(subst / ,/|,$(cross_dirs)))
-sc_prohibit_cross_inclusion:
-	@for dir in $(cross_dirs); do					\
-	  case $$dir in							\
-	    util/) safe="util";;					\
-	    locking/)							\
-	      safe="($$dir|util|conf|rpc)";;				\
-	    cpu/ | locking/ | network/ | rpc/ | security/)		\
-	      safe="($$dir|util|conf)";;				\
-	    xenapi/ | xenxs/ ) safe="($$dir|util|conf|xen)";;		\
-	    *) safe="($$dir|util|conf|cpu|network|locking|rpc|security)";; \
-	  esac;								\
-	  in_vc_files="^src/$$dir"					\
-	  prohibit='^# *include .$(cross_dirs_re)'			\
-	  exclude="# *include .$$safe"					\
-	  halt='unsafe cross-directory include'				\
-	    $(_sc_search_regexp)					\
-	done
-
-# When converting an enum to a string, make sure that we track any new
-# elements added to the enum by using a _LAST marker.
-sc_require_enum_last_marker:
-	@grep -A1 -nE '^[^#]*VIR_ENUM_IMPL *\(' $$($(VC_LIST_EXCEPT))	\
-	   | sed -ne '/VIR_ENUM_IMPL[^,]*,$$/N'				\
-	     -e '/VIR_ENUM_IMPL[^,]*,[^,]*[^_,][^L,][^A,][^S,][^T,],/p'	\
-	     -e '/VIR_ENUM_IMPL[^,]*,[^,]\{0,4\},/p'			\
-	   | grep . &&							\
-	  { echo '$(ME): enum impl needs to use _LAST marker' 1>&2;	\
-	    exit 1; } || :
-
-# In Python files we don't want to end lines with a semicolon like in C
-sc_prohibit_semicolon_at_eol_in_python:
-	@prohibit='^[^#].*\;$$'			                        \
-	in_vc_files='\.py$$'						\
-	halt="Don't use semicolon at eol in python files"		\
-	  $(_sc_search_regexp)
-
-# mymain() in test files should use return, not exit, for nicer output
-sc_prohibit_exit_in_tests:
-	@prohibit='\<exit *\('						\
-	in_vc_files='^tests/'						\
-	halt='use return, not exit(), in tests'				\
-	  $(_sc_search_regexp)
-
-# Don't include duplicate header in the source (either *.c or *.h)
-sc_prohibit_duplicate_header:
-	@fail=0; for i in $$($(VC_LIST_EXCEPT) | grep '\.[chx]$$'); do	\
-	  awk '/# *include.*\.h/ {					\
-	    match($$0, /[<"][^>"]*[">]/);				\
-	    arr[substr($$0, RSTART + 1, RLENGTH - 2)]++;		\
-	  }								\
-	  END {								\
-	    for (key in arr) {						\
-	      if (arr[key] > 1)	{					\
-		fail=1;							\
-		printf("%d %s are included\n", arr[key], key);		\
-	      }								\
-	    }								\
-	    if (fail == 1) {						\
-	      printf("duplicate header(s) in " FILENAME "\n");		\
-	      exit 1;							\
-	    }								\
-	  }' $$i || fail=1;						\
-	done;								\
-	if test $$fail -eq 1; then					\
-	  { echo '$(ME): avoid duplicate headers' 1>&2; exit 1; }	\
-	fi;
-
-# Don't include "libvirt/*.h" in "" form.
-sc_prohibit_include_public_headers_quote:
-	@prohibit='# *include *"libvirt/.*\.h"'				\
-	in_vc_files='\.[ch]$$'						\
-	halt='Do not include libvirt/*.h in internal source'		\
-	  $(_sc_search_regexp)
-
-# Don't include "libvirt/*.h" in <> form. Except for external tools,
-# e.g. Python binding, examples and tools subdirectories.
-sc_prohibit_include_public_headers_brackets:
-	@prohibit='# *include *<libvirt/.*\.h>'				\
-	in_vc_files='\.[ch]$$'						\
-	halt='Do not include libvirt/*.h in internal source'		\
-	  $(_sc_search_regexp)
-
-# <config.h> is only needed in .c files; .h files do not need it since
-# .c files must include config.h before any other .h.
-sc_prohibit_config_h_in_headers:
-	@prohibit='^# *include\>.*config\.h'				\
-	in_vc_files='\.h$$'						\
-	halt='headers should not include <config.h>'			\
-	  $(_sc_search_regexp)
-
-sc_prohibit_unbounded_arrays_in_rpc:
-	@prohibit='<>'							\
-	in_vc_files='\.x$$'						\
-	halt='Arrays in XDR must have a upper limit set for <NNN>'	\
-	  $(_sc_search_regexp)
-
-sc_prohibit_getenv:
-	@prohibit='\b(secure_)?getenv *\('				\
-	exclude='exempt from syntax-check'				\
-	halt='Use virGetEnv{Allow,Block}SUID instead of getenv'		\
-	  $(_sc_search_regexp)
-
 # We don't use this feature of maint.mk.
 prev_version_file = /dev/null
 
@@ -870,29 +626,37 @@ ifeq (0,$(MAKELEVEL))
   #  b653eda3ac4864de205419d9f41eec267cb89eeb .gnulib (v0.0-2286-gb653eda)
   # $ cat .git-module-status
   # b653eda3ac4864de205419d9f41eec267cb89eeb
-  #
-  # Keep this logic in sync with autogen.sh.
   _submodule_hash = sed 's/^[ +-]//;s/ .*//'
   _update_required := $(shell						\
       cd '$(srcdir)';							\
       test -d .git || { echo 0; exit; };				\
       test -f po/Makevars || { echo 1; exit; };				\
-      test -f AUTHORS || { echo 1; exit; };				\
-      test "no-git" = "$$(cat $(_curr_status))" && { echo 0; exit; };	\
       actual=$$(git submodule status | $(_submodule_hash);		\
 		git hash-object bootstrap.conf;				\
-		git ls-tree -d HEAD gnulib/local | awk '{print $$3}';	\
 		git diff .gnulib);					\
       stamp="$$($(_submodule_hash) $(_curr_status) 2>/dev/null)";	\
       test "$$stamp" = "$$actual"; echo $$?)
   _clean_requested = $(filter %clean,$(MAKECMDGOALS))
   ifeq (1,$(_update_required)$(_clean_requested))
     $(info INFO: gnulib update required; running ./autogen.sh first)
-    $(shell touch $(srcdir)/AUTHORS $(srcdir)/ChangeLog)
-maint.mk Makefile: _autogen
+Makefile: _autogen
   endif
 endif
 
+# Give credit where due:
+# Ensure that each commit author email address (possibly mapped via
+# git log's .mailmap) appears in our AUTHORS file.
+sc_check_author_list:
+	@fail=0;							\
+	for i in $$(git log --pretty=format:%aE%n|sort -u|grep -v '^$$'); do \
+	  sanitized=$$(echo "$$i"|LC_ALL=C sed 's/\([^a-zA-Z0-9_@-]\)/\\\1/g'); \
+	  grep -iq "<$$sanitized>" $(srcdir)/AUTHORS			\
+	    || { printf '%s\n' "$$i" >&2; fail=1; };			\
+	done;								\
+	test $$fail = 1							\
+	  && echo '$(ME): committer(s) not listed in AUTHORS' >&2;	\
+	test $$fail = 0
+
 # It is necessary to call autogen any time gnulib changes.  Autogen
 # reruns configure, then we regenerate all Makefiles at once.
 .PHONY: _autogen
@@ -901,13 +665,7 @@ _autogen:
 	./config.status
 
 # regenerate HACKING as part of the syntax-check
-syntax-check: $(top_srcdir)/HACKING bracket-spacing-check
-
-bracket-spacing-check:
-	$(AM_V_GEN)files=`$(VC_LIST) | grep '\.c$$'`; \
-	$(PERL) $(top_srcdir)/build-aux/bracket-spacing.pl $$files || \
-	  { echo '$(ME): incorrect whitespace, see HACKING for rules' 1>&2; \
-	    exit 1; }
+syntax-check: $(top_srcdir)/HACKING
 
 # sc_po_check can fail if generated files are not built first
 sc_po_check: \
@@ -922,109 +680,69 @@ $(srcdir)/src/remote/remote_client_bodies.h: $(srcdir)/src/remote/remote_protoco
 	$(MAKE) -C src remote/remote_client_bodies.h
 
 # List all syntax-check exemptions:
-exclude_file_name_regexp--sc_avoid_strcase = ^tools/virsh\.h$$
+exclude_file_name_regexp--sc_avoid_strcase = ^tools/virsh\.c$$
 
-_src1=libvirt|fdstream|qemu/qemu_monitor|util/(vircommand|virfile)|xen/xend_internal|rpc/virnetsocket|lxc/lxc_controller|locking/lock_daemon
-_test1=shunloadtest|virnettlscontexttest|virnettlssessiontest|vircgroupmock
+_src1=libvirt|fdstream|qemu/qemu_monitor|util/(command|util)|xen/xend_internal|rpc/virnetsocket
 exclude_file_name_regexp--sc_avoid_write = \
-  ^(src/($(_src1))|daemon/libvirtd|tools/virsh-console|tests/($(_test1)))\.c$$
+  ^(src/($(_src1))|daemon/libvirtd|tools/console|tests/(shunload|virnettlscontext)test)\.c$$
 
 exclude_file_name_regexp--sc_bindtextdomain = ^(tests|examples)/
 
-exclude_file_name_regexp--sc_copyright_usage = \
-  ^COPYING(|\.LESSER)$$
-
-exclude_file_name_regexp--sc_flags_usage = ^(docs/|src/util/virnetdevtap\.c$$|tests/vircgroupmock\.c$$)
+exclude_file_name_regexp--sc_flags_usage = ^docs/
 
 exclude_file_name_regexp--sc_libvirt_unmarked_diagnostics = \
-  ^(src/rpc/gendispatch\.pl$$|tests/)
+  ^src/rpc/gendispatch\.pl$$
 
 exclude_file_name_regexp--sc_po_check = ^(docs/|src/rpc/gendispatch\.pl$$)
 
 exclude_file_name_regexp--sc_prohibit_VIR_ERR_NO_MEMORY = \
-  ^(include/libvirt/virterror\.h|daemon/dispatch\.c|src/util/virerror\.c)$$
+  ^(include/libvirt/virterror\.h|daemon/dispatch\.c|src/util/virterror\.c)$$
 
-exclude_file_name_regexp--sc_prohibit_access_xok = ^src/util/virutil\.c$$
+exclude_file_name_regexp--sc_prohibit_access_xok = ^src/util/util\.c$$
 
 exclude_file_name_regexp--sc_prohibit_always_true_header_tests = \
-  ^python/(libvirt-(lxc-|qemu-)?override|typewrappers)\.c$$
+  ^python/(libvirt-(qemu-)?override|typewrappers)\.c$$
 
 exclude_file_name_regexp--sc_prohibit_asprintf = \
-  ^(bootstrap.conf$$|src/util/virstring\.[ch]$$|examples/domain-events/events-c/event-test\.c$$|tests/vircgroupmock\.c$$)
-
-exclude_file_name_regexp--sc_prohibit_strdup = \
-  ^(docs/|examples/|python/|src/util/virstring\.c|tests/virnetserverclientmock.c$$)
+  ^(bootstrap.conf$$|src/util/util\.c$$|examples/domain-events/events-c/event-test\.c$$)
 
 exclude_file_name_regexp--sc_prohibit_close = \
-  (\.p[yl]$$|^docs/|^(src/util/virfile\.c|src/libvirt\.c|tests/vircgroupmock\.c)$$)
+  (\.p[yl]$$|^docs/|^(src/util/virfile\.c|src/libvirt\.c)$$)
 
 exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF = \
-  (^tests/(qemuhelp|nodeinfo)data/|\.(gif|ico|png|diff)$$)
+  (^tests/qemuhelpdata/|\.(gif|ico|png)$$)
 
-_src2=src/(util/vircommand|libvirt|lxc/lxc_controller|locking/lock_daemon)
+_src2=src/(util/command|libvirt|lxc/lxc_controller)
 exclude_file_name_regexp--sc_prohibit_fork_wrappers = \
   (^($(_src2)|tests/testutils|daemon/libvirtd)\.c$$)
 
-exclude_file_name_regexp--sc_prohibit_gethostname = ^src/util/virutil\.c$$
+exclude_file_name_regexp--sc_prohibit_gethostname = ^src/util/util\.c$$
 
 exclude_file_name_regexp--sc_prohibit_internal_functions = \
-  ^src/(util/(viralloc|virutil|virfile)\.[hc]|esx/esx_vi\.c)$$
+  ^src/(util/(memory|util|virfile)\.[hc]|esx/esx_vi\.c)$$
 
 exclude_file_name_regexp--sc_prohibit_newline_at_end_of_diagnostic = \
   ^src/rpc/gendispatch\.pl$$
 
 exclude_file_name_regexp--sc_prohibit_nonreentrant = \
-  ^((po|tests)/|docs/.*(py|html\.in)|run.in$$)
+  ^((po|tests)/|docs/.*py$$|tools/(virsh|console)\.c$$)
 
-exclude_file_name_regexp--sc_prohibit_raw_allocation = \
-  ^(docs/hacking\.html\.in)|(src/util/viralloc\.[ch]|examples/.*|tests/securityselinuxhelper\.c|tests/vircgroupmock\.c)$$
+exclude_file_name_regexp--sc_prohibit_readlink = ^src/util/util\.c$$
 
-exclude_file_name_regexp--sc_prohibit_readlink = \
-  ^src/(util/virutil|lxc/lxc_container)\.c$$
+exclude_file_name_regexp--sc_prohibit_setuid = ^src/util/util\.c$$
 
-exclude_file_name_regexp--sc_prohibit_setuid = ^src/util/virutil\.c$$
+exclude_file_name_regexp--sc_prohibit_sprintf = ^docs/hacking\.html\.in$$
 
-exclude_file_name_regexp--sc_prohibit_sprintf = \
-  ^(docs/hacking\.html\.in)|(examples/systemtap/.*stp)|(src/dtrace2systemtap\.pl)|(src/rpc/gensystemtap\.pl)$$
+exclude_file_name_regexp--sc_prohibit_strncpy = \
+  ^(src/util/util|tools/virsh)\.c$$
 
-exclude_file_name_regexp--sc_prohibit_strncpy = ^src/util/virstring\.c$$
+exclude_file_name_regexp--sc_prohibit_xmlGetProp = ^src/util/xml\.c$$
 
-exclude_file_name_regexp--sc_prohibit_strtol = \
-  ^src/(util/virsexpr|(vbox|xen|xenxs)/.*)\.c$$
+exclude_file_name_regexp--sc_require_config_h = ^examples/
 
-exclude_file_name_regexp--sc_prohibit_xmlGetProp = ^src/util/virxml\.c$$
+exclude_file_name_regexp--sc_require_config_h_first = ^examples/
 
-exclude_file_name_regexp--sc_prohibit_xmlURI = ^src/util/viruri\.c$$
-
-exclude_file_name_regexp--sc_prohibit_return_as_function = \.py$$
-
-exclude_file_name_regexp--sc_require_config_h = \
-	^(examples/|tools/virsh-edit\.c$$)
-
-exclude_file_name_regexp--sc_require_config_h_first = \
-	^(examples/|tools/virsh-edit\.c$$)
-
-exclude_file_name_regexp--sc_trailing_blank = \
-  (/qemuhelpdata/|/sysinfodata/.*\.data|\.(fig|gif|ico|png)$$)
+exclude_file_name_regexp--sc_trailing_blank = \.(fig|gif|ico|png)$$
 
 exclude_file_name_regexp--sc_unmarked_diagnostics = \
   ^(docs/apibuild.py|tests/virt-aa-helper-test)$$
-
-exclude_file_name_regexp--sc_size_of_brackets = cfg.mk
-
-exclude_file_name_regexp--sc_correct_id_types = \
-  (^src/locking/lock_protocol.x$$)
-
-exclude_file_name_regexp--sc_m4_quote_check = m4/virt-lib.m4
-
-exclude_file_name_regexp--sc_prohibit_include_public_headers_quote = \
-  ^src/internal\.h$$
-
-exclude_file_name_regexp--sc_prohibit_include_public_headers_brackets = \
-  ^(python/|tools/|examples/|include/libvirt/(virterror|libvirt-(qemu|lxc))\.h$$)
-
-exclude_file_name_regexp--sc_prohibit_int_ijk = \
-  ^(src/remote_protocol-structs|src/remote/remote_protocol.x|cfg.mk|include/)$
-
-exclude_file_name_regexp--sc_prohibit_getenv = \
-  ^tests/.*\.[ch]$$

config-post.h

@@ -1,45 +0,0 @@
-/*
- * Copyright (C) 2013 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library.  If not, see
- * <http://www.gnu.org/licenses/>.
- */
-
-/*
- * Since virt-login-shell will be setuid, we must do everything
- * we can to avoid linking to other libraries. Many of them do
- * unsafe things in functions marked __atttribute__((constructor)).
- * The only way avoid to avoid such deps is to re-compile the
- * functions with the code in question disabled, and for that we
- * must override the main config.h rules. Hence this file :-(
- */
-
-#ifdef LIBVIRT_SETUID_RPC_CLIENT
-# undef HAVE_LIBDEVMAPPER_H
-# undef HAVE_LIBNL
-# undef HAVE_LIBNL3
-# undef HAVE_LIBSASL2
-# undef WITH_CAPNG
-# undef WITH_CURL
-# undef WITH_DTRACE_PROBES
-# undef WITH_GNUTLS
-# undef WITH_GNUTLS_GCRYPT
-# undef WITH_MACVTAP
-# undef WITH_NUMACTL
-# undef WITH_SASL
-# undef WITH_SSH2
-# undef WITH_VIRTUALPORT
-# undef WITH_YAJL
-# undef WITH_YAJL2
-#endif

daemon/.gitignore

@@ -0,0 +1,14 @@
+*.la
+*.lo
+.deps
+.libs
+Makefile
+Makefile.in
+libvirt_qemud
+libvirtd
+libvirtd.init
+libvirtd*.logrotate
+libvirtd.8
+libvirtd.8.in
+libvirtd.pod
+probes.h

daemon/Makefile.am

@@ -1,118 +1,72 @@
 ## Process this file with automake to produce Makefile.in
 
-## Copyright (C) 2005-2013 Red Hat, Inc.
-##
-## This library is free software; you can redistribute it and/or
-## modify it under the terms of the GNU Lesser General Public
-## License as published by the Free Software Foundation; either
-## version 2.1 of the License, or (at your option) any later version.
-##
-## This library is distributed in the hope that it will be useful,
-## but WITHOUT ANY WARRANTY; without even the implied warranty of
-## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-## Lesser General Public License for more details.
-##
-## You should have received a copy of the GNU Lesser General Public
-## License along with this library.  If not, see
-## <http://www.gnu.org/licenses/>.
+## Copyright (C) 2005-2011 Red Hat, Inc.
+## See COPYING.LIB for the License of this software
 
 INCLUDES = \
-	-I$(top_builddir)/gnulib/lib -I$(top_srcdir)/gnulib/lib \
-	-I$(top_srcdir) \
-	-I$(top_builddir)/include -I$(top_srcdir)/include \
-	-I$(top_builddir)/src -I$(top_srcdir)/src \
+	-I$(top_srcdir)/gnulib/lib -I../gnulib/lib \
+	-I$(top_srcdir)/include -I$(top_builddir)/include \
+	-I$(top_srcdir)/src \
 	-I$(top_srcdir)/src/util \
 	-I$(top_srcdir)/src/conf \
 	-I$(top_srcdir)/src/rpc \
 	-I$(top_srcdir)/src/remote \
-	-I$(top_srcdir)/src/access \
 	$(GETTEXT_CPPFLAGS)
 
 CLEANFILES =
 
-DAEMON_GENERATED =			\
-		remote_dispatch.h	\
-		lxc_dispatch.h		\
-		qemu_dispatch.h		\
-		$(NULL)
+DAEMON_GENERATED =					\
+		$(srcdir)/remote_dispatch.h		\
+		$(srcdir)/qemu_dispatch.h
 
 DAEMON_SOURCES =					\
 		libvirtd.c libvirtd.h			\
 		remote.c remote.h			\
 		stream.c stream.h			\
+		../src/remote/remote_protocol.c		\
+		../src/remote/qemu_protocol.c		\
 		$(DAEMON_GENERATED)
 
-LIBVIRTD_CONF_SOURCES = libvirtd-config.c libvirtd-config.h
-
 DISTCLEANFILES =
 EXTRA_DIST =						\
 	remote_dispatch.h				\
-	lxc_dispatch.h					\
 	qemu_dispatch.h					\
 	libvirtd.conf					\
 	libvirtd.init.in				\
 	libvirtd.upstart				\
-	libvirtd.policy.in				\
+	libvirtd.policy-0				\
+	libvirtd.policy-1				\
 	libvirtd.sasl					\
-	libvirtd.service.in				\
 	libvirtd.sysconf				\
-	libvirtd.sysctl					\
 	libvirtd.aug                                    \
 	libvirtd.logrotate.in                           \
 	libvirtd.qemu.logrotate.in                      \
 	libvirtd.lxc.logrotate.in                       \
 	libvirtd.uml.logrotate.in                       \
-	test_libvirtd.aug.in                             \
+	test_libvirtd.aug                               \
 	THREADS.txt					\
 	libvirtd.pod.in					\
 	libvirtd.8.in					\
-	$(DAEMON_SOURCES)				\
-	$(LIBVIRTD_CONF_SOURCES)			\
-	$(NULL)
+	libvirtd.stp					\
+	$(DAEMON_SOURCES)
 
 BUILT_SOURCES =
 
 REMOTE_PROTOCOL = $(top_srcdir)/src/remote/remote_protocol.x
-LXC_PROTOCOL = $(top_srcdir)/src/remote/lxc_protocol.x
 QEMU_PROTOCOL = $(top_srcdir)/src/remote/qemu_protocol.x
 
-remote_dispatch.h: $(srcdir)/../src/rpc/gendispatch.pl \
+$(srcdir)/remote_dispatch.h: $(srcdir)/../src/rpc/gendispatch.pl \
 		$(REMOTE_PROTOCOL)
-	$(AM_V_GEN)$(PERL) -w $(srcdir)/../src/rpc/gendispatch.pl \
-	  --mode=server remote REMOTE $(REMOTE_PROTOCOL) \
-	  > $(srcdir)/remote_dispatch.h
+	$(AM_V_GEN)perl -w $(srcdir)/../src/rpc/gendispatch.pl -b remote \
+	  $(REMOTE_PROTOCOL) > $@
 
-lxc_dispatch.h: $(srcdir)/../src/rpc/gendispatch.pl \
-		$(LXC_PROTOCOL)
-	$(AM_V_GEN)$(PERL) -w $(srcdir)/../src/rpc/gendispatch.pl \
-	  --mode=server lxc LXC $(LXC_PROTOCOL) \
-	  > $(srcdir)/lxc_dispatch.h
-
-qemu_dispatch.h: $(srcdir)/../src/rpc/gendispatch.pl \
+$(srcdir)/qemu_dispatch.h: $(srcdir)/../src/rpc/gendispatch.pl \
 		$(QEMU_PROTOCOL)
-	$(AM_V_GEN)$(PERL) -w $(srcdir)/../src/rpc/gendispatch.pl \
-	  --mode=server qemu QEMU $(QEMU_PROTOCOL) \
-	  > $(srcdir)/qemu_dispatch.h
+	$(AM_V_GEN)perl -w $(srcdir)/../src/rpc/gendispatch.pl -b qemu \
+	  $(QEMU_PROTOCOL) > $@
 
 if WITH_LIBVIRTD
 
-# Build a convenience library, for reuse in tests/libvirtdconftest
-noinst_LTLIBRARIES = libvirtd_conf.la
-libvirtd_conf_la_SOURCES = $(LIBVIRTD_CONF_SOURCES)
-libvirtd_conf_la_CFLAGS = \
-	$(LIBXML_CFLAGS) \
-	$(XDR_CFLAGS) \
-	$(WARN_CFLAGS) $(PIE_CFLAGS) \
-	$(COVERAGE_CFLAGS) \
-	$(NULL)
-libvirtd_conf_la_LDFLAGS =				\
-	$(RELRO_LDFLAGS)				\
-	$(PIE_LDFLAGS)					\
-	$(COVERAGE_LDFLAGS)				\
-	$(NO_INDIRECT_LDFLAGS)				\
-	$(NULL)
-libvirtd_conf_la_LIBADD = $(LIBXML_LIBS)
-
 man8_MANS = libvirtd.8
 
 sbin_PROGRAMS = libvirtd
@@ -126,13 +80,12 @@ augeas_DATA = libvirtd.aug
 augeastestsdir = $(datadir)/augeas/lenses/tests
 augeastests_DATA = test_libvirtd.aug
 
-CLEANFILES += test_libvirtd.aug
-
 libvirtd.8: $(srcdir)/libvirtd.8.in
-	$(AM_V_GEN)sed \
-	    -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \
-	    -e 's|[@]localstatedir[@]|$(localstatedir)|g' \
-	    < $< > $@-t && \
+	sed \
+	    -e 's![@]sysconfdir[@]!$(sysconfdir)!g' \
+	    -e 's![@]localstatedir[@]!$(localstatedir)!g' \
+	    -e 's![@]remote_pid_file[@]!$(REMOTE_PID_FILE)!g' \
+	    < $< > $@-t
 	mv $@-t $@
 
 libvirtd_SOURCES = $(DAEMON_SOURCES)
@@ -140,136 +93,120 @@ libvirtd_SOURCES = $(DAEMON_SOURCES)
 #-D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_POSIX_C_SOURCE=199506L
 libvirtd_CFLAGS = \
 	$(LIBXML_CFLAGS) $(GNUTLS_CFLAGS) $(SASL_CFLAGS) \
-	$(XDR_CFLAGS) $(POLKIT_CFLAGS) $(DBUS_CFLAGS) $(LIBNL_CFLAGS) \
-	$(WARN_CFLAGS) $(PIE_CFLAGS) \
+	$(XDR_CFLAGS) $(POLKIT_CFLAGS) \
+	$(WARN_CFLAGS) \
 	$(COVERAGE_CFLAGS) \
-	-DQEMUD_PID_FILE="\"$(QEMUD_PID_FILE)\""
+	-DQEMUD_PID_FILE="\"$(QEMUD_PID_FILE)\"" \
+	-DREMOTE_PID_FILE="\"$(REMOTE_PID_FILE)\""
 
 libvirtd_LDFLAGS =					\
-	$(RELRO_LDFLAGS)				\
-	$(PIE_LDFLAGS)					\
-	$(COVERAGE_LDFLAGS)				\
-	$(NO_INDIRECT_LDFLAGS)				\
-	$(NULL)
+	$(WARN_CFLAGS)					\
+	$(COVERAGE_LDFLAGS)
 
 libvirtd_LDADD =					\
 	$(LIBXML_LIBS)					\
 	$(GNUTLS_LIBS)					\
 	$(SASL_LIBS)					\
-	$(DBUS_LIBS)					\
-	$(POLKIT_LIBS)					\
-	$(LIBNL_LIBS)
-
-if WITH_DTRACE_PROBES
-libvirtd_LDADD += ../src/libvirt_probes.lo
-endif WITH_DTRACE_PROBES
+	$(POLKIT_LIBS)
 
 libvirtd_LDADD += \
-	libvirtd_conf.la \
-	../src/libvirt-lxc.la \
-	../src/libvirt-qemu.la \
-	../src/libvirt_driver_remote.la \
-	$(NULL)
+	../src/libvirt-net-rpc-server.la \
+	../src/libvirt-net-rpc.la \
+	../src/libvirt-qemu.la
 
 if ! WITH_DRIVER_MODULES
 if WITH_QEMU
     libvirtd_LDADD += ../src/libvirt_driver_qemu.la
-if WITH_DTRACE_PROBES
-    libvirtd_LDADD += ../src/libvirt_qemu_probes.lo
-endif WITH_DTRACE_PROBES
-endif WITH_QEMU
+endif
 
 if WITH_LXC
     libvirtd_LDADD += ../src/libvirt_driver_lxc.la
-endif WITH_LXC
-
-if WITH_XEN
-    libvirtd_LDADD += ../src/libvirt_driver_xen.la
-endif WITH_XEN
+endif
 
 if WITH_LIBXL
     libvirtd_LDADD += ../src/libvirt_driver_libxl.la
-endif WITH_LIBXL
+endif
 
 if WITH_UML
     libvirtd_LDADD += ../src/libvirt_driver_uml.la
-endif WITH_UML
+endif
 
-if WITH_VBOX
-    libvirtd_LDADD += ../src/libvirt_driver_vbox.la
-endif WITH_VBOX
-
-if WITH_STORAGE
+if WITH_STORAGE_DIR
     libvirtd_LDADD += ../src/libvirt_driver_storage.la
-endif WITH_STORAGE
+endif
 
 if WITH_NETWORK
     libvirtd_LDADD += ../src/libvirt_driver_network.la
-endif WITH_NETWORK
+endif
 
-if WITH_INTERFACE
+if WITH_NETCF
     libvirtd_LDADD += ../src/libvirt_driver_interface.la
-endif WITH_INTERFACE
+endif
 
 if WITH_NODE_DEVICES
     libvirtd_LDADD += ../src/libvirt_driver_nodedev.la
-endif WITH_NODE_DEVICES
+endif
 
 if WITH_SECRETS
     libvirtd_LDADD += ../src/libvirt_driver_secret.la
-endif WITH_SECRETS
+endif
 
 if WITH_NWFILTER
     libvirtd_LDADD += ../src/libvirt_driver_nwfilter.la
-endif WITH_NWFILTER
-endif ! WITH_DRIVER_MODULES
+endif
+endif
 
 libvirtd_LDADD += ../src/libvirt.la
 
-if WITH_POLKIT
-if WITH_POLKIT0
+if HAVE_POLKIT
+if HAVE_POLKIT0
 policydir = $(datadir)/PolicyKit/policy
-policyauth = auth_admin_keep_session
-else ! WITH_POLKIT0
+policyfile = libvirtd.policy-0
+else
 policydir = $(datadir)/polkit-1/actions
-policyauth = auth_admin_keep
-endif ! WITH_POLKIT0
-endif WITH_POLKIT
+policyfile = libvirtd.policy-1
+endif
+endif
 
-libvirtd.policy: libvirtd.policy.in $(top_builddir)/config.status
-	$(AM_V_GEN) sed \
-	    -e 's|[@]authaction[@]|$(policyauth)|g' \
-	    < $< > $@-t && \
-	mv $@-t $@
-BUILT_SOURCES += libvirtd.policy
+if WITH_DTRACE
+libvirtd_LDADD += probes.o
+nodist_libvirtd_SOURCES = probes.h
 
-install-data-local: install-init-redhat install-init-systemd \
-		install-init-upstart \
-		install-data-sasl install-data-polkit \
-		install-logrotate install-sysctl
-	$(MKDIR_P) $(DESTDIR)$(localstatedir)/log/libvirt \
-		   $(DESTDIR)$(localstatedir)/run/libvirt \
-		   $(DESTDIR)$(localstatedir)/lib/libvirt
+BUILT_SOURCES += probes.h
 
-uninstall-local:: uninstall-init-redhat uninstall-init-systemd \
-		uninstall-init-upstart \
-		uninstall-data-sasl uninstall-data-polkit \
-		uninstall-logrotate uninstall-sysctl
+tapsetdir = $(datadir)/systemtap/tapset
+tapset_DATA = libvirtd.stp
+
+probes.h: probes.d
+	$(AM_V_GEN)$(DTRACE) -o $@ -h -s $<
+
+probes.o: probes.d
+	$(AM_V_GEN)$(DTRACE) -o $@ -G -s $<
+
+CLEANFILES += probes.h probes.o
+endif
+
+install-data-local: install-init install-data-sasl install-data-polkit \
+		    install-logrotate
+	mkdir -p $(DESTDIR)$(localstatedir)/log/libvirt
+	mkdir -p $(DESTDIR)$(localstatedir)/run/libvirt
+	mkdir -p $(DESTDIR)$(localstatedir)/lib/libvirt
+
+uninstall-local:: uninstall-init uninstall-data-sasl uninstall-data-polkit
 	rmdir $(DESTDIR)$(localstatedir)/log/libvirt || :
 	rmdir $(DESTDIR)$(localstatedir)/run/libvirt || :
 	rmdir $(DESTDIR)$(localstatedir)/lib/libvirt || :
 
-if WITH_POLKIT
-install-data-polkit::
-	$(MKDIR_P) $(DESTDIR)$(policydir)
-	$(INSTALL_DATA) libvirtd.policy $(DESTDIR)$(policydir)/org.libvirt.unix.policy
-uninstall-data-polkit::
+if HAVE_POLKIT
+install-data-polkit:: install-init
+	mkdir -p $(DESTDIR)$(policydir)
+	$(INSTALL_DATA) $(srcdir)/$(policyfile) $(DESTDIR)$(policydir)/org.libvirt.unix.policy
+uninstall-data-polkit:: install-init
 	rm -f $(DESTDIR)$(policydir)/org.libvirt.unix.policy
-	rmdir $(DESTDIR)$(policydir) || :
-else ! WITH_POLKIT
+else
 install-data-polkit::
 uninstall-data-polkit::
-endif ! WITH_POLKIT
+endif
 
 remote.c: $(DAEMON_GENERATED)
 remote.h: $(DAEMON_GENERATED)
@@ -280,191 +217,108 @@ LOGROTATE_CONFS = libvirtd.qemu.logrotate libvirtd.lxc.logrotate \
 BUILT_SOURCES += $(LOGROTATE_CONFS)
 
 libvirtd.logrotate: libvirtd.logrotate.in
-	$(AM_V_GEN)sed						\
-	    -e 's|[@]localstatedir[@]|$(localstatedir)|g'	\
-	    < $< > $@-t && \
+	sed							\
+	    -e 's![@]localstatedir[@]!$(localstatedir)!g'	\
+	    < $< > $@-t
 	mv $@-t $@
 
 libvirtd.qemu.logrotate: libvirtd.qemu.logrotate.in
-	$(AM_V_GEN)sed						\
-	    -e 's|[@]localstatedir[@]|$(localstatedir)|g'	\
-	    < $< > $@-t && \
+	sed							\
+	    -e 's![@]localstatedir[@]!$(localstatedir)!g'	\
+	    < $< > $@-t
 	mv $@-t $@
 
 libvirtd.lxc.logrotate: libvirtd.lxc.logrotate.in
 	$(AM_V_GEN)sed						\
-	    -e 's|[@]localstatedir[@]|$(localstatedir)|g'	\
+	    -e 's![@]localstatedir[@]!$(localstatedir)!g'	\
 	    < $< > $@-t &&					\
 	    mv $@-t $@
 
 libvirtd.uml.logrotate: libvirtd.uml.logrotate.in
 	$(AM_V_GEN)sed						\
-	    -e 's|[@]localstatedir[@]|$(localstatedir)|g'	\
+	    -e 's![@]localstatedir[@]!$(localstatedir)!g'	\
 	    < $< > $@-t &&					\
 	    mv $@-t $@
 
 install-logrotate: $(LOGROTATE_CONFS)
-	$(MKDIR_P) $(DESTDIR)$(localstatedir)/log/libvirt/qemu/ \
-		   $(DESTDIR)$(localstatedir)/log/libvirt/lxc/ \
-		   $(DESTDIR)$(localstatedir)/log/libvirt/uml/ \
-		   $(DESTDIR)$(sysconfdir)/logrotate.d/
-	$(INSTALL_DATA) libvirtd.logrotate \
-		$(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd
-	$(INSTALL_DATA) libvirtd.qemu.logrotate \
-		$(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.qemu
-	$(INSTALL_DATA) libvirtd.lxc.logrotate \
-		$(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.lxc
-	$(INSTALL_DATA) libvirtd.uml.logrotate \
-		$(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.uml
-
-uninstall-logrotate:
-	rm -f $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd \
-	      $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.qemu \
-	      $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.lxc \
-	      $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.uml
-	rmdir $(DESTDIR)$(localstatedir)/log/libvirt/qemu || :
-	rmdir $(DESTDIR)$(localstatedir)/log/libvirt/lxc || :
-	rmdir $(DESTDIR)$(localstatedir)/log/libvirt/uml || :
-	rmdir $(DESTDIR)$(sysconfdir)/logrotate.d || :
-
-install-sysconfig:
-	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/sysconfig
-	$(INSTALL_DATA) $(srcdir)/libvirtd.sysconf \
-	  $(DESTDIR)$(sysconfdir)/sysconfig/libvirtd
-uninstall-sysconfig:
-	rm -f $(DESTDIR)$(sysconfdir)/sysconfig/libvirtd
-	rmdir $(DESTDIR)$(sysconfdir)/sysconfig || :
-
-if WITH_SYSCTL
-# Use $(prefix)/lib rather than $(libdir), since man sysctl.d insists on
-# /usr/lib/sysctl.d/ even when libdir is /usr/lib64
-install-sysctl:
-	$(MKDIR_P) $(DESTDIR)$(prefix)/lib/sysctl.d
-	$(INSTALL_DATA) $(srcdir)/libvirtd.sysctl \
-	  $(DESTDIR)$(prefix)/lib/sysctl.d/libvirtd.conf
-
-uninstall-sysctl:
-	rm -f $(DESTDIR)$(prefix)/lib/sysctl.d/libvirtd.conf
-	rmdir $(DESTDIR)$(prefix)/lib/sysctl.d || :
-else ! WITH_SYSCTL
-install-sysctl:
-uninstall-sysctl:
-endif ! WITH_SYSCTL
+	mkdir -p $(DESTDIR)$(localstatedir)/log/libvirt/qemu/
+	mkdir -p $(DESTDIR)$(localstatedir)/log/libvirt/lxc/
+	mkdir -p $(DESTDIR)$(localstatedir)/log/libvirt/uml/
+	mkdir -p $(DESTDIR)$(sysconfdir)/logrotate.d/
+	$(INSTALL_DATA) libvirtd.logrotate $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd
+	$(INSTALL_DATA) libvirtd.qemu.logrotate $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.qemu
+	$(INSTALL_DATA) libvirtd.lxc.logrotate $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.lxc
+	$(INSTALL_DATA) libvirtd.uml.logrotate $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.uml
 
 if LIBVIRT_INIT_SCRIPT_RED_HAT
+install-init: libvirtd.init
+	mkdir -p $(DESTDIR)$(sysconfdir)/rc.d/init.d
+	$(INSTALL_SCRIPT) libvirtd.init \
+	  $(DESTDIR)$(sysconfdir)/rc.d/init.d/libvirtd
+	mkdir -p $(DESTDIR)$(sysconfdir)/sysconfig
+	$(INSTALL_DATA) $(srcdir)/libvirtd.sysconf \
+	  $(DESTDIR)$(sysconfdir)/sysconfig/libvirtd
+
+uninstall-init:
+	rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/libvirtd \
+		$(DESTDIR)$(sysconfdir)/sysconfig/libvirtd
 
 BUILT_SOURCES += libvirtd.init
 
-install-init-redhat: install-sysconfig libvirtd.init
-	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/rc.d/init.d
-	$(INSTALL_SCRIPT) libvirtd.init \
-	  $(DESTDIR)$(sysconfdir)/rc.d/init.d/libvirtd
-
-uninstall-init-redhat: uninstall-sysconfig
-	rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/libvirtd
-	rmdir $(DESTDIR)$(sysconfdir)/rc.d/init.d || :
-else ! LIBVIRT_INIT_SCRIPT_RED_HAT
-install-init-redhat:
-uninstall-init-redhat:
-endif ! LIBVIRT_INIT_SCRIPT_RED_HAT
-
-
-if LIBVIRT_INIT_SCRIPT_UPSTART
-
-install-init-upstart: install-sysconfig
-	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/event.d
-	$(INSTALL_SCRIPT) libvirtd.upstart \
-	  $(DESTDIR)$(sysconfdir)/event.d/libvirtd
-
-uninstall-init-upstart: uninstall-sysconfig
-	rm -f $(DESTDIR)$(sysconfdir)/event.d/libvirtd
-	rmdir $(DESTDIR)$(sysconfdir)/event.d || :
-else ! LIBVIRT_INIT_SCRIPT_UPSTART
-install-init-upstart:
-uninstall-init-upstart:
-endif ! LIBVIRT_INIT_SCRIPT_UPSTART
-
-
-if LIBVIRT_INIT_SCRIPT_SYSTEMD
-
-SYSTEMD_UNIT_DIR = /lib/systemd/system
-BUILT_SOURCES += libvirtd.service
-
-install-init-systemd: install-sysconfig libvirtd.service
-	$(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR)
-	$(INSTALL_DATA) libvirtd.service \
-	  $(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirtd.service
-
-uninstall-init-systemd: uninstall-sysconfig
-	rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirtd.service
-	rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) || :
-else ! LIBVIRT_INIT_SCRIPT_SYSTEMD
-install-init-systemd:
-uninstall-init-systemd:
-endif ! LIBVIRT_INIT_SCRIPT_SYSTEMD
-
 libvirtd.init: libvirtd.init.in $(top_builddir)/config.status
-	$(AM_V_GEN)sed						\
-	    -e 's|[@]localstatedir[@]|$(localstatedir)|g'	\
-	    -e 's|[@]sbindir[@]|$(sbindir)|g'			\
-	    -e 's|[@]sysconfdir[@]|$(sysconfdir)|g'		\
-	    < $< > $@-t &&					\
-	    chmod a+x $@-t &&					\
+	$(AM_V_GEN)sed					\
+	    -e s!\@localstatedir\@!$(localstatedir)!g	\
+	    -e s!\@sbindir\@!$(sbindir)!g		\
+	    -e s!\@sysconfdir\@!$(sysconfdir)!g		\
+	    < $< > $@-t &&				\
+	    chmod a+x $@-t &&				\
 	    mv $@-t $@
 
-libvirtd.service: libvirtd.service.in $(top_builddir)/config.status
-	$(AM_V_GEN)sed						\
-	    -e 's|[@]localstatedir[@]|$(localstatedir)|g'	\
-	    -e 's|[@]sbindir[@]|$(sbindir)|g'			\
-	    -e 's|[@]sysconfdir[@]|$(sysconfdir)|g'		\
-	    < $< > $@-t &&					\
-	    mv $@-t $@
-
-
-check-local: check-augeas
-
-AUG_GENTEST = $(PERL) $(top_srcdir)/build-aux/augeas-gentest.pl
-
-test_libvirtd.aug: test_libvirtd.aug.in $(srcdir)/libvirtd.conf
-	$(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/libvirtd.conf $< $@
-
-check-augeas: test_libvirtd.aug
+check-local:
 	$(AM_V_GEN)if test -x '$(AUGPARSE)'; then \
-	  '$(AUGPARSE)' -I $(srcdir) test_libvirtd.aug; \
+	  '$(AUGPARSE)' -I $(srcdir) $(srcdir)/test_libvirtd.aug; \
 	fi
 
+else
+
+install-init:
+uninstall-init:
+libvirtd.init:
+
+endif # LIBVIRT_INIT_SCRIPT_RED_HAT
 
 # This must be added last, since functions it provides/replaces
 # are used by nearly every other library.
 libvirtd_LDADD += ../gnulib/lib/libgnu.la $(LIBSOCKET)
 
-else ! WITH_LIBVIRTD
+else # WITH_LIBVIRTD
 install-data-local: install-data-sasl
 uninstall-local:: uninstall-data-sasl
-endif ! WITH_LIBVIRTD
+endif # WITH_LIBVIRTD
+
+# This is needed for 'make dist' too, so can't wrap in WITH_LIBVIRTD.
+EXTRA_DIST += probes.d libvirtd.stp
 
 POD2MAN = pod2man -c "Virtualization Support" \
 			-r "$(PACKAGE)-$(VERSION)" -s 8
 
-$(srcdir)/libvirtd.8.in: libvirtd.pod.in $(top_srcdir)/configure.ac
-	$(AM_V_GEN)$(POD2MAN) --name LIBVIRTD $< $@ \
-	    && if grep 'POD ERROR' $@ ; then rm $@; exit 1; fi
+$(srcdir)/libvirtd.8.in: libvirtd.pod.in
+	$(AM_V_GEN)$(POD2MAN) $< $@
 
 # This is needed for clients too, so can't wrap in
 # the WITH_LIBVIRTD conditional
-if WITH_SASL
+if HAVE_SASL
 install-data-sasl:
-	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/sasl2/
-	$(INSTALL_DATA) $(srcdir)/libvirtd.sasl \
-		$(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
+	mkdir -p $(DESTDIR)$(sysconfdir)/sasl2/
+	$(INSTALL_DATA) $(srcdir)/libvirtd.sasl $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
 
 uninstall-data-sasl:
 	rm -f $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
-	rmdir $(DESTDIR)$(sysconfdir)/sasl2/ || :
-else ! WITH_SASL
+	rmdir $(DESTDIR)$(sysconfdir)/sasl2/
+else
 install-data-sasl:
 uninstall-data-sasl:
-endif ! WITH_SASL
+endif
 
 
 CLEANFILES += $(BUILT_SOURCES) $(man8_MANS)

daemon/THREADS.txt

@@ -40,7 +40,7 @@ The server lock is used in conjunction with a condition variable
 to pass jobs from the event loop thread to the workers. The main
 event loop thread handles I/O from the client socket, and once a
 complete RPC message has been read off the wire (and optionally
-decrypted), it will be placed on the 'dx' job queue for the
+decrypted), it will be placed onto the 'dx' job queue for the
 associated client object. The job condition will be signalled and
 a worker will wakup and process it.
 

daemon/libvirtd-config.c

@@ -1,484 +0,0 @@
-/*
- * libvirtd.c: daemon start of day, guest process & i/o management
- *
- * Copyright (C) 2006-2012 Red Hat, Inc.
- * Copyright (C) 2006 Daniel P. Berrange
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library.  If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * Author: Daniel P. Berrange <berrange@redhat.com>
- */
-
-#include <config.h>
-
-#include "libvirtd-config.h"
-#include "virconf.h"
-#include "viralloc.h"
-#include "virerror.h"
-#include "virlog.h"
-#include "rpc/virnetserver.h"
-#include "configmake.h"
-#include "remote/remote_protocol.h"
-#include "remote/remote_driver.h"
-#include "virstring.h"
-#include "virutil.h"
-
-#define VIR_FROM_THIS VIR_FROM_CONF
-
-/* Allocate an array of malloc'd strings from the config file, filename
- * (used only in diagnostics), using handle "conf".  Upon error, return -1
- * and free any allocated memory.  Otherwise, save the array in *list_arg
- * and return 0.
- */
-static int
-remoteConfigGetStringList(virConfPtr conf, const char *key, char ***list_arg,
-                          const char *filename)
-{
-    char **list;
-    virConfValuePtr p = virConfGetValue(conf, key);
-    if (!p)
-        return 0;
-
-    switch (p->type) {
-    case VIR_CONF_STRING:
-        if (VIR_ALLOC_N(list, 2) < 0) {
-            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                           _("failed to allocate memory for %s config list"),
-                           key);
-            return -1;
-        }
-        if (VIR_STRDUP(list[0], p->str) < 0) {
-            VIR_FREE(list);
-            return -1;
-        }
-        list[1] = NULL;
-        break;
-
-    case VIR_CONF_LIST: {
-        int len = 0;
-        size_t i;
-        virConfValuePtr pp;
-        for (pp = p->list; pp; pp = pp->next)
-            len++;
-        if (VIR_ALLOC_N(list, 1+len) < 0) {
-            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                           _("failed to allocate memory for %s config list"),
-                           key);
-            return -1;
-        }
-        for (i = 0, pp = p->list; pp; ++i, pp = pp->next) {
-            if (pp->type != VIR_CONF_STRING) {
-                virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                               _("remoteReadConfigFile: %s: %s:"
-                                 " must be a string or list of strings"),
-                               filename, key);
-                VIR_FREE(list);
-                return -1;
-            }
-            if (VIR_STRDUP(list[i], pp->str) < 0) {
-                size_t j;
-                for (j = 0; j < i; j++)
-                    VIR_FREE(list[j]);
-                VIR_FREE(list);
-                return -1;
-            }
-
-        }
-        list[i] = NULL;
-        break;
-    }
-
-    default:
-        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                       _("remoteReadConfigFile: %s: %s:"
-                         " must be a string or list of strings"),
-                       filename, key);
-        return -1;
-    }
-
-    *list_arg = list;
-    return 0;
-}
-
-/* A helper function used by each of the following macros.  */
-static int
-checkType(virConfValuePtr p, const char *filename,
-          const char *key, virConfType required_type)
-{
-    if (p->type != required_type) {
-        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                       _("remoteReadConfigFile: %s: %s: invalid type:"
-                         " got %s; expected %s"), filename, key,
-                       virConfTypeName(p->type),
-                       virConfTypeName(required_type));
-        return -1;
-    }
-    return 0;
-}
-
-/* If there is no config data for the key, #var_name, then do nothing.
-   If there is valid data of type VIR_CONF_STRING, and VIR_STRDUP succeeds,
-   store the result in var_name.  Otherwise, (i.e. invalid type, or VIR_STRDUP
-   failure), give a diagnostic and "goto" the cleanup-and-fail label.  */
-#define GET_CONF_STR(conf, filename, var_name)                          \
-    do {                                                                \
-        virConfValuePtr p = virConfGetValue(conf, #var_name);           \
-        if (p) {                                                        \
-            if (checkType(p, filename, #var_name, VIR_CONF_STRING) < 0) \
-                goto error;                                             \
-            VIR_FREE(data->var_name);                                   \
-            if (VIR_STRDUP(data->var_name, p->str) < 0)                 \
-                goto error;                                             \
-        }                                                               \
-    } while (0)
-
-/* Like GET_CONF_STR, but for integral values.  */
-#define GET_CONF_INT(conf, filename, var_name)                          \
-    do {                                                                \
-        virConfValuePtr p = virConfGetValue(conf, #var_name);           \
-        if (p) {                                                        \
-            if (checkType(p, filename, #var_name, VIR_CONF_LONG) < 0)   \
-                goto error;                                             \
-            data->var_name = p->l;                                      \
-        }                                                               \
-    } while (0)
-
-
-static int remoteConfigGetAuth(virConfPtr conf, const char *key, int *auth, const char *filename) {
-    virConfValuePtr p;
-
-    p = virConfGetValue(conf, key);
-    if (!p)
-        return 0;
-
-    if (checkType(p, filename, key, VIR_CONF_STRING) < 0)
-        return -1;
-
-    if (!p->str)
-        return 0;
-
-    if (STREQ(p->str, "none")) {
-        *auth = VIR_NET_SERVER_SERVICE_AUTH_NONE;
-#if WITH_SASL
-    } else if (STREQ(p->str, "sasl")) {
-        *auth = VIR_NET_SERVER_SERVICE_AUTH_SASL;
-#endif
-    } else if (STREQ(p->str, "polkit")) {
-        *auth = VIR_NET_SERVER_SERVICE_AUTH_POLKIT;
-    } else {
-        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                       _("remoteReadConfigFile: %s: %s: unsupported auth %s"),
-                       filename, key, p->str);
-        return -1;
-    }
-
-    return 0;
-}
-
-int
-daemonConfigFilePath(bool privileged, char **configfile)
-{
-    if (privileged) {
-        if (VIR_STRDUP(*configfile, SYSCONFDIR "/libvirt/libvirtd.conf") < 0)
-            goto error;
-    } else {
-        char *configdir = NULL;
-
-        if (!(configdir = virGetUserConfigDirectory()))
-            goto error;
-
-        if (virAsprintf(configfile, "%s/libvirtd.conf", configdir) < 0) {
-            VIR_FREE(configdir);
-            goto error;
-        }
-        VIR_FREE(configdir);
-    }
-
-    return 0;
-
-error:
-    return -1;
-}
-
-struct daemonConfig*
-daemonConfigNew(bool privileged ATTRIBUTE_UNUSED)
-{
-    struct daemonConfig *data;
-    char *localhost;
-    int ret;
-
-    if (VIR_ALLOC(data) < 0)
-        return NULL;
-
-    data->listen_tls = 1;
-    data->listen_tcp = 0;
-
-    if (VIR_STRDUP(data->tls_port, LIBVIRTD_TLS_PORT) < 0 ||
-        VIR_STRDUP(data->tcp_port, LIBVIRTD_TCP_PORT) < 0)
-        goto error;
-
-    /* Only default to PolicyKit if running as root */
-#if WITH_POLKIT
-    if (privileged) {
-        data->auth_unix_rw = REMOTE_AUTH_POLKIT;
-        data->auth_unix_ro = REMOTE_AUTH_POLKIT;
-    } else {
-#endif
-        data->auth_unix_rw = REMOTE_AUTH_NONE;
-        data->auth_unix_ro = REMOTE_AUTH_NONE;
-#if WITH_POLKIT
-    }
-#endif
-
-    if (VIR_STRDUP(data->unix_sock_rw_perms,
-                   data->auth_unix_rw == REMOTE_AUTH_POLKIT ? "0777" : "0700") < 0 ||
-        VIR_STRDUP(data->unix_sock_ro_perms, "0777") < 0)
-        goto error;
-
-#if WITH_SASL
-    data->auth_tcp = REMOTE_AUTH_SASL;
-#else
-    data->auth_tcp = REMOTE_AUTH_NONE;
-#endif
-    data->auth_tls = REMOTE_AUTH_NONE;
-
-    data->mdns_adv = 0;
-
-    data->min_workers = 5;
-    data->max_workers = 20;
-    data->max_clients = 20;
-
-    data->prio_workers = 5;
-
-    data->max_requests = 20;
-    data->max_client_requests = 5;
-
-    data->log_buffer_size = 64;
-
-    data->audit_level = 1;
-    data->audit_logging = 0;
-
-    data->keepalive_interval = 5;
-    data->keepalive_count = 5;
-    data->keepalive_required = 0;
-
-    localhost = virGetHostname();
-    if (localhost == NULL) {
-        /* we couldn't resolve the hostname; assume that we are
-         * running in disconnected operation, and report a less
-         * useful Avahi string
-         */
-        ret = VIR_STRDUP(data->mdns_name, "Virtualization Host");
-    } else {
-        char *tmp;
-        /* Extract the host part of the potentially FQDN */
-        if ((tmp = strchr(localhost, '.')))
-            *tmp = '\0';
-        ret = virAsprintf(&data->mdns_name, "Virtualization Host %s",
-                          localhost);
-    }
-    VIR_FREE(localhost);
-    if (ret < 0)
-        goto error;
-
-    return data;
-
-error:
-    daemonConfigFree(data);
-    return NULL;
-}
-
-void
-daemonConfigFree(struct daemonConfig *data)
-{
-    char **tmp;
-
-    if (!data)
-        return;
-
-    VIR_FREE(data->listen_addr);
-    VIR_FREE(data->tls_port);
-    VIR_FREE(data->tcp_port);
-    tmp = data->access_drivers;
-    while (tmp && *tmp) {
-        VIR_FREE(*tmp);
-        tmp++;
-    }
-    VIR_FREE(data->access_drivers);
-
-    VIR_FREE(data->unix_sock_ro_perms);
-    VIR_FREE(data->unix_sock_rw_perms);
-    VIR_FREE(data->unix_sock_group);
-    VIR_FREE(data->unix_sock_dir);
-    VIR_FREE(data->mdns_name);
-
-    tmp = data->tls_allowed_dn_list;
-    while (tmp && *tmp) {
-        VIR_FREE(*tmp);
-        tmp++;
-    }
-    VIR_FREE(data->tls_allowed_dn_list);
-
-    tmp = data->sasl_allowed_username_list;
-    while (tmp && *tmp) {
-        VIR_FREE(*tmp);
-        tmp++;
-    }
-    VIR_FREE(data->sasl_allowed_username_list);
-
-    VIR_FREE(data->key_file);
-    VIR_FREE(data->ca_file);
-    VIR_FREE(data->cert_file);
-    VIR_FREE(data->crl_file);
-
-    VIR_FREE(data->host_uuid);
-    VIR_FREE(data->log_filters);
-    VIR_FREE(data->log_outputs);
-
-    VIR_FREE(data);
-}
-
-static int
-daemonConfigLoadOptions(struct daemonConfig *data,
-                        const char *filename,
-                        virConfPtr conf)
-{
-    GET_CONF_INT(conf, filename, listen_tcp);
-    GET_CONF_INT(conf, filename, listen_tls);
-    GET_CONF_STR(conf, filename, tls_port);
-    GET_CONF_STR(conf, filename, tcp_port);
-    GET_CONF_STR(conf, filename, listen_addr);
-
-    if (remoteConfigGetAuth(conf, "auth_unix_rw", &data->auth_unix_rw, filename) < 0)
-        goto error;
-#if WITH_POLKIT
-    /* Change default perms to be wide-open if PolicyKit is enabled.
-     * Admin can always override in config file
-     */
-    if (data->auth_unix_rw == REMOTE_AUTH_POLKIT) {
-        VIR_FREE(data->unix_sock_rw_perms);
-        if (VIR_STRDUP(data->unix_sock_rw_perms, "0777") < 0)
-            goto error;
-    }
-#endif
-    if (remoteConfigGetAuth(conf, "auth_unix_ro", &data->auth_unix_ro, filename) < 0)
-        goto error;
-    if (remoteConfigGetAuth(conf, "auth_tcp", &data->auth_tcp, filename) < 0)
-        goto error;
-    if (remoteConfigGetAuth(conf, "auth_tls", &data->auth_tls, filename) < 0)
-        goto error;
-
-    if (remoteConfigGetStringList(conf, "access_drivers",
-                                  &data->access_drivers, filename) < 0)
-        goto error;
-
-    GET_CONF_STR(conf, filename, unix_sock_group);
-    GET_CONF_STR(conf, filename, unix_sock_ro_perms);
-    GET_CONF_STR(conf, filename, unix_sock_rw_perms);
-
-    GET_CONF_STR(conf, filename, unix_sock_dir);
-
-    GET_CONF_INT(conf, filename, mdns_adv);
-    GET_CONF_STR(conf, filename, mdns_name);
-
-    GET_CONF_INT(conf, filename, tls_no_sanity_certificate);
-    GET_CONF_INT(conf, filename, tls_no_verify_certificate);
-
-    GET_CONF_STR(conf, filename, key_file);
-    GET_CONF_STR(conf, filename, cert_file);
-    GET_CONF_STR(conf, filename, ca_file);
-    GET_CONF_STR(conf, filename, crl_file);
-
-    if (remoteConfigGetStringList(conf, "tls_allowed_dn_list",
-                                  &data->tls_allowed_dn_list, filename) < 0)
-        goto error;
-
-
-    if (remoteConfigGetStringList(conf, "sasl_allowed_username_list",
-                                  &data->sasl_allowed_username_list, filename) < 0)
-        goto error;
-
-
-    GET_CONF_INT(conf, filename, min_workers);
-    GET_CONF_INT(conf, filename, max_workers);
-    GET_CONF_INT(conf, filename, max_clients);
-    GET_CONF_INT(conf, filename, max_queued_clients);
-
-    GET_CONF_INT(conf, filename, prio_workers);
-
-    GET_CONF_INT(conf, filename, max_requests);
-    GET_CONF_INT(conf, filename, max_client_requests);
-
-    GET_CONF_INT(conf, filename, audit_level);
-    GET_CONF_INT(conf, filename, audit_logging);
-
-    GET_CONF_STR(conf, filename, host_uuid);
-
-    GET_CONF_INT(conf, filename, log_level);
-    GET_CONF_STR(conf, filename, log_filters);
-    GET_CONF_STR(conf, filename, log_outputs);
-    GET_CONF_INT(conf, filename, log_buffer_size);
-
-    GET_CONF_INT(conf, filename, keepalive_interval);
-    GET_CONF_INT(conf, filename, keepalive_count);
-    GET_CONF_INT(conf, filename, keepalive_required);
-
-    return 0;
-
-error:
-    return -1;
-}
-
-
-/* Read the config file if it exists.
- * Only used in the remote case, hence the name.
- */
-int
-daemonConfigLoadFile(struct daemonConfig *data,
-                     const char *filename,
-                     bool allow_missing)
-{
-    virConfPtr conf;
-    int ret;
-
-    if (allow_missing &&
-        access(filename, R_OK) == -1 &&
-        errno == ENOENT)
-        return 0;
-
-    conf = virConfReadFile(filename, 0);
-    if (!conf)
-        return -1;
-
-    ret = daemonConfigLoadOptions(data, filename, conf);
-    virConfFree(conf);
-    return ret;
-}
-
-int daemonConfigLoadData(struct daemonConfig *data,
-                         const char *filename,
-                         const char *filedata)
-{
-    virConfPtr conf;
-    int ret;
-
-    conf = virConfReadMem(filedata, strlen(filedata), 0);
-    if (!conf)
-        return -1;
-
-    ret = daemonConfigLoadOptions(data, filename, conf);
-    virConfFree(conf);
-    return ret;
-}

daemon/libvirtd-config.h

@@ -1,97 +0,0 @@
-/*
- * libvirtd.c: daemon start of day, guest process & i/o management
- *
- * Copyright (C) 2006-2012 Red Hat, Inc.
- * Copyright (C) 2006 Daniel P. Berrange
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library.  If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * Author: Daniel P. Berrange <berrange@redhat.com>
- */
-
-#ifndef __LIBVIRTD_CONFIG_H__
-# define __LIBVIRTD_CONFIG_H__
-
-# include "internal.h"
-
-struct daemonConfig {
-    char *host_uuid;
-
-    int listen_tls;
-    int listen_tcp;
-    char *listen_addr;
-    char *tls_port;
-    char *tcp_port;
-
-    char *unix_sock_ro_perms;
-    char *unix_sock_rw_perms;
-    char *unix_sock_group;
-    char *unix_sock_dir;
-
-    int auth_unix_rw;
-    int auth_unix_ro;
-    int auth_tcp;
-    int auth_tls;
-
-    char **access_drivers;
-
-    int mdns_adv;
-    char *mdns_name;
-
-    int tls_no_verify_certificate;
-    int tls_no_sanity_certificate;
-    char **tls_allowed_dn_list;
-    char **sasl_allowed_username_list;
-
-    char *key_file;
-    char *cert_file;
-    char *ca_file;
-    char *crl_file;
-
-    int min_workers;
-    int max_workers;
-    int max_clients;
-    int max_queued_clients;
-
-    int prio_workers;
-
-    int max_requests;
-    int max_client_requests;
-
-    int log_level;
-    char *log_filters;
-    char *log_outputs;
-    int log_buffer_size;
-
-    int audit_level;
-    int audit_logging;
-
-    int keepalive_interval;
-    unsigned int keepalive_count;
-    int keepalive_required;
-};
-
-
-int daemonConfigFilePath(bool privileged, char **configfile);
-struct daemonConfig* daemonConfigNew(bool privileged);
-void daemonConfigFree(struct daemonConfig *data);
-int daemonConfigLoadFile(struct daemonConfig *data,
-                         const char *filename,
-                         bool allow_missing);
-int daemonConfigLoadData(struct daemonConfig *data,
-                         const char *filename,
-                         const char *filedata);
-
-#endif /* __LIBVIRTD_CONFIG_H__ */

daemon/libvirtd.aug

@@ -51,12 +51,10 @@ module Libvirtd =
                            | bool_entry "tls_no_sanity_certificate"
                            | str_array_entry "tls_allowed_dn_list"
                            | str_array_entry "sasl_allowed_username_list"
-                           | str_array_entry "access_drivers"
 
    let processing_entry = int_entry "min_workers"
                         | int_entry "max_workers"
                         | int_entry "max_clients"
-                        | int_entry "max_queued_clients"
                         | int_entry "max_requests"
                         | int_entry "max_client_requests"
                         | int_entry "prio_workers"
@@ -64,17 +62,10 @@ module Libvirtd =
    let logging_entry = int_entry "log_level"
                      | str_entry "log_filters"
                      | str_entry "log_outputs"
-                     | int_entry "log_buffer_size"
 
    let auditing_entry = int_entry "audit_level"
                       | bool_entry "audit_logging"
 
-   let keepalive_entry = int_entry "keepalive_interval"
-                       | int_entry "keepalive_count"
-                       | bool_entry "keepalive_required"
-
-   let misc_entry = str_entry "host_uuid"
-
    (* Each enty in the config is one of the following three ... *)
    let entry = network_entry
              | sock_acl_entry
@@ -84,8 +75,6 @@ module Libvirtd =
              | processing_entry
              | logging_entry
              | auditing_entry
-             | keepalive_entry
-             | misc_entry
    let comment = [ label "#comment" . del /#[ \t]*/ "# " .  store /([^ \t\n][^\n]*)?/ . del /\n/ "\n" ]
    let empty = [ label "#empty" . eol ]
 

daemon/libvirtd.conf

@@ -56,8 +56,8 @@
 # Alternatively can disable for all services on a host by
 # stopping the Avahi daemon
 #
-# This is disabled by default, uncomment this to enable it
-#mdns_adv = 1
+# This is enabled by default, uncomment this to disable it
+#mdns_adv = 0
 
 # Override the default mDNS advertizement name. This must be
 # unique on the immediate broadcast network.
@@ -155,15 +155,6 @@
 #auth_tls = "none"
 
 
-# Change the API access control scheme
-#
-# By default an authenticated user is allowed access
-# to all APIs. Access drivers can place restrictions
-# on this. By default the 'nop' driver is enabled,
-# meaning no access control checks are done once a
-# client has authenticated with libvirtd
-#
-#access_drivers = [ "polkit" ]
 
 #################################################################
 #
@@ -257,16 +248,10 @@
 # over all sockets combined.
 #max_clients = 20
 
-# The maximum length of queue of connections waiting to be
-# accepted by the daemon. Note, that some protocols supporting
-# retransmission may obey this so that a later reattempt at
-# connection succeeds.
-#max_queued_clients = 1000
-
 
 # The minimum limit sets the number of workers to start up
 # initially. If the number of active clients exceeds this,
-# then more threads are spawned, up to max_workers limit.
+# then more threads are spawned, upto max_workers limit.
 # Typically you'd want max_workers to equal maximum number
 # of clients allowed
 #min_workers = 5
@@ -282,7 +267,7 @@
 # at least as large as max_workers. Beyond this, RPC requests
 # will be read into memory and queued. This directly impact
 # memory usage, currently each request requires 256 KB of
-# memory. So by default up to 5 MB of memory is used
+# memory. So by default upto 5 MB of memory is used
 #
 # XXX this isn't actually enforced yet, only the per-client
 # limit is used so far
@@ -299,20 +284,17 @@
 # Logging controls
 #
 
-# Logging level: 4 errors, 3 warnings, 2 information, 1 debug
+# Logging level: 4 errors, 3 warnings, 2 informations, 1 debug
 # basically 1 will log everything possible
 #log_level = 3
 
 # Logging filters:
 # A filter allows to select a different logging level for a given category
 # of logs
-# The format for a filter is one of:
+# The format for a filter is:
 #    x:name
-#    x:+name
-#      where name is a string which is matched against source file name,
-#      e.g., "remote", "qemu", or "util/json", the optional "+" prefix
-#      tells libvirt to log stack trace for each message matching name,
-#      and x is the minimal level where matching messages should be logged:
+#      where name is a match string e.g. remote or qemu
+# the x prefix is the minimal level where matching messages should be logged
 #    1: DEBUG
 #    2: INFO
 #    3: WARNING
@@ -321,12 +303,13 @@
 # Multiple filter can be defined in a single @filters, they just need to be
 # separated by spaces.
 #
-# e.g. to only get warning or errors from the remote layer and only errors
-# from the event layer:
-#log_filters="3:remote 4:event"
+# e.g:
+# log_filters="3:remote 4:event"
+# to only get warning or errors from the remote layer and only errors from
+# the event layer.
 
 # Logging outputs:
-# An output is one of the places to save logging information
+# An output is one of the places to save logging informations
 # The format for an output can be:
 #    x:stderr
 #      output goes to stderr
@@ -341,9 +324,9 @@
 #    4: ERROR
 #
 # Multiple output can be defined, they just need to be separated by spaces.
-# e.g. to log all warnings and errors to syslog under the libvirtd ident:
-#log_outputs="3:syslog:libvirtd"
-#
+# e.g.:
+# log_outputs="3:syslog:libvirtd"
+# to log all warnings and errors to syslog under the libvirtd ident
 
 # Log debug buffer size: default 64
 # The daemon keeps an internal debug log buffer which will be dumped in case
@@ -383,28 +366,3 @@
 # it with the output of the 'uuidgen' command and then
 # uncomment this entry
 #host_uuid = "00000000-0000-0000-0000-000000000000"
-
-###################################################################
-# Keepalive protocol:
-# This allows libvirtd to detect broken client connections or even
-# dead client.  A keepalive message is sent to a client after
-# keepalive_interval seconds of inactivity to check if the client is
-# still responding; keepalive_count is a maximum number of keepalive
-# messages that are allowed to be sent to the client without getting
-# any response before the connection is considered broken.  In other
-# words, the connection is automatically closed approximately after
-# keepalive_interval * (keepalive_count + 1) seconds since the last
-# message received from the client.  If keepalive_interval is set to
-# -1, libvirtd will never send keepalive requests; however clients
-# can still send them and the deamon will send responses.  When
-# keepalive_count is set to 0, connections will be automatically
-# closed after keepalive_interval seconds of inactivity without
-# sending any keepalive messages.
-#
-#keepalive_interval = 5
-#keepalive_count = 5
-#
-# If set to 1, libvirtd will refuse to talk to clients that do not
-# support keepalive protocol.  Defaults to 0.
-#
-#keepalive_required = 1

daemon/libvirtd.h

@@ -1,7 +1,7 @@
 /*
  * libvirtd.h: daemon data structure definitions
  *
- * Copyright (C) 2006-2013 Red Hat, Inc.
+ * Copyright (C) 2006-2011 Red Hat, Inc.
  * Copyright (C) 2006 Daniel P. Berrange
  *
  * This library is free software; you can redistribute it and/or
@@ -15,30 +15,77 @@
  * Lesser General Public License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public
- * License along with this library.  If not, see
- * <http://www.gnu.org/licenses/>.
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
  *
  * Author: Daniel P. Berrange <berrange@redhat.com>
  */
 
 
-#ifndef LIBVIRTD_H__
-# define LIBVIRTD_H__
+#ifndef QEMUD_INTERNAL_H__
+# define QEMUD_INTERNAL_H__
 
-# define VIR_ENUM_SENTINELS
+# include <config.h>
 
 # include <rpc/types.h>
 # include <rpc/xdr.h>
 # include "remote_protocol.h"
-# include "lxc_protocol.h"
 # include "qemu_protocol.h"
-# include "virlog.h"
-# include "virthread.h"
-# if WITH_SASL
+# include "logging.h"
+# include "threads.h"
+# include "network.h"
+# if HAVE_SASL
 #  include "virnetsaslcontext.h"
 # endif
 # include "virnetserverprogram.h"
 
+# if WITH_DTRACE
+#  ifndef LIBVIRTD_PROBES_H
+#   define LIBVIRTD_PROBES_H
+#   include "probes.h"
+#  endif /* LIBVIRTD_PROBES_H */
+
+/* Systemtap 1.2 headers have a bug where they cannot handle a
+ * variable declared with array type.  Work around this by casting all
+ * arguments.  This is some gross use of the preprocessor because
+ * PROBE is a var-arg macro, but it is better than the alternative of
+ * making all callers to PROBE have to be aware of the issues.  And
+ * hopefully, if we ever add a call to PROBE with other than 2 or 3
+ * end arguments, you can figure out the pattern to extend this hack.
+ */
+#  define VIR_COUNT_ARGS(...) VIR_ARG5(__VA_ARGS__, 4, 3, 2, 1)
+#  define VIR_ARG5(_1, _2, _3, _4, _5, ...) _5
+#  define VIR_ADD_CAST_EXPAND(a, b, ...) VIR_ADD_CAST_PASTE(a, b, __VA_ARGS__)
+#  define VIR_ADD_CAST_PASTE(a, b, ...) a##b(__VA_ARGS__)
+
+/* The double cast is necessary to silence gcc warnings; any pointer
+ * can safely go to intptr_t and back to void *, which collapses
+ * arrays into pointers; while any integer can be widened to intptr_t
+ * then cast to void *.  */
+#  define VIR_ADD_CAST(a) ((void *)(intptr_t)(a))
+#  define VIR_ADD_CAST2(a, b)                           \
+    VIR_ADD_CAST(a), VIR_ADD_CAST(b)
+#  define VIR_ADD_CAST3(a, b, c)                        \
+    VIR_ADD_CAST(a), VIR_ADD_CAST(b), VIR_ADD_CAST(c)
+
+#  define VIR_ADD_CASTS(...)                                            \
+    VIR_ADD_CAST_EXPAND(VIR_ADD_CAST, VIR_COUNT_ARGS(__VA_ARGS__),      \
+                        __VA_ARGS__)
+
+#  define PROBE_EXPAND(NAME, ARGS) NAME(ARGS)
+#  define PROBE(NAME, FMT, ...)                              \
+    VIR_DEBUG_INT("trace." __FILE__ , __func__, __LINE__,    \
+                  #NAME ": " FMT, __VA_ARGS__);              \
+    if (LIBVIRTD_ ## NAME ## _ENABLED()) {                   \
+        PROBE_EXPAND(LIBVIRTD_ ## NAME,                      \
+                     VIR_ADD_CASTS(__VA_ARGS__));            \
+    }
+# else
+#  define PROBE(NAME, FMT, ...)                              \
+    VIR_DEBUG_INT("trace." __FILE__, __func__, __LINE__,     \
+                  #NAME ": " FMT, __VA_ARGS__);
+# endif
+
 typedef struct daemonClientStream daemonClientStream;
 typedef daemonClientStream *daemonClientStreamPtr;
 typedef struct daemonClientPrivate daemonClientPrivate;
@@ -51,7 +98,7 @@ struct daemonClientPrivate {
 
     int domainEventCallbackID[VIR_DOMAIN_EVENT_ID_LAST];
 
-# if WITH_SASL
+# if HAVE_SASL
     virNetSASLSessionPtr sasl;
 # endif
 
@@ -62,10 +109,9 @@ struct daemonClientPrivate {
     virConnectPtr conn;
 
     daemonClientStreamPtr streams;
-    bool keepalive_supported;
 };
 
-# if WITH_SASL
+# if HAVE_SASL
 extern virNetSASLContextPtr saslCtxt;
 # endif
 extern virNetServerProgramPtr remoteProgram;

daemon/libvirtd.init.in

@@ -59,13 +59,6 @@ start() {
     echo -n $"Starting $SERVICE daemon: "
     mkdir -p @localstatedir@/cache/libvirt
     rm -rf @localstatedir@/cache/libvirt/*
-
-    # LIBVIRTD_NOFILES_LIMIT from /etc/sysconfig/libvirtd is not handled
-    # automatically
-    if [ -n "$LIBVIRTD_NOFILES_LIMIT" ]; then
-        ulimit -n "$LIBVIRTD_NOFILES_LIMIT"
-    fi
-
     KRB5_KTNAME=$KRB5_KTNAME daemon --pidfile $PIDFILE --check $SERVICE $PROCESS --daemon $LIBVIRTD_CONFIG_ARGS $LIBVIRTD_ARGS
     RETVAL=$?
     echo
@@ -80,6 +73,7 @@ stop() {
     echo
     if [ $RETVAL -eq 0 ]; then
         rm -f @localstatedir@/lock/subsys/$SERVICE
+        rm -f $PIDFILE
         rm -rf @localstatedir@/cache/libvirt/*
     else
         exit $RETVAL

daemon/libvirtd.pod.in

@@ -36,10 +36,6 @@ from the configuration.
 
 =over
 
-=item B<-h, --help>
-
-Display command line help usage then exit.
-
 =item B<-d, --daemon>
 
 Run as a daemon & write PID file.
@@ -58,10 +54,7 @@ Use this name for the PID file, overriding the default value.
 
 =item B<-t, --timeout> I<SECONDS>
 
-Exit after timeout period (in seconds) elapse with no client connections
-or registered resources.  Be aware that resources such as autostart
-networks will result in never reaching the timeout, even when there are
-no client connections.
+Exit after timeout period (in seconds) expires.
 
 =item B<-v, --verbose>
 
@@ -79,74 +72,41 @@ On receipt of B<SIGHUP> libvirtd will reload its configuration.
 
 =head1 FILES
 
-=head2 When run as B<root>.
-
 =over
 
-=item F<SYSCONFDIR/libvirtd.conf>
+=item F<@sysconfdir@/libvirtd.conf>
 
 The default configuration file used by libvirtd, unless overridden on the
 command line using the B<-f>|B<--config> option.
 
-=item F<LOCALSTATEDIR/run/libvirt/libvirt-sock>
+=item F<@localstatedir@/run/libvirt/libvirt-sock>
 
-=item F<LOCALSTATEDIR/run/libvirt/libvirt-sock-ro>
+=item F<@localstatedir@/run/libvirt/libvirt-sock-ro>
 
-The sockets libvirtd will use.
+The sockets libvirtd will use when B<run as root>.
 
-=item F<SYSCONFDIR/pki/CA/cacert.pem>
+=item F<$HOME/.libvirt/libvirt-sock>
+
+The socket libvirtd will use when run as a B<non-root> user.
+
+=item F<@sysconfdir@/pki/CA/cacert.pem>
 
 The TLS B<Certificate Authority> certificate libvirtd will use.
 
-=item F<SYSCONFDIR/pki/libvirt/servercert.pem>
+=item F<@sysconfdir@/pki/libvirt/servercert.pem>
 
 The TLS B<Server> certificate libvirtd will use.
 
-=item F<SYSCONFDIR/pki/libvirt/private/serverkey.pem>
+=item F<@sysconfdir@/pki/libvirt/private/serverkey.pem>
 
 The TLS B<Server> private key libvirtd will use.
 
-=item F<LOCALSTATEDIR/run/libvirtd.pid>
+=item F<@remote_pid_file@>
 
 The PID file to use, unless overridden by the B<-p>|B<--pid-file> option.
 
 =back
 
-=head2 When run as B<non-root>.
-
-=over
-
-=item F<$XDG_CONFIG_HOME/libvirtd.conf>
-
-The default configuration file used by libvirtd, unless overridden on the
-command line using the B<-f>|B<--config> option.
-
-=item F<$XDG_RUNTIME_DIR/libvirt/libvirt-sock>
-
-The socket libvirtd will use.
-
-=item F<$HOME/.pki/libvirt/cacert.pem>
-
-The TLS B<Certificate Authority> certificate libvirtd will use.
-
-=item F<$HOME/.pki/libvirt/servercert.pem>
-
-The TLS B<Server> certificate libvirtd will use.
-
-=item F<$HOME/.pki/libvirt/serverkey.pem>
-
-The TLS B<Server> private key libvirtd will use.
-
-=item F<$XDG_RUNTIME_DIR/libvirt/libvirtd.pid>
-
-The PID file to use, unless overridden by the B<-p>|B<--pid-file> option.
-
-=item If $XDG_CONFIG_HOME is not set in your environment, libvirtd will use F<$HOME/.config>
-
-=item If $XDG_RUNTIME_DIR is not set in your environment, libvirtd will use F<$HOME/.cache>
-
-=back
-
 =head1 EXAMPLES
 
 To retrieve the version of libvirtd:
@@ -158,8 +118,8 @@ To retrieve the version of libvirtd:
 To start libvirtd, instructing it to daemonize and create a PID file:
 
  # libvirtd -d
- # ls -la LOCALSTATEDIR/run/libvirtd.pid
- -rw-r--r-- 1 root root 6 Jul  9 02:40 LOCALSTATEDIR/run/libvirtd.pid
+ # ls -la @remote_pid_file@
+ -rw-r--r-- 1 root root 6 Jul  9 02:40 @remote_pid_file@
  #
 
 =head1 BUGS
@@ -190,7 +150,7 @@ Please refer to the AUTHORS file distributed with libvirt.
 
 =head1 COPYRIGHT
 
-Copyright (C) 2006-2012 Red Hat, Inc., and the authors listed in the
+Copyright (C) 2006-2010 Red Hat, Inc., and the authors listed in the
 libvirt AUTHORS file.
 
 =head1 LICENSE

daemon/libvirtd.policy-0

@@ -0,0 +1,42 @@
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+
+<!--
+Policy definitions for libvirt daemon
+
+Copyright (c) 2007 Daniel P. Berrange <berrange redhat com>
+
+libvirt is licensed to you under the GNU Lesser General Public License
+version 2. See COPYING for details.
+
+NOTE: If you make changes to this file, make sure to validate the file
+using the polkit-policy-file-validate(1) tool. Changes made to this
+file are instantly applied.
+-->
+
+<policyconfig>
+    <action id="org.libvirt.unix.monitor">
+      <description>Monitor local virtualized systems</description>
+      <message>System policy prevents monitoring of local virtualized systems</message>
+      <defaults>
+        <!-- Any program can use libvirt in read-only mode for monitoring,
+             even if not part of a session -->
+        <allow_any>yes</allow_any>
+        <allow_inactive>yes</allow_inactive>
+        <allow_active>yes</allow_active>
+      </defaults>
+    </action>
+
+    <action id="org.libvirt.unix.manage">
+      <description>Manage local virtualized systems</description>
+      <message>System policy prevents management of local virtualized systems</message>
+      <defaults>
+        <!-- Only a program in the active host session can use libvirt in
+             read-write mode for management, and we require user password -->
+        <allow_any>no</allow_any>
+        <allow_inactive>no</allow_inactive>
+        <allow_active>auth_admin_keep_session</allow_active>
+      </defaults>
+    </action>
+</policyconfig>

daemon/libvirtd.policy-1

@@ -0,0 +1,42 @@
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+
+<!--
+Policy definitions for libvirt daemon
+
+Copyright (c) 2007 Daniel P. Berrange <berrange redhat com>
+
+libvirt is licensed to you under the GNU Lesser General Public License
+version 2. See COPYING for details.
+
+NOTE: If you make changes to this file, make sure to validate the file
+using the polkit-policy-file-validate(1) tool. Changes made to this
+file are instantly applied.
+-->
+
+<policyconfig>
+    <action id="org.libvirt.unix.monitor">
+      <description>Monitor local virtualized systems</description>
+      <message>System policy prevents monitoring of local virtualized systems</message>
+      <defaults>
+        <!-- Any program can use libvirt in read-only mode for monitoring,
+             even if not part of a session -->
+        <allow_any>yes</allow_any>
+        <allow_inactive>yes</allow_inactive>
+        <allow_active>yes</allow_active>
+      </defaults>
+    </action>
+
+    <action id="org.libvirt.unix.manage">
+      <description>Manage local virtualized systems</description>
+      <message>System policy prevents management of local virtualized systems</message>
+      <defaults>
+        <!-- Only a program in the active host session can use libvirt in
+             read-write mode for management, and we require user password -->
+        <allow_any>no</allow_any>
+        <allow_inactive>no</allow_inactive>
+        <allow_active>auth_admin_keep</allow_active>
+      </defaults>
+    </action>
+</policyconfig>

daemon/libvirtd.policy.in

@@ -1,51 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE policyconfig PUBLIC
- "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
- "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
-
-<!--
-Policy definitions for libvirt daemon
-
-Copyright (C) 2012 Red Hat, Inc.
-Copyright (C) 2007 Daniel P. Berrange <berrange redhat com>
-
-This library is free software; you can redistribute it and/or
-modify it under the terms of the GNU Lesser General Public
-License as published by the Free Software Foundation; either
-version 2.1 of the License, or (at your option) any later version.
-
-This library is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-Lesser General Public License for more details.
-
-You should have received a copy of the GNU Lesser General Public
-License along with this library.  If not, see
-<http://www.gnu.org/licenses/>.
--->
-
-<policyconfig>
-    <action id="org.libvirt.unix.monitor">
-      <description>Monitor local virtualized systems</description>
-      <message>System policy prevents monitoring of local virtualized systems</message>
-      <defaults>
-        <!-- Any program can use libvirt in read-only mode for monitoring,
-             even if not part of a session -->
-        <allow_any>yes</allow_any>
-        <allow_inactive>yes</allow_inactive>
-        <allow_active>yes</allow_active>
-      </defaults>
-    </action>
-
-    <action id="org.libvirt.unix.manage">
-      <description>Manage local virtualized systems</description>
-      <message>System policy prevents management of local virtualized systems</message>
-      <defaults>
-        <!-- Any program can use libvirt in read/write mode if they
-             provide the root password -->
-        <allow_any>@authaction@</allow_any>
-        <allow_inactive>@authaction@</allow_inactive>
-        <allow_active>@authaction@</allow_active>
-      </defaults>
-    </action>
-</policyconfig>

daemon/libvirtd.sasl

@@ -18,14 +18,11 @@ mech_list: digest-md5
 #   qemu+tcp://hostname/system?auth=sasl.gssapi
 #mech_list: digest-md5 gssapi
 
-# Some older builds of MIT kerberos on Linux ignore this option &
-# instead need KRB5_KTNAME env var.
-# For modern Linux, and other OS, this should be sufficient
-#
-# There is no default value here, uncomment if you need this
-#keytab: /etc/libvirt/krb5.tab
+# MIT kerberos ignores this option & needs KRB5_KTNAME env var.
+# May be useful for other non-Linux OS though....
+keytab: /etc/libvirt/krb5.tab
 
 # If using digest-md5 for username/passwds, then this is the file
 # containing the passwds. Use 'saslpasswd2 -a libvirt [username]'
-# to add entries, and 'sasldblistusers2 -f [sasldb_path]' to browse it
+# to add entries, and 'sasldblistusers2 -a libvirt' to browse it
 sasldb_path: /etc/libvirt/passwd.db

daemon/libvirtd.service.in

@@ -1,26 +0,0 @@
-# NB we don't use socket activation. When libvirtd starts it will
-# spawn any virtual machines registered for autostart. We want this
-# to occur on every boot, regardless of whether any client connects
-# to a socket. Thus socket activation doesn't have any benefit
-
-[Unit]
-Description=Virtualization daemon
-Before=libvirt-guests.service
-After=network.target
-After=dbus.service
-After=iscsid.service
-Documentation=man:libvirtd(8)
-Documentation=http://libvirt.org
-
-[Service]
-Type=notify
-EnvironmentFile=-/etc/sysconfig/libvirtd
-ExecStart=@sbindir@/libvirtd $LIBVIRTD_ARGS
-ExecReload=/bin/kill -HUP $MAINPID
-KillMode=process
-Restart=on-failure
-# Override the maximum number of opened files
-#LimitNOFILE=2048
-
-[Install]
-WantedBy=multi-user.target

daemon/libvirtd.stp

@@ -0,0 +1,65 @@
+probe libvirt.daemon.client.connect = process("libvirtd").mark("client_connect")
+{
+  fd = $arg1;
+  readonly = $arg2;
+  localAddr = user_string($arg3);
+  remoteAddr = user_string($arg4);
+}
+
+probe libvirt.daemon.client.disconnect = process("libvirtd").mark("client_disconnect")
+{
+  fd = $arg1;
+}
+
+
+probe libvirt.daemon.client.tls_allow = process("libvirtd").mark("client_tls_allow")
+{
+  fd = $arg1;
+  x509dname = user_string($arg2);
+}
+
+probe libvirt.daemon.client.tls_deny = process("libvirtd").mark("client_tls_deny")
+{
+  fd = $arg1;
+  x509dname = user_string($arg2);
+}
+
+probe libvirt.daemon.client.tls_fail = process("libvirtd").mark("client_tls_fail")
+{
+  fd = $arg1;
+}
+
+
+function authtype_to_string(authtype) {
+  if (authtype == 0)
+    return "none"
+  if (authtype == 1)
+    return "sasl"
+  if (authtype == 2)
+    return "polkit"
+  return "unknown"
+}
+
+
+probe libvirt.daemon.client.auth_allow = process("libvirtd").mark("client_auth_allow")
+{
+  fd = $arg1;
+  authtype = $arg2;
+  authname = authtype_to_string($arg2);
+  identity = user_string($arg3);
+}
+
+probe libvirt.daemon.client.auth_deny = process("libvirtd").mark("client_auth_deny")
+{
+  fd = $arg1;
+  authtype = $arg2;
+  authname = authtype_to_string($arg2);
+  identity = user_string($arg3);
+}
+
+probe libvirt.daemon.client.auth_fail = process("libvirtd").mark("client_auth_fail")
+{
+  fd = $arg1;
+  authtype = $arg2;
+  authname = authtype_to_string($arg2);
+}

daemon/libvirtd.sysconf

@@ -1,7 +1,4 @@
 # Override the default config file
-# NOTE: This setting is no longer honoured if using
-# systemd. Set '--config /etc/libvirt/libvirtd.conf'
-# in LIBVIRTD_ARGS instead.
 #LIBVIRTD_CONFIG=/etc/libvirt/libvirtd.conf
 
 # Listen for TCP/IP connections
@@ -19,6 +16,3 @@
 #QEMU_AUDIO_DRV=sdl
 #
 #SDL_AUDIODRIVER=pulse
-
-# Override the maximum number of opened files
-#LIBVIRTD_NOFILES_LIMIT=2048

daemon/libvirtd.sysctl

@@ -1,8 +0,0 @@
-# The kernel allocates aio memory on demand, and this number limits the
-# number of parallel aio requests; the only drawback of a larger limit is
-# that a malicious guest could issue parallel requests to cause the kernel
-# to set aside memory.  Set this number at least as large as
-#   128 * (number of virtual disks on the host)
-# Libvirt uses a default of 1M requests to allow 8k disks, with at most
-# 64M of kernel memory if all disks hit an aio request at the same time.
-fs.aio-max-nr = 1048576

daemon/libvirtd.upstart

@@ -31,11 +31,9 @@ script
         ulimit -c "$DAEMON_COREFILE_LIMIT"
     fi
 
-    # LIBVIRTD_NOFILES_LIMIT from /etc/sysconfig/libvirtd is not handled
-    # automatically
-    if [ -n "$LIBVIRTD_NOFILES_LIMIT" ]; then
-        ulimit -n "$LIBVIRTD_NOFILES_LIMIT"
-    fi
+    # Clean up a pidfile that might be left around
+    rm -f /var/run/libvirtd.pid
+
     mkdir -p /var/cache/libvirt
     rm -rf /var/cache/libvirt/*
 
@@ -43,5 +41,6 @@ script
 end script
 
 post-stop script
+    rm -f $PIDFILE
     rm -rf /var/cache/libvirt/*
 end script

daemon/probes.d

@@ -0,0 +1,12 @@
+provider libvirtd {
+	 probe client_connect(int fd, int readonly, const char *localAddr, const char *remoteAddr);
+	 probe client_disconnect(int fd);
+
+	 probe client_auth_allow(int fd, int authtype, const char *identity);
+	 probe client_auth_deny(int fd, int authtype, const char *identity);
+	 probe client_auth_fail(int fd, int authtype);
+
+	 probe client_tls_allow(int fd, const char *x509dname);
+	 probe client_tls_deny(int fd, const char *x509dname);
+	 probe client_tls_fail(int fd);
+};

daemon/remote.h

@@ -14,8 +14,8 @@
  * Lesser General Public License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public
- * License along with this library.  If not, see
- * <http://www.gnu.org/licenses/>.
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
  *
  * Author: Richard W.M. Jones <rjones@redhat.com>
  * Author: Daniel P. Berrange <berrange@redhat.com>
@@ -32,14 +32,10 @@
 extern virNetServerProgramProc remoteProcs[];
 extern size_t remoteNProcs;
 
-extern virNetServerProgramProc lxcProcs[];
-extern size_t lxcNProcs;
-
 extern virNetServerProgramProc qemuProcs[];
 extern size_t qemuNProcs;
 
-void remoteClientFreeFunc(void *data);
-void *remoteClientInitHook(virNetServerClientPtr client,
-                           void *opaque);
+int remoteClientInitHook(virNetServerPtr srv,
+                         virNetServerClientPtr client);
 
 #endif /* __LIBVIRTD_REMOTE_H__ */

daemon/stream.c

@@ -1,7 +1,7 @@
 /*
  * stream.c: APIs for managing client streams
  *
- * Copyright (C) 2009, 2011 Red Hat, Inc.
+ * Copyright (C) 2009 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -14,8 +14,8 @@
  * Lesser General Public License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public
- * License along with this library.  If not, see
- * <http://www.gnu.org/licenses/>.
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
  *
  * Author: Daniel P. Berrange <berrange@redhat.com>
  */
@@ -25,13 +25,17 @@
 
 #include "stream.h"
 #include "remote.h"
-#include "viralloc.h"
-#include "virlog.h"
+#include "memory.h"
+#include "logging.h"
 #include "virnetserverclient.h"
-#include "virerror.h"
+#include "virterror_internal.h"
 
 #define VIR_FROM_THIS VIR_FROM_STREAMS
 
+#define virNetError(code, ...)                                    \
+    virReportErrorHelper(VIR_FROM_THIS, code, __FILE__,           \
+                         __FUNCTION__, __LINE__, __VA_ARGS__)
+
 struct daemonClientStream {
     daemonClientPrivatePtr priv;
     int refs;
@@ -90,7 +94,7 @@ daemonStreamUpdateEvents(daemonClientStream *stream)
  * fast stream, but slow client
  */
 static void
-daemonStreamMessageFinished(virNetMessagePtr msg ATTRIBUTE_UNUSED,
+daemonStreamMessageFinished(virNetMessagePtr msg,
                             void *opaque)
 {
     daemonClientStream *stream = opaque;
@@ -104,6 +108,14 @@ daemonStreamMessageFinished(virNetMessagePtr msg ATTRIBUTE_UNUSED,
 }
 
 
+static void
+daemonStreamEventFreeFunc(void *opaque)
+{
+    virNetServerClientPtr client = opaque;
+
+    virNetServerClientFree(client);
+}
+
 /*
  * Callback that gets invoked when a stream becomes writable/readable
  */
@@ -148,14 +160,6 @@ daemonStreamEvent(virStreamPtr st, int events, void *opaque)
             virNetServerClientClose(client);
             goto cleanup;
         }
-        /* If we detected EOF during read processing,
-         * then clear hangup/error conditions, since
-         * we want the client to see the EOF message
-         * we just sent them
-         */
-        if (stream->recvEOF)
-            events = events & ~(VIR_STREAM_EVENT_HANGUP |
-                                VIR_STREAM_EVENT_ERROR);
     }
 
     /* If we have a completion/abort message, always process it */
@@ -229,11 +233,11 @@ daemonStreamEvent(virStreamPtr st, int events, void *opaque)
         virStreamEventRemoveCallback(stream->st);
         virStreamAbort(stream->st);
         if (events & VIR_STREAM_EVENT_HANGUP)
-            virReportError(VIR_ERR_RPC,
-                           "%s", _("stream had unexpected termination"));
+            virNetError(VIR_ERR_RPC,
+                        "%s", _("stream had unexpected termination"));
         else
-            virReportError(VIR_ERR_RPC,
-                           "%s", _("stream had I/O failure"));
+            virNetError(VIR_ERR_RPC,
+                        "%s", _("stream had I/O failure"));
 
         msg = virNetMessageNew(false);
         if (!msg) {
@@ -272,7 +276,7 @@ cleanup:
  * -1 on fatal client error
  */
 static int
-daemonStreamFilter(virNetServerClientPtr client ATTRIBUTE_UNUSED,
+daemonStreamFilter(virNetServerClientPtr client,
                    virNetMessagePtr msg,
                    void *opaque)
 {
@@ -325,17 +329,21 @@ daemonCreateClientStream(virNetServerClientPtr client,
     VIR_DEBUG("client=%p, proc=%d, serial=%d, st=%p",
               client, header->proc, header->serial, st);
 
-    if (VIR_ALLOC(stream) < 0)
+    if (VIR_ALLOC(stream) < 0) {
+        virReportOOMError();
         return NULL;
+    }
 
     stream->refs = 1;
     stream->priv = priv;
-    stream->prog = virObjectRef(prog);
+    stream->prog = prog;
     stream->procedure = header->proc;
     stream->serial = header->serial;
     stream->filterID = -1;
     stream->st = st;
 
+    virNetServerProgramRef(prog);
+
     return stream;
 }
 
@@ -361,7 +369,7 @@ int daemonFreeClientStream(virNetServerClientPtr client,
     VIR_DEBUG("client=%p, proc=%d, serial=%d",
               client, stream->procedure, stream->serial);
 
-    virObjectUnref(stream->prog);
+    virNetServerProgramFree(stream->prog);
 
     msg = stream->rx;
     while (msg) {
@@ -407,11 +415,10 @@ int daemonAddClientStream(virNetServerClientPtr client,
 
     if (virStreamEventAddCallback(stream->st, 0,
                                   daemonStreamEvent, client,
-                                  virObjectFreeCallback) < 0)
+                                  daemonStreamEventFreeFunc) < 0)
         return -1;
 
-    virObjectRef(client);
-
+    virNetServerClientRef(client);
     if ((stream->filterID = virNetServerClientAddFilter(client,
                                                         daemonStreamFilter,
                                                         stream)) < 0) {
@@ -549,7 +556,7 @@ daemonStreamHandleWriteData(virNetServerClientPtr client,
 
 
 /*
- * Process a finish handshake from the client.
+ * Process an finish handshake from the client.
  *
  * Returns a VIR_NET_OK confirmation if successful, or a VIR_NET_ERROR
  * if there was a stream error
@@ -611,13 +618,13 @@ daemonStreamHandleAbort(virNetServerClientPtr client,
     virStreamAbort(stream->st);
 
     if (msg->header.status == VIR_NET_ERROR)
-        virReportError(VIR_ERR_RPC,
-                       "%s", _("stream aborted at client request"));
+        virNetError(VIR_ERR_RPC,
+                    "%s", _("stream aborted at client request"));
     else {
         VIR_WARN("unexpected stream status %d", msg->header.status);
-        virReportError(VIR_ERR_RPC,
-                       _("stream aborted with unexpected status %d"),
-                       msg->header.status);
+        virNetError(VIR_ERR_RPC,
+                    _("stream aborted with unexpected status %d"),
+                    msg->header.status);
     }
 
     return virNetServerProgramSendReplyError(remoteProgram,
@@ -695,7 +702,7 @@ daemonStreamHandleWrite(virNetServerClientPtr client,
 
 /*
  * Invoked when a stream is signalled as having data
- * available to read. This reads up to one message
+ * available to read. This reads upto one message
  * worth of data, and then queues that for transmission
  * to the client.
  *
@@ -708,7 +715,7 @@ daemonStreamHandleRead(virNetServerClientPtr client,
                        daemonClientStream *stream)
 {
     char *buffer;
-    size_t bufferLen = VIR_NET_MESSAGE_LEGACY_PAYLOAD_MAX;
+    size_t bufferLen = VIR_NET_MESSAGE_PAYLOAD_MAX;
     int ret;
 
     VIR_DEBUG("client=%p, stream=%p tx=%d closed=%d",

daemon/stream.h

@@ -14,8 +14,8 @@
  * Lesser General Public License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public
- * License along with this library.  If not, see
- * <http://www.gnu.org/licenses/>.
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
  *
  * Author: Daniel P. Berrange <berrange@redhat.com>
  */

daemon/test_libvirtd.aug

@@ -0,0 +1,553 @@
+module Test_libvirtd =
+   let conf = "# Master libvirt daemon configuration file
+#
+# For further information consult http://libvirt.org/format.html
+
+
+#################################################################
+#
+# Network connectivity controls
+#
+
+# Flag listening for secure TLS connections on the public TCP/IP port.
+# NB, must pass the --listen flag to the libvirtd process for this to
+# have any effect.
+#
+# It is necessary to setup a CA and issue server certificates before
+# using this capability.
+#
+# This is enabled by default, uncomment this to disable it
+listen_tls = 0
+
+# Listen for unencrypted TCP connections on the public TCP/IP port.
+# NB, must pass the --listen flag to the libvirtd process for this to
+# have any effect.
+#
+# Using the TCP socket requires SASL authentication by default. Only
+# SASL mechanisms which support data encryption are allowed. This is
+# DIGEST_MD5 and GSSAPI (Kerberos5)
+#
+# This is disabled by default, uncomment this to enable it.
+listen_tcp = 1
+
+
+
+# Override the port for accepting secure TLS connections
+# This can be a port number, or service name
+#
+tls_port = \"16514\"
+
+# Override the port for accepting insecure TCP connections
+# This can be a port number, or service name
+#
+tcp_port = \"16509\"
+
+
+# Override the default configuration which binds to all network
+# interfaces. This can be a numeric IPv4/6 address, or hostname
+#
+listen_addr = \"192.168.0.1\"
+
+
+# Flag toggling mDNS advertizement of the libvirt service.
+#
+# Alternatively can disable for all services on a host by
+# stopping the Avahi daemon
+#
+# This is enabled by default, uncomment this to disable it
+mdns_adv = 0
+
+# Override the default mDNS advertizement name. This must be
+# unique on the immediate broadcast network.
+#
+# The default is \"Virtualization Host HOSTNAME\", where HOSTNAME
+# is subsituted for the short hostname of the machine (without domain)
+#
+mdns_name = \"Virtualization Host Joe Demo\"
+
+
+#################################################################
+#
+# UNIX socket access controls
+#
+
+# Set the UNIX domain socket group ownership. This can be used to
+# allow a 'trusted' set of users access to management capabilities
+# without becoming root.
+#
+# This is restricted to 'root' by default.
+unix_sock_group = \"libvirt\"
+
+# Set the UNIX socket permissions for the R/O socket. This is used
+# for monitoring VM status only
+#
+# Default allows any user. If setting group ownership may want to
+# restrict this to:
+unix_sock_ro_perms = \"0777\"
+
+# Set the UNIX socket permissions for the R/W socket. This is used
+# for full management of VMs
+#
+# Default allows only root. If PolicyKit is enabled on the socket,
+# the default will change to allow everyone (eg, 0777)
+#
+# If not using PolicyKit and setting group ownership for access
+# control then you may want to relax this to:
+unix_sock_rw_perms = \"0770\"
+
+
+
+#################################################################
+#
+# Authentication.
+#
+#  - none: do not perform auth checks. If you can connect to the
+#          socket you are allowed. This is suitable if there are
+#          restrictions on connecting to the socket (eg, UNIX
+#          socket permissions), or if there is a lower layer in
+#          the network providing auth (eg, TLS/x509 certificates)
+#
+#  - sasl: use SASL infrastructure. The actual auth scheme is then
+#          controlled from /etc/sasl2/libvirt.conf. For the TCP
+#          socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
+#          For non-TCP or TLS sockets,  any scheme is allowed.
+#
+#  - polkit: use PolicyKit to authenticate. This is only suitable
+#            for use on the UNIX sockets. The default policy will
+#            require a user to supply their own password to gain
+#            full read/write access (aka sudo like), while anyone
+#            is allowed read/only access.
+#
+# Set an authentication scheme for UNIX read-only sockets
+# By default socket permissions allow anyone to connect
+#
+# To restrict monitoring of domains you may wish to enable
+# an authentication mechanism here
+auth_unix_ro = \"none\"
+
+# Set an authentication scheme for UNIX read-write sockets
+# By default socket permissions only allow root. If PolicyKit
+# support was compiled into libvirt, the default will be to
+# use 'polkit' auth.
+#
+# If the unix_sock_rw_perms are changed you may wish to enable
+# an authentication mechanism here
+auth_unix_rw = \"none\"
+
+# Change the authentication scheme for TCP sockets.
+#
+# If you don't enable SASL, then all TCP traffic is cleartext.
+# Don't do this outside of a dev/test scenario. For real world
+# use, always enable SASL and use the GSSAPI or DIGEST-MD5
+# mechanism in /etc/sasl2/libvirt.conf
+auth_tcp = \"sasl\"
+
+# Change the authentication scheme for TLS sockets.
+#
+# TLS sockets already have encryption provided by the TLS
+# layer, and limited authentication is done by certificates
+#
+# It is possible to make use of any SASL authentication
+# mechanism as well, by using 'sasl' for this option
+auth_tls = \"none\"
+
+
+
+#################################################################
+#
+# TLS x509 certificate configuration
+#
+
+
+# Override the default server key file path
+#
+key_file = \"/etc/pki/libvirt/private/serverkey.pem\"
+
+# Override the default server certificate file path
+#
+cert_file = \"/etc/pki/libvirt/servercert.pem\"
+
+# Override the default CA certificate path
+#
+ca_file = \"/etc/pki/CA/cacert.pem\"
+
+# Specify a certificate revocation list.
+#
+# Defaults to not using a CRL, uncomment to enable it
+crl_file = \"/etc/pki/CA/crl.pem\"
+
+
+
+#################################################################
+#
+# Authorization controls
+#
+
+
+# Flag to disable verification of client certificates
+#
+# Client certificate verification is the primary authentication mechanism.
+# Any client which does not present a certificate signed by the CA
+# will be rejected.
+#
+# Default is to always verify. Uncommenting this will disable
+# verification - make sure an IP whitelist is set
+tls_no_verify_certificate = 1
+tls_no_sanity_certificate = 1
+
+
+# A whitelist of allowed x509  Distinguished Names
+# This list may contain wildcards such as
+#
+#    \"C=GB,ST=London,L=London,O=Red Hat,CN=*\"
+#
+# See the POSIX fnmatch function for the format of the wildcards.
+#
+# NB If this is an empty list, no client can connect, so comment out
+# entirely rather than using empty list to disable these checks
+#
+# By default, no DN's are checked
+   tls_allowed_dn_list = [\"DN1\", \"DN2\"]
+
+
+# A whitelist of allowed SASL usernames. The format for usernames
+# depends on the SASL authentication mechanism. Kerberos usernames
+# look like username@REALM
+#
+# This list may contain wildcards such as
+#
+#    \"*@EXAMPLE.COM\"
+#
+# See the POSIX fnmatch function for the format of the wildcards.
+#
+# NB If this is an empty list, no client can connect, so comment out
+# entirely rather than using empty list to disable these checks
+#
+# By default, no Username's are checked
+sasl_allowed_username_list = [
+  \"joe@EXAMPLE.COM\",
+  \"fred@EXAMPLE.COM\"
+]
+
+
+#################################################################
+#
+# Processing controls
+#
+
+# The maximum number of concurrent client connections to allow
+# over all sockets combined.
+max_clients = 20
+
+
+# The minimum limit sets the number of workers to start up
+# initially. If the number of active clients exceeds this,
+# then more threads are spawned, upto max_workers limit.
+# Typically you'd want max_workers to equal maximum number
+# of clients allowed
+min_workers = 5
+max_workers = 20
+
+# Total global limit on concurrent RPC calls. Should be
+# at least as large as max_workers. Beyond this, RPC requests
+# will be read into memory and queued. This directly impact
+# memory usage, currently each request requires 256 KB of
+# memory. So by default upto 5 MB of memory is used
+max_requests = 20
+
+# Limit on concurrent requests from a single client
+# connection. To avoid one client monopolizing the server
+# this should be a small fraction of the global max_requests
+# and max_workers parameter
+max_client_requests = 5
+
+# Logging level:
+log_level = 4
+
+# Logging outputs:
+log_outputs=\"4:stderr\"
+
+# Logging filters:
+log_filters=\"a\"
+
+# Auditing:
+audit_level = 2
+"
+
+   test Libvirtd.lns get conf =
+        { "#comment" = "Master libvirt daemon configuration file" }
+        { "#comment" = "" }
+        { "#comment" = "For further information consult http://libvirt.org/format.html" }
+        { "#empty" }
+        { "#empty" }
+        { "#comment" = "################################################################" }
+        { "#comment" = "" }
+        { "#comment" = "Network connectivity controls" }
+        { "#comment" = "" }
+        { "#empty" }
+        { "#comment" = "Flag listening for secure TLS connections on the public TCP/IP port." }
+        { "#comment" = "NB, must pass the --listen flag to the libvirtd process for this to" }
+        { "#comment" = "have any effect." }
+        { "#comment" = "" }
+        { "#comment" = "It is necessary to setup a CA and issue server certificates before" }
+        { "#comment" = "using this capability." }
+        { "#comment" = "" }
+        { "#comment" = "This is enabled by default, uncomment this to disable it" }
+        { "listen_tls" = "0" }
+        { "#empty" }
+        { "#comment" = "Listen for unencrypted TCP connections on the public TCP/IP port." }
+        { "#comment" = "NB, must pass the --listen flag to the libvirtd process for this to" }
+        { "#comment" = "have any effect." }
+        { "#comment" = "" }
+        { "#comment" = "Using the TCP socket requires SASL authentication by default. Only" }
+        { "#comment" = "SASL mechanisms which support data encryption are allowed. This is" }
+        { "#comment" = "DIGEST_MD5 and GSSAPI (Kerberos5)" }
+        { "#comment" = "" }
+        { "#comment" = "This is disabled by default, uncomment this to enable it." }
+        { "listen_tcp" = "1" }
+        { "#empty" }
+        { "#empty" }
+        { "#empty" }
+        { "#comment" = "Override the port for accepting secure TLS connections" }
+        { "#comment" = "This can be a port number, or service name" }
+        { "#comment" = "" }
+        { "tls_port" = "16514" }
+        { "#empty" }
+        { "#comment" = "Override the port for accepting insecure TCP connections" }
+        { "#comment" = "This can be a port number, or service name" }
+        { "#comment" = "" }
+        { "tcp_port" = "16509" }
+        { "#empty" }
+        { "#empty" }
+        { "#comment" = "Override the default configuration which binds to all network" }
+        { "#comment" = "interfaces. This can be a numeric IPv4/6 address, or hostname" }
+        { "#comment" = "" }
+        { "listen_addr" = "192.168.0.1" }
+        { "#empty" }
+        { "#empty" }
+        { "#comment" = "Flag toggling mDNS advertizement of the libvirt service." }
+        { "#comment" = "" }
+        { "#comment" = "Alternatively can disable for all services on a host by" }
+        { "#comment" = "stopping the Avahi daemon" }
+        { "#comment" = "" }
+        { "#comment" = "This is enabled by default, uncomment this to disable it" }
+        { "mdns_adv" = "0" }
+        { "#empty" }
+        { "#comment" = "Override the default mDNS advertizement name. This must be" }
+        { "#comment" = "unique on the immediate broadcast network." }
+        { "#comment" = "" }
+        { "#comment" = "The default is \"Virtualization Host HOSTNAME\", where HOSTNAME" }
+        { "#comment" = "is subsituted for the short hostname of the machine (without domain)" }
+        { "#comment" = "" }
+        { "mdns_name" = "Virtualization Host Joe Demo" }
+        { "#empty" }
+        { "#empty" }
+        { "#comment" = "################################################################" }
+        { "#comment" = "" }
+        { "#comment" = "UNIX socket access controls" }
+        { "#comment" = "" }
+        { "#empty" }
+        { "#comment" = "Set the UNIX domain socket group ownership. This can be used to" }
+        { "#comment" = "allow a 'trusted' set of users access to management capabilities" }
+        { "#comment" = "without becoming root." }
+        { "#comment" = "" }
+        { "#comment" = "This is restricted to 'root' by default." }
+        { "unix_sock_group" = "libvirt" }
+        { "#empty" }
+        { "#comment" = "Set the UNIX socket permissions for the R/O socket. This is used" }
+        { "#comment" = "for monitoring VM status only" }
+        { "#comment" = "" }
+        { "#comment" = "Default allows any user. If setting group ownership may want to" }
+        { "#comment" = "restrict this to:" }
+        { "unix_sock_ro_perms" = "0777" }
+        { "#empty" }
+        { "#comment" = "Set the UNIX socket permissions for the R/W socket. This is used" }
+        { "#comment" = "for full management of VMs" }
+        { "#comment" = "" }
+        { "#comment" = "Default allows only root. If PolicyKit is enabled on the socket," }
+        { "#comment" = "the default will change to allow everyone (eg, 0777)" }
+        { "#comment" = "" }
+        { "#comment" = "If not using PolicyKit and setting group ownership for access" }
+        { "#comment" = "control then you may want to relax this to:" }
+        { "unix_sock_rw_perms" = "0770" }
+        { "#empty" }
+        { "#empty" }
+        { "#empty" }
+        { "#comment" = "################################################################" }
+        { "#comment" = "" }
+        { "#comment" = "Authentication." }
+        { "#comment" = "" }
+        { "#comment" = "- none: do not perform auth checks. If you can connect to the" }
+        { "#comment" = "socket you are allowed. This is suitable if there are" }
+        { "#comment" = "restrictions on connecting to the socket (eg, UNIX" }
+        { "#comment" = "socket permissions), or if there is a lower layer in" }
+        { "#comment" = "the network providing auth (eg, TLS/x509 certificates)" }
+        { "#comment" = "" }
+        { "#comment" = "- sasl: use SASL infrastructure. The actual auth scheme is then" }
+        { "#comment" = "controlled from /etc/sasl2/libvirt.conf. For the TCP" }
+        { "#comment" = "socket only GSSAPI & DIGEST-MD5 mechanisms will be used." }
+        { "#comment" = "For non-TCP or TLS sockets,  any scheme is allowed." }
+        { "#comment" = "" }
+        { "#comment" = "- polkit: use PolicyKit to authenticate. This is only suitable" }
+        { "#comment" = "for use on the UNIX sockets. The default policy will" }
+        { "#comment" = "require a user to supply their own password to gain" }
+        { "#comment" = "full read/write access (aka sudo like), while anyone" }
+        { "#comment" = "is allowed read/only access." }
+        { "#comment" = "" }
+        { "#comment" = "Set an authentication scheme for UNIX read-only sockets" }
+        { "#comment" = "By default socket permissions allow anyone to connect" }
+        { "#comment" = "" }
+        { "#comment" = "To restrict monitoring of domains you may wish to enable" }
+        { "#comment" = "an authentication mechanism here" }
+        { "auth_unix_ro" = "none" }
+        { "#empty" }
+        { "#comment" = "Set an authentication scheme for UNIX read-write sockets" }
+        { "#comment" = "By default socket permissions only allow root. If PolicyKit" }
+        { "#comment" = "support was compiled into libvirt, the default will be to" }
+        { "#comment" = "use 'polkit' auth." }
+        { "#comment" = "" }
+        { "#comment" = "If the unix_sock_rw_perms are changed you may wish to enable" }
+        { "#comment" = "an authentication mechanism here" }
+        { "auth_unix_rw" = "none" }
+        { "#empty" }
+        { "#comment" = "Change the authentication scheme for TCP sockets." }
+        { "#comment" = "" }
+        { "#comment" = "If you don't enable SASL, then all TCP traffic is cleartext." }
+        { "#comment" = "Don't do this outside of a dev/test scenario. For real world" }
+        { "#comment" = "use, always enable SASL and use the GSSAPI or DIGEST-MD5" }
+        { "#comment" = "mechanism in /etc/sasl2/libvirt.conf" }
+        { "auth_tcp" = "sasl" }
+        { "#empty" }
+        { "#comment" = "Change the authentication scheme for TLS sockets." }
+        { "#comment" = "" }
+        { "#comment" = "TLS sockets already have encryption provided by the TLS" }
+        { "#comment" = "layer, and limited authentication is done by certificates" }
+        { "#comment" = "" }
+        { "#comment" = "It is possible to make use of any SASL authentication" }
+        { "#comment" = "mechanism as well, by using 'sasl' for this option" }
+        { "auth_tls" = "none" }
+        { "#empty" }
+        { "#empty" }
+        { "#empty" }
+        { "#comment" = "################################################################" }
+        { "#comment" = "" }
+        { "#comment" = "TLS x509 certificate configuration" }
+        { "#comment" = "" }
+        { "#empty" }
+        { "#empty" }
+        { "#comment" = "Override the default server key file path" }
+        { "#comment" = "" }
+        { "key_file" = "/etc/pki/libvirt/private/serverkey.pem" }
+        { "#empty" }
+        { "#comment" = "Override the default server certificate file path" }
+        { "#comment" = "" }
+        { "cert_file" = "/etc/pki/libvirt/servercert.pem" }
+        { "#empty" }
+        { "#comment" = "Override the default CA certificate path" }
+        { "#comment" = "" }
+        { "ca_file" = "/etc/pki/CA/cacert.pem" }
+        { "#empty" }
+        { "#comment" = "Specify a certificate revocation list." }
+        { "#comment" = "" }
+        { "#comment" = "Defaults to not using a CRL, uncomment to enable it" }
+        { "crl_file" = "/etc/pki/CA/crl.pem" }
+        { "#empty" }
+        { "#empty" }
+        { "#empty" }
+        { "#comment" = "################################################################" }
+        { "#comment" = "" }
+        { "#comment" = "Authorization controls" }
+        { "#comment" = "" }
+        { "#empty" }
+        { "#empty" }
+        { "#comment" = "Flag to disable verification of client certificates" }
+        { "#comment" = "" }
+        { "#comment" = "Client certificate verification is the primary authentication mechanism." }
+        { "#comment" = "Any client which does not present a certificate signed by the CA" }
+        { "#comment" = "will be rejected." }
+        { "#comment" = "" }
+        { "#comment" = "Default is to always verify. Uncommenting this will disable" }
+        { "#comment" = "verification - make sure an IP whitelist is set" }
+        { "tls_no_verify_certificate" = "1" }
+        { "tls_no_sanity_certificate" = "1" }
+        { "#empty" }
+        { "#empty" }
+        { "#comment" = "A whitelist of allowed x509  Distinguished Names" }
+        { "#comment" = "This list may contain wildcards such as" }
+        { "#comment" = "" }
+        { "#comment" = "\"C=GB,ST=London,L=London,O=Red Hat,CN=*\"" }
+        { "#comment" = "" }
+        { "#comment" = "See the POSIX fnmatch function for the format of the wildcards." }
+        { "#comment" = "" }
+        { "#comment" = "NB If this is an empty list, no client can connect, so comment out" }
+        { "#comment" = "entirely rather than using empty list to disable these checks" }
+        { "#comment" = "" }
+        { "#comment" = "By default, no DN's are checked" }
+        { "tls_allowed_dn_list"
+             { "1" = "DN1"}
+             { "2" = "DN2"}
+        }
+        { "#empty" }
+        { "#empty" }
+        { "#comment" = "A whitelist of allowed SASL usernames. The format for usernames" }
+        { "#comment" = "depends on the SASL authentication mechanism. Kerberos usernames" }
+        { "#comment" = "look like username@REALM" }
+        { "#comment" = "" }
+        { "#comment" = "This list may contain wildcards such as" }
+        { "#comment" = "" }
+        { "#comment" = "\"*@EXAMPLE.COM\"" }
+        { "#comment" = "" }
+        { "#comment" = "See the POSIX fnmatch function for the format of the wildcards." }
+        { "#comment" = "" }
+        { "#comment" = "NB If this is an empty list, no client can connect, so comment out" }
+        { "#comment" = "entirely rather than using empty list to disable these checks" }
+        { "#comment" = "" }
+        { "#comment" = "By default, no Username's are checked" }
+        { "sasl_allowed_username_list"
+             { "1" = "joe@EXAMPLE.COM" }
+             { "2" = "fred@EXAMPLE.COM" }
+        }
+        { "#empty" }
+        { "#empty" }
+        { "#comment" = "################################################################"}
+        { "#comment" = ""}
+        { "#comment" = "Processing controls"}
+        { "#comment" = ""}
+        { "#empty" }
+        { "#comment" = "The maximum number of concurrent client connections to allow"}
+        { "#comment" = "over all sockets combined."}
+        { "max_clients" = "20" }
+        { "#empty" }
+        { "#empty" }
+        { "#comment" = "The minimum limit sets the number of workers to start up"}
+        { "#comment" = "initially. If the number of active clients exceeds this,"}
+        { "#comment" = "then more threads are spawned, upto max_workers limit."}
+        { "#comment" = "Typically you'd want max_workers to equal maximum number"}
+        { "#comment" = "of clients allowed"}
+        { "min_workers" = "5" }
+        { "max_workers" = "20" }
+	{ "#empty" }
+        { "#comment" = "Total global limit on concurrent RPC calls. Should be" }
+        { "#comment" = "at least as large as max_workers. Beyond this, RPC requests" }
+        { "#comment" = "will be read into memory and queued. This directly impact" }
+        { "#comment" = "memory usage, currently each request requires 256 KB of" }
+        { "#comment" = "memory. So by default upto 5 MB of memory is used" }
+        { "max_requests" = "20" }
+	{ "#empty" }
+        { "#comment" = "Limit on concurrent requests from a single client" }
+        { "#comment" = "connection. To avoid one client monopolizing the server" }
+        { "#comment" = "this should be a small fraction of the global max_requests" }
+        { "#comment" = "and max_workers parameter" }
+        { "max_client_requests" = "5" }
+	{ "#empty" }
+        { "#comment" = "Logging level:" }
+        { "log_level" = "4" }
+	{ "#empty" }
+        { "#comment" = "Logging outputs:" }
+        { "log_outputs" = "4:stderr" }
+	{ "#empty" }
+        { "#comment" = "Logging filters:" }
+        { "log_filters" = "a" }
+	{ "#empty" }
+        { "#comment" = "Auditing:" }
+        { "audit_level" = "2" }

daemon/test_libvirtd.aug.in

@@ -1,53 +0,0 @@
-module Test_libvirtd =
-   ::CONFIG::
-
-   test Libvirtd.lns get conf =
-        { "listen_tls" = "0" }
-        { "listen_tcp" = "1" }
-        { "tls_port" = "16514" }
-        { "tcp_port" = "16509" }
-        { "listen_addr" = "192.168.0.1" }
-        { "mdns_adv" = "1" }
-        { "mdns_name" = "Virtualization Host Joe Demo" }
-        { "unix_sock_group" = "libvirt" }
-        { "unix_sock_ro_perms" = "0777" }
-        { "unix_sock_rw_perms" = "0770" }
-        { "unix_sock_dir" = "/var/run/libvirt" }
-        { "auth_unix_ro" = "none" }
-        { "auth_unix_rw" = "none" }
-        { "auth_tcp" = "sasl" }
-        { "auth_tls" = "none" }
-        { "access_drivers"
-             { "1" = "polkit" }
-        }
-        { "key_file" = "/etc/pki/libvirt/private/serverkey.pem" }
-        { "cert_file" = "/etc/pki/libvirt/servercert.pem" }
-        { "ca_file" = "/etc/pki/CA/cacert.pem" }
-        { "crl_file" = "/etc/pki/CA/crl.pem" }
-        { "tls_no_sanity_certificate" = "1" }
-        { "tls_no_verify_certificate" = "1" }
-        { "tls_allowed_dn_list"
-             { "1" = "DN1"}
-             { "2" = "DN2"}
-        }
-        { "sasl_allowed_username_list"
-             { "1" = "joe@EXAMPLE.COM" }
-             { "2" = "fred@EXAMPLE.COM" }
-        }
-        { "max_clients" = "20" }
-        { "max_queued_clients" = "1000" }
-        { "min_workers" = "5" }
-        { "max_workers" = "20" }
-        { "prio_workers" = "5" }
-        { "max_requests" = "20" }
-        { "max_client_requests" = "5" }
-        { "log_level" = "3" }
-        { "log_filters" = "3:remote 4:event" }
-        { "log_outputs" = "3:syslog:libvirtd" }
-        { "log_buffer_size" = "64" }
-        { "audit_level" = "2" }
-        { "audit_logging" = "1" }
-        { "host_uuid" = "00000000-0000-0000-0000-000000000000" }
-        { "keepalive_interval" = "5" }
-        { "keepalive_count" = "5" }
-        { "keepalive_required" = "1" }

docs/.gitignore

@@ -0,0 +1,8 @@
+Makefile
+Makefile.in
+.memdump
+apibuild.pyc
+*.html
+libvirt-api.xml
+libvirt-refs.xml
+todo.html.in

docs/404.html.in

@@ -1,24 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>404 page not found</h1>
-
-    <p>
-      Someone appears to have eaten the <del>penguin</del>
-      page you were looking for. You might want to try
-    </p>
-    <ul>
-      <li>going back to the <a href="http://libvirt.org/">home page</a> to find
-        a collection of links to interesting pages on this site</li>
-      <li>using the search box at the top right corner of the screen to
-        locate the content on this site or mailing list archives</li>
-    </ul>
-
-    <p class="image">
-      <img src="/libvirtLogo404.png" alt="libvirt Logo"/>
-    </p>
-
-
-  </body>
-</html>

docs/Makefile.am

@@ -1,20 +1,7 @@
 ## Process this file with automake to produce Makefile.in
 
-## Copyright (C) 2005-2013 Red Hat, Inc.
-##
-## This library is free software; you can redistribute it and/or
-## modify it under the terms of the GNU Lesser General Public
-## License as published by the Free Software Foundation; either
-## version 2.1 of the License, or (at your option) any later version.
-##
-## This library is distributed in the hope that it will be useful,
-## but WITHOUT ANY WARRANTY; without even the implied warranty of
-## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-## Lesser General Public License for more details.
-##
-## You should have received a copy of the GNU Lesser General Public
-## License along with this library.  If not, see
-## <http://www.gnu.org/licenses/>.
+## Copyright (C) 2005-2012 Red Hat, Inc.
+## See COPYING.LIB for the License of this software
 
 SUBDIRS= schemas
 
@@ -25,6 +12,8 @@ DOC_SOURCE_DIR=../src
 
 DEVHELP_DIR=$(datadir)/gtk-doc/html/libvirt
 
+BUILT_SOURCES=hvsupport.html.in
+
 apihtml =			\
   html/index.html		\
   html/libvirt-libvirt.html	\
@@ -71,37 +60,16 @@ png = \
   libvirt-driver-arch.png \
   libvirt-object-model.png \
   madeWith.png \
-  et.png \
-  migration-managed-direct.png \
-  migration-managed-p2p.png \
-  migration-native.png \
-  migration-tunnel.png \
-  migration-unmanaged-direct.png
+  et.png
 
 gif = \
   architecture.gif \
   node.gif
 
-
-internals_html_in = \
-  $(patsubst $(srcdir)/%,%,$(wildcard $(srcdir)/internals/*.html.in))
-internals_html = $(internals_html_in:%.html.in=%.html)
-
-# todo.html is special - it is shipped in the tarball, but we
-# have a dedicated 'todo' target to rebuild it from a proper
-# config file, all other users are able to build it locally.
-# For all other files, since we ship pre-built html in the
-# tarball, we must also ship the sources, even when those
-# sources are themselves generated.
-dot_html_in = $(notdir $(wildcard $(srcdir)/*.html.in)) \
-  todo.html.in \
-  hvsupport.html.in
+dot_html_in = $(notdir $(wildcard $(srcdir)/*.html.in)) todo.html.in hvsupport.html.in \
+      $(patsubst $(srcdir)/%,%,$(wildcard $(srcdir)/internals/*.html.in))
 dot_html = $(dot_html_in:%.html.in=%.html)
 
-dot_php_in = $(notdir $(wildcard $(srcdir)/*.php.in))
-dot_php_code_in = $(dot_php_in:%.php.in=%.php.code.in)
-dot_php = $(dot_php_in:%.php.in=%.php)
-
 patches = $(patsubst $(srcdir)/%,%,$(wildcard $(srcdir)/api_extension/*.patch))
 
 xml = \
@@ -112,59 +80,38 @@ qemu_xml = \
   libvirt-qemu-api.xml \
   libvirt-qemu-refs.xml
 
-lxc_xml = \
-  libvirt-lxc-api.xml \
-  libvirt-lxc-refs.xml
-
 apidir = $(pkgdatadir)/api
-api_DATA = libvirt-api.xml libvirt-qemu-api.xml libvirt-lxc-api.xml
+api_DATA = libvirt-api.xml libvirt-qemu-api.xml
 
 fig = \
   libvirt-net-logical.fig \
   libvirt-net-physical.fig \
   libvirt-daemon-arch.fig \
   libvirt-driver-arch.fig \
-  libvirt-object-model.fig \
-  migration-managed-direct.fig \
-  migration-managed-p2p.fig \
-  migration-native.fig \
-  migration-tunnel.fig \
-  migration-unmanaged-direct.fig
+  libvirt-object-model.fig
 
 EXTRA_DIST=					\
-  apibuild.py genaclperms.pl \
+  apibuild.py \
   site.xsl newapi.xsl news.xsl page.xsl \
   hacking1.xsl hacking2.xsl wrapstring.xsl \
   $(dot_html) $(dot_html_in) $(gif) $(apihtml) $(apipng) \
   $(devhelphtml) $(devhelppng) $(devhelpcss) $(devhelpxsl) \
-  $(xml) $(qemu_xml) $(lxc_xml) $(fig) $(png) $(css) \
-  $(patches) $(dot_php_in) $(dot_php_code_in) $(dot_php)\
-  $(internals_html_in) $(internals_html) \
-  sitemap.html.in aclperms.htmlinc \
+  $(xml) $(qemu_xml) $(fig) $(png) $(css) \
+  $(patches) \
+  sitemap.html.in \
   todo.pl hvsupport.pl todo.cfg-example
 
-acl.html:: $(srcdir)/aclperms.htmlinc
-
-$(srcdir)/aclperms.htmlinc: $(top_srcdir)/src/access/viraccessperm.h \
-        $(srcdir)/genaclperms.pl Makefile.am
-	$(AM_V_GEN)$(PERL) $(srcdir)/genaclperms.pl $< > $@
-
 MAINTAINERCLEANFILES = \
   $(addprefix $(srcdir)/,$(dot_html)) \
   $(addprefix $(srcdir)/,$(apihtml)) \
-  $(addprefix $(srcdir)/,$(devhelphtml)) \
-  $(addprefix $(srcdir)/,$(internals_html)) \
-  $(addprefix $(srcdir)/,$(dot_php)) \
-  $(srcdir)/hvsupport.html.in $(srcdir)/aclperms.htmlinc
+  $(addprefix $(srcdir)/,$(devhelphtml))
 
 all-am: web
 
 api: $(srcdir)/libvirt-api.xml $(srcdir)/libvirt-refs.xml
 qemu_api: $(srcdir)/libvirt-qemu-api.xml $(srcdir)/libvirt-qemu-refs.xml
-lxc_api: $(srcdir)/libvirt-lxc-api.xml $(srcdir)/libvirt-lxc-refs.xml
 
-web: $(dot_html) $(internals_html) html/index.html devhelp/index.html \
-  $(dot_php)
+web: $(dot_html) html/index.html devhelp/index.html
 
 todo.html.in: todo.pl
 	if [ -f  todo.cfg ]; then \
@@ -173,25 +120,16 @@ todo.html.in: todo.pl
 		|| { rm $@ && exit 1; }; \
 	else \
 		echo "Stubbing $@"; \
-		printf "%s\n" \
-		  "<html xmlns=\"http://www.w3.org/1999/xhtml\">" \
-		  "<body>" \
-		  "<h1>Todo list unavailable: no config file</h1>" \
-		  "</body></html>" > $@ ; \
+		echo "<html><body><h1>Todo list</h1></body></html>" > $@ ; \
 	fi
 
 todo:
 	rm -f todo.html.in
 	$(MAKE) todo.html
 
-hvsupport.html:: $(srcdir)/hvsupport.html.in
-
-$(srcdir)/hvsupport.html.in: $(srcdir)/hvsupport.pl \
-		$(srcdir)/../src/libvirt_public.syms \
-	$(srcdir)/../src/libvirt_qemu.syms $(srcdir)/../src/libvirt_lxc.syms \
-	$(srcdir)/../src/driver.h
-	$(AM_V_GEN)$(PERL) $(srcdir)/hvsupport.pl $(srcdir)/../src > $@ \
-		|| { rm $@ && exit 1; }
+hvsupport.html.in: $(srcdir)/hvsupport.pl $(srcdir)/../src/libvirt_public.syms \
+	 $(srcdir)/../src/libvirt_qemu.syms $(srcdir)/../src/driver.h
+	$(AM_V_GEN)$(PERL) $(srcdir)/hvsupport.pl $(srcdir)/../src > $@ || { rm $@ && exit 1; }
 
 .PHONY: todo
 
@@ -203,7 +141,7 @@ internals/%.html.tmp: internals/%.html.in subsite.xsl page.xsl sitemap.html.in
 	  echo "Generating $@"; \
 	  $(MKDIR_P) internals; \
 	  name=`echo $@ | sed -e 's/.tmp//'`; \
-	  $(XSLTPROC) --stringparam pagename $$name --nonet \
+	  $(XSLTPROC) --stringparam pagename $$name --nonet --html \
 	    $(top_srcdir)/docs/subsite.xsl $< > $@ \
 	    || { rm $@ && exit 1; }; fi
 
@@ -211,7 +149,7 @@ internals/%.html.tmp: internals/%.html.in subsite.xsl page.xsl sitemap.html.in
 	@if [ -x $(XSLTPROC) ] ; then \
 	  echo "Generating $@"; \
 	  name=`echo $@ | sed -e 's/.tmp//'`; \
-	  $(XSLTPROC) --stringparam pagename $$name --nonet \
+	  $(XSLTPROC) --stringparam pagename $$name --nonet --html \
 	    $(top_srcdir)/docs/site.xsl $< > $@ \
 	    || { rm $@ && exit 1; }; fi
 
@@ -225,24 +163,10 @@ internals/%.html.tmp: internals/%.html.in subsite.xsl page.xsl sitemap.html.in
 	  || { rm $(srcdir)/$@ && exit 1; }; \
 	  else echo "missing XHTML1 DTD" ; fi ; fi
 
-%.php.tmp: %.php.in site.xsl page.xsl sitemap.html.in
-	@if [ -x $(XSLTPROC) ] ; then \
-	  echo "Generating $@"; \
-	  $(XSLTPROC) --stringparam pagename $(@:.tmp=) --nonet \
-	    $(top_srcdir)/docs/site.xsl $< > $@ \
-	    || { rm $@ && exit 1; }; fi
-
-%.php: %.php.tmp %.php.code.in
-	@if [ -x $(XSLTPROC) ] ; then \
-	  echo "Scripting $@"; \
-	    sed -e '/<span id="php_placeholder"><\/span>/r '"$(srcdir)/$@.code.in" \
-	    -e /php_placeholder/d < $@.tmp > $(srcdir)/$@ \
-	    || { rm $(srcdir)/$@ && exit 1; }; fi
 
 html/index.html: libvirt-api.xml newapi.xsl page.xsl sitemap.html.in
 	$(AM_V_GEN)if [ -x $(XSLTPROC) ] ; then \
 	  $(XSLTPROC) --nonet -o $(srcdir)/ \
-	  --stringparam builddir '$(abs_top_builddir)' \
 	  $(srcdir)/newapi.xsl $(srcdir)/libvirt-api.xml ; fi && \
 	if test -x $(XMLLINT) && test -x $(XMLCATALOG) ; then \
 	  if $(XMLCATALOG) '$(XML_CATALOG_FILE)' "-//W3C//DTD XHTML 1.0 Strict//EN" \
@@ -259,52 +183,38 @@ $(addprefix $(srcdir)/,$(devhelphtml)): $(srcdir)/libvirt-api.xml $(devhelpxsl)
 
 python_generated_files = \
 		$(srcdir)/html/libvirt-libvirt.html \
-		$(srcdir)/html/libvirt-libvirt-lxc.html \
 		$(srcdir)/html/libvirt-libvirt-qemu.html \
 		$(srcdir)/html/libvirt-virterror.html \
 		$(srcdir)/libvirt-api.xml \
 		$(srcdir)/libvirt-refs.xml \
-		$(srcdir)/libvirt-lxc-api.xml \
-		$(srcdir)/libvirt-lxc-refs.xml \
 		$(srcdir)/libvirt-qemu-api.xml \
-		$(srcdir)/libvirt-qemu-refs.xml \
-		$(NULL)
+		$(srcdir)/libvirt-qemu-refs.xml
 
 APIBUILD=$(srcdir)/apibuild.py
 APIBUILD_STAMP=$(APIBUILD).stamp
-EXTRA_DIST += $(APIBUILD_STAMP)
 
 $(python_generated_files): $(APIBUILD_STAMP)
 
 $(APIBUILD_STAMP): $(srcdir)/apibuild.py \
-		$(srcdir)/../include/libvirt/libvirt.h.in \
-		$(srcdir)/../include/libvirt/libvirt-lxc.h \
-		$(srcdir)/../include/libvirt/libvirt-qemu.h \
-		$(srcdir)/../include/libvirt/virterror.h \
+		$(srcdir)/../include/libvirt/*.h \
 		$(srcdir)/../src/libvirt.c \
-		$(srcdir)/../src/libvirt-lxc.c \
 		$(srcdir)/../src/libvirt-qemu.c \
-		$(srcdir)/../src/util/virerror.c \
-		$(srcdir)/../src/util/virevent.c \
-		$(srcdir)/../src/util/virtypedparam.c
+		$(srcdir)/../src/util/virterror.c
 	$(AM_V_GEN)srcdir=$(srcdir) $(PYTHON) $(APIBUILD)
 	touch $@
 
 
 check-local: all
-dist-local: all
 
 clean-local:
 	rm -f *~ *.bak *.hierarchy *.signals *-unused.txt *.html
 
 maintainer-clean-local: clean-local
-	rm -rf $(srcdir)/libvirt-api.xml $(srcdir)/libvirt-refs.xml \
-		todo.html.in
+	rm -rf $(srcdir)/libvirt-api.xml $(srcdir)/libvirt-refs.xml todo.html.in hvsupport.html.in
 	rm -rf $(srcdir)/libvirt-qemu-api.xml $(srcdir)/libvirt-qemu-refs.xml
-	rm -rf $(srcdir)/libvirt-lxc-api.xml $(srcdir)/libvirt-lxc-refs.xml
 	rm -rf $(APIBUILD_STAMP)
 
-rebuild: api qemu_api lxc_api all
+rebuild: api qemu_api all
 
 install-data-local:
 	$(mkinstalldirs) $(DESTDIR)$(HTML_DIR)
@@ -315,14 +225,10 @@ install-data-local:
 	  $(INSTALL) -m 0644 $(srcdir)/$$h $(DESTDIR)$(HTML_DIR)/html; done
 	for p in $(apipng); do \
 	  $(INSTALL) -m 0644 $(srcdir)/$$p $(DESTDIR)$(HTML_DIR)/html; done
-	$(mkinstalldirs) $(DESTDIR)$(HTML_DIR)/internals
-	for f in $(internals_html); do \
-	  $(INSTALL) -m 0644 $(srcdir)/$$f $(DESTDIR)$(HTML_DIR)/internals; done
 	$(mkinstalldirs) $(DESTDIR)$(DEVHELP_DIR)
 	for file in $(devhelphtml) $(devhelppng) $(devhelpcss); do \
 	    $(INSTALL) -m 0644 $(srcdir)/$${file} $(DESTDIR)$(DEVHELP_DIR) ; \
 	done
-	$(INSTALL_DATA) $(srcdir)/libvirtLogo.png $(DESTDIR)$(pkgdatadir)
 
 uninstall-local:
 	for h in $(apihtml); do rm $(DESTDIR)$(HTML_DIR)/$$h; done

docs/acl.html.in

@@ -1,100 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Client access control</h1>
-    <p>
-      Libvirt's client access control framework allows administrators
-      to setup fine grained permission rules across client users,
-      managed objects and API operations. This allows client connections
-      to be locked down to a minimal set of privileges.
-    </p>
-
-    <ul id="toc"></ul>
-
-    <h2><a name="intro">Access control introduction</a></h2>
-
-    <p>
-      In a default configuration, the libvirtd daemon has three levels
-      of access control. All connections start off in an unauthenticated
-      state, where the only API operations allowed are those required
-      to complete authentication. After successful authentication, a
-      connection either has full, unrestricted access to all libvirt
-      API calls, or is locked down to only "read only" operations,
-      according to what socket a client connection originated on.
-    </p>
-
-    <p>
-      The access control framework allows authenticated connections to
-      have fine grained permission rules to be defined by the administrator.
-      Every API call in libvirt has a set of permissions that will
-      be validated against the object being used. For example, the
-      <code>virDomainSetSchedulerParametersFlags</code> method will
-      check whether the client user has the <code>write</code>
-      permission on the <code>domain</code> object instance passed
-      in as a parameter. Further permissions will also be checked
-      if certain flags are set in the API call. In addition to
-      checks on the object passed in to an API call, some methods
-      will filter their results. For example the <code>virConnectListAllDomains</code>
-      method will check the <code>search_domains</code> on the <code>connect</code>
-      object, but will also filter the returned <code>domain</code>
-      objects to only those on which the client user has the
-      <code>getattr</code> permission.
-    </p>
-
-    <h2><a name="drivers">Access control drivers</a></h2>
-
-    <p>
-      The access control framework is designed as a pluggable
-      system to enable future integration with arbitrary access
-      control technologies. By default, the <code>none</code>
-      driver is used, which does no access control checks at
-      all. At this time, libvirt ships with support for using
-      <a href="http://www.freedesktop.org/wiki/Software/polkit/">polkit</a> as a real access
-      control driver. To learn how to use the polkit access
-      driver consult <a href="aclpolkit.html">the configuration
-      docs</a>.
-    </p>
-
-    <p>
-      The access driver is configured in the <code>libvirtd.conf</code>
-      configuration file, using the <code>access_drivers</code>
-      parameter. This parameter accepts an array of access control
-      driver names. If more than one access driver is requested,
-      then all must succeed in order for access to be granted.
-      To enable 'polkit' as the driver:
-    </p>
-
-    <pre>
-# augtool -s set '/files/etc/libvirt/libvirtd.conf/access_drivers[1]' polkit
-    </pre>
-
-    <p>
-      And to reset back to the default (no-op) driver
-    </p>
-
-
-    <pre>
-# augtool -s rm /files/etc/libvirt/libvirtd.conf/access_drivers
-    </pre>
-
-    <p>
-      <strong>Note:</strong> changes to libvirtd.conf require that
-      the libvirtd daemon be restarted.
-    </p>
-
-    <h2><a name="perms">Objects and permissions</a></h2>
-
-    <p>
-      Libvirt applies access control to all the main object
-      types in its API. Each object type, in turn, has a set
-      of permissions defined. To determine what permissions
-      are checked for specific API call, consult the
-      <a href="html/libvirt-libvirt.html">API reference manual</a>
-      documentation for the API in question.
-    </p>
-
-    <div id="include" filename="aclperms.htmlinc"/>
-
-  </body>
-</html>

docs/aclpolkit.html.in

@@ -1,408 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Polkit access control</h1>
-
-    <p>
-      Libvirt's client <a href="acl.html">access control framework</a> allows
-      administrators to setup fine grained permission rules across client users,
-      managed objects and API operations. This allows client connections
-      to be locked down to a minimal set of privileges. The polkit driver
-      provides a simple implementation of the access control framework.
-    </p>
-
-    <ul id="toc"></ul>
-
-    <h2><a name="intro">Introduction</a></h2>
-
-    <p>
-      A default install of libvirt will typically use
-      <a href="http://www.freedesktop.org/wiki/Software/polkit/">polkit</a>
-      to authenticate the initial user connection to libvirtd. This is a
-      very coarse grained check though, either allowing full read-write
-      access to all APIs, or just read-only access. The polkit access
-      control driver in libvirt builds on this capability to allow for
-      fine grained control over the operations a user may perform on an
-      object.
-    </p>
-
-    <h2><a name="perms">Permission names</a></h2>
-
-    <p>
-      The libvirt <a href="acl.html#perms">object names and permission names</a>
-      are mapped onto polkit action names using the simple pattern:
-    </p>
-
-    <pre>org.libvirt.api.$object.$permission
-</pre>
-
-    <p>
-      The only caveat is that any underscore characters in the
-      object or permission names are converted to hyphens. So,
-      for example, the <code>search_storage_vols</code> permission
-      on the <code>storage_pool</code> object maps to the polkit
-      action:
-    </p>
-    <pre>org.libvirt.api.storage-pool.search-storage-vols
-</pre>
-
-    <p>
-      The default policy for any permission which corresponds to
-      a "read only" operation, is to allow access. All other
-      permissions default to deny access.
-    </p>
-
-    <h2><a name="attrs">Object identity attributes</a></h2>
-
-    <p>
-      To allow polkit authorization rules to be written to match
-      against individual object instances, libvirt provides a number
-      of authorization detail attributes when performing a permission
-      check. The set of attributes varies according to the type
-      of object being checked
-    </p>
-
-    <h3><a name="object_connect">virConnectPtr</a></h3>
-    <table class="acl">
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a name="object_domain">virDomainPtr</a></h3>
-    <table class="acl">
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>domain_name</td>
-          <td>Name of the domain, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>domain_uuid</td>
-          <td>UUID of the domain, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a name="object_interface">virInterfacePtr</a></h3>
-    <table class="acl">
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>interface_name</td>
-          <td>Name of the network interface, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>interface_mac</td>
-          <td>MAC address of the network interface, not unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a name="object_network">virNetworkPtr</a></h3>
-    <table class="acl">
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>network_name</td>
-          <td>Name of the network, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>network_uuid</td>
-          <td>UUID of the network, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a name="object_node_device">virNodeDevicePtr</a></h3>
-    <table class="acl">
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>node_device_name</td>
-          <td>Name of the node device, unique to the local host</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a name="object_nwfilter">virNWFilterPtr</a></h3>
-    <table class="acl">
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>nwfilter_name</td>
-          <td>Name of the network filter, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>nwfilter_uuid</td>
-          <td>UUID of the network filter, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a name="object_secret">virSecretPtr</a></h3>
-    <table class="acl">
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>secret_uuid</td>
-          <td>UUID of the secret, globally unique</td>
-        </tr>
-        <tr>
-          <td>secret_usage_volume</td>
-          <td>Name of the associated volume, if any</td>
-        </tr>
-        <tr>
-          <td>secret_usage_ceph</td>
-          <td>Name of the associated Ceph server, if any</td>
-        </tr>
-        <tr>
-          <td>secret_usage_target</td>
-          <td>Name of the associated iSCSI target, if any</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a name="object_storage_pool">virStoragePoolPtr</a></h3>
-    <table class="acl">
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>pool_name</td>
-          <td>Name of the storage pool, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>pool_uuid</td>
-          <td>UUID of the storage pool, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a name="object_storage_vol">virStorageVolPtr</a></h3>
-    <table class="acl">
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>pool_name</td>
-          <td>Name of the storage pool, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>pool_uuid</td>
-          <td>UUID of the storage pool, globally unique</td>
-        </tr>
-        <tr>
-          <td>vol_name</td>
-          <td>Name of the storage volume, unique to the pool</td>
-        </tr>
-        <tr>
-          <td>vol_key</td>
-          <td>Key of the storage volume, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-
-    <h2><a name="user">User identity attributes</a></h2>
-
-    <p>
-      At this point in time, the only attribute provided by
-      libvirt to identify the user invoking the operation
-      is the PID of the client program. This means that the
-      polkit access control driver is only useful if connections
-      to libvirt are restricted to its UNIX domain socket. If
-      connections are being made to a TCP socket, no identifying
-      information is available and access will be denied.
-      Also note that if the client is connecting via an SSH
-      tunnel, it is the local SSH user that will be identified.
-      In future versions, it is expected that more information
-      about the client user will be provided, including the
-      SASL / Kerberos username and/or x509 distinguished
-      name obtained from the authentication provider in use.
-    </p>
-
-
-    <h2><a name="checks">Writing acces control policies</a></h2>
-
-    <p>
-      If using versions of polkit prior to 0.106 then it is only
-      possible to validate (user, permission) pairs via the <code>.pkla</code>
-      files. Fully validation of the (user, permission, object) triple
-      requires the new JavaScript <code>.rules</code> support that
-      was introduced in version 0.106. The latter is what will be
-      described here.
-    </p>
-
-    <p>
-      Libvirt does not ship any rules files by default. It merely
-      provides a definition of the default behaviour for each
-      action (permission). As noted earlier, permissions which
-      correspond to read-only operations in libvirt will be allowed
-      to all users by default; everything else is denied by default.
-      Defining custom rules requires creation of a file in the
-      <code>/etc/polkit-1/rules.d</code> directory with a name
-      chosen by the administrator (<code>100-libvirt-acl.rules</code>
-      would be a reasonable choice). See the <code>polkit(8)</code>
-      manual page for a description of how to write these files
-      in general. The key idea is to create a file containing
-      something like
-    </p>
-
-    <pre>
-      polkit.addRule(function(action, subject) {
-        ....logic to check 'action' and 'subject'...
-      });
-    </pre>
-
-    <p>
-      In this code snippet above, the <code>action</code> object
-      instance will represent the libvirt permission being checked
-      along with identifying attributes for the object it is being
-      applied to. The <code>subject</code> meanwhile will identify
-      the libvirt client app (with the caveat above about it only
-      dealing with local clients connected via the UNIX socket).
-      On the <code>action</code> object, the permission name is
-      accessible via the <code>id</code> attribute, while the
-      object identifying attributes are exposed via the
-      <code>lookup</code> method.
-    </p>
-
-    <h3><a name="exconnect">Example: restricting ability to connect to drivers</a></h3>
-
-    <p>
-      Consider a local user <code>berrange</code>
-      who has been granted permission to connect to libvirt in
-      full read-write mode. The goal is to only allow them to
-      use the <code>QEMU</code> driver and not the Xen or LXC
-      drivers which are also available in libvirtd.
-      To achieve this we need to write a rule which checks
-      whether the <code>connect_driver</code> attribute
-      is <code>QEMU</code>, and match on an action
-      name of <code>org.libvirt.api.connect.getattr</code>. Using
-      the javascript rules format, this ends up written as
-    </p>
-
-    <pre>
-polkit.addRule(function(action, subject) {
-    if (action.id == "org.libvirt.api.connect.getattr" &amp;&amp;
-        subject.user == "berrange") {
-          if (action.lookup("connect_driver") == 'QEMU') {
-            return polkit.Result.YES;
-          } else {
-            return polkit.Result.NO;
-          }
-    }
-});
-    </pre>
-
-    <h3><a name="exdomain">Example: restricting access to a single domain</a></h3>
-
-    <p>
-      Consider a local user <code>berrange</code>
-      who has been granted permission to connect to libvirt in
-      full read-write mode. The goal is to only allow them to
-      see the domain called <code>demo</code> on the LXC driver.
-      To achieve this we need to write a rule which checks
-      whether the <code>connect_driver</code> attribute
-      is <code>LXC</code> and the <code>domain_name</code>
-      attribute is <code>demo</code>, and match on a action
-      name of <code>org.libvirt.api.domain.getattr</code>. Using
-      the javascript rules format, this ends up written as
-    </p>
-
-    <pre>
-polkit.addRule(function(action, subject) {
-    if (action.id == "org.libvirt.api.domain.getattr" &amp;&amp;
-        subject.user == "berrange") {
-          if (action.lookup("connect_driver") == 'LXC' &amp;&amp;
-              action.lookup("domain_name") == 'demo') {
-            return polkit.Result.YES;
-          } else {
-            return polkit.Result.NO;
-          }
-    }
-});
-    </pre>
-  </body>
-</html>

docs/api.html.in

@@ -1,6 +1,5 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<?xml version="1.0"?>
+<html>
   <body>
     <h1>The libvirt API concepts</h1>
 
@@ -9,28 +8,26 @@
 
     <ul id="toc"></ul>
 
-    <h2><a name="Objects">Objects Exposed</a></h2>
-    <p> As defined in the <a href="goals.html">goals section</a>, the libvirt
-    API is designed to expose all the resources needed to manage the
-    virtualization support of recent operating systems. The first object
-    manipulated through the API is the <code>virConnectPtr</code>, which
-    represents the connection to a hypervisor. Any application using libvirt
-    is likely to start using the
+    <h2><a name="Objects">Objects exposed</a></h2>
+    <p> As defined in the <a href="goals.html">goals section</a>, libvirt
+    API need to expose all the resources needed to manage the virtualization
+    support of recent operating systems. The first object manipulated though
+    the API is <code>virConnectPtr</code> which represent a connection to
+    an hypervisor. Any application using libvirt is likely to start using the
     API by calling one of <a href="html/libvirt-libvirt.html#virConnectOpen"
     >the virConnectOpen functions</a>. You will note that those functions take
-    a name argument which is actually a <a href="uri.html">connection URI</a>
-    to select the right hypervisor to open.
-    A URI is needed to allow remote connections and also select between
-    different possible hypervisors. For example, on a Linux system it may be
-    possible to use both KVM and LinuxContainers on the same node. A NULL
-    name will default to a preselected hypervisor, but it's probably not a
+    a name argument which is actually an URI to select the right hypervisor to
+    open, this is needed to allow remote connections and also select between
+    different possible hypervisors (for example on a Linux system it may be
+    possible to use both KVM and LinuxContainers on the same node). A NULL
+    name will default to a preselected hypervisor but it's probably not a
     wise thing to do in most cases. See the <a href="uri.html">connection
     URI</a> page for a full descriptions of the values allowed.</p>
-    <p> Once the application obtains a <code class='docref'>virConnectPtr</code>
-    connection to the hypervisor it can then use it to manage the hypervisor's
-    available domains and related virtualization
-    resources, such as storage and networking. All those are
-    exposed as first class objects and connected to the hypervisor connection
+    <p> Once the application obtained a <code class='docref'>virConnectPtr</code>
+    connection to the
+    hypervisor it can then use it to manage domains and related resources
+    available for virtualization like storage and networking. All those are
+    exposed as first class objects, and connected to the hypervisor connection
     (and the node or cluster where it is available).</p>
     <p class="image">
       <img alt="first class objects exposed by the API"
@@ -38,201 +35,92 @@
     </p>
     <p> The figure above shows the five main objects exported by the API:</p>
     <ul>
-      <li><code class='docref'>virConnectPtr</code>
-      <p>Represents the connection to a hypervisor. Use one of the
-      <a href="html/libvirt-libvirt.html#virConnectOpen">virConnectOpen</a>
-      functions to obtain connection to the hypervisor which is then used
-      as a parameter to other connection API's.</p></li>
-      <li><code class='docref'>virDomainPtr</code>
-      <p>Represents one domain either active or defined (i.e. existing as
-      permanent config file and storage but not currently running on that
-      node). The function <code class='docref'>virConnectListAllDomains</code>
-      lists all the domains for the hypervisor.</p></li>
-      <li><code class='docref'>virNetworkPtr</code>
-      <p>Represents one network either active or defined (i.e. existing
-      as permanent config file and storage but not currently activated).
-      The function <code class='docref'>virConnectListAllNetworks</code>
-      lists all the virtualization networks for the hypervisor.</p></li>
-      <li><code class='docref'>virStorageVolPtr</code>
-      <p>Represents one storage volume generally used
+      <li>virConnectPtr: represent a connection to an hypervisor.</li>
+      <li>virDomainPtr: represent one domain either active or defined (i.e.
+      existing as permanent config file and storage but not currently running
+      on that node). The function <code class='docref'>virConnectListDomains</code>
+      allows to list all the IDs for the domains active on this hypervisor.</li>
+      <li>virNetworkPtr: represent one network either active or defined (i.e.
+      existing as permanent config file and storage but not currently activated.
+      The function <code class='docref'>virConnectListNetworks</code>
+      allows to list all the virtualization networks actived on this node.</li>
+      <li>virStorageVolPtr: represent one storage volume, usually this is used
       as a block device available to one of the domains. The function
-      <code class="docref">virStorageVolLookupByPath</code> finds
-      the storage volume object based on its path on the node.</p></li>
-      <li><code class='docref'>virStoragePoolPtr</code>
-      <p>Represents a storage pool, which is a logical area
-      used to allocate and store storage volumes. The function
-      <code class='docref'>virConnectListAllStoragePools</code> lists
-      all of the virtualization storage pools on the hypervisor. The function
-      <code class="docref">virStoragePoolLookupByVolume</code> finds
-      the storage pool containing a given storage volume.</p></li>
+      <code class="docref">virStorageVolLookupByPath</code> allows to find
+      the object based on its path on the node.</li>
+      <li>virStoragePoolPtr: represent a storage pool, i.e. a logical area
+      which can be used to allocate and store storage volumes. The function
+      <code class="docref">virStoragePoolLookupByVolume</code> allows to find
+      the storage pool containing a given storage volume.</li>
     </ul>
-    <p> Most objects manipulated by the library can also be represented using
+    <p> Most object manipulated by the library can also be represented using
       XML descriptions. This is used primarily to create those object, but is
       also helpful to modify or save their description back.</p>
-    <p> Domains, networks, and storage pools can be either <code>active</code>
+    <p> Domains, network and storage pools can be either <code>active</code>
       i.e. either running or available for immediate use, or
       <code>defined</code> in which case they are inactive but there is
       a permanent definition available in the system for them. Based on this
-      they can be activated dynamically in order to be used.</p>
-    <p> Most objects can also be named in various ways:</p>
+      thay can be activated dynamically in order to be used.</p>
+    <p> Most kind of object can also be named in various ways:</p>
     <ul>
-      <li><code>name</code>
-      <p>A user friendly identifier but whose uniqueness
-      cannot be guaranteed between two nodes.</p></li>
-      <li><code>ID</code>
-      <p>A runtime unique identifier
-      provided by the hypervisor for one given activation of the object;
-      however, it becomes invalid once the resource is deactivated.</p></li >
-      <li><code>UUID</code>
-      <p> A 16 byte unique identifier
+      <li>by their <code>name</code>, an user friendly identifier but
+      whose unicity cannot be garanteed between two nodes.</li>
+      <li>by their <code>ID</code>, which is a runtime unique identifier
+      provided by the hypervisor for one given activation of the object,
+      but it becomes invalid once the resource is deactivated.</li >
+      <li>by their <code>UUID</code>, a 16 bytes unique identifier
       as defined in <a href="http://www.ietf.org/rfc/rfc4122.txt">RFC 4122</a>,
-      which is guaranteed to be unique for long term usage and across a
-      set of nodes.</p></li>
+      which is garanteed to be unique for long term usage and across a
+      set of nodes.</li>
     </ul>
 
-    <h2><a name="Functions">Functions and Naming Conventions</a></h2>
+    <h2><a name="Functions">Functions and naming
+      conventions</a></h2>
     <p> The naming of the functions present in the library is usually
-      composed by a prefix describing the object associated to the function
+      made of a prefix describing the object associated to the function
       and a verb describing the action on that object.</p>
-    <p> For each first class object you will find APIs
+    <p> For each first class object you will find apis
       for the following actions:</p>
     <ul>
-      <li><b>Lookup</b> [...LookupBy...]
-      <p>Used to perform lookups on objects by some type of identifier,
-      such as:</p>
-          <ul>
-            <li><code class='docref'>virDomainLookupByID</code></li>
-            <li><code class='docref'>virDomainLookupByName</code></li>
-            <li><code class='docref'>virDomainLookupByUUID</code></li>
-            <li><code class='docref'>virDomainLookupByUUIDString</code></li>
-          </ul>
-      </li>
-      <li><b>Enumeration</b> [virConnectList..., virConnectNumOf...]
-      <p>Used to enumerate a set of object available to an given
-      hypervisor connection such as:</p>
-          <ul>
-            <li><code class='docref'>virConnectListDomains</code></li>
-            <li><code class='docref'>virConnectNumOfDomains</code></li>
-            <li><code class='docref'>virConnectListNetworks</code></li>
-            <li><code class='docref'>virConnectListStoragePools</code></li>
-          </ul>
-      </li>
-      <li><b>Description</b> [...GetInfo]
-      <p>Generic accessor providing a set of generic information about an
-      object, such as: </p>
-        <ul>
-          <li><code class='docref'>virNodeGetInfo</code></li>
-          <li><code class='docref'>virDomainGetInfo</code></li>
-          <li><code class='docref'>virStoragePoolGetInfo</code></li>
-          <li><code class='docref'>virStorageVolGetInfo</code></li>
-        </ul>
-      </li>
-      <li><b>Accessors</b> [...Get..., ...Set...]
-      <p>Specific accessors used to query or modify data for the given object,
-      such as: </p>
-        <ul>
-          <li><code class='docref'>virConnectGetType</code></li>
-          <li><code class='docref'>virDomainGetMaxMemory</code></li>
-          <li><code class='docref'>virDomainSetMemory</code></li>
-          <li><code class='docref'>virDomainGetVcpus</code></li>
-          <li><code class='docref'>virStoragePoolSetAutostart</code></li>
-          <li><code class='docref'>virNetworkGetBridgeName</code></li>
-        </ul>
-      </li>
-      <li><b>Creation</b> [...Create, ...CreateXML]
-      <p>Used to create and start objects.  The ...CreateXML APIs will create
-      the object based on an XML description, while the ...Create APIs will
-      create the object based on existing object pointer, such as: </p>
-        <ul>
-          <li><code class='docref'>virDomainCreate</code></li>
-          <li><code class='docref'>virDomainCreateXML</code></li>
-          <li><code class='docref'>virNetworkCreate</code></li>
-          <li><code class='docref'>virNetworkCreateXML</code></li>
-        </ul>
-      </li>
-      <li><b>Destruction</b> [...Destroy]
-      <p>Used to shutdown or deactivate and destroy objects, such as: </p>
-        <ul>
-          <li><code class='docref'>virDomainDestroy</code></li>
-          <li><code class='docref'>virNetworkDestroy</code></li>
-          <li><code class='docref'>virStoragePoolDestroy</code></li>
-        </ul>
-      </li>
+      <li><b>Lookup</b>:...LookupByName,</li>
+      <li><b>Enumeration</b>:virConnectList... and virConnectNumOf...:
+        those are used to enumerate a set of object available to an given
+        hypervisor connection like:
+        <code class='docref'>virConnectListDomains</code>,
+        <code class='docref'>virConnectNumOfDomains</code>,
+        <code class='docref'>virConnectListNetworks</code>,
+        <code class='docref'>virConnectListStoragePools</code>, etc.</li>
+      <li><b>Description</b>: ...GetInfo: those are generic accessor providing
+        a set of informations about an object, they are
+        <code class='docref'>virNodeGetInfo</code>,
+        <code class='docref'>virDomainGetInfo</code>,
+        <code class='docref'>virStoragePoolGetInfo</code>,
+        <code class='docref'>virStorageVolGetInfo</code>.</li>
+      <li><b>Accessors</b>: ...Get... and ...Set...: those are more specific
+        accessors to query or modify the given object, like
+        <code class='docref'>virConnectGetType</code>,
+        <code class='docref'>virDomainGetMaxMemory</code>,
+        <code class='docref'>virDomainSetMemory</code>,
+        <code class='docref'>virDomainGetVcpus</code>,
+        <code class='docref'>virStoragePoolSetAutostart</code>,
+        <code class='docref'>virNetworkGetBridgeName</code>, etc.</li>
+      <li><b>Creation</b>: </li>
+      <li><b>Destruction</b>: ... </li>
     </ul>
     <p> For more in-depth details of the storage related APIs see
       <a href="storage.html">the storage management page</a>.
     </p>
-    <h2><a name="Drivers">The libvirt Drivers</a></h2>
-    <p>Drivers are the basic building block for libvirt functionality
-    to support the capability to handle specific hypervisor driver calls.
-    Drivers are discovered and registered during connection processing as
-    part of the <code class='docref'>virInitialize</code> API. Each driver
-    has a registration API which loads up the driver specific function
-    references for the libvirt APIs to call. The following is a simplistic
-    view of the hypervisor driver mechanism. Consider the stacked list of
-    drivers as a series of modules that can be plugged into the architecture
-    depending on how libvirt is configured to be built.</p>
+    <h2><a name="Driver">The libvirt drivers</a></h2>
+    <p></p>
     <p class="image">
       <img alt="The libvirt driver architecture"
            src="libvirt-driver-arch.png"/>
     </p>
-    <p>The driver architecture is also used to support other virtualization
-    components such as storage, storage pools, host device, networking,
-    network interfaces, and network filters.</p>
-    <p>See the <a href="drivers.html">libvirt drivers</a> page for more
-    information on hypervisor and storage specific drivers.</p>
-    <p>Not all drivers support every virtualization function possible.
-    The <a href="hvsupport.html">libvirt API support matrix</a> lists
-    the various functions and support found in each driver by the version
-    support was added into libvirt.
-    </p>
-    <h2><a name="Remote">Daemon and Remote Access</a></h2>
-    <p>Access to libvirt drivers is primarily handled by the libvirtd
-    daemon through the <a href="remote.html">remote</a> driver via an
-    <a href="internals/rpc.html">RPC</a>. Some hypervisors do support
-    client-side connections and responses, such as Test, OpenVZ, VMware,
-    Power VM (phyp), VirtualBox (vbox), ESX, Hyper-V, Xen, and Parallels.
-    The libvirtd daemon service is started on the host at system boot
-    time and can also be restarted at any time by a properly privileged
-    user, such as root. The libvirtd daemon uses the same libvirt API
-    <code class='docref'>virInitialize</code> sequence as applications
-    for client-side driver registrations, but then extends the registered
-    driver list to encompass all known drivers supported for all driver
-    types supported on the host. </p>
-    <p>The libvirt client <a href="apps.html">applications</a> use a
-    <a href="uri.html">URI</a> to obtain the <code>virConnectPtr</code>.
-    The <code>virConnectPtr</code> keeps track of the driver connection
-    plus a variety of other connections (network, interface, storage, etc.).
-    The <code>virConnectPtr</code> is then used as a parameter to other
-    virtualization <a href="#Functions">functions</a>. Depending upon the
-    driver being used, calls will be routed through the remote driver to
-    the libvirtd daemon. The daemon will reference the connection specific
-    driver in order to retreive the requested information and then pass
-    back status and/or data through the connection back to the application.
-    The application can then decide what to do with that data, such as
-    display, write log data, etc. <a href="migration.html">Migration</a>
-    is an example of many facets of the architecture in use.</p>
-
+    <h2><a name="Remote">Daemon and remote access</a></h2>
+    <p></p>
     <p class="image">
       <img alt="The libvirt daemon and remote architecture"
            src="libvirt-daemon-arch.png"/>
     </p>
-    <p>
-    The key takeaway from the above diagram is that there is a remote driver
-    which handles transactions for a majority of the drivers. The libvirtd
-    daemon running on the host will receive transaction requests from the
-    remote driver and will then query the hypervisor driver as specified in
-    the <code>virConnectPtr</code> in order to fetch the data. The data will
-    then be returned through the remote driver to the client application
-    for processing.
-    </p>
-    <p>If you are interested in contributing to libvirt, read the
-    <a href="http://wiki.libvirt.org/page/FAQ">FAQ</a> and
-    <a href="hacking.html">hacking</a> guidelines to gain an understanding
-    of basic rules and guidelines.  In order to add new API functionality
-    follow the instructions regarding
-    <a href="api_extension.html">implementing a new API in libvirt</a>.
-    </p>
-
   </body>
 </html>

docs/api_extension.html.in

@@ -1,6 +1,8 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
+  <head>
+    <title>Implementing a new API in Libvirt</title>
+  </head>
+
   <body>
     <h1>Implementing a new API in Libvirt</h1>
 

docs/api_extension/0013-improve-getting-xen-vcpu-counts.patch

@@ -100,7 +100,7 @@ index dfc6415..3642296 100644
 +    /* If xendConfigVersion is 2, then we can only report _LIVE (and
 +     * xm_internal reports _CONFIG).  If it is 3, then _LIVE and
 +     * _CONFIG are always in sync for a running system.  */
-+    if (domain->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
++    if (domain->id < 0 && priv->xendConfigVersion < 3)
 +        return -2;
 +    if (domain->id < 0 && (flags & VIR_DOMAIN_VCPU_LIVE)) {
 +        virXendError(VIR_ERR_OPERATION_INVALID, "%s",

docs/api_extension/0014-improve-setting-xen-vcpu-counts.patch

@@ -110,7 +110,7 @@ index fe2ff86..66e8518 100644
 +     * depends on xendConfigVersion.  */
 +    if (dom) {
 +        priv = dom->conn->privateData;
-+        if (priv->xendConfigVersion >= XEND_CONFIG_VERSION_3_0_4)
++        if (priv->xendConfigVersion >= 3)
 +            flags |= VIR_DOMAIN_VCPU_CONFIG;
 +    }
 +    return xenUnifiedDomainSetVcpusFlags(dom, nvcpus, flags);
@@ -163,14 +163,14 @@ index 3642296..55c2cc4 100644
 +
 +    priv = (xenUnifiedPrivatePtr) domain->conn->privateData;
 +
-+    if ((domain->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ||
++    if ((domain->id < 0 && priv->xendConfigVersion < 3) ||
 +        (flags & VIR_DOMAIN_VCPU_MAXIMUM))
 +        return -2;
 +
 +    /* With xendConfigVersion 2, only _LIVE is supported.  With
 +     * xendConfigVersion 3, only _LIVE|_CONFIG is supported for
 +     * running domains, or _CONFIG for inactive domains.  */
-+    if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) {
++    if (priv->xendConfigVersion < 3) {
 +        if (flags & VIR_DOMAIN_VCPU_CONFIG) {
 +            virXendError(VIR_ERR_OPERATION_INVALID, "%s",
 +                         _("Xend version does not support modifying "

docs/api_extension/0015-remove-dead-xen-code.patch

@@ -122,7 +122,7 @@ index 55c2cc4..b90c331 100644
 -
 -    priv = (xenUnifiedPrivatePtr) domain->conn->privateData;
 -
--    if (domain->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
+-    if (domain->id < 0 && priv->xendConfigVersion < 3)
 -        return(-1);
 -
 -    snprintf(buf, sizeof(buf), "%d", vcpus);

docs/apps.html.in

@@ -1,6 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
   <body>
     <h1>Applications using <strong>libvirt</strong></h1>
 
@@ -190,7 +188,7 @@
         A general purpose desktop management tool, able to manage
         virtual machines across both local and remotely accessed
         hypervisors. It is targeted at home and small office usage
-        up to managing 10-20 hosts and their VMs.
+        upto managing 10-20 hosts and their VMs.
       </dd>
       <dt><a href="http://virt-manager.org/">virt-viewer</a></dt>
       <dd>
@@ -204,13 +202,6 @@
     <h2><a name="iaas">Infrastructure as a Service (IaaS)</a></h2>
 
     <dl>
-      <dt><a href="http://cc1.ifj.edu.pl">Cracow Cloud One</a></dt>
-      <dd>The CC1 system provides a complete solution for Private
-        Cloud Computing. An intuitive web access interface with an
-        administration module and simple installation procedure make
-        it easy to benefit from private Cloud Computing technology.
-      </dd>
-
       <dt><a href="http://www.emotivecloud.net">EMOTIVE Cloud</a></dt>
       <dd>The EMOTIVE (Elastic Management Of Tasks In Virtualized
         Environments) middleware allows executing tasks and providing
@@ -221,14 +212,6 @@
         modular Web Services architecture.
       </dd>
 
-      <dt><a href="http://www.eucalyptus.com">Eucalyptus</a></dt>
-      <dd>
-        Eucalyptus is an on-premise Infrastructure as a Service cloud
-        software platform that is open source and
-        AWS-compatible. Eucalyptus uses libivrt virtualization API to
-        directly interact with Xen and KVM hypervisors.
-      </dd>
-
       <dt><a href="http://www.nimbusproject.org">Nimbus</a></dt>
       <dd>
         Nimbus is an open-source toolkit focused on providing
@@ -236,23 +219,6 @@
         community.  It uses libvirt for communication with all KVM and Xen
         virtual machines.
       </dd>
-
-      <dt><a href="http://snooze.inria.fr">Snooze</a></dt>
-      <dd>
-        Snooze is an open-source scalable, autonomic, and energy-efficient
-        virtual machine (VM) management framework for private clouds. It
-        integrates libvirt for VM monitoring, live migration, and life-cycle
-        management.
-      </dd>
-
-      <dt><a href="http://www.openstack.org">OpenStack</a></dt>
-      <dd>
-        OpenStack is a "cloud operating system" usable for both public
-        and private clouds.  Its various parts take care of compute,
-        storage and networking resources and interface with the user
-        using a dashboard.  Compute part uses libvirt to manage VM
-        life-cycle, monitoring and so on.
-      </dd>
     </dl>
 
     <h2><a name="libraries">Libraries</a></h2>
@@ -358,7 +324,6 @@
           <li>Shows you Systems Inventory (based on Facter) and
           provides real time information about hosts status based on
           Puppet reports.</li>
-      </ul>
       </dd>
     </dl>
 
@@ -383,16 +348,5 @@
       </dd>
     </dl>
 
-    <h2><a name="mobile">Mobile applications</a></h2>
-
-    <dl>
-      <dt><a href="https://market.android.com/details?id=vm.manager">VM Manager</a></dt>
-      <dd>
-        VM Manager is VM (libvirt) manager (over SSH) application. VM Manager
-        is an application for libvirt VM / Domain management over SSH.
-        Please keep in mind that this software is under heavy development.
-      </dd>
-    </dl>
-
   </body>
 </html>

docs/archdomain.html.in

@@ -1,6 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
   <body>
     <h1>Domain management architecture</h1>
   </body>

docs/architecture.fig

@@ -2,7 +2,7 @@
 Landscape
 Center
 Inches
-Letter
+Letter  
 100.00
 Single
 -2

docs/architecture.html.in

@@ -1,6 +1,5 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<?xml version="1.0"?>
+<html>
   <body>
     <h1 >libvirt architecture</h1>
 

docs/archnetwork.html.in

@@ -1,6 +1,5 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<?xml version="1.0"?>
+<html>
   <body>
     <h1>Network management architecture</h1>
 

docs/archnode.html.in

@@ -1,6 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
   <body>
     <h1>Node device management architecture</h1>
   </body>

docs/archstorage.html.in

@@ -1,6 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
   <body>
     <h1>Storage management architecture</h1>
 

docs/auth.html.in

@@ -1,135 +1,16 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<?xml version="1.0"?>
+<html>
   <body>
-    <h1>Connection authentication</h1>
+    <h1 >Access control</h1>
     <p>
       When connecting to libvirt, some connections may require client
       authentication before allowing use of the APIs. The set of possible
       authentication mechanisms is administrator controlled, independent
-      of applications using libvirt. Once authenticated, libvirt can apply
-      fine grained <a href="acl.html">access control</a> to the operations
-      performed by a client.
+      of applications using libvirt.
     </p>
 
     <ul id="toc"></ul>
 
-    <h2><a name="Auth_client_config">Client configuration</a></h2>
-
-    <p>
-      When connecting to a remote hypervisor which requires authentication,
-most libvirt applications will prompt the user for the credentials. It is
-also possible to provide a client configuration file containing all the
-authentication credentials, avoiding any interaction. Libvirt will look
-for the authentication file using the following sequence:
-    </p>
-    <ol>
-      <li>The file path specified by the $LIBVIRT_AUTH_FILE environment
-        variable.</li>
-      <li>The file path specified by the "authfile=/some/file" URI
-        query parameter</li>
-      <li>The file $XDG_CONFIG_HOME/libvirt/auth.conf</li>
-      <li>The file /etc/libvirt/auth.conf</li>
-    </ol>
-
-    <p>
-      The auth configuration file uses the traditional <code>".ini"</code>
-      style syntax. There are two types of groups that can be present in
-      the config. First there are one or more <strong>credential</strong>
-      sets, which provide the actual authentication credentials. The keys
-      within the group may be:
-    </p>
-
-    <ul>
-      <li><code>username</code>: the user login name to act as. This
-        is relevant for ESX, Xen, HyperV and SSH, but probably not
-        the one you want to libvirtd with SASL.</li>
-      <li><code>authname</code>: the name to authorize as. This is
-        what is commonly required for libvirtd with SASL.</li>
-      <li><code>password</code>: the secret password</li>
-      <li><code>realm</code>: the domain realm for SASL, mostly
-        unused</li>
-    </ul>
-
-    <p>
-      Each set of credentials has a name, which is part of the group
-      entry name. Overall the syntax is
-    </p>
-
-    <pre>
-[credentials-$NAME]
-credname1=value1
-credname2=value2</pre>
-
-    <p>
-      For example, to define two sets of credentials used for production
-      and test machines, using libvirtd, and a further ESX server for dev:
-    </p>
-<pre>
-[credentials-test]
-authname=fred
-password=123456
-
-[credentials-prod]
-authname=bar
-password=letmein
-
-[credentials-dev]
-username=joe
-password=hello</pre>
-
-    <p>
-      The second set of groups provide mappings of credentials to
-      specific machine services. The config file group names compromise
-      the service type and host:
-    </p>
-
-    <pre>
-[auth-$SERVICE-$HOSTNAME]
-credentials=$CREDENTIALS</pre>
-
-    <p>
-      For example, following the previous example, here is how to
-      list some machines
-    </p>
-
-    <pre>
-[auth-libvirt-test1.example.com]
-credentials=test
-
-[auth-libvirt-test2.example.com]
-credentials=test
-
-[auth-libvirt-demo3.example.com]
-credentials=test
-
-[auth-libvirt-prod1.example.com]
-credentials=prod
-
-[auth-esx-dev1.example.com]
-credentials=dev</pre>
-
-    <p>
-      The following service types are known to libvirt
-    </p>
-
-    <ol>
-      <li><code>libvirt</code> - used for connections to a libvirtd
-        server, which is configured with SASL auth</li>
-      <li><code>ssh</code> - used for connections to a Phyp server
-        over SSH</li>
-      <li><code>esx</code> - used for connections to an ESX or
-        VirtualCenter server</li>
-      <li><code>xen</code> - used for connections to a Xen Enterprise
-        sever using XenAPI</li>
-    </ol>
-
-    <p>
-      Applications using libvirt are free to use this same configuration
-      file for storing other credentials. For example, it can be used
-      to storage VNC or SPICE login credentials
-    </p>
-
     <h2><a name="ACL_server_config">Server configuration</a></h2>
     <p>
 The libvirt daemon allows the administrator to choose the authentication
@@ -236,8 +117,7 @@ The SASL mechanism configured by default is DIGEST-MD5, which provides a basic
 username+password style authentication. To enable Kerberos single-sign-on instead,
 the libvirt SASL configuration file must be changed. This is <code>/etc/sasl2/libvirt.conf</code>.
 The <code>mech_list</code> parameter must first be changed to <code>gssapi</code>
-instead of the default <code>digest-md5</code>, and keytab should be set to
-<code>/etc/libvirt/krb5.tab</code> . If SASL is enabled on the UNIX
+instead of the default <code>digest-md5</code>. If SASL is enabled on the UNIX
 and/or TLS sockets, Kerberos will also be used for them. Like DIGEST-MD5, the Kerberos
 mechanism provides data encryption of the session.
 </p>
@@ -256,15 +136,13 @@ Plugin "gssapiv2" [loaded],     API version: 4
         features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|NEED_SERVER_FQDN
 </pre>
     <p>
-Next it is necessary for the administrator of the Kerberos realm to
-issue a principal for the libvirt server. There needs to be one
-principal per host running the libvirt daemon. The principal should be
-named <code>libvirt/full.hostname@KERBEROS.REALM</code>.  This is
-typically done by running the <code>kadmin.local</code> command on the
-Kerberos server, though some Kerberos servers have alternate ways of
-setting up service principals.  Once created, the principal should be
-exported to a keytab, copied to the host running the libvirt daemon
-and placed in <code>/etc/libvirt/krb5.tab</code>
+Next it is necessary for the administrator of the Kerberos realm to issue a principle
+for the libvirt server. There needs to be one principle per host running the libvirt
+daemon. The principle should be named <code>libvirt/full.hostname@KERBEROS.REALM</code>.
+This is typically done by running the <code>kadmin.local</code> command on the Kerberos
+server, though some Kerberos servers have alternate ways of setting up service principles.
+Once created, the principle should be exported to a keytab, copied to the host running
+the libvirt daemon and placed in <code>/etc/libvirt/krb5.tab</code>
 </p>
     <pre>
 # kadmin.local
@@ -286,7 +164,7 @@ kadmin.local: quit
 </pre>
     <p>
 Any client application wishing to connect to a Kerberos enabled libvirt server
-merely needs to run <code>kinit</code> to gain a user principal. This may well
+merely needs to run <code>kinit</code> to gain a user principle. This may well
 be done automatically when a user logs into a desktop session, if PAM is setup
 to authenticate against Kerberos.
 </p>

docs/bindings.html.in

@@ -1,6 +1,5 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<?xml version="1.0"?>
+<html>
   <body>
     <h1 >Bindings for other languages</h1>
 

docs/bugs.html.in

@@ -1,68 +1,30 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<?xml version="1.0"?>
+<html>
   <body>
 
     <h1>Bug reporting</h1>
 
     <ul id="toc"></ul>
 
-    <h2><a name="security">Security Issues</a></h2>
-
-    <p>
-      If you think that an issue with libvirt may have security
-      implications, <strong>please do not</strong> publically
-      report it in the bug tracker, mailing lists, or irc. Libvirt
-      has <a href="securityprocess.html">a dedicated process for handling (potential) security issues</a>
-      that should be used instead. So if your issue has security
-      implications, ignore the rest of this page and follow the
-      <a href="securityprocess.html">security process</a> instead.
-    </p>
-
     <h2><a name="bugzilla">Bug Tracking</a></h2>
 
-    <p>
-      If you are using libvirt binaries from a Linux distribution
-      check below for distribution specific bug reporting policies
-      first.
-    </p>
-
-    <h2><a name="general">General libvirt bug reports</a></h2>
-
     <p>
       The <a href="http://bugzilla.redhat.com">Red Hat Bugzilla Server</a>
       should be used to report bugs and request features in libvirt.
       Before submitting a ticket, check the existing tickets to see if
       the bug/feature is already tracked.
+    </p>
 
+    <h2><a name="general">General libvirt bug reports</a></h2>
+
+    <p>
+      If you are using official libvirt binaries from a Linux distribution
+      check below for distribution specific bug reporting policies first.
       For general libvirt bug reports, from self-built releases, GIT snapshots
       and any other non-distribution supported builds, enter tickets under
       the <code>Virtualization Tools</code> product and the <code>libvirt</code>
       component.
     </p>
-    <p>
-      It's always a good idea to file bug reports, as the process of
-      filing the report always makes it easier to describe the
-      problem, and the bug number provides a quick way of referring to
-      the problem.  However, not everybody in the community pays
-      attention to bugzilla, so after you file a bug, asking questions
-      and submitting patches on <a href="contact.html">the libvirt
-      mailing lists</a> will increase your bug's visibility and
-      encourage people to think about your problem.  Don't hesitate to
-      ask questions on the list, as others may know of existing
-      solutions or be interested in collaborating with you on finding
-      a solution.  Patches are always appreciated, and it's likely
-      that someone else has the same problem you do!
-    </p>
-    <p>
-      If you decide to write code, though, before you begin please
-      read the <a href="hacking.html">contributor guidelines</a>,
-      especially the first point: "Discuss any large changes on the
-      mailing list first. Post patches early and listen to feedback."
-      Few development experiences are more discouraging than spending
-      a bunch of time writing a patch only to have someone point out a
-      better approach on list.
-    </p>
 
     <ul>
       <li><a href="http://bugzilla.redhat.com/buglist.cgi?component=libvirt&amp;product=Virtualization%20Tools">View libvirt tickets</a></li>
@@ -72,37 +34,26 @@
     <h2><a name="distribution">Linux Distribution specific bug reports</a></h2>
     <ul>
       <li>
-        If you are using binaries from <strong>Fedora</strong>, enter
-        tickets against the <code>Fedora</code> product and
-        the <code>libvirt</code> component.
+        If you are using official binaries from a <strong>Fedora distribution</strong>, enter
+        tickets against the <code>Fedora</code> product and the <code>libvirt</code>
+        component.
         <ul>
           <li><a href="http://bugzilla.redhat.com/buglist.cgi?component=libvirt&amp;product=Fedora">View Fedora libvirt tickets</a></li>
           <li><a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi?product=Fedora&amp;component=libvirt">New Fedora libvirt ticket</a></li>
         </ul>
       </li>
       <li>
-        <p>
-          If you are using binaries from <strong>Red Hat Enterprise
-          Linux</strong>, enter tickets against the Red Hat Enterprise
-          Linux product that you're using (e.g., Red Hat Enterprise
-          Linux 6) and the <code>libvirt</code> component.  Red Hat
-          bugzilla has <a href="http://bugzilla.redhat.com">additional guidance</a> about getting support if
-          you are a Red Hat customer.
-        </p>
+        If you are using official binaries from <strong>Red Hat Enterprise Linux distribution</strong>,
+        tickets against the <code>Red Hat Enterprise Linux 5</code> product and
+        the <code>libvirt</code> component.
+        <ul>
+          <li><a href="http://bugzilla.redhat.com/buglist.cgi?component=libvirt&amp;product=Red%20Hat%20Enterprise%20Linux%205">View Red Hat Enterprise Linux libvirt tickets</a></li>
+          <li><a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%205&amp;component=libvirt">New Red Hat Enterprise Linux libvirt ticket</a></li>
+        </ul>
       </li>
       <li>
-        <p>
-          If you are using binaries from another Linux distribution
-          first follow their own bug reporting guidelines.
-        </p>
-      </li>
-      <li>
-        <p>
-          Finally, if you are a contributor to another Linux
-          distribution and would like to have your procedure for
-          filing bugs mentioned here, please mail the libvirt
-          development list.
-        </p>
+        If you are using official binaries from another Linux distribution first
+        follow their own bug reporting guidelines.
       </li>
     </ul>
 
@@ -130,18 +81,18 @@
       If the bug leads to a tool linked to libvirt crash, then the best
       is to provide a backtrace along with the scenario used to get the
       crash, the simplest is to run the program under gdb, reproduce the
-      steps leading to the crash and then issue a gdb "bt -a" command to
+      steps leading to the crash and then issue a gdb "bt" command to
       get the stack trace, attach it to the bug. Note that for the
       data to be really useful libvirt debug informations must be present
       for example by installing libvirt debuginfo package on Fedora or
       Red Hat Enterprise Linux (with debuginfo-install libvirt) prior
       to running gdb.</p>
     <p>
-      It may also happen that the libvirt daemon itself crashes or gets stuck,
+      It may also happen that the libvirt daemon itself crashes or get stuck,
       in the first case run it (as root) under gdb, and reproduce the sequence
-      leading to the crash, similarly to a normal program provide the
+      leading to the crash, similary to a normal program provide the
       "bt" backtrace information to where gdb will have stopped.<br/>
-      But if libvirtd gets stuck, for example seems to stop processing
+      But if libvirtd get stuck, for example seems to stop processing
       commands, try to attach to the faulty daemon and issue a gdb command
       "thread apply all bt" to show all the threads backtraces, as in:</p>
       <pre> #  ps -o etime,pid `pgrep libvirt`
@@ -155,5 +106,10 @@
 (gdb)
 </pre>
 
+    <p>
+      If requesting a new feature attach any available patch to the ticket
+      and also email the patch to the libvirt mailing list for discussion
+    </p>
+
   </body>
 </html>

docs/cgroups.html.in

@@ -1,285 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Control Groups Resource Management</h1>
-
-    <ul id="toc"></ul>
-
-    <p>
-      The QEMU and LXC drivers make use of the Linux "Control Groups" facility
-      for applying resource management to their virtual machines and containers.
-    </p>
-
-    <h2><a name="requiredControllers">Required controllers</a></h2>
-
-    <p>
-      The control groups filesystem supports multiple "controllers". By default
-      the init system (such as systemd) should mount all controllers compiled
-      into the kernel at <code>/sys/fs/cgroup/$CONTROLLER-NAME</code>. Libvirt
-      will never attempt to mount any controllers itself, merely detect where
-      they are mounted.
-    </p>
-
-    <p>
-      The QEMU driver is capable of using the <code>cpuset</code>,
-      <code>cpu</code>, <code>memory</code>, <code>blkio</code> and
-      <code>devices</code> controllers. None of them are compulsory.
-      If any controller is not mounted, the resource management APIs
-      which use it will cease to operate. It is possible to explicitly
-      turn off use of a controller, even when mounted, via the
-      <code>/etc/libvirt/qemu.conf</code> configuration file.
-    </p>
-
-    <p>
-      The LXC driver is capable of using the <code>cpuset</code>,
-      <code>cpu</code>, <code>cpuset</code>, <code>freezer</code>,
-      <code>memory</code>, <code>blkio</code> and <code>devices</code>
-      controllers. The <code>cpuset</code>, <code>devices</code>
-      and <code>memory</code> controllers are compulsory. Without
-      them mounted, no containers can be started. If any of the
-      other controllers are not mounted, the resource management APIs
-      which use them will cease to operate.
-    </p>
-
-    <h2><a name="currentLayout">Current cgroups layout</a></h2>
-
-    <p>
-      As of libvirt 1.0.5 or later, the cgroups layout created by libvirt has been
-      simplified, in order to facilitate the setup of resource control policies by
-      administrators / management applications. The layout is based on the concepts of
-      "partitions" and "consumers". Each virtual machine or container is a consumer,
-      and has a corresponding cgroup named <code>$VMNAME.libvirt-{qemu,lxc}</code>.
-      Each consumer is associated with exactly one partition, which also have a
-      corresponding cgroup usually named <code>$PARTNAME.partition</code>. The
-      exceptions to this naming rule are the three top level default partitions,
-      named <code>/system</code> (for system services), <code>/user</code> (for
-      user login sessions) and <code>/machine</code> (for virtual machines and
-      containers). By default every consumer will of course be associated with
-      the <code>/machine</code> partition. This leads to a hierarchy that looks
-      like
-    </p>
-
-    <pre>
-$ROOT
-  |
-  +- system
-  |   |
-  |   +- libvirtd.service
-  |
-  +- machine
-      |
-      +- vm1.libvirt-qemu
-      |   |
-      |   +- emulator
-      |   +- vcpu0
-      |   +- vcpu1
-      |
-      +- vm2.libvirt-qemu
-      |   |
-      |   +- emulator
-      |   +- vcpu0
-      |   +- vcpu1
-      |
-      +- vm3.libvirt-qemu
-      |   |
-      |   +- emulator
-      |   +- vcpu0
-      |   +- vcpu1
-      |
-      +- container1.libvirt-lxc
-      |
-      +- container2.libvirt-lxc
-      |
-      +- container3.libvirt-lxc
-    </pre>
-
-    <p>
-      The default cgroups layout ensures that, when there is contention for
-      CPU time, it is shared equally between system services, user sessions
-      and virtual machines / containers. This prevents virtual machines from
-      locking the administrator out of the host, or impacting execution of
-      system services. Conversely, when there is no contention from
-      system services / user sessions, it is possible for virtual machines
-      to fully utilize the host CPUs.
-    </p>
-
-    <h2><a name="customPartiton">Using custom partitions</a></h2>
-
-    <p>
-      If there is a need to apply resource constraints to groups of
-      virtual machines or containers, then the single default
-      partition <code>/machine</code> may not be sufficiently
-      flexible. The administrator may wish to sub-divide the
-      default partition, for example into "testing" and "production"
-      partitions, and then assign each guest to a specific
-      sub-partition. This is achieved via a small element addition
-      to the guest domain XML config, just below the main <code>domain</code>
-      element
-    </p>
-
-    <pre>
-  ...
-  &lt;resource&gt;
-    &lt;partition&gt;/machine/production&lt;/partition&gt;
-  &lt;/resource&gt;
-  ...
-    </pre>
-
-    <p>
-      Libvirt will not auto-create the cgroups directory to back
-      this partition. In the future, libvirt / virsh will provide
-      APIs / commands to create custom partitions, but currently
-      this is left as an exercise for the administrator. For
-      example, given the XML config above, the admin would need
-      to create a cgroup named '/machine/production.partition'
-    </p>
-
-    <pre>
-# cd /sys/fs/cgroup
-# for i in blkio cpu,cpuacct cpuset devices freezer memory net_cls perf_event
-  do
-    mkdir $i/machine/production.partition
-  done
-# for i in cpuset.cpus  cpuset.mems
-  do
-    cat cpuset/machine/$i > cpuset/machine/production.partition/$i
-  done
-</pre>
-
-    <p>
-      <strong>Note:</strong> the cgroups directory created as a ".partition"
-      suffix, but the XML config does not require this suffix.
-    </p>
-
-    <p>
-      <strong>Note:</strong> the ability to place guests in custom
-      partitions is only available with libvirt &gt;= 1.0.5, using
-      the new cgroup layout. The legacy cgroups layout described
-      later did not support customization per guest.
-    </p>
-
-    <h2><a name="resourceAPIs">Resource management APIs/commands</a></h2>
-
-    <p>
-      Since libvirt aims to provide an API which is portable across
-      hypervisors, the concept of cgroups is not exposed directly
-      in the API or XML configuration. It is considered to be an
-      internal implementation detail. Instead libvirt provides a
-      set of APIs for applying resource controls, which are then
-      mapped to corresponding cgroup tunables
-    </p>
-
-    <h3>Scheduler tuning</h3>
-
-    <p>
-     Parameters from the "cpu" controller are exposed via the
-     <code>schedinfo</code> command in virsh.
-    </p>
-
-    <pre>
-# virsh schedinfo demo
-Scheduler      : posix
-cpu_shares     : 1024
-vcpu_period    : 100000
-vcpu_quota     : -1
-emulator_period: 100000
-emulator_quota : -1</pre>
-
-
-    <h3>Block I/O tuning</h3>
-
-    <p>
-     Parameters from the "blkio" controller are exposed via the
-     <code>bkliotune</code> command in virsh.
-    </p>
-
-
-    <pre>
-# virsh blkiotune demo
-weight         : 500
-device_weight  : </pre>
-
-    <h3>Memory tuning</h3>
-
-    <p>
-     Parameters from the "memory" controller are exposed via the
-     <code>memtune</code> command in virsh.
-    </p>
-
-    <pre>
-# virsh memtune demo
-hard_limit     : 580192
-soft_limit     : unlimited
-swap_hard_limit: unlimited
-    </pre>
-
-    <h3>Network tuning</h3>
-
-    <p>
-      The <code>net_cls</code> is not currently used. Instead traffic
-      filter policies are set directly against individual virtual
-      network interfaces.
-    </p>
-
-    <h2><a name="legacyLayout">Legacy cgroups layout</a></h2>
-
-    <p>
-      Prior to libvirt 1.0.5, the cgroups layout created by libvirt was different
-      from that described above, and did not allow for administrator customization.
-      Libvirt used a fixed, 3-level hierarchy <code>libvirt/{qemu,lxc}/$VMNAME</code>
-      which was rooted at the point in the hierarchy where libvirtd itself was
-      located. So if libvirtd was placed at <code>/system/libvirtd.service</code>
-      by systemd, the groups for each virtual machine / container would be located
-      at <code>/system/libvirtd.service/libvirt/{qemu,lxc}/$VMNAME</code>. In addition
-      to this, the QEMU drivers further child groups for each vCPU thread and the
-      emulator thread(s). This leads to a hierarchy that looked like
-    </p>
-
-
-    <pre>
-$ROOT
-  |
-  +- system
-      |
-      +- libvirtd.service
-           |
-           +- libvirt
-               |
-               +- qemu
-               |   |
-               |   +- vm1
-               |   |   |
-               |   |   +- emulator
-               |   |   +- vcpu0
-               |   |   +- vcpu1
-               |   |
-               |   +- vm2
-               |   |   |
-               |   |   +- emulator
-               |   |   +- vcpu0
-               |   |   +- vcpu1
-               |   |
-               |   +- vm3
-               |       |
-               |       +- emulator
-               |       +- vcpu0
-               |       +- vcpu1
-               |
-               +- lxc
-                   |
-                   +- container1
-                   |
-                   +- container2
-                   |
-                   +- container3
-    </pre>
-
-    <p>
-      Although current releases are much improved, historically the use of deep
-      hierarchies has had a significant negative impact on the kernel scalability.
-      The legacy libvirt cgroups layout highlighted these problems, to the detriment
-      of the performance of virtual machines and containers.
-    </p>
-  </body>
-</html>

docs/compiling.html.in

@@ -1,6 +1,5 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<?xml version="1.0"?>
+<html>
   <body>
     <h1><a name="installation">libvirt Installation</a></h1>
 
@@ -63,78 +62,14 @@
     <p>
       The libvirt build process uses GNU autotools, so after obtaining a
       checkout it is necessary to generate the configure script and Makefile.in
-      templates using the <code>autogen.sh</code> command. By default when
-      the <code>configure</code> script is run from within a GIT checkout, it
-      will turn on -Werror for builds. This can be disabled with
-      --disable-werror, but this is not recommended.
-    </p>
-    <p>
-      Libvirt takes advantage of
-      the <a href="http://www.gnu.org/software/gnulib/">gnulib</a>
-      project to provide portability to a number of platforms.  This
-      is normally done dynamically via a git submodule in
-      the <code>.gnulib</code> subdirectory, which is auto-updated as
-      needed when you do incremental builds.  Setting the environment
-      variable <code>GNULIB_SRCDIR</code> to a local directory
-      containing a git checkout of gnulib will let you reduce local
-      disk space requirements and network download time, regardless of
-      which actual commit you have in that reference directory.
-    </p>
-    <p>
-      However, if you are developing on a platform where git is not
-      available, or are behind a firewall that does not allow for git
-      to easily obtain the gnulib submodule, it is possible to instead
-      use a static mode of operation where you are then responsible
-      for updating the git submodule yourself.  In this mode, you must
-      track the exact gnulib commit needed by libvirt (usually not the
-      latest gnulib.git) via alternative means, such as a shared NFS
-      drive or manual download, and run this any time libvirt.git
-      updates the commit stored in the .gnulib submodule:</p>
-    <pre>
-      $ GNULIB_SRCDIR=/path/to/gnulib ./autogen.sh --no-git
-    </pre>
-
-    <p>To build &amp; install libvirt to your home
-      directory the following commands can be run:
+      templates using the <code>autogen.sh</code> command, passing the extra
+      arguments as for configure. As an example, to do a complete build and
+      install it into your home directory run:
     </p>
 
     <pre>
-      $ ./autogen.sh --prefix=$HOME/usr
+      $ ./autogen.sh --prefix=$HOME/usr --enable-compile-warnings=error
       $ make
       $ <b>sudo</b> make install</pre>
-
-    <p>
-      Be aware though, that binaries built with a custom prefix will not
-      interoperate with OS vendor provided binaries, since the UNIX socket
-      paths will all be different. To produce a build that is compatible
-      with normal OS vendor prefixes, use
-    </p>
-
-    <pre>
-      $ ./autogen.sh --system
-      $ make
-    </pre>
-
-    <p>
-      When doing this for day-to-day development purposes, it is recommended
-      not to install over the OS vendor provided binaries. Instead simply
-      run libvirt directly from the source tree. For example to run
-      a privileged libvirtd instance
-    </p>
-
-    <pre>
-      $ su -
-      # service libvirtd stop  (or systemctl stop libvirtd.service)
-      # /home/to/your/checkout/daemon/libvirtd
-    </pre>
-
-    <p>
-      It is also possible to run virsh directly from the source tree
-      using the ./run script (which sets some environment variables):
-    </p>
-
-    <pre>
-      $ ./run ./tools/virsh ....
-    </pre>
   </body>
 </html>

docs/contact.html.in

@@ -1,23 +1,10 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<?xml version="1.0"?>
+<html>
   <body>
     <h1>Contacting the development team</h1>
 
     <ul id="toc"></ul>
 
-    <h2><a name="security">Security Issues</a></h2>
-
-    <p>
-      If you think that an issue with libvirt may have security
-      implications, <strong>please do not</strong> publically
-      report it in the bug tracker, mailing lists, or irc. Libvirt
-      has <a href="securityprocess.html">a dedicated process for handling (potential) security issues</a>
-      that should be used instead. So if your issue has security
-      implications, ignore the rest of this page and follow the
-      <a href="securityprocess.html">security process</a> instead.
-    </p>
-
     <h2><a name="email">Mailing lists</a></h2>
 
     <p>

docs/csharp.html.in

@@ -1,6 +1,5 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<?xml version="1.0"?>
+<html>
   <body>
     <h1>C# API bindings</h1>
 

docs/deployment.html.in

@@ -1,6 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
   <body>
     <h1>Deployment</h1>
 

docs/devguide.html.in

@@ -1,6 +1,5 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<?xml version="1.0"?>
+<html>
   <body>
     <h1>libvirt Application Development Guide</h1>
 

docs/devhelp/.gitignore

@@ -0,0 +1,4 @@
+Makefile
+Makefile.in
+libvirt.devhelp
+*.html

docs/docs.html.in

@@ -1,6 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
   <body>
     <h1>Documentation</h1>
   </body>

docs/downloads.html.in

@@ -1,6 +1,5 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<?xml version="1.0"?>
+<html>
   <body>
     <h1>Downloads</h1>
 

docs/drivers.html.in

@@ -1,6 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
   <body>
     <h1>Internal drivers</h1>
 
@@ -31,11 +29,9 @@
       <li><strong><a href="drvvmware.html">VMware Workstation/Player</a></strong></li>
       <li><strong><a href="drvxen.html">Xen</a></strong></li>
       <li><strong><a href="drvhyperv.html">Microsoft Hyper-V</a></strong></li>
-      <li><strong><a href="drvphyp.html">IBM PowerVM (phyp)</a></strong></li>
-      <li><strong><a href="drvparallels.html">Parallels</a></strong></li>
     </ul>
 
-    <h2><a name="storage">Storage drivers</a></h2>
+    <h2><a name="stroage">Storage drivers</a></h2>
 
     <ul>
       <li><strong><a href="storage.html#StorageBackendDir">Directory backend</a></strong></li>
@@ -46,8 +42,6 @@
       <li><strong><a href="storage.html#StorageBackendISCSI">iSCSI backend</a></strong></li>
       <li><strong><a href="storage.html#StorageBackendSCSI">SCSI backend</a></strong></li>
       <li><strong><a href="storage.html#StorageBackendMultipath">Multipath backend</a></strong></li>
-      <li><strong><a href="storage.html#StorageBackendRBD">RBD (RADOS Block Device) backend</a></strong></li>
-      <li><strong><a href="storage.html#StorageBackendSheepdog">Sheepdog backend</a></strong></li>
     </ul>
   </body>
 </html>

docs/drvesx.html.in

@@ -1,14 +1,11 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
+<html><body>
     <h1>VMware ESX hypervisor driver</h1>
     <ul id="toc"></ul>
     <p>
-        The libvirt VMware ESX driver can manage VMware ESX/ESXi 3.5/4.x/5.x and
+        The libvirt VMware ESX driver can manage VMware ESX/ESXi 3.5/4.x and
         VMware GSX 2.0, also called VMware Server 2.0, and possibly later
         versions. <span class="since">Since 0.8.3</span> the driver can also
-        connect to a VMware vCenter 2.5/4.x/5.x (VPX).
+        connect to a VMware vCenter 2.5/4.x (VPX).
     </p>
 
     <h2><a name="project">Project Links</a></h2>
@@ -59,7 +56,7 @@ esx://example-esx.com/?no_verify=1     (ESX over HTTPS, but doesn't verify the s
         URIs have this general form (<code>[...]</code> marks an optional part).
     </p>
 <pre>
-type://[username@]hostname[:port]/[[folder/...]datacenter/[folder/...][cluster/]server][?extraparameters]
+type://[username@]hostname[:port]/[datacenter[/cluster]/server][?extraparameters]
 </pre>
     <p>
         The <code>type://</code> is either <code>esx://</code> or
@@ -82,14 +79,6 @@ type://[username@]hostname[:port]/[[folder/...]datacenter/[folder/...][cluster/]
     </p>
 <pre>
 vpx://example-vcenter.com/dc1/cluster1/example-esx.com
-</pre>
-    <p>
-        Datacenters and clusters can be organized in folders, those have to be
-        specified as well. The driver can handle folders
-        <span class="since">since 0.9.7</span>.
-    </p>
-<pre>
-vpx://example-vcenter.com/folder1/dc1/folder2/example-esx.com
 </pre>
 
 

docs/drvhyperv.html.in

@@ -1,7 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
+<html><body>
     <h1>Microsoft Hyper-V hypervisor driver</h1>
     <ul id="toc"></ul>
     <p>

docs/drvlxc.html.in

@@ -1,473 +1,43 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
   <body>
     <h1>LXC container driver</h1>
-
-    <ul id="toc"></ul>
-
 <p>
-The libvirt LXC driver manages "Linux Containers". At their simplest, containers
-can just be thought of as a collection of processes, separated from the main
-host processes via a set of resource namespaces and constrained via control
-groups resource tunables. The libvirt LXC driver has no dependency on the LXC
-userspace tools hosted on sourceforge.net. It directly utilizes the relevant
-kernel features to build the container environment. This allows for sharing
-of many libvirt technologies across both the QEMU/KVM and LXC drivers. In
-particular sVirt for mandatory access control, auditing of operations,
-integration with control groups and many other features.
+The libvirt LXC driver manages "Linux Containers".  Containers are sets of processes
+with private namespaces which can (but don't always) look like separate machines, but
+do not have their own OS.  Here are two example configurations.  The first is a very
+light-weight "application container" which does not have its own root image.
 </p>
 
-<h2><a name="cgroups">Control groups Requirements</a></h2>
+    <h2><a name="project">Project Links</a></h2>
+
+    <ul>
+      <li>
+        The <a href="http://lxc.sourceforge.net/">LXC</a> Linux
+        container system
+      </li>
+    </ul>
+
+<h2>Cgroups Requirements</h2>
 
 <p>
-In order to control the resource usage of processes inside containers, the
-libvirt LXC driver requires that certain cgroups controllers are mounted on
-the host OS. The minimum required controllers are 'cpuacct', 'memory' and
-'devices', while recommended extra controllers are 'cpu', 'freezer' and
-'blkio'. Libvirt will not mount the cgroups filesystem itself, leaving
-this up to the init system to take care of. Systemd will do the right thing
-in this respect, while for other init systems the <code>cgconfig</code>
-init service will be required. For further information, consult the general
-libvirt <a href="cgroups.html">cgroups documentation</a>.
-</p>
-
-<h2><a name="namespaces">Namespace requirements</a></h2>
-
-<p>
-In order to separate processes inside a container from those in the
-primary "host" OS environment, the libvirt LXC driver requires that
-certain kernel namespaces are compiled in. Libvirt currently requires
-the 'mount', 'ipc', 'pid', and 'uts' namespaces to be available. If
-separate network interfaces are desired, then the 'net' namespace is
-required. If the guest configuration declares a
-<a href="formatdomain.html#elementsOSContainer">UID or GID mapping</a>,
-the 'user' namespace will be enabled to apply these. <strong>A suitably
-configured UID/GID mapping is a pre-requisite to making containers
-secure, in the absence of sVirt confinement.</strong>
-</p>
-
-<h2><a name="init">Default container setup</a></h2>
-
-<h3><a name="cliargs">Command line arguments</a></h3>
-
-<p>
-When the container "init" process is started, it will typically
-not be given any command line arguments (eg the equivalent of
-the bootloader args visible in <code>/proc/cmdline</code>). If
-any arguments are desired, then must be explicitly set in the
-container XML configuration via one or more <code>initarg</code>
-elements. For example, to run <code>systemd --unit emergency.service</code>
-would use the following XML
+The libvirt LXC driver requires that certain cgroups controllers are
+mounted on the host OS. The minimum required controllers are 'cpuacct',
+'memory' and 'devices', while recommended extra controllers are
+'cpu', 'freezer' and 'blkio'. The /etc/cgconfig.conf &amp; cgconfig
+init service used to mount cgroups at host boot time. To manually
+mount them use:
 </p>
 
 <pre>
-  &lt;os&gt;
-    &lt;type arch='x86_64'&gt;exe&lt;/type&gt;
-    &lt;init&gt;/bin/systemd&lt;/init&gt;
-    &lt;initarg&gt;--unit&lt;/initarg&gt;
-    &lt;initarg&gt;emergency.service&lt;/initarg&gt;
-  &lt;/os&gt;
-</pre>
-
-<h3><a name="envvars">Environment variables</a></h3>
-
-<p>
-When the container "init" process is started, it will be given several useful
-environment variables. The following standard environment variables are mandated
-by <a href="http://www.freedesktop.org/wiki/Software/systemd/ContainerInterface">systemd container interface</a>
-to be provided by all container technologies on Linux.
-</p>
-
-<dl>
-<dt>container</dt>
-<dd>The fixed string <code>libvirt-lxc</code> to identify libvirt as the creator</dd>
-<dt>container_uuid</dt>
-<dd>The UUID assigned to the container by libvirt</dd>
-<dt>PATH</dt>
-<dd>The fixed string <code>/bin:/usr/bin</code></dd>
-<dt>TERM</dt>
-<dd>The fixed string <code>linux</code></dd>
-</dl>
-
-<p>
-In addition to the standard variables, the following libvirt specific
-environment variables are also provided
-</p>
-
-<dl>
-<dt>LIBVIRT_LXC_NAME</dt>
-<dd>The name assigned to the container by libvirt</dd>
-<dt>LIBVIRT_LXC_UUID</dt>
-<dd>The UUID assigned to the container by libvirt</dd>
-<dt>LIBVIRT_LXC_CMDLINE</dt>
-<dd>The unparsed command line arguments specified in the container configuration.
-Use of this is discouraged, in favour of passing arguments directly to the
-container init process via the <code>initarg</code> config element.</dd>
-</dl>
-
-<h3><a name="fsmounts">Filesystem mounts</a></h3>
-
-<p>
-In the absence of any explicit configuration, the container will
-inherit the host OS filesystem mounts. A number of mount points will
-be made read only, or re-mounted with new instances to provide
-container specific data. The following special mounts are setup
-by libvirt
-</p>
-
-<ul>
-<li><code>/dev</code> a new "tmpfs" pre-populated with authorized device nodes</li>
-<li><code>/dev/pts</code> a new private "devpts" instance for console devices</li>
-<li><code>/sys</code> the host "sysfs" instance remounted read-only</li>
-<li><code>/proc</code> a new instance of the "proc" filesystem</li>
-<li><code>/proc/sys</code> the host "/proc/sys" bind-mounted read-only</li>
-<li><code>/sys/fs/selinux</code> the host "selinux" instance remounted read-only</li>
-<li><code>/sys/fs/cgroup/NNNN</code> the host cgroups controllers bind-mounted to
-only expose the sub-tree associated with the container</li>
-<li><code>/proc/meminfo</code> a FUSE backed file reflecting memory limits of the container</li>
-</ul>
-
-
-<h3><a name="devnodes">Device nodes</a></h3>
-
-<p>
-The container init process will be started with <code>CAP_MKNOD</code>
-capability removed and blocked from re-acquiring it. As such it will
-not be able to create any device nodes in <code>/dev</code> or anywhere
-else in its filesystems. Libvirt itself will take care of pre-populating
-the <code>/dev</code> filesystem with any devices that the container
-is authorized to use. The current devices that will be made available
-to all containers are
-</p>
-
-<ul>
-<li><code>/dev/zero</code></li>
-<li><code>/dev/null</code></li>
-<li><code>/dev/full</code></li>
-<li><code>/dev/random</code></li>
-<li><code>/dev/urandom</code></li>
-<li><code>/dev/stdin</code> symlinked to <code>/proc/self/fd/0</code></li>
-<li><code>/dev/stdout</code> symlinked to <code>/proc/self/fd/1</code></li>
-<li><code>/dev/stderr</code> symlinked to <code>/proc/self/fd/2</code></li>
-<li><code>/dev/fd</code> symlinked to <code>/proc/self/fd</code></li>
-<li><code>/dev/ptmx</code> symlinked to <code>/dev/pts/ptmx</code></li>
-<li><code>/dev/console</code> symlinked to <code>/dev/pts/0</code></li>
-</ul>
-
-<p>
-In addition, for every console defined in the guest configuration,
-a symlink will be created from <code>/dev/ttyN</code> symlinked to
-the corresponding <code>/dev/pts/M</code> pseudo TTY device. The
-first console will be <code>/dev/tty1</code>, with further consoles
-numbered incrementally from there.
-</p>
-
-<p>
-Further block or character devices will be made available to containers
-depending on their configuration.
-</p>
-
-<h2><a name="security">Security considerations</a></h2>
-
-<p>
-The libvirt LXC driver is fairly flexible in how it can be configured,
-and as such does not enforce a requirement for strict security
-separation between a container and the host. This allows it to be used
-in scenarios where only resource control capabilities are important,
-and resource sharing is desired. Applications wishing to ensure secure
-isolation between a container and the host must ensure that they are
-writing a suitable configuration.
-</p>
-
-<h3><a name="securenetworking">Network isolation</a></h3>
-
-<p>
-If the guest configuration does not list any network interfaces,
-the <code>network</code> namespace will not be activated, and thus
-the container will see all the host's network interfaces. This will
-allow apps in the container to bind to/connect from TCP/UDP addresses
-and ports from the host OS. It also allows applications to access
-UNIX domain sockets associated with the host OS, which are in the
-abstract namespace. If access to UNIX domains sockets in the abstract
-namespace is not wanted, then applications should set the
-<code>&lt;privnet/&gt;</code> flag in the
-<code>&lt;features&gt;....&lt;/features&gt;</code> element.
-</p>
-
-<h3><a name="securefs">Filesystem isolation</a></h3>
-
-<p>
-If the guest configuration does not list any filesystems, then
-the container will be set up with a root filesystem that matches
-the host's root filesystem. As noted earlier, only a few locations
-such as <code>/dev</code>, <code>/proc</code> and <code>/sys</code>
-will be altered. This means that, in the absence of restrictions
-from sVirt, a process running as user/group N:M inside the container
-will be able to access almost exactly the same files as a process
-running as user/group N:M in the host.
-</p>
-
-<p>
-There are multiple options for restricting this. It is possible to
-simply map the existing root filesystem through to the container in
-read-only mode. Alternatively a completely separate root filesystem
-can be configured for the guest. In both cases, further sub-mounts
-can be applied to customize the content that is made visible. Note
-that in the absence of sVirt controls, it is still possible for the
-root user in a container to unmount any sub-mounts applied. The user
-namespace feature can also be used to restrict access to files based
-on the UID/GID mappings.
-</p>
-
-<p>
-Sharing the host filesystem tree, also allows applications to access
-UNIX domains sockets associated with the host OS, which are in the
-filesystem namespaces. It should be noted that a number of init
-systems including at least <code>systemd</code> and <code>upstart</code>
-have UNIX domain socket which are used to control their operation.
-Thus, if the directory/filesystem holding their UNIX domain socket is
-exposed to the container, it will be possible for a user in the container
-to invoke operations on the init service in the same way it could if
-outside the container. This also applies to other applications in the
-host which use UNIX domain sockets in the filesystem, such as DBus,
-Libvirtd, and many more. If this is not desired, then applications
-should either specify the UID/GID mapping in the configuration to
-enable user namespaces and thus block access to the UNIX domain socket
-based on permissions, or should ensure the relevant directories have
-a bind mount to hide them. This is particularly important for the
-<code>/run</code> or <code>/var/run</code> directories.
-</p>
-
-
-<h3><a name="secureusers">User and group isolation</a></h3>
-
-<p>
-If the guest configuration does not list any ID mapping, then the
-user and group IDs used inside the container will match those used
-outside the container. In addition, the capabilities associated with
-a process in the container will infer the same privileges they would
-for a process in the host. This has obvious implications for security,
-since a root user inside the container will be able to access any
-file owned by root that is visible to the container, and perform more
-or less any privileged kernel operation. In the absence of additional
-protection from sVirt, this means that the root user inside a container
-is effectively as powerful as the root user in the host. There is no
-security isolation of the root user.
-</p>
-
-<p>
-The ID mapping facility was introduced to allow for stricter control
-over the privileges of users inside the container. It allows apps to
-define rules such as "user ID 0 in the container maps to user ID 1000
-in the host". In addition the privileges associated with capabilities
-are somewhat reduced so that they cannot be used to escape from the
-container environment. A full description of user namespaces is outside
-the scope of this document, however LWN has
-<a href="https://lwn.net/Articles/532593/">a good write-up on the topic</a>.
-From the libvirt point of view, the key thing to remember is that defining
-an ID mapping for users and groups in the container XML configuration
-causes libvirt to activate the user namespace feature.
-</p>
-
-
-<h2><a name="activation">Systemd Socket Activation Integration</a></h2>
-
-<p>
-The libvirt LXC driver provides the ability to pass across pre-opened file
-descriptors when starting LXC guests. This allows for libvirt LXC to support
-systemd's <a href="http://0pointer.de/blog/projects/socket-activated-containers.html">socket
-activation capability</a>, where an incoming client connection
-in the host OS will trigger the startup of a container, which runs another
-copy of systemd which gets passed the server socket, and then activates the
-actual service handler in the container.
-</p>
-
-<p>
-Let us assume that you already have a LXC guest created, running
-a systemd instance as PID 1 inside the container, which has an
-SSHD service configured. The goal is to automatically activate
-the container when the first SSH connection is made. The first
-step is to create a couple of unit files for the host OS systemd
-instance. The <code>/etc/systemd/system/mycontainer.service</code>
-unit file specifies how systemd will start the libvirt LXC container
-</p>
-
-<pre>
-[Unit]
-Description=My little container
-
-[Service]
-ExecStart=/usr/bin/virsh -c lxc:/// start --pass-fds 3 mycontainer
-ExecStop=/usr/bin/virsh -c lxc:/// destroy mycontainer
-Type=oneshot
-RemainAfterExit=yes
-KillMode=none
+ # mount -t cgroup cgroup /dev/cgroup -o cpuacct,memory,devices,cpu,freezer,blkio
 </pre>
 
 <p>
-The <code>--pass-fds 3</code> argument specifies that the file
-descriptor number 3 that <code>virsh</code> inherits from systemd,
-is to be passed into the container. Since <code>virsh</code> will
-exit immediately after starting the container, the <code>RemainAfterExit</code>
-and <code>KillMode</code> settings must be altered from their defaults.
+NB, the blkio controller in some kernels will not allow creation of nested
+sub-directories which will prevent correct operation of the libvirt LXC
+driver. On such kernels, it may be neccessary to unmount the blkio controller.
 </p>
 
-<p>
-Next, the <code>/etc/systemd/system/mycontainer.socket</code> unit
-file is created to get the host systemd to listen on port 23 for
-TCP connections. When this unit file is activated by the first
-incoming connection, it will cause the <code>mycontainer.service</code>
-unit to be activated with the FD corresponding to the listening TCP
-socket passed in as FD 3.
-</p>
-
-<pre>
-[Unit]
-Description=The SSH socket of my little container
-
-[Socket]
-ListenStream=23
-</pre>
-
-<p>
-Port 23 was picked here so that the container doesn't conflict
-with the host's SSH which is on the normal port 22. That's it
-in terms of host side configuration.
-</p>
-
-<p>
-Inside the container, the <code>/etc/systemd/system/sshd.socket</code>
-unit file must be created
-</p>
-
-<pre>
-[Unit]
-Description=SSH Socket for Per-Connection Servers
-
-[Socket]
-ListenStream=23
-Accept=yes
-</pre>
-
-<p>
-The <code>ListenStream</code> value listed in this unit file, must
-match the value used in the host file. When systemd in the container
-receives the pre-opened FD from libvirt during container startup, it
-looks at the <code>ListenStream</code> values to figure out which
-FD to give to which service. The actual service to start is defined
-by a correspondingly named <code>/etc/systemd/system/sshd@.service</code>
-</p>
-
-<pre>
-[Unit]
-Description=SSH Per-Connection Server for %I
-
-[Service]
-ExecStart=-/usr/sbin/sshd -i
-StandardInput=socket
-</pre>
-
-<p>
-Finally, make sure this SSH service is set to start on boot of the container,
-by running the following command inside the container:
-</p>
-
-<pre>
-# mkdir -p /etc/systemd/system/sockets.target.wants/
-# ln -s /etc/systemd/system/sshd.socket /etc/systemd/system/sockets.target.wants/
-</pre>
-
-<p>
-This example shows how to activate the container based on an incoming
-SSH connection. If the container was also configured to have an httpd
-service, it may be desirable to activate it upon either an httpd or a
-sshd connection attempt. In this case, the <code>mycontainer.socket</code>
-file in the host would simply list multiple socket ports. Inside the
-container a separate <code>xxxxx.socket</code> file would need to be
-created for each service, with a corresponding <code>ListenStream</code>
-value set.
-</p>
-
-<!--
-<h2>Container configuration</h2>
-
-<h3>Init process</h3>
-
-<h3>Console devices</h3>
-
-<h3>Filesystem devices</h3>
-
-<h3>Disk devices</h3>
-
-<h3>Block devices</h3>
-
-<h3>USB devices</h3>
-
-<h3>Character devices</h3>
-
-<h3>Network devices</h3>
--->
-
-<h2>Container security</h2>
-
-<h3>sVirt SELinux</h3>
-
-<p>
-In the absence of the "user" namespace being used, containers cannot
-be considered secure against exploits of the host OS. The sVirt SELinux
-driver provides a way to secure containers even when the "user" namespace
-is not used. The cost is that writing a policy to allow execution of
-arbitrary OS is not practical. The SELinux sVirt policy is typically
-tailored to work with an simpler application confinement use case,
-as provided by the "libvirt-sandbox" project.
-</p>
-
-<h3>Auditing</h3>
-
-<p>
-The LXC driver is integrated with libvirt's auditing subsystem, which
-causes audit messages to be logged whenever there is an operation
-performed against a container which has impact on host resources.
-So for example, start/stop, device hotplug will all log audit messages
-providing details about what action occurred and any resources
-associated with it. There are the following 3 types of audit messages
-</p>
-
-<ul>
-<li><code>VIRT_MACHINE_ID</code> - details of the SELinux process and
-image security labels assigned to the container.</li>
-<li><code>VIRT_CONTROL</code> - details of an action / operation
-performed against a container. There are the following types of
-operation
-  <ul>
-    <li><code>op=start</code> - a container has been started. Provides
-      the machine name, uuid and PID of the <code>libvirt_lxc</code>
-      controller process</li>
-    <li><code>op=init</code> - the init PID of the container has been
-      started. Provides the machine name, uuid and PID of the
-      <code>libvirt_lxc</code> controller process and PID of the
-      init process (in the host PID namespace)</li>
-    <li><code>op=stop</code> - a container has been stopped. Provides
-      the machine name, uuid</li>
-  </ul>
-</li>
-<li><code>VIRT_RESOURCE</code> - details of a host resource
-associated with a container action.</li>
-</ul>
-
-<h3>Device access</h3>
-
-<p>
-All containers are launched with the CAP_MKNOD capability cleared
-and removed from the bounding set. Libvirt will ensure that the
-/dev filesystem is pre-populated with all devices that a container
-is allowed to use. In addition, the cgroup "device" controller is
-configured to block read/write/mknod from all devices except those
-that a container is authorized to use.
-</p>
-
-<h2><a name="exconfig">Example configurations</a></h2>
 
 <h3>Example config version 1</h3>
 <p></p>
@@ -532,158 +102,21 @@ debootstrap, whatever) under /opt/vm-1-root:
 &lt;/domain&gt;
 </pre>
 
-
-<h2><a name="usage">Container usage / management</a></h2>
-
 <p>
-As with any libvirt virtualization driver, LXC containers can be
-managed via a wide variety of libvirt based tools. At the lowest
-level the <code>virsh</code> command can be used to perform many
-tasks, by passing the <code>-c lxc:///</code> argument. As an
-alternative to repeating the URI with every command, the <code>LIBVIRT_DEFAULT_URI</code>
-environment variable can be set to <code>lxc:///</code>. The
-examples that follow outline some common operations with virsh
-and LXC. For further details about usage of virsh consult its
-manual page.
-</p>
-
-<h3><a name="usageSave">Defining (saving) container configuration></a></h3>
-
-<p>
-The <code>virsh define</code> command takes an XML configuration
-document and loads it into libvirt, saving the configuration on disk
-</p>
-
+In both cases, you can define and start a container using:</p>
 <pre>
-# virsh -c lxc:/// define myguest.xml
+virsh --connect lxc:/// define v1.xml
+virsh --connect lxc:/// start vm1
 </pre>
-
-<h3><a name="usageView">Viewing container configuration</a></h3>
-
-<p>
-The <code>virsh dumpxml</code> command can be used to view the
-current XML configuration of a container. By default the XML
-output reflects the current state of the container. If the
-container is running, it is possible to explicitly request the
-persistent configuration, instead of the current live configuration
-using the <code>--inactive</code> flag
-</p>
-
+and then get a console  using:
 <pre>
-# virsh -c lxc:/// dumpxml myguest
+virsh --connect lxc:/// console vm1
 </pre>
-
-<h3><a name="usageStart">Starting containers</a></h3>
-
-<p>
-The <code>virsh start</code> command can be used to start a
-container from a previously defined persistent configuration
+<p>Now doing 'ps -ef' will only show processes in the container, for
+instance.  You can undefine it using
 </p>
-
 <pre>
-# virsh -c lxc:/// start myguest
+virsh --connect lxc:/// undefine vm1
 </pre>
-
-<p>
-It is also possible to start so called "transient" containers,
-which do not require a persistent configuration to be saved
-by libvirt, using the <code>virsh create</code> command.
-</p>
-
-<pre>
-# virsh -c lxc:/// create myguest.xml
-</pre>
-
-
-<h3><a name="usageStop">Stopping containers</a></h3>
-
-<p>
-The <code>virsh shutdown</code> command can be used
-to request a graceful shutdown of the container. By default
-this command will first attempt to send a message to the
-init process via the <code>/dev/initctl</code> device node.
-If no such device node exists, then it will send SIGTERM
-to PID 1 inside the container.
-</p>
-
-<pre>
-# virsh -c lxc:/// shutdown myguest
-</pre>
-
-<p>
-If the container does not respond to the graceful shutdown
-request, it can be forceably stopped using the <code>virsh destroy</code>
-</p>
-
-<pre>
-# virsh -c lxc:/// destroy myguest
-</pre>
-
-
-<h3><a name="usageReboot">Rebooting a container</a></h3>
-
-<p>
-The <code>virsh reboot</code> command can be used
-to request a graceful shutdown of the container. By default
-this command will first attempt to send a message to the
-init process via the <code>/dev/initctl</code> device node.
-If no such device node exists, then it will send SIGHUP
-to PID 1 inside the container.
-</p>
-
-<pre>
-# virsh -c lxc:/// reboot myguest
-</pre>
-
-<h3><a name="usageDelete">Undefining (deleting) a container configuration</a></h3>
-
-<p>
-The <code>virsh undefine</code> command can be used to delete the
-persistent configuration of a container. If the guest is currently
-running, this will turn it into a "transient" guest.
-</p>
-
-<pre>
-# virsh -c lxc:/// undefine myguest
-</pre>
-
-<h3><a name="usageConnect">Connecting to a container console</a></h3>
-
-<p>
-The <code>virsh console</code> command can be used to connect
-to the text console associated with a container. If the container
-has been configured with multiple console devices, then the
-<code>--devname</code> argument can be used to choose the
-console to connect to
-</p>
-
-<pre>
-# virsh -c lxc:/// console myguest
-</pre>
-
-<h3><a name="usageEnter">Running commands in a container</a></h3>
-
-<p>
-The <code>virsh lxc-enter-namespace</code> command can be used
-to enter the namespaces and security context of a container
-and then execute an arbitrary command.
-</p>
-
-<pre>
-# virsh -c lxc:/// lxc-enter-namespace myguest -- /bin/ls -al /dev
-</pre>
-
-<h3><a name="usageTop">Monitoring container utilization</a></h3>
-
-<p>
-The <code>virt-top</code> command can be used to monitor the
-activity and resource utilization of all containers on a
-host
-</p>
-
-<pre>
-# virt-top -c lxc:///
-</pre>
-
   </body>
 </html>

docs/drvopenvz.html.in

@@ -1,6 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html> <!-- -*- html -*- -->
   <body>
     <h1>OpenVZ container driver</h1>
 
@@ -69,7 +67,7 @@ openvz+ssh://root@example.com/system (remote access, SSH tunnelled)
     script must be created manually by the host OS administrator. The
     simplest way is to just download the latest version of this script
     from a newer OpenVZ release, or upstream source repository. Then
-    a generic configuration file <code>/etc/vz/vznet.conf</code>
+    a generic configuration file <code>/etc/vz/vznetctl.conf</code>
     must be created containing
     </p>
 

docs/drvparallels.html.in

@@ -1,70 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Parallels Cloud Server driver</h1>
-    <ul id="toc"></ul>
-    <p>
-        The libvirt Parallels driver can manage Parallels Cloud Server starting from version 6.0.
-    </p>
-
-
-    <h2><a name="project">Project Links</a></h2>
-    <ul>
-      <li>
-        The <a href="http://www.parallels.com/products/server/baremetal/sp/">Parallels Cloud Server</a> Virtualization Solution.
-      </li>
-    </ul>
-
-
-    <h2><a name="uri">Connections to the Parallels Cloud Server driver</a></h2>
-    <p>
-        The libvirt Parallels driver is a single-instance privileged driver, with a driver name of 'parallels'. Some example connection URIs for the libvirt driver are:
-    </p>
-<pre>
-parallels:///system                     (local access)
-parallels+unix:///system                (local access)
-parallels://example.com/system          (remote access, TLS/x509)
-parallels+tcp://example.com/system      (remote access, SASl/Kerberos)
-parallels+ssh://root@example.com/system (remote access, SSH tunnelled)
-</pre>
-
-    <h2><a name="example">Example guest domain XML configuration</a></h2>
-
-    <p>
-    Parallels driver require at least one hard disk for new domains
-    at this time. It is used for defining directory, where VM should
-    be created.
-    </p>
-
-<pre>
-&lt;domain type='parallels'&gt;
-  &lt;name&gt;demo&lt;/name&gt;
-  &lt;uuid&gt;54cdecad-4492-4e31-a209-33cc21d64057&lt;/uuid&gt;
-  &lt;description&gt;some description&lt;/description&gt;
-  &lt;memory unit='KiB'&gt;1048576&lt;/memory&gt;
-  &lt;currentMemory unit='KiB'&gt;1048576&lt;/currentMemory&gt;
-  &lt;vcpu placement='static'&gt;2&lt;/vcpu&gt;
-  &lt;os&gt;
-    &lt;type arch='x86_64'&gt;hvm&lt;/type&gt;
-  &lt;/os&gt;
-  &lt;clock offset='utc'/&gt;
-  &lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;
-  &lt;on_reboot&gt;destroy&lt;/on_reboot&gt;
-  &lt;on_crash&gt;destroy&lt;/on_crash&gt;
-  &lt;devices&gt;
-    &lt;disk type='file' device='disk'&gt;
-      &lt;source file='/storage/vol1'/&gt;
-      &lt;target dev='hda'/&gt;
-    &lt;/disk&gt;
-    &lt;video&gt;
-      &lt;model type='vga' vram='33554432' heads='1'&gt;
-        &lt;acceleration accel3d='no' accel2d='no'/&gt;
-      &lt;/model&gt;
-    &lt;/video&gt;
-  &lt;/devices&gt;
-&lt;/domain&gt;
-
-</pre>
-
-</body></html>

docs/drvphyp.html.in

@@ -1,50 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>IBM PowerVM hypervisor driver (phyp)</h1>
-    <ul id="toc"></ul>
-    <p>
-        The IBM PowerVM driver can manage both HMC and IVM PowerVM
-        guests.  VIOS connections are tunneled through HMC.
-    </p>
-
-
-    <h2><a name="project">Project Links</a></h2>
-    <ul>
-      <li>
-        The <a href="http://www-03.ibm.com/systems/power/software/virtualization/index.html">IBM
-        PowerVM</a> hypervisor
-      </li>
-    </ul>
-
-
-    <h2><a name="uri">Connections to the PowerVM driver</a></h2>
-    <p>
-        Some example remote connection URIs for the driver are:
-    </p>
-<pre>
-phyp://user@hmc/system (HMC connection)
-phyp://user@ivm/system (IVM connection)
-</pre>
-    <p>
-        <strong>Note</strong>: In contrast to other drivers, the
-        PowerVM (or phyp) driver is a client-side-only driver,
-        internally using ssh to connect to the specified hmc or ivm
-        server. Therefore, the <a href="remote.html">remote transport
-        mechanism</a> provided by the remote driver and libvirtd will
-        not work, and you cannot use URIs like
-        <code>phyp+ssh://example.com</code>.
-    </p>
-
-
-    <h3><a name="uriformat">URI Format</a></h3>
-    <p>
-        URIs have this general form (<code>[...]</code> marks an
-        optional part, <code>{...|...}</code> marks a mandatory choice).
-    </p>
-<pre>
-phyp://[username@]{hmc|ivm}/managed_system
-</pre>
-
-</body></html>

docs/drvqemu.html.in

@@ -1,6 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
   <body>
     <h1>KVM/QEMU hypervisor driver</h1>
 
@@ -19,7 +17,6 @@
       <li>
         The <a href="http://www.linux-kvm.org/">KVM</a> Linux
         hypervisor
-      </li>
       <li>
         The <a href="http://wiki.qemu.org/Index.html">QEMU</a> emulator
       </li>
@@ -57,7 +54,7 @@
     The libvirt QEMU driver is a multi-instance driver, providing a single
     system wide privileged driver (the "system" instance), and per-user
     unprivileged drivers (the "session" instance). The URI driver protocol
-    is "qemu". Some example connection URIs for the libvirt driver are:
+    is "qemu". Some example conection URIs for the libvirt driver are:
     </p>
 
 <pre>
@@ -435,16 +432,9 @@ mount -t cgroup none /dev/cgroup -o devices
     <h3><a name="xmlimport">Converting from QEMU args to domain XML</a></h3>
 
     <p>
-      The <code>virsh domxml-from-native</code> provides a way to
-      convert an existing set of QEMU args into a guest description
-      using libvirt Domain XML that can then be used by libvirt.
-      Please note that this command is intended to be used to convert
-      existing qemu guests previously started from the command line to
-      be managed through libvirt.  It should not be used a method of
-      creating new guests from scratch.  New guests should be created
-      using an application calling the libvirt APIs (see
-      the <a href="apps.html">libvirt applications page</a> for some
-      examples) or by manually crafting XML to pass to virsh.
+      The <code>virsh domxml-from-native</code> provides a way to convert an
+      existing set of QEMU args into a guest description using libvirt Domain XML
+      that can then be used by libvirt.
     </p>
 
     <pre>$ cat &gt; demo.args &lt;&lt;EOF
@@ -479,7 +469,7 @@ $ virsh domxml-from-native qemu-argv demo.args
 &lt;/domain&gt;
 </pre>
 
-    <p>NB, don't include the literal \ in the args, put everything on one line</p>
+    <p>NB, don't include the literral \ in the args, put everything on one line</p>
 
     <h3><a name="xmlexport">Converting from domain XML to QEMU args</a></h3>
 
@@ -523,73 +513,6 @@ $ virsh domxml-to-native qemu-argv demo.xml
   -serial none -parallel none -usb
 </pre>
 
-    <h2><a name="qemucommand">Pass-through of arbitrary qemu
-    commands</a></h2>
-
-    <p>Libvirt provides an XML namespace and an optional
-      library <code>libvirt-qemu.so</code> for dealing specifically
-      with qemu.  When used correctly, these extensions allow testing
-      specific qemu features that have not yet been ported to the
-      generic libvirt XML and API interfaces.  However, they
-      are <b>unsupported</b>, in that the library is not guaranteed to
-      have a stable API, abusing the library or XML may result in
-      inconsistent state the crashes libvirtd, and upgrading either
-      qemu-kvm or libvirtd may break behavior of a domain that was
-      relying on a qemu-specific pass-through.  If you find yourself
-      needing to use them to access a particular qemu feature, then
-      please post an RFE to the libvirt mailing list to get that
-      feature incorporated into the stable libvirt XML and API
-      interfaces.
-    </p>
-    <p>The library provides two
-      API: <code>virDomainQemuMonitorCommand</code>, for sending an
-      arbitrary monitor command (in either HMP or QMP format) to a
-      qemu guest (<span class="since">Since 0.8.3</span>),
-      and <code>virDomainQemuAttach</code>, for registering a qemu
-      domain that was manually started so that it can then be managed
-      by libvirtd (<span class="since">Since 0.9.4</span>).
-    </p>
-    <p>Additionally, the following XML additions allow fine-tuning of
-      the command line given to qemu when starting a domain
-      (<span class="since">Since 0.8.3</span>).  In order to use the
-      XML additions, it is necessary to issue an XML namespace request
-      (the special <code>xmlns:<i>name</i></code> attribute) that
-      pulls in <code>http://libvirt.org/schemas/domain/qemu/1.0</code>;
-      typically, the namespace is given the name
-      of <code>qemu</code>.  With the namespace in place, it is then
-      possible to add an element <code>&lt;qemu:commandline&gt;</code>
-      under <code>driver</code>, with the following sub-elements
-      repeated as often as needed:
-    </p>
-      <dl>
-        <dt><code>qemu:arg</code></dt>
-        <dd>Add an additional command-line argument to the qemu
-          process when starting the domain, given by the value of the
-          attribute <code>value</code>.
-        </dd>
-        <dt><code>qemu:env</code></dt>
-        <dd>Add an additional environment variable to the qemu
-          process when starting the domain, given with the name-value
-          pair recorded in the attributes <code>name</code>
-          and optional <code>value</code>.</dd>
-      </dl>
-      <p>Example:</p><pre>
-&lt;domain type='qemu' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'&gt;
-  &lt;name&gt;QEmu-fedora-i686&lt;/name&gt;
-  &lt;memory&gt;219200&lt;/memory&gt;
-  &lt;os&gt;
-    &lt;type arch='i686' machine='pc'&gt;hvm&lt;/type&gt;
-  &lt;/os&gt;
-  &lt;devices&gt;
-    &lt;emulator&gt;/usr/bin/qemu-system-x86_64&lt;/emulator&gt;
-  &lt;/devices&gt;
-  &lt;qemu:commandline&gt;
-    &lt;qemu:arg value='-newarg'/&gt;
-    &lt;qemu:env name='QEMU_ENV' value='VAL'/&gt;
-  &lt;/qemu:commandline&gt;
-&lt;/domain&gt;
-</pre>
-
     <h2><a name="xmlconfig">Example domain XML config</a></h2>
 
     <h3>QEMU emulated guest on x86_64</h3>

docs/drvremote.html.in

@@ -1,6 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
   <body>
     <h1>Remote management driver</h1>
   </body>

docs/drvtest.html.in

@@ -1,6 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
   <body>
     <h1>Test "mock" driver</h1>
 
@@ -10,7 +8,7 @@
     The libvirt Test driver is a per-process fake hypervisor driver,
     with a driver name of 'test'. The driver maintains all its state
     in memory. It can start with a pre-configured default config, or
-    be given a path to an alternate config. Some example connection URIs
+    be given a path to a alternate config. Some example conection URIs
     for the libvirt driver are:
     </p>
 

docs/drvuml.html.in

@@ -1,6 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
   <body>
     <h1>User Mode Linux driver</h1>
 

docs/drvvbox.html.in

@@ -1,6 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
     <body>
         <h1>VirtualBox hypervisor driver</h1>
         <p>
@@ -31,18 +29,6 @@ vbox+tcp://user@example.com/session  (remote access, SASl/Kerberos)
 vbox+ssh://user@example.com/session  (remote access, SSH tunnelled)
 </pre>
 
-    <p>
-      <strong>NOTE: as of libvirt 1.0.6, the VirtualBox driver will always
-        run inside the libvirtd daemon, instead of being built-in to the
-        libvirt.so library directly. This change was required due to the
-        fact that VirtualBox code is LGPLv2-only licensed, which is not
-        compatible with the libvirt.so license of LGPLv2-or-later. The
-        daemon will be auto-started when the first connection to VirtualBox
-        is requested. This change also means that it will not be possible
-        to use VirtualBox URIs on the Windows platform, until additional
-        work is completed to get the libvirtd daemon working there.</strong>
-    </p>
-
     <h2><a name="xmlconfig">Example domain XML config</a></h2>
 
 <pre>
@@ -84,11 +70,6 @@ vbox+ssh://user@example.com/session  (remote access, SSH tunnelled)
       &lt;target dev='fda'/&gt;
     &lt;/disk&gt;
 
-    &lt;filesystem type='mount'&gt;
-      &lt;source dir='/home/user/stuff'/&gt;
-      &lt;target dir='my-shared-folder'/&gt;
-    &lt;/filesystem&gt;
-
     &lt;!--BRIDGE--&gt;
     &lt;interface type='bridge'&gt;
       &lt;source bridge='eth0'/&gt;

docs/drvvmware.html.in

@@ -1,12 +1,9 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
     <body>
-        <h1>VMware Workstation / Player / Fusion hypervisors driver</h1>
+        <h1>VMware Workstation / Player hypervisors driver</h1>
         <p>
-        The libvirt VMware driver should be able to manage any Workstation,
-        Player, Fusion version supported by the VMware VIX API. See the
-        compatibility list
+        The libvirt VMware Workstation driver should be able to manage any Workstation and
+        Player version supported by the VMware VIX API. See the compatibility list
         <a href="http://www.vmware.com/support/developer/vix-api/vix110_reference/">here</a>.
     </p>
     <p>
@@ -22,22 +19,17 @@
         The <a href="http://www.vmware.com/">VMware Workstation and
         Player</a> hypervisors
       </li>
-      <li>
-        The <a href="http://www.vmware.com/fusion">VMware Fusion</a>
-        hypervisor
-      </li>
     </ul>
 
     <h2>Connections to VMware driver</h2>
 
     <p>
     The libvirt VMware driver provides per-user drivers (the "session" instance).
-    Three uris are available:
+    Two uris are available:
     </p>
     <ul>
       <li>"vmwareplayer" for VMware Player</li>
       <li>"vmwarews" for VMware Workstation</li>
-      <li>"vmwarefusion" for VMware Fusion</li>
     </ul>
     <p>
     Some example connection URIs for the driver are:
@@ -46,7 +38,6 @@
 <pre>
 vmwareplayer:///session                  (local access to VMware Player per-user instance)
 vmwarews:///session                      (local access to VMware Workstation per-user instance)
-vmwarefusion:///session                      (local access to VMware Fusion per-user instance)
 vmwarews+tcp://user@example.com/session  (remote access to VMware Workstation, SASl/Kerberos)
 vmwarews+ssh://user@example.com/session  (remote access to VMware Workstation, SSH tunnelled)
 </pre>

docs/drvxen.html.in

@@ -1,6 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
   <body>
     <h1>Xen hypervisor driver</h1>
 
@@ -55,21 +53,13 @@
         the <code>/etc/xen</code> directory. It is important not to place
         any other non-config files in this directory.
       </li>
-      <li>
-        <strong>libxl</strong>: Starting with Xen 4.2, the legacy XenD/xm
-        toolstack is deprecated in favor of libxl, also commonly called
-        libxenlight.  libvirt supports this new Xen toolstack via the
-        libxl driver.  If XenD is enabled, the legacy xen driver consisting
-        of the above mentioned channels will be used.  If XenD is disabled,
-        the libxl driver will be used.
-      </li>
     </ul>
 
     <h2><a name="uri">Connections to Xen driver</a></h2>
 
     <p>
     The libvirt Xen driver is a single-instance privileged driver,
-    with a driver name of 'xen'. Some example connection URIs for
+    with a driver name of 'xen'. Some example conection URIs for
     the libvirt driver are:
     </p>
 

docs/errors.html.in

@@ -1,6 +1,5 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<?xml version="1.0"?>
+<html>
   <body>
     <h1 >Handling of errors</h1>
     <p>The main goals of libvirt when it comes to error handling are:</p>

docs/firewall.html.in

@@ -1,6 +1,5 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<?xml version="1.0"?>
+<html>
   <body>
     <h1 >Firewall and network filtering in libvirt</h1>
     <p>There are three pieces of libvirt functionality which do network
@@ -199,7 +198,7 @@ using an XML format. At a high level the format looks like this:
     </p>
     <p>The <code>&lt;rule&gt;</code> element is where all the interesting stuff
        happens. It has three attributes, an action, a traffic direction and an
-       optional priority. E.g.:
+       optional priority. eg:
     </p>
     <pre>&lt;rule action='drop' direction='out' priority='500'&gt;</pre>
     <p>Within the rule there are a wide variety of elements allowed, which
@@ -318,7 +317,7 @@ Bridge chain: PREROUTING, entries: 1, policy: ACCEPT
 
 Bridge chain: POSTROUTING, entries: 1, policy: ACCEPT
 -o vnet0 -j libvirt-O-vnet0</pre>
-    <p>To keep things manageable and easy to follow, the driver will then
+    <p>To keep things managable and easy to follow, the driver will then
        create further sub-chains for each protocol then it needs to match
        against:
     </p>

docs/format.html.in

@@ -1,5 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<?xml version="1.0"?>
 <html xmlns="http://www.w3.org/1999/xhtml">
   <body>
     <h1 >XML Format</h1>

docs/formatcaps.html.in

@@ -1,6 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
   <body>
     <h1>Driver capabilities XML format</h1>
 
@@ -30,11 +28,6 @@ BIOS you will see</p>
       &lt;feature name='xtpr'/&gt;
       ...
     &lt;/cpu&gt;
-    &lt;power_management&gt;
-      &lt;suspend_mem/&gt;
-      &lt;suspend_disk/&gt;
-      &lt;suspend_hybrid/&gt;
-    &lt;power_management/&gt;
   &lt;/host&gt;</span>
 
   &lt;!-- xen-3.0-x86_64 --&gt;
@@ -67,30 +60,20 @@ BIOS you will see</p>
   &lt;/guest&gt;</span>
   ...
 &lt;/capabilities&gt;</pre>
-        <p>The first block (in red) indicates the host hardware
-          capabilities, such as CPU properties and the power
-          management features of the host platform.  CPU models are
-          shown as additional features relative to the closest base
-          model, within a feature block (the block is similar to what
-          you will find in a Xen fully virtualized domain
-          description). Further, the power management features
-          supported by the host are shown, such as Suspend-to-RAM (S3),
-          Suspend-to-Disk (S4) and Hybrid-Suspend (a combination of S3
-          and S4). In case the host does not support
-          any such feature, then an empty &lt;power_management/&gt;
-          tag will be shown. </p>
-        <p>The second block (in blue) indicates the paravirtualization
-          support of the Xen support, you will see the os_type of xen
-          to indicate a paravirtual kernel, then architecture
-          information and potential features.</p>
-        <p>The third block (in green) gives similar information but
-          when running a 32 bit OS fully virtualized with Xen using
-          the hvm support.</p>
-        <p>This section is likely to be updated and augmented in the
-          future,
-          see <a href="https://www.redhat.com/archives/libvir-list/2007-March/msg00215.html">the
-          discussion</a> which led to the capabilities format in the
-          mailing-list archives.</p>
+        <p>The first block (in red) indicates the host hardware capabilities, currently
+it is limited to the CPU properties but other information may be available,
+it shows the CPU architecture, topology, model name, and additional features
+which are not included in the model but the CPU provides them. Features of the
+chip are shown within the feature block (the block is similar to what you will
+find in a Xen fully virtualized domain description).</p>
+        <p>The second block (in blue) indicates the paravirtualization support of the
+Xen support, you will see the os_type of xen to indicate a paravirtual
+kernel, then architecture information and potential features.</p>
+        <p>The third block (in green) gives similar information but when running a
+32 bit OS fully virtualized with Xen using the hvm support.</p>
+        <p>This section is likely to be updated and augmented in the future, see <a href="https://www.redhat.com/archives/libvir-list/2007-March/msg00215.html">the
+discussion</a> which led to the capabilities format in the mailing-list
+archives.</p>
 
   </body>
 </html>

docs/formatnetwork.html.in

@@ -1,6 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
   <body>
     <h1>Network XML format</h1>
 
@@ -17,14 +15,8 @@
 
     <p>
       The root element required for all virtual networks is
-      named <code>network</code> and has no configurable attributes
-      (although <span class="since">since 0.10.0</span> there is one
-      optional read-only attribute - when examining the live
-      configuration of a network, the
-      attribute <code>connections</code>, if present, specifies the
-      number of guest interfaces currently connected via this
-      network).  The network XML format is
-      available <span class="since">since 0.3.0</span>
+      named <code>network</code> and has no attributes.
+      The network XML format is available <span class="since">since 0.3.0</span>
     </p>
 
     <h3><a name="elementsMetadata">General metadata</a></h3>
@@ -35,7 +27,7 @@
     </p>
 
     <pre>
-      &lt;network ipv6='yes'&gt;
+      &lt;network&gt;
         &lt;name&gt;default&lt;/name&gt;
         &lt;uuid&gt;3e3fce45-4f53-4fa7-bb32-11f34168b82b&lt;/uuid&gt;
         ...</pre>
@@ -54,12 +46,6 @@
         The format must be RFC 4122 compliant, eg <code>3e3fce45-4f53-4fa7-bb32-11f34168b82b</code>.
         If omitted when defining/creating a new network, a random
         UUID is generated. <span class="since">Since 0.3.0</span></dd>
-      <dt><code>ipv6='yes'</code></dt>
-      <dd>The new, optional parameter <code>ipv6='yes'</code> enables
-        a network definition with no IPv6 gateway addresses specified
-        to have guest-to-guest communications.  For further information,
-        see the example below for the example with no gateway addresses.
-        <span class="since">Since 1.0.1</span></dd>
     </dl>
 
     <h3><a name="elementsConnect">Connectivity</a></h3>
@@ -72,7 +58,7 @@
     <pre>
         ...
         &lt;bridge name="virbr0" stp="on" delay="5"/&gt;
-        &lt;domain name="example.com"/&gt;
+        &lt;domain name="example"/&gt;
         &lt;forward mode="nat" dev="eth0"/&gt;
         ...</pre>
 
@@ -138,39 +124,6 @@
             network, and to/from the host to the guests, are
             unrestricted and not NATed.<span class="since">Since
             0.4.2</span>
-
-            <p><span class="since">Since 1.0.3</span> it is possible to
-            specify a public IPv4 address and port range to be used for
-            the NAT by using the <code>&lt;nat&gt;</code> subelement.
-            The address range is set with the <code>&lt;address&gt;</code>
-            subelements and <code>start</code> and <code>stop</code>
-            attributes:
-            </p>
-            <pre>
-...
-  &lt;forward mode='nat'&gt;
-    &lt;nat&gt;
-      &lt;address start='1.2.3.4' end='1.2.3.10'/&gt;
-    &lt;/nat&gt;
-  &lt;/forward&gt;
-...</pre>
-            <p>
-            A single IPv4 address can be set by setting
-            <code>start</code> and <code>end</code> attributes to
-            the same value.
-            </p>
-            <p>
-            The port range to be used for the <code>&lt;nat&gt;</code> can
-            be set via the subelement <code>&lt;port&gt;</code>:
-            </p>
-            <pre>
-...
-  &lt;forward mode='nat'&gt;
-    &lt;nat&gt;
-      &lt;port start='500' end='1000'/&gt;
-    &lt;/nat&gt;
-  &lt;/forward&gt;
-...</pre>
           </dd>
 
           <dt><code>route</code></dt>
@@ -181,12 +134,12 @@
             attribute is set, firewall rules will restrict forwarding
             to the named device only. This presumes that the local LAN
             router has suitable routing table entries to return
-            traffic to this host. All incoming and outgoing sessions
-            to guest on these networks are unrestricted. (To restrict
-            incoming traffic to a guest on a routed network, you can
-            configure <a href="formatnwfilter.html">nwfilter rules</a>
-            on the guest's interfaces.)
-            <span class="since">Since 0.4.2</span>
+            traffic to this host. Firewall rules are also installed
+            that prevent incoming sessions from the physical network
+            to the guests, but outgoing sessions are unrestricted (as
+            are sessions from the host to the guests, and between
+            guests on the same network.)<span class="since">Since
+            0.4.2</span>
           </dd>
 
           <dt><code>bridge</code></dt>
@@ -194,17 +147,10 @@
             This network describes either 1) an existing host bridge
             that was configured outside of libvirt (if
             a <code>&lt;bridge name='xyz'/&gt;</code> element has been
-            specified, <span class="since">Since 0.9.4</span>), 2) an
-            existing Open vSwitch bridge that was configured outside of
-            libvirt (if both a <code>&lt;bridge name='xyz'/&gt;</code>
-            element <b>and</b> a <code>&lt;virtualport
-            type='openvswitch'/&gt;</code> have been
-            specified <span class="since">Since 0.10.0</span>) 3) an
-            interface or group of interfaces to be used for a "direct"
-            connection via macvtap using macvtap's "bridge" mode (if
-            the forward element has one or
-            more <code>&lt;interface&gt;</code>
-            subelements, <span class="since">Since 0.9.4</span>)
+            specified), or 2) an interface or group of interfaces to
+            be used for a "direct" connection via macvtap using
+            macvtap's "bridge" mode (if the forward element has one or
+            more <code>&lt;interface&gt;</code> subelements)
             (see <a href="formatdomain.html#elementsNICSDirect">Direct
             attachment to physical interface</a> for descriptions of
             the various macvtap modes). libvirt doesn't attempt to
@@ -264,61 +210,11 @@
             (usually either a domain start, or a hotplug interface
             attach to a domain).<span class="since">Since 0.9.4</span>
           </dd>
-          <dt><code>hostdev</code></dt>
-          <dd>
-            This network facilitates PCI Passthrough of a network
-            device.  A network device is chosen from the interface
-            pool and directly assigned to the guest using generic
-            device passthrough, after first optionally setting the
-            device's MAC address and vlan tag to the configured value,
-            and optionally associating the device with an 802.1Qbh
-            capable switch using a <code>&lt;virtualport&gt;</code>
-            element.  Note that - due to limitations in standard
-            single-port PCI ethernet card driver design - only SR-IOV
-            (Single Root I/O Virtualization) virtual function (VF)
-            devices can be assigned in this manner; to assign a
-            standard single-port PCI or PCIe ethernet card to a guest,
-            use the traditional <code>&lt; hostdev&gt;</code> device
-            definition. <span class="since"> Since 0.10.0</span>
-
-            <p>
-              To use VFIO device assignment rather than
-              traditional/legacy KVM device assignment (VFIO is a new
-              method of device assignment that is compatible with UEFI
-              Secure Boot), a &lt;forward type='hostdev'&gt; interface
-              can have an optional <code>driver</code> sub-element
-              with a <code>name</code> attribute set to "vfio". To use
-              legacy KVM device assignment you can
-              set <code>name</code> to "kvm" (or simply omit the
-              &lt;driver&gt; element, since "kvm" is currently the
-              default).
-              <span class="since">Since 1.0.5 (QEMU and KVM only, requires kernel 3.6 or newer)</span>
-            </p>
-
-            <p>Note that this "intelligent passthrough" of network
-            devices is very similar to the functionality of a
-            standard <code>&lt; hostdev&gt;</code> device, the
-            difference being that this method allows specifying a MAC
-            address, vlan tag, and <code>&lt;virtualport &gt;</code>
-            for the passed-through device. If these capabilities are
-            not required, if you have a standard single-port PCI,
-            PCIe, or USB network card that doesn't support SR-IOV (and
-            hence would anyway lose the configured MAC address during
-            reset after being assigned to the guest domain), or if you
-            are using a version of libvirt older than 0.10.0, you
-            should use a standard
-            <code>&lt;hostdev&gt;</code> device definition in the
-            domain's configuration to assign the device to the guest
-            instead of defining an <code>&lt;interface
-            type='network'&gt;</code> pointing to a network
-            with <code>&lt;forward mode='hostdev'/&gt;</code>.
-            </p>
-          </dd>
         </dl>
         As mentioned above, a <code>&lt;forward&gt;</code> element can
         have multiple <code>&lt;interface&gt;</code> subelements, each
         one giving the name of a physical interface that can be used
-        for this network <span class="since">Since 0.9.4</span>:
+        for this network<span class="since">Since 0.9.4</span>:
         <pre>
 ...
   &lt;forward mode='passthrough'&gt;
@@ -330,31 +226,7 @@
   &lt;/forward&gt;
 ...
         </pre>
-        <p>
-          <span class="since">since 0.10.0</span>,
-          <code>&lt;interface&gt;</code> also has an optional read-only
-          attribute - when examining the live configuration of a
-          network, the attribute <code>connections</code>, if present,
-          specifies the number of guest interfaces currently connected
-          via this physical interface.
-        </p>
-        <p>
-          Additionally, <span class="since">since 0.9.10</span>, libvirt
-          allows a shorthand for specifying all virtual interfaces
-          associated with a single physical function, by using
-          the <code>&lt;pf&gt;</code> subelement to call out the
-          corresponding physical interface associated with multiple
-          virtual interfaces:
-        </p>
-        <pre>
-...
-  &lt;forward mode='passthrough'&gt;
-    &lt;pf dev='eth0'/&gt;
-  &lt;/forward&gt;
-...
-        </pre>
-
-        <p>When a guest interface is being constructed, libvirt will pick
+        When a guest interface is being constructed, libvirt will pick
         an interface from this list to use for the connection. In
         modes where physical interfaces can be shared by multiple
         guest interfaces, libvirt will choose the interface that
@@ -362,41 +234,7 @@
         that do not allow sharing of the physical device (in
         particular, 'passthrough' mode, and 'private' mode when using
         802.1Qbh), libvirt will choose an unused physical interface
-        or, if it can't find an unused interface, fail the operation.</p>
-
-        <p>
-          <span class="since">since 0.10.0</span> When using forward
-          mode 'hostdev', the interface pool is specified with a list
-          of <code>&lt;address&gt;</code> elements, each of which has
-          <code>&lt; type&gt;</code> (must always be <code>'pci'</code>,
-          <code>&lt;domain&gt;</code>, <code>&lt;bus&gt;</code>,
-          <code>&lt;slot&gt;</code>, and <code>&lt;function&gt;</code>
-          attributes.
-        </p>
-        <pre>
-...
-  &lt;forward mode='hostdev' managed='yes'&gt;
-    &lt;driver name='vfio'/&gt;
-    &lt;address type='pci' domain='0' bus='4' slot='0' function='1'/&gt;
-    &lt;address type='pci' domain='0' bus='4' slot='0' function='2'/&gt;
-    &lt;address type='pci' domain='0' bus='4' slot='0' function='3'/&gt;
-  &lt;/forward&gt;
-...
-        </pre>
-
-        Alternatively the interface pool can also be defined using a
-        single physical function  <code>&lt;pf&gt;</code> subelement to
-        call out the  corresponding physical interface associated with
-        multiple virtual interfaces (similar to passthrough mode):
-
-        <pre>
-...
-  &lt;forward mode='hostdev' managed='yes'&gt;
-    &lt;pf dev='eth0'/&gt;
-  &lt;/forward&gt;
-...
-        </pre>
-
+        or, if it can't find an unused interface, fail the operation.
       </dd>
     </dl>
     <h5><a name="elementQoS">Quality of service</a></h5>
@@ -431,68 +269,6 @@
         <span class="since">Since 0.9.4</span>
       </p>
 
-    <h5><a name="elementVlanTag">Setting VLAN tag (on supported network types only)</a></h5>
-
-<pre>
-&lt;network&gt;
-  &lt;name&gt;ovs-net&lt;/name&gt;
-  &lt;forward mode='bridge'/&gt;
-  &lt;bridge name='ovsbr0'/&gt;
-  &lt;virtualport type='openvswitch'&gt;
-    &lt;parameters interfaceid='09b11c53-8b5c-4eeb-8f00-d84eaa0aaa4f'/&gt;
-  &lt;/virtualport&gt;
-  <b>&lt;vlan trunk='yes'&gt;</b>
-    <b>&lt;tag id='42' nativeMode='untagged'/&gt;</b>
-    <b>&lt;tag id='47'/&gt;</b>
-  <b>&lt;/vlan&gt;</b>
-  &lt;portgroup name='dontpanic'&gt;
-    <b>&lt;vlan&gt;</b>
-      <b>&lt;tag id='42'/&gt;</b>
-    <b>&lt;/vlan&gt;</b>
-  &lt;/portgroup&gt;
-&lt;/network&gt;
-</pre>
-
-    <p>
-      If (and only if) the network type supports vlan tagging
-      transparent to the guest, an optional <code>&lt;vlan&gt;</code>
-      element can specify one or more vlan tags to apply to the
-      traffic of all guests using this
-      network <span class="since">Since 0.10.0</span>. (openvswitch
-      and type='hostdev' SR-IOV networks do support transparent vlan
-      tagging of guest traffic; everything else, including standard
-      linux bridges and libvirt's own virtual networks, <b>do not</b>
-      support it. 802.1Qbh (vn-link) and 802.1Qbg (VEPA) switches
-      provide their own way (outside of libvirt) to tag guest traffic
-      onto specific vlans.) As expected, the <code>tag</code>
-      attribute specifies which vlan tag to use. If a network has more
-      than one <code>&lt;vlan&gt;</code> element defined, it is
-      assumed that the user wants to do VLAN trunking using all the
-      specified tags. In the case that vlan trunking with a single tag
-      is desired, the optional attribute <code>trunk='yes'</code> can
-      be added to the vlan element.
-    </p>
-    <p>
-      For network connections using openvswitch it is possible to
-      configure the 'native-tagged' and 'native-untagged' vlan modes
-      <span class="since">Since 1.1.0</span>. This uses the optional
-      <code>nativeMode</code> attribute on the <code>&lt;tag&gt;</code>
-      element: <code>nativeMode</code> may be set to 'tagged' or
-      'untagged'. The id attribute of the element sets the native vlan.
-    </p>
-    <p>
-      <code>&lt;vlan&gt;</code> elements can also be specified in
-      a <code>&lt;portgroup&gt;</code> element, as well as directly in
-      a domain's <code>&lt;interface&gt;</code> element. In the case
-      that a vlan tag is specified in multiple locations, the setting
-      in <code>&lt;interface&gt;</code> takes precedence, followed by
-      the setting in the <code>&lt;portgroup&gt;</code> selected by
-      the interface config. The <code>&lt;vlan&gt;</code>
-      in <code>&lt;network&gt;</code> will be selected only if none is
-      given in <code>&lt;portgroup&gt;</code>
-      or <code>&lt;interface&gt;</code>.
-    </p>
-
     <h5><a name="elementsPortgroup">Portgroups</a></h5>
 
 <pre>
@@ -525,11 +301,9 @@
 ...</pre>
 
     <p>
-      <span class="since">Since 0.9.4</span>
       A portgroup provides a method of easily putting guest
       connections to the network into different classes, with each
-      class potentially having a different level/type of service.
-      <span class="since">Since 0.9.4</span> Each
+      class potentially having a different level/type of service. Each
       network can have multiple portgroup elements (and one of those
       can optionally be designated as the 'default' portgroup for the
       network), and each portgroup has a name, as well as various
@@ -547,73 +321,11 @@
       default portgroup will be used. If no portgroup is given in the
       interface definition, and there is no default portgroup, then
       none will be used. Any <code>&lt;bandwidth&gt;</code>
-
-      specified directly in the domain XML will take precedence over
-      any setting in the chosen portgroup. if
-      a <code>&lt;virtualport&gt;</code> is specified in the portgroup
-      (and/or directly in the network definition), the multiple
-      virtualports will be merged, and any parameter that is specified
-      in more than one virtualport, and is not identical, will be
-      considered an error, and will prevent the interface from
-      starting.
+      or <code>&lt;virtualport&gt;</code> specified directly in the
+      domain XML will take precedence over any setting in the chosen
+      portgroup.
     </p>
 
-    <h5><a name="elementsStaticroute">Static Routes</a></h5>
-    <p>
-      Static route definitions are used to provide routing information
-      to the virtualization host for networks which are not directly
-      reachable from the virtualization host, but *are* reachable from
-      a guest domain that is itself reachable from the
-      host <span class="since">since 1.0.6</span>.
-    </p>
-
-    <p>
-      As shown in <a href="formatnetwork.html#examplesNoGateway">this
-      example</a>, it is possible to define a virtual network
-      interface with no IPv4 or IPv6 addresses.  Such networks are
-      useful to provide host connectivity to networks which are only
-      reachable via a guest.  A guest with connectivity both to the
-      guest-only network and to another network that is directly
-      reachable from the host can act as a gateway between the
-      networks.  A static route added to the "host-visible" network
-      definition provides the routing information so that IP packets
-      can be sent from the virtualization host to guests on the hidden
-      network.
-    </p>
-
-    <p>
-      Here is a fragment of a definition which shows the static
-      route specification as well as the  IPv4 and IPv6 definitions
-      for network addresses which are referred to in the
-      <code>gateway</code> gateway address specifications.  Note
-      that the third static route specification includes the
-      <code>metric</code> attribute specification with a value of 2.
-      This particular route would *not* be preferred if there was
-      another existing rout on the system with the same address and
-      prefix but with a lower value for the metric. If there is a
-      route in the host system configuration that should be overridden
-      by a route in a virtual network whenever the virtual network is
-      running, the configuration for the system-defined route should
-      be modified to have a higher metric, and the route on the
-      virtual network given a lower metric (for example, the default
-      metric of "1").
-    </p>
-
-    <pre>
-      ...
-        &lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt;
-          &lt;dhcp&gt;
-            &lt;range start="192.168.122.128" end="192.168.122.254" /&gt;
-          &lt;/dhcp&gt;
-        &lt;/ip&gt;
-        &lt;route address="192.168.222.0" prefix="24" gateway="192.168.122.2" /&gt;
-        &lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" /&gt;
-        &lt;route family="ipv6" address="2001:db8:ca2:3::" prefix="64" gateway="2001:db8:ca2:2::2"/&gt;
-        &lt;route family="ipv6" address="2001:db9:4:1::" prefix="64" gateway="2001:db8:ca2:2::3" metric='2'&gt;
-        &lt;/route&gt;
-      ...
-    </pre>
-
     <h3><a name="elementsAddress">Addressing</a></h3>
 
     <p>
@@ -628,16 +340,8 @@
     <pre>
         ...
         &lt;mac address='00:16:3E:5D:C7:9E'/&gt;
-        &lt;domain name="example.com"/&gt;
         &lt;dns&gt;
           &lt;txt name="example" value="example value" /&gt;
-          &lt;forwarder addr="8.8.8.8"/&gt;
-          &lt;forwarder addr="8.8.4.4"/&gt;
-          &lt;srv service='name' protocol='tcp' domain='test-domain-name' target='.' port='1024' priority='10' weight='10'/&gt;
-          &lt;host ip='192.168.122.2'&gt;
-            &lt;hostname&gt;myhost&lt;/hostname&gt;
-            &lt;hostname&gt;myhostalias&lt;/hostname&gt;
-          &lt;/host&gt;
         &lt;/dns&gt;
         &lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt;
           &lt;dhcp&gt;
@@ -647,7 +351,6 @@
           &lt;/dhcp&gt;
         &lt;/ip&gt;
         &lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" /&gt;
-        &lt;route family="ipv6" address="2001:db9:ca1:1::" prefix="64" gateway="2001:db8:ca2:2::2" /&gt;
       &lt;/network&gt;</pre>
 
     <dl>
@@ -665,36 +368,11 @@
         with the idiosyncrasies of the platform where libvirt is
         running. <span class="since">Since 0.8.8</span>
       </dd>
-      <dt><code>dns</code></dt>
-      <dd> The dns element of a network contains configuration
-        information for the virtual network's DNS
-        server <span class="since">Since 0.9.3</span>.
-
-        <p>
-          The dns element
-          can have an optional <code>forwardPlainNames</code>
-          attribute <span class="since">Since 1.1.2</span>.
-          If <code>forwardPlainNames</code> is "no", then DNS resolution
-          requests for names that are not qualified with a domain
-          (i.e. names with no "." character) will not be forwarded to
-          the host's upstream DNS server - they will only be resolved if
-          they are known locally within the virtual network's own DNS
-          server. If <code>forwardPlainNames</code> is "yes",
-          unqualified names <b>will</b> be forwarded to the upstream DNS
-          server if they can't be resolved by the virtual network's own
-          DNS server.
-        </p>
-
-        Currently supported sub-elements of <code>&lt;dns&gt;</code> are:
+      <dt><code>dns</code></dt><dd>
+        The dns element of a network contains configuration information for the
+        virtual network's DNS server. <span class="since">Since 0.9.3</span>
+        Currently supported elements are:
         <dl>
-          <dt><code>forwarder</code></dt>
-          <dd>A <code>dns</code> element can have 0 or
-            more <code>forwarder</code> elements.  Each forwarder
-            element defines an IP address to be used as forwarder in
-            DNS server configuration. The addr attribute is required
-            and defines the IP address of every
-            forwarder. <span class="since">Since 1.1.3</span>
-          </dd>
           <dt><code>txt</code></dt>
           <dd>A <code>dns</code> element can have 0 or more <code>txt</code> elements.
             Each txt element defines a DNS TXT record and has two attributes, both
@@ -712,27 +390,14 @@
             <span class="since">Since 0.9.3</span>
           </dd>
         </dl>
-        <dl>
-          <dt><code>srv</code></dt>
-          <dd>The <code>dns</code> element can have also 0 or more <code>srv</code>
-            record elements. Each <code>srv</code> record element defines a DNS SRV record
-            and has 2 mandatory and 5 optional attributes. The mandatory attributes
-            are service name and protocol (tcp, udp) and the optional attributes are
-            target, port, priority, weight and domain as defined in DNS server SRV
-            RFC (RFC 2782).
-            <span class="since">Since 0.9.9</span>
-          </dd>
-        </dl>
       </dd>
       <dt><code>ip</code></dt>
       <dd>The <code>address</code> attribute defines an IPv4 address in
         dotted-decimal format, or an IPv6 address in standard
         colon-separated hexadecimal format, that will be configured on
         the bridge
-        device associated with the virtual network. To the guests this IPv4
-        address will be their IPv4 default route.  For IPv6, the default route is
-        established via Router Advertisement.
-        For IPv4 addresses, the <code>netmask</code>
+        device associated with the virtual network. To the guests this
+        address will be their default route. For IPv4 addresses, the <code>netmask</code>
         attribute defines the significant bits of the network address,
         again specified in dotted-decimal format.  For IPv6 addresses,
         and as an alternate method for IPv4 addresses, you can specify
@@ -741,13 +406,10 @@
         could also be given as <code>prefix='24'</code>. The <code>family</code>
         attribute is used to specify the type of address - 'ipv4' or 'ipv6'; if no
         <code>family</code> is given, 'ipv4' is assumed. A network can have more than
-        one of each family of address defined, but only a single IPv4 address can have a
-        <code>dhcp</code> or <code>tftp</code> element. <span class="since">Since 0.3.0 </span>
+        one of each family of address defined, but only a single address can have a
+        <code>dhcp</code> or <code>tftp</code> element. <span class="since">Since 0.3.0;
         IPv6, multiple addresses on a single network, <code>family</code>, and
-        <code>prefix</code> are support <span class="since">Since 0.8.7</span>.
-        Similar to IPv4, one IPv6 address per network can also have
-        a <code>dhcp</code> definition.  <span class="since">Since 1.0.1</span>
-
+        <code>prefix</code> since 0.8.7</span>
         <dl>
           <dt><code>tftp</code></dt>
           <dd>Immediately within
@@ -765,44 +427,30 @@
             optional <code>dhcp</code> element. The presence of this element
             enables DHCP services on the virtual network. It will further
             contain one or more <code>range</code> elements. The
-            <code>dhcp</code> element supported for both
-            IPv4 <span class="since">Since 0.3.0</span>
-            and IPv6 <span class="since">Since 1.0.1</span>, but
-            only for one IP address of each type per network.
+            <code>dhcp</code> element is not supported for IPv6, and
+            is only supported on a single IP address per network for IPv4.
+            <span class="since">Since 0.3.0</span>
             <dl>
               <dt><code>range</code></dt>
               <dd>The <code>start</code> and <code>end</code> attributes on the
                 <code>range</code> element specify the boundaries of a pool of
-                addresses to be provided to DHCP clients. These two addresses
+                IPv4 addresses to be provided to DHCP clients. These two addresses
                 must lie within the scope of the network defined on the parent
-                <code>ip</code> element.  There may be zero or more
-                <code>range</code> elements specified.
-                <span class="since">Since 0.3.0</span>
-                <code>range</code> can be specified for one IPv4 address,
-                one IPv6 address, or both. <span class="since">Since 1.0.1</span>
+                <code>ip</code> element.  <span class="since">Since 0.3.0</span>
               </dd>
               <dt><code>host</code></dt>
               <dd>Within the <code>dhcp</code> element there may be zero or more
-                <code>host</code> elements.  These specify hosts which will be given
+                <code>host</code> elements; these specify hosts which will be given
                 names and predefined IP addresses by the built-in DHCP server. Any
-                IPv4 <code>host</code> element must specify the MAC address of the host to be assigned
+                such element must specify the MAC address of the host to be assigned
                 a given name (via the <code>mac</code> attribute), the IP to be
                 assigned to that host (via the <code>ip</code> attribute), and the
                 name to be given that host by the DHCP server (via the
                 <code>name</code> attribute).  <span class="since">Since 0.4.5</span>
-                An IPv6 <code>host</code> element differs slightly from that for IPv4:
-                there is no <code>mac</code> attribute since a MAC address has no
-                defined meaning in IPv6.  Instead, the <code>name</code> attribute is
-                used to identify the host to be assigned the IPv6 address.  For DHCPv6,
-                the name is the plain name of the client host sent by the
-                client to the server.  Note that this method of assigning a
-                specific IP address can also be used instead of the <code>mac</code>
-                attribute for IPv4.  <span class="since">Since 1.0.1</span>
               </dd>
               <dt><code>bootp</code></dt>
               <dd>The optional <code>bootp</code>
-                element specifies BOOTP options to be provided by the DHCP
-                server for IPv4 only.
+                element specifies BOOTP options to be provided by the DHCP server.
                 Two attributes are supported: <code>file</code> is mandatory and
                 gives the file to be used for the boot image; <code>server</code> is
                 optional and gives the address of the TFTP server from which the boot
@@ -845,29 +493,6 @@
         &lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" /&gt;
       &lt;/network&gt;</pre>
 
-
-    <p>
-      Below is a variation of the above example which adds an IPv6
-      dhcp range definition.
-    </p>
-
-    <pre>
-      &lt;network&gt;
-        &lt;name&gt;default6&lt;/name&gt;
-        &lt;bridge name="virbr0" /&gt;
-        &lt;forward mode="nat"/&gt;
-        &lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt;
-          &lt;dhcp&gt;
-            &lt;range start="192.168.122.2" end="192.168.122.254" /&gt;
-          &lt;/dhcp&gt;
-        &lt;/ip&gt;
-        &lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" &gt;
-          &lt;dhcp&gt;
-            &lt;range start="2001:db8:ca2:2:1::10" end="2001:db8:ca2:2:1::ff" /&gt;
-          &lt;/dhcp&gt;
-        &lt;/ip&gt;
-      &lt;/network&gt;</pre>
-
     <h3><a name="examplesRoute">Routed network config</a></h3>
 
     <p>
@@ -892,63 +517,6 @@
         &lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" /&gt;
       &lt;/network&gt;</pre>
 
-    <p>
-      Below is another IPv6 variation.  Instead of a dhcp range being
-      specified, this example has a couple of IPv6 host definitions.
-      Note that most of the dhcp host definitions use an "id" (client
-      id or DUID) since this has proven to be a more reliable way
-      of specifying the interface and its association with an IPv6
-      address.  The first is a DUID-LLT, the second a DUID-LL, and
-      the third a DUID-UUID.  <span class="since">Since 1.0.3</span>
-    </p>
-
-    <pre>
-      &lt;network&gt;
-        &lt;name&gt;local6&lt;/name&gt;
-        &lt;bridge name="virbr1" /&gt;
-        &lt;forward mode="route" dev="eth1"/&gt;
-        &lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt;
-          &lt;dhcp&gt;
-            &lt;range start="192.168.122.2" end="192.168.122.254" /&gt;
-          &lt;/dhcp&gt;
-        &lt;/ip&gt;
-        &lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" &gt;
-          &lt;dhcp&gt;
-            &lt;host name="paul"   ip="2001:db8:ca2:2:3::1" /&gt;
-            &lt;host id="0:1:0:1:18:aa:62:fe:0:16:3e:44:55:66"    ip="2001:db8:ca2:2:3::2" /&gt;
-            &lt;host id="0:3:0:1:0:16:3e:11:22:33" name="ralph"  ip="2001:db8:ca2:2:3::3" /&gt;
-            &lt;host id="0:4:7e:7d:f0:7d:a8:bc:c5:d2:13:32:11:ed:16:ea:84:63" name="badbob" ip="2001:db8:ca2:2:3::4" /&gt;
-          &lt;/dhcp&gt;
-        &lt;/ip&gt;
-      &lt;/network&gt;</pre>
-
-    <p>
-      Below is yet another IPv6 variation.  This variation has only
-      IPv6 defined with DHCPv6 on the primary IPv6 network.  A static
-      link if defined for a second IPv6 network which will not be
-      directly visible on the bridge interface but there will be a
-      static route defined for this network via the specified
-      gateway. Note that the gateway address must be directly
-      reachable via (on the same subnet as) one of the &lt;ip&gt;
-      addresses defined for this &lt;network&gt;.
-      <span class="since">Since 1.0.6</span>
-    </p>
-
-    <pre>
-      &lt;network&gt;
-        &lt;name&gt;net7&lt;/name&gt;
-        &lt;bridge name="virbr7" /&gt;
-        &lt;forward mode="route"/&gt;
-        &lt;ip family="ipv6" address="2001:db8:ca2:7::1" prefix="64" &gt;
-          &lt;dhcp&gt;
-            &lt;range start="2001:db8:ca2:7::100" end="2001:db8:ca2::1ff" /&gt;
-            &lt;host id="0:4:7e:7d:f0:7d:a8:bc:c5:d2:13:32:11:ed:16:ea:84:63" name="lucas" ip="2001:db8:ca2:2:3::4" /&gt;
-          &lt;/dhcp&gt;
-        &lt;/ip&gt;
-        &lt;route family="ipv6" address="2001:db8:ca2:8::" prefix="64" gateway="2001:db8:ca2:7::4" &gt;
-        &lt;/route&gt;
-      &lt;/network&gt;</pre>
-
     <h3><a name="examplesPrivate">Isolated network config</a></h3>
 
     <p>
@@ -971,35 +539,9 @@
         &lt;ip family="ipv6" address="2001:db8:ca2:3::1" prefix="64" /&gt;
       &lt;/network&gt;</pre>
 
-    <h3><a name="examplesPrivate6">Isolated IPv6 network config</a></h3>
-
-    <p>
-      This variation of an isolated network defines only IPv6.
-      Note that most of the dhcp host definitions use an "id" (client
-      id or DUID) since this has proven to be a more reliable way
-      of specifying the interface and its association with an IPv6
-      address.  The first is a DUID-LLT, the second a DUID-LL, and
-      the third a DUID-UUID.  <span class="since">Since 1.0.3</span>
-    </p>
-
-    <pre>
-      &lt;network&gt;
-        &lt;name&gt;sixnet&lt;/name&gt;
-        &lt;bridge name="virbr6" /&gt;
-        &lt;ip family="ipv6" address="2001:db8:ca2:6::1" prefix="64" &gt;
-          &lt;dhcp&gt;
-            &lt;host name="peter"   ip="2001:db8:ca2:6:6::1" /&gt;
-            &lt;host id="0:1:0:1:18:aa:62:fe:0:16:3e:44:55:66" ip="2001:db8:ca2:6:6::2" /&gt;
-            &lt;host id="0:3:0:1:0:16:3e:11:22:33" name="dariusz" ip="2001:db8:ca2:6:6::3" /&gt;
-            &lt;host id="0:4:7e:7d:f0:7d:a8:bc:c5:d2:13:32:11:ed:16:ea:84:63" name="anita" ip="2001:db8:ca2:6:6::4" /&gt;
-          &lt;/dhcp&gt;
-        &lt;/ip&gt;
-      &lt;/network&gt;</pre>
-
     <h3><a name="examplesBridge">Using an existing host bridge</a></h3>
 
     <p>
-      <span class="since">Since 0.9.4</span>
       This shows how to use a pre-existing host bridge "br0". The
       guests will effectively be directly connected to the physical
       network (i.e. their IP addresses will all be on the subnet of
@@ -1017,8 +559,6 @@
     <h3><a name="examplesDirect">Using a macvtap "direct" connection</a></h3>
 
     <p>
-      <span class="since">Since 0.9.4, QEMU and KVM only, requires
-      Linux kernel 2.6.34 or newer</span>
       This shows how to use macvtap to connect to the physical network
       directly through one of a group of physical devices (without
       using a host bridge device). As with the host bridge network,
@@ -1049,25 +589,5 @@
         &lt;/forward&gt;
       &lt;/network&gt;</pre>
 
-    <h3><a name="examplesNoGateway">Network config with no gateway addresses</a></h3>
-
-    <p>
-    A valid network definition can contain no IPv4 or IPv6 addresses.  Such a definition
-    can be used for a "very private" or "very isolated" network since it will not be
-    possible to communicate with the virtualization host via this network.  However,
-    this virtual network interface can be used for communication between virtual guest
-    systems.  This works for IPv4 and <span class="since">(Since 1.0.1)</span> IPv6.
-    However, the new ipv6='yes' must be added for guest-to-guest IPv6
-    communication.
-    </p>
-
-    <pre>
-      &lt;network ipv6='yes'&gt;
-        &lt;name&gt;nogw&lt;/name&gt;
-        &lt;uuid&gt;7a3b7497-1ec7-8aef-6d5c-38dff9109e93&lt;/uuid&gt;
-        &lt;bridge name="virbr2" stp="on" delay="0" /&gt;
-        &lt;mac address='00:16:3E:5D:C7:9E'/&gt;
-      &lt;/network&gt;</pre>
-
   </body>
 </html>

docs/formatnode.html.in

@@ -1,299 +1,5 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
   <body>
     <h1>Node devices XML format</h1>
-
-    <ul id="toc"></ul>
-
-    <h2><a name="NodedevAttributes">Node Device XML</a></h2>
-
-    <p>
-      There are several libvirt functions, all with the
-      prefix <code>virNodeDevice</code>, which deal with management of
-      host devices that can be handed to guests via passthrough as
-      &lt;hostdev&gt; elements
-      in <a href="formatdomain.html#elementsHostDev">the domain XML</a>.
-      These devices are represented as a hierarchy, where a device on
-      a bus has a parent of the bus controller device; the root of the
-      hierarchy is the node named "computer".
-    </p>
-
-    <p>
-      When represented in XML, a node device uses the
-      top-level <code>device</code> element, with the following
-      elements present according to the type of device:
-    </p>
-    <dl>
-      <dt><code>name</code></dt>
-      <dd>The name for this device.  The name will be alphanumeric,
-        with words separated by underscore.  For many devices, the
-        name is just the bus type and address, as in
-        "pci_0000_00_02_1" or "usb_1_5_3", but some devices are able
-        to provide more specific names, such as
-        "net_eth1_00_27_13_6a_fe_00".
-      </dd>
-      <dt><code>parent</code></dt>
-      <dd>If this element is present, it names the parent device (that
-        is, a controller to which this node belongs).
-      </dd>
-      <dt><code>capability</code></dt>
-      <dd>This node appears for each capability that libvirt
-        associates with a node.  A mandatory
-        attribute <code>type</code> lists which category the device
-        belongs to, and controls which further subelements will be
-        present to describe the node:
-        <dl>
-          <dt><code>system</code></dt>
-          <dd>Describes the overall host.  Sub-elements include:
-            <dl>
-              <dt><code>product</code></dt>
-              <dd>If present, a simple text string giving the product
-                name of the system.</dd>
-              <dt><code>hardware</code></dt>
-              <dd>Describes the hardware of the system, including
-                sub-elements for <code>vendor</code>, <code>version</code>,
-                <code>serial</code>, and <code>uuid</code>.</dd>
-              <dt><code>firmware</code></dt>
-              <dd>Describes the firmware of the system, including
-                sub-elements for <code>vendor</code>, <code>version</code>,
-                and <code>release_date</code>.</dd>
-            </dl>
-          </dd>
-          <dt><code>pci</code></dt>
-          <dd>Describes a device on the host's PCI bus.  Sub-elements
-            include:
-            <dl>
-              <dt><code>domain</code></dt>
-              <dd>Which domain the device belongs to.</dd>
-              <dt><code>bus</code></dt>
-              <dd>Which bus within the domain.</dd>
-              <dt><code>slot</code></dt>
-              <dd>Which slot within the bus.</dd>
-              <dt><code>function</code></dt>
-              <dd>Which function within the slot.</dd>
-              <dt><code>product</code></dt>
-              <dd>Product details from the device ROM, including an
-                attribute <code>id</code> with the hexadecimal product
-                id, and an optional text description of that id.</dd>
-              <dt><code>vendor</code></dt>
-              <dd>Vendor details from the device ROM, including an
-                attribute <code>id</code> with the hexadecimal vendor
-                id, and an optional text name of that vendor.</dd>
-              <dt><code>iommuGroup</code></dt>
-              <dd>
-                This optional element describes the "IOMMU group" this
-                device belongs to. If the element exists, it has a
-                mandatory <code>number</code> attribute which tells
-                the group number used for management of the group (all
-                devices in group "n" will be found in
-                "/sys/kernel/iommu_groups/n"). It will also have a
-                list of <code>address</code> subelements, each
-                containing the PCI address of a device in the same
-                group. The toplevel device will itself be included in
-                this list.
-              </dd>
-              <dt><code>capability</code></dt>
-              <dd>
-                This optional element can occur multiple times. If it
-                exists, it has a mandatory <code>type</code> attribute
-                which will be set to
-                either <code>physical_function</code>
-                or <code>virtual_functions</code>. If the type
-                is <code>physical_function</code>, there will be a
-                single <code>address</code> subelement which contains
-                the PCI address of the SRIOV Physical Function (PF)
-                that is the parent of this device (and this device is,
-                by implication, an SRIOV Virtual Function (VF)). If
-                the type is <code>virtual_functions</code>, then this
-                device is an SRIOV PF, and the capability element will
-                have a list of <code>address</code> subelements, one
-                for each VF on this PF.
-              </dd>
-            </dl>
-          </dd>
-          <dt><code>usb_device</code></dt>
-          <dd>Describes a device on the host's USB bus, based on its
-            location within the bus.  Sub-elements include:
-            <dl>
-              <dt><code>bus</code></dt>
-              <dd>Which bus the device belongs to.</dd>
-              <dt><code>device</code></dt>
-              <dd>Which device within the bus.</dd>
-              <dt><code>product</code></dt>
-              <dd>Product details from the device ROM, including an
-                attribute <code>id</code> with the hexadecimal product
-                id, and an optional text description of that id.</dd>
-              <dt><code>vendor</code></dt>
-              <dd>Vendor details from the device ROM, including an
-                attribute <code>id</code> with the hexadecimal vendor
-                id, and an optional text name of that vendor.</dd>
-            </dl>
-          </dd>
-          <dt><code>usb</code></dt>
-          <dd>Describes a USB device, based on its advertised driver
-            interface.  Sub-elements include:
-            <dl>
-              <dt><code>number</code></dt>
-              <dd>The device number.</dd>
-              <dt><code>class</code></dt>
-              <dd>The device class.</dd>
-              <dt><code>subclass</code></dt>
-              <dd>The device subclass.</dd>
-              <dt><code>protocol</code></dt>
-              <dd>The device protocol.</dd>
-              <dt><code>description</code></dt>
-              <dd>If present, a description of the device.</dd>
-            </dl>
-          </dd>
-          <dt><code>net</code></dt>
-          <dd>Describes a device capable for use as a network
-            interface.  Sub-elements include:
-            <dl>
-              <dt><code>interface</code></dt>
-              <dd>The interface name tied to this device.</dd>
-              <dt><code>address</code></dt>
-              <dd>If present, the MAC address of the device.</dd>
-              <dt><code>capability</code></dt>
-              <dd>A network protocol exposed by the device, where the
-                attribute <code>type</code> can be "80203" for IEEE
-                802.3, or "80211" for various flavors of IEEE 802.11.
-              </dd>
-            </dl>
-          </dd>
-          <dt><code>scsi_host</code></dt>
-          <dd>Describes a SCSI host device.  Sub-elements include:
-            <dl>
-              <dt><code>host</code></dt>
-              <dd>The SCSI host number.</dd>
-              <dt><code>capability</code></dt>
-              <dd>Current capabilities include "vports_ops" (indicates
-                vport operations are supported) and "fc_host". "vport_ops"
-                could contain two optional sub-elements: <code>vports</code>,
-                and <code>max_vports</code>. <code>vports</code> shows the
-                number of vport in use. <code>max_vports</code> shows the
-                maximum vports the HBA supports. "fc_host" implies following
-                sub-elements: <code>wwnn</code>, <code>wwpn</code>, and
-                <code>fabric_wwn</code>.
-              </dd>
-            </dl>
-          </dd>
-          <dt><code>scsi</code></dt>
-          <dd>Describes a SCSI device.  Sub-elements include:
-            <dl>
-              <dt><code>host</code></dt>
-              <dd>The SCSI host containing the device.</dd>
-              <dt><code>bus</code></dt>
-              <dd>The bus within the host.</dd>
-              <dt><code>target</code></dt>
-              <dd>The target within the bus.</dd>
-              <dt><code>lun</code></dt>
-              <dd>The lun within the target.</dd>
-              <dt><code>type</code></dt>
-              <dd>The type of SCSI device.</dd>
-            </dl>
-          </dd>
-          <dt><code>storage</code></dt>
-          <dd>Describes a device usable for storage.  Sub-elements
-            include:
-            <dl>
-              <dt><code>block</code></dt>
-              <dd>A block device file name that accesses the storage
-                present on the device.</dd>
-              <dt><code>bus</code></dt>
-              <dd>If present, the name of the bus the device is found
-                on.</dd>
-              <dt><code>drive_type</code></dt>
-              <dd>The type of the drive, such as "disk" or
-                "cdrom".</dd>
-              <dt><code>model</code></dt>
-              <dd>Any model information available from the
-                device.</dd>
-              <dt><code>vendor</code></dt>
-              <dd>Any vendor information available from the
-                device.</dd>
-              <dt><code>serial</code></dt>
-              <dd>Any serial number information available from the
-                device.</dd>
-              <dt><code>size</code></dt>
-              <dd>For fixed-size storage, the amount of storage
-                available.</dd>
-              <dt><code>capability</code></dt>
-              <dd>If present, an additional capability is listed via
-                the attribute <code>type</code>.  Current capabilities
-                include "hotpluggable" and "removable", with the
-                latter implying the following
-                sub-elements: <code>media_available</code> (0 or
-                1), <code>media_size</code>,
-                and <code>media_label</code>.</dd>
-            </dl>
-          </dd>
-        </dl>
-      </dd>
-    </dl>
-
-    <h2><a name="nodeExample">Examples</a></h2>
-
-    <p>The following are some example node device XML outputs:</p>
-    <pre>
-&lt;device&gt;
-  &lt;name&gt;computer&lt;/name&gt;
-  &lt;capability type='system'&gt;
-    &lt;product&gt;2241B36&lt;/product&gt;
-    &lt;hardware&gt;
-      &lt;vendor&gt;LENOVO&lt;/vendor&gt;
-      &lt;version&gt;ThinkPad T500&lt;/version&gt;
-      &lt;serial&gt;R89055N&lt;/serial&gt;
-      &lt;uuid&gt;c9488981-5049-11cb-9c1c-993d0230b4cd&lt;/uuid&gt;
-    &lt;/hardware&gt;
-    &lt;firmware&gt;
-      &lt;vendor&gt;LENOVO&lt;/vendor&gt;
-      &lt;version&gt;6FET82WW (3.12 )&lt;/version&gt;
-      &lt;release_date&gt;11/26/2009&lt;/release_date&gt;
-    &lt;/firmware&gt;
-  &lt;/capability&gt;
-&lt;/device&gt;
-
-&lt;device&gt;
-  &lt;name&gt;net_eth1_00_27_13_6a_fe_00&lt;/name&gt;
-  &lt;parent&gt;pci_0000_00_19_0&lt;/parent&gt;
-  &lt;capability type='net'&gt;
-    &lt;interface&gt;eth1&lt;/interface&gt;
-    &lt;address&gt;00:27:13:6a:fe:00&lt;/address&gt;
-    &lt;capability type='80203'/&gt;
-  &lt;/capability&gt;
-&lt;/device&gt;
-
-&lt;device&gt;
-  &lt;name&gt;pci_0000_02_00_0&lt;/name&gt;
-  &lt;path&gt;/sys/devices/pci0000:00/0000:00:04.0/0000:02:00.0&lt;/path&gt;
-  &lt;parent&gt;pci_0000_00_04_0&lt;/parent&gt;
-  &lt;driver&gt;
-    &lt;name&gt;igb&lt;/name&gt;
-  &lt;/driver&gt;
-  &lt;capability type='pci'&gt;
-    &lt;domain&gt;0&lt;/domain&gt;
-    &lt;bus&gt;2&lt;/bus&gt;
-    &lt;slot&gt;0&lt;/slot&gt;
-    &lt;function&gt;0&lt;/function&gt;
-    &lt;product id='0x10c9'&gt;82576 Gigabit Network Connection&lt;/product&gt;
-    &lt;vendor id='0x8086'&gt;Intel Corporation&lt;/vendor&gt;
-    &lt;capability type='virt_functions'&gt;
-      &lt;address domain='0x0000' bus='0x02' slot='0x10' function='0x0'/&gt;
-      &lt;address domain='0x0000' bus='0x02' slot='0x10' function='0x2'/&gt;
-      &lt;address domain='0x0000' bus='0x02' slot='0x10' function='0x4'/&gt;
-      &lt;address domain='0x0000' bus='0x02' slot='0x10' function='0x6'/&gt;
-      &lt;address domain='0x0000' bus='0x02' slot='0x11' function='0x0'/&gt;
-      &lt;address domain='0x0000' bus='0x02' slot='0x11' function='0x2'/&gt;
-      &lt;address domain='0x0000' bus='0x02' slot='0x11' function='0x4'/&gt;
-    &lt;/capability&gt;
-    &lt;iommuGroup number='12'&gt;
-      &lt;address domain='0x0000' bus='0x02' slot='0x00' function='0x0'/&gt;
-      &lt;address domain='0x0000' bus='0x02' slot='0x00' function='0x1'/&gt;
-    &lt;/iommuGroup&gt;
-  &lt;/capability&gt;
-&lt;/device&gt;
-    </pre>
-
   </body>
 </html>