qemu: Let empty default VNC password work as documented

CVE-2016-5008

Setting an empty graphics password is documented as a way to disable
VNC/SPICE access, but QEMU does not always behaves like that. VNC would
happily accept the empty password. Let's enforce the behavior by setting
password expiration to "now".

https://bugzilla.redhat.com/show_bug.cgi?id=1180092

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit bb848feec0)
(cherry picked from commit d933f68ee6)

.ctags

@@ -1,5 +0,0 @@
---recurse
---exclude=*.orig
---exclude=*.html
---exclude=*.html.in
---langmap=c:+.h.in

.gitignore

@@ -3,7 +3,6 @@
 *.a
 *.cov
 *.exe
-*.exe.manifest
 *.gcda
 *.gcno
 *.gcov
@@ -14,14 +13,12 @@
 *.loT
 *.o
 *.orig
-*.pem
 *.pyc
 *.rej
 *.s
 *~
 .#*
 .deps
-.dirstamp
 .gdb_history
 .git
 .git-module-status
@@ -61,7 +58,6 @@
 /daemon/libvirtd.policy
 /daemon/libvirtd.service
 /daemon/test_libvirtd.aug
-/docs/aclperms.htmlinc
 /docs/apibuild.py.stamp
 /docs/devhelp/libvirt.devhelp
 /docs/hvsupport.html.in
@@ -71,10 +67,9 @@
 /docs/libvirt-refs.xml
 /docs/search.php
 /docs/todo.html.in
-/examples/object-events/event-test
+/examples/domain-events/events-c/event-test
 /examples/dominfo/info1
 /examples/domsuspend/suspend
-/examples/dommigrate/dommigrate
 /examples/hellolibvirt/hellolibvirt
 /examples/openauth/openauth
 /gnulib/lib/*
@@ -84,7 +79,7 @@
 /libtool
 /libvirt-*.tar.gz
 /libvirt-[0-9]*
-/libvirt*.pc
+/libvirt.pc
 /libvirt.spec
 /ltconfig
 /ltmain.sh
@@ -94,11 +89,20 @@
 /mkinstalldirs
 /po/*
 /proxy/
-/python/
+/python/generated.stamp
+/python/generator.py.stamp
+/python/libvirt-export.c
+/python/libvirt-lxc-export.c
+/python/libvirt-lxc.[ch]
+/python/libvirt-qemu-export.c
+/python/libvirt-qemu.[ch]
+/python/libvirt.[ch]
+/python/libvirt.py
+/python/libvirt_lxc.py
+/python/libvirt_qemu.py
 /run
 /sc_*
 /src/.*.stamp
-/src/*.pc
 /src/access/org.libvirt.api.policy
 /src/access/viraccessapicheck.c
 /src/access/viraccessapicheck.h
@@ -111,11 +115,8 @@
 /src/libvirt*.def
 /src/libvirt.syms
 /src/libvirt_access.syms
-/src/libvirt_access.xml
 /src/libvirt_access_lxc.syms
-/src/libvirt_access_lxc.xml
 /src/libvirt_access_qemu.syms
-/src/libvirt_access_qemu.xml
 /src/libvirt_*.stp
 /src/libvirt_*helper
 /src/libvirt_*probes.h
@@ -137,41 +138,85 @@
 /src/rpc/virkeepaliveprotocol.[ch]
 /src/rpc/virnetprotocol.[ch]
 /src/test_libvirt*.aug
-/src/test_virtlockd.aug
 /src/util/virkeymaps.h
 /src/virt-aa-helper
 /src/virtlockd
-/src/virtlockd.8
-/src/virtlockd.8.in
 /src/virtlockd.init
 /tests/*.log
 /tests/*.pid
 /tests/*.trs
+/tests/*xml2*test
 /tests/commandhelper
-/tests/*test
-!/tests/*schematest
-!/tests/virt-aa-helper-test
-/tests/objectlocking
-/tests/objectlocking-files.txt
-/tests/objectlocking.cm[ix]
+/tests/commandtest
+/tests/conftest
+/tests/cputest
+/tests/domainsnapshotxml2xmltest
+/tests/esxutilstest
+/tests/eventtest
+/tests/fchosttest
+/tests/fdstreamtest
+/tests/hashtest
+/tests/jsontest
+/tests/libvirtdconftest
+/tests/networkxml2argvtest
+/tests/nodeinfotest
+/tests/nwfilterxml2xmltest
+/tests/object-locking
+/tests/object-locking-files.txt
+/tests/object-locking.cm[ix]
+/tests/openvzutilstest
+/tests/qemuargv2xmltest
+/tests/qemuhelptest
+/tests/qemuhotplugtest
+/tests/qemumonitorjsontest
+/tests/qemumonitortest
+/tests/qemuxmlnstest
+/tests/qparamtest
 /tests/reconnect
+/tests/secaatest
+/tests/seclabeltest
+/tests/securityselinuxlabeltest
+/tests/securityselinuxtest
+/tests/sexpr2xmltest
+/tests/shunloadtest
+/tests/sockettest
 /tests/ssh
+/tests/statstest
+/tests/storagebackendsheepdogtest
+/tests/sysinfotest
 /tests/test_conf
+/tests/utiltest
+/tests/viratomictest
+/tests/virauthconfigtest
+/tests/virbitmaptest
+/tests/virbuftest
+/tests/vircgrouptest
+/tests/virdrivermoduletest
+/tests/virendiantest
+/tests/virhashtest
+/tests/viridentitytest
+/tests/virkeycodetest
+/tests/virkeyfiletest
+/tests/virlockspacetest
+/tests/virnet*test
+/tests/virportallocatortest
+/tests/virshtest
+/tests/virstoragetest
+/tests/virstringtest
+/tests/virtimetest
+/tests/viruritest
+/tests/vmx2xmltest
+/tests/xencapstest
+/tests/xmconfigtest
 /tools/*.[18]
 /tools/libvirt-guests.init
 /tools/libvirt-guests.service
 /tools/libvirt-guests.sh
-/tools/virt-login-shell
 /tools/virsh
 /tools/virsh-*-edit.c
 /tools/virt-*-validate
 /tools/virt-sanlock-cleanup
-/tools/wireshark/src/plugin.c
-/tools/wireshark/src/libvirt
 /update.log
-GPATH
-GRTAGS
-GTAGS
 Makefile
 Makefile.in
 TAGS

AUTHORS.in

@@ -18,7 +18,6 @@ Daniel Veillard <veillard@redhat.com>
 Dave Allan <dallan@redhat.com>
 Doug Goldstein <cardoe@gentoo.org>
 Eric Blake <eblake@redhat.com>
-Gao Feng <gaofeng@cn.fujitsu.com>
 Guannan Ren <gren@redhat.com>
 Guido Günther <agx@sigxcpu.org>
 Ján Tomko <jtomko@redhat.com>
@@ -27,16 +26,15 @@ Jim Meyering <meyering@redhat.com>
 Jiří Denemark <jdenemar@redhat.com>
 John Ferlan <jferlan@redhat.com>
 John Levon <john.levon@sun.com>
+Justin Clift <jclift@redhat.com>
 Laine Stump <laine@redhat.com>
 Mark McLoughlin <markmc@redhat.com>
 Martin Kletzander <mkletzan@redhat.com>
 Matthias Bolte <matthias.bolte@googlemail.com>
 Michal Prívozník <mprivozn@redhat.com>
 Osier Yang <jyang@redhat.com>
-Pavel Hrdina <phrdina@redhat.com>
 Peter Krempa <pkrempa@redhat.com>
 Richard W.M. Jones <rjones@redhat.com>
-Roman Bogorodskiy <bogorodskiy@gmail.com>
 Stefan Berger <stefanb@us.ibm.com>
 Wen Congyang <wency@cn.fujitsu.com>
 
@@ -45,7 +43,6 @@ Previous maintainers:
 Atsushi SAKAI <sakaia@jp.fujitsu.com>
 Dan Smith <danms@us.ibm.com>
 Dave Leskovec <dlesko@linux.vnet.ibm.com>
-Justin Clift <jclift@redhat.com>
 Karel Zak <kzak@redhat.com>
 
 Patches have also been contributed by:

ChangeLog-old

@@ -4286,7 +4286,7 @@ Wed Dec 17 21:45:39 GMT 2008 Daniel P. Berrange <berrange@redhat.com>
 
 Wed Dec 17 21:41:39 GMT 2008 Daniel P. Berrange <berrange@redhat.com>
 
-	* src/libvirt_sym.version.in: Remove non-existent symbols
+	* src/libvirt_sym.version.in: Remove non-existant symbols
 	(John Levon)
 
 Wed Dec 17 21:35:39 GMT 2008 Daniel P. Berrange <berrange@redhat.com>
@@ -5504,7 +5504,7 @@ Tue Nov 11 15:51:42 GMT 2008 Daniel P. Berrange <berrange@redhat.com>
 
 Mon Nov 10 12:05:42 GMT 2008 Daniel P. Berrange <berrange@redhat.com>
 
-	* src/openvz_conf.c: Read filesystem template name from config
+	* src/openvz_conf.c: Read filesytem template name from config
 	files. Increase buffer size when parsing vzctl version number
 
 Thu Nov  6 20:45:42 CET 2008 Jim Meyering <meyering@redhat.com>
@@ -12415,7 +12415,7 @@ Thu Jul 12 11:02:17 EST 2007 Daniel P. Berrange <berrange@redhat.com>
 
 Thu Jul 12 11:00:17 EST 2007 Daniel P. Berrange <berrange@redhat.com>
 
-	* qemud/qemud.c: Add explicit checks for existence of x509
+	* qemud/qemud.c: Add explicit checks for existance of x509
 	certificate & key files to get better error reporting than
 	GNU TLS offers when it can't load a file
 
@@ -13276,7 +13276,7 @@ Tue Apr 17 11:30:46 CEST 2007 Daniel Veillard <veillard@redhat.com>
 
 Mon Apr 16 09:11:04 EST 2007 Daniel P. Berrange <berrange@redhat.com>
 
-	* qemud/conf.c: Check for existence of QEMU binary path. Fix check
+	* qemud/conf.c: Check for existance of QEMU binary path. Fix check
 	for -no-kqemu flag to work with x86_64 on i386
 
 Mon Apr 16 09:09:04 EST 2007 Daniel P. Berrange <berrange@redhat.com>
@@ -13920,7 +13920,7 @@ Tue Feb 27 10:20:43 EST 2007 Daniel P. Berrange <berrange@redhat.com>
 
 	* src/xend_internal.c: Only hardcode port = 5900+domid if
 	running against old XenD < 3.0.3, because in newer XenD
-	port is guaranteed to be available in XenStore if the VNC
+	port is guarenteed to be available in XenStore if the VNC
 	server is running.
 
 Mon Feb 26 15:33:08 IST 2007 Mark McLoughlin <markmc@redhat.com>
@@ -15020,7 +15020,7 @@ Tue Nov  7 16:33:43 CET 2006 Daniel Veillard <veillard@redhat.com>
 Tue Oct 31 10:31:34 CET 2006 Daniel Veillard <veillard@redhat.com>
 
 	* src/xend_internal.c: when getting informations about a non
-	  existent domain, it is not a good idea to raise the HTTP
+	  existant domain, it is not a good idea to raise the HTTP
 	  404 GET error, the handling is better done somewhere up in
 	  the stack.
 
@@ -15228,7 +15228,7 @@ Sun Sep  3 12:34:23 EDT 2006 Daniel Berrange <berrange@redhat.com>
 	iterating over list of ids/names, because it is not neccessarily
 	the same as the value returned by virConnectNumOfDomains. Use qsort
 	to sort active domains by Id, and inactive domains by name, since
-	there is no guaranteed sort ordering when listing domains. For inactive
+	there is no guarenteed sort ordering when listing domains. For inactive
 	domains display a '-' instead of '-1' to make it clear they have no
 	sensible ID number.
 

HACKING

@@ -45,7 +45,7 @@ post your patches:
                  --to=libvir-list@redhat.com master
 
 (Note that the "git send-email" subcommand may not be in the main git package
-and using it may require installation of a separate package, for example the
+and using it may require installion of a separate package, for example the
 "git-email" package in Fedora.) For a single patch you can omit
 "--cover-letter", but a series of two or more patches needs a cover letter. If
 you get tired of typing "--to=libvir-list@redhat.com" designation you can set
@@ -104,12 +104,15 @@ and run the tests:
   make syntax-check
   make -C tests valgrind
 
-Valgrind <http://valgrind.org/> is a test that checks for memory management
-issues, such as leaks or use of uninitialized variables.
+
+
+  Valgrind
+  http://valgrind.org/is a test that checks for memory management issues, such as leaks or use of
+uninitialized variables.
 
 Some tests are skipped by default in a development environment, based on the
 time they take in comparison to the likelihood that those tests will turn up
-problems during incremental builds. These tests default to being run when
+problems during incremental builds. These tests default to being run when when
 building from a tarball or with the configure option --enable-expensive-tests;
 you can also force a one-time toggle of these tests by setting
 VIR_TEST_EXPENSIVE to 0 or 1 at make time, as in:
@@ -123,11 +126,6 @@ VIR_TEST_DEBUG may provide larger amounts of information:
   VIR_TEST_DEBUG=1 make check    (or)
   VIR_TEST_DEBUG=2 make check
 
-When debugging failures during development, it is possible to focus in on just
-the failing subtests by using TESTS and VIR_TEST_RANGE:
-
-  make check VIR_TEST_DEBUG=1 VIR_TEST_RANGE=3-5 TESTS=qemuxml2argvtest
-
 Also, individual tests can be run from inside the "tests/" directory, like:
 
   ./qemuxml2xmltest
@@ -198,8 +196,11 @@ In this instance, it is acceptable to modify the "tests/.valgrind.supp" file
 in order to add a suppression filter. The filter should be unique enough to
 not suppress real leaks, but it should be generic enough to cover multiple
 code paths. The format of the entry can be found in the documentation found at
-the Valgrind home page <http://valgrind.org/>. The following trace was added
-to "tests/.valgrind.supp" in order to suppress the warning:
+the
+
+  Valgrind home page.
+  http://valgrind.org/The following trace was added to "tests/.valgrind.supp" in order to suppress
+the warning:
 
 {
     dlInitMemoryLeak1
@@ -220,8 +221,10 @@ feature or changing the output of a program.
 
 
 There is more on this subject, including lots of links to background reading
-on the subject, on Richard Jones' guide to working with open source projects
-<http://et.redhat.com/~rjones/how-to-supply-code-to-open-source-projects/>.
+on the subject, on
+
+  Richard Jones' guide to working with open source projects
+  http://et.redhat.com/~rjones/how-to-supply-code-to-open-source-projects/
 
 
 Code indentation
@@ -232,9 +235,22 @@ but we do prefer that contributed code be formatted similarly. In short, use
 spaces-not-TABs for indentation, use 4 spaces for each indentation level, and
 other than that, follow the K&R style.
 
-If you use Emacs, the project includes a file .dir-locals.el that sets up the
-preferred indentation. If you use vim, append the following to your ~/.vimrc
-file:
+If you use Emacs, add the following to one of one of your start-up files
+(e.g., ~/.emacs), to help ensure that you get indentation right:
+
+  ;;; When editing C sources in libvirt, use this style.
+  (defun libvirt-c-mode ()
+    "C mode with adjusted defaults for use with libvirt."
+    (interactive)
+    (c-set-style "K&R")
+    (setq indent-tabs-mode nil) ; indent using spaces, not TABs
+    (setq c-indent-level 4)
+    (setq c-basic-offset 4))
+  (add-hook 'c-mode-hook
+            '(lambda () (if (string-match "/libvirt" (buffer-file-name))
+                            (libvirt-c-mode))))
+
+If you use vim, append the following to your ~/.vimrc file:
 
   set nocompatible
   filetype on
@@ -244,7 +260,7 @@ file:
   set tabstop=8
   set shiftwidth=4
   set expandtab
-  set cinoptions=(0,:0,l1,t0,L3
+  set cinoptions=(0,:0,l1,t0
   filetype plugin indent on
   au FileType make setlocal noexpandtab
   au BufRead,BufNewFile *.am setlocal noexpandtab
@@ -312,35 +328,6 @@ immediately prior to any closing bracket. E.g.
       int foo(int wizz);    // Good
 
 
-Commas
-======
-Commas should always be followed by a space or end of line, and never have
-leading space; this is enforced during 'make syntax-check'.
-
-      call(a,b ,c);// Bad
-      call(a, b, c); // Good
-
-When declaring an enum or using a struct initializer that occupies more than
-one line, use a trailing comma. That way, future edits to extend the list only
-have to add a line, rather than modify an existing line to add the
-intermediate comma. Any sentinel enumerator value with a name ending in _LAST
-is exempt, since you would extend such an enum before the _LAST element.
-Another reason to favor trailing commas is that it requires less effort to
-produce via code generators. Note that the syntax checker is unable to enforce
-a style of trailing commas, so there are counterexamples in existing code
-which do not use it; also, while C99 allows trailing commas, remember that
-JSON and XDR do not.
-
-      enum {
-          VALUE_ONE,
-          VALUE_TWO // Bad
-      };
-      enum {
-          VALUE_THREE,
-          VALUE_FOUR, // Good
-      };
-
-
 Semicolons
 ==========
 Semicolons should never have a space beforehand. Inside the condition of a
@@ -558,8 +545,10 @@ routines, use the macros from viralloc.h.
 
   virDomainPtr domain;
 
-  if (VIR_ALLOC(domain) < 0)
+  if (VIR_ALLOC(domain) < 0) {
+      virReportOOMError();
       return NULL;
+  }
 
 
 
@@ -568,8 +557,10 @@ routines, use the macros from viralloc.h.
   virDomainPtr domains;
   size_t ndomains = 10;
 
-  if (VIR_ALLOC_N(domains, ndomains) < 0)
+  if (VIR_ALLOC_N(domains, ndomains) < 0) {
+      virReportOOMError();
       return NULL;
+  }
 
 
 
@@ -578,8 +569,10 @@ routines, use the macros from viralloc.h.
   virDomainPtr *domains;
   size_t ndomains = 10;
 
-  if (VIR_ALLOC_N(domains, ndomains) < 0)
+  if (VIR_ALLOC_N(domains, ndomains) < 0) {
+      virReportOOMError();
       return NULL;
+  }
 
 
 
@@ -590,8 +583,10 @@ recommended only for smaller arrays):
   virDomainPtr domains;
   size_t ndomains = 0;
 
-  if (VIR_EXPAND_N(domains, ndomains, 1) < 0)
+  if (VIR_EXPAND_N(domains, ndomains, 1) < 0) {
+      virReportOOMError();
       return NULL;
+  }
   domains[ndomains - 1] = domain;
 
 
@@ -603,8 +598,10 @@ scales better, but requires tracking allocation separately from usage)
   size_t ndomains = 0;
   size_t ndomains_max = 0;
 
-  if (VIR_RESIZE_N(domains, ndomains_max, ndomains, 1) < 0)
+  if (VIR_RESIZE_N(domains, ndomains_max, ndomains, 1) < 0) {
+      virReportOOMError();
       return NULL;
+  }
   domains[ndomains++] = domain;
 
 
@@ -906,7 +903,9 @@ logic would be better pulled out into a helper function.
 
 Although libvirt does not encourage the Linux kernel wind/unwind style of
 multiple labels, there's a good general discussion of the issue archived at
-KernelTrap <http://kerneltrap.org/node/553/2131>
+
+  KernelTrap
+  http://kerneltrap.org/node/553/2131
 
 When using goto, please use one of these standard labels if it makes sense:
 
@@ -915,16 +914,6 @@ When using goto, please use one of these standard labels if it makes sense:
   no_memory: A path only taken upon return with an OOM error code
       retry: If needing to jump upwards (e.g., retry on EINTR)
 
-Top-level labels should be indented by one space (putting them on the
-beginning of the line confuses function context detection in git):
-
-int foo()
-{
-    /* ... do stuff ... */
- cleanup:
-    /* ... do other stuff ... */
-}
-
 
 Libvirt committer guidelines
 ============================

Makefile.am

@@ -19,37 +19,33 @@
 LCOV = lcov
 GENHTML = genhtml
 
-SUBDIRS = . gnulib/lib include src daemon tools docs gnulib/tests \
-  tests po examples/object-events examples/hellolibvirt \
-  examples/dominfo examples/domsuspend examples/apparmor \
-  examples/xml/nwfilter examples/openauth examples/systemtap \
-  tools/wireshark examples/dommigrate \
-  examples/lxcconvert
+SUBDIRS = gnulib/lib include src daemon tools docs gnulib/tests \
+  python tests po examples/domain-events/events-c examples/hellolibvirt \
+  examples/dominfo examples/domsuspend examples/python examples/apparmor \
+  examples/xml/nwfilter examples/openauth examples/systemtap
 
-ACLOCAL_AMFLAGS = -I m4
+ACLOCAL_AMFLAGS = -I m4 -I gnulib/m4
 
 XML_EXAMPLES = \
   $(patsubst $(srcdir)/%,%,$(wildcard $(addprefix $(srcdir)/examples/xml/, \
 					test/*.xml storage/*.xml)))
 
 EXTRA_DIST = \
-  config-post.h \
   ChangeLog-old \
   libvirt.spec libvirt.spec.in \
   mingw-libvirt.spec.in \
   libvirt.pc.in \
-  libvirt-qemu.pc.in \
-  libvirt-lxc.pc.in \
   autobuild.sh \
   Makefile.nonreentrant \
   autogen.sh \
   cfg.mk \
+  examples/domain-events/events-python \
   run.in \
   AUTHORS.in \
   $(XML_EXAMPLES)
 
 pkgconfigdir = $(libdir)/pkgconfig
-pkgconfig_DATA = libvirt.pc libvirt-qemu.pc libvirt-lxc.pc
+pkgconfig_DATA = libvirt.pc
 
 NEWS: $(top_srcdir)/docs/news.xsl $(top_srcdir)/docs/news.html.in
 	$(AM_V_GEN)if [ -x $(XSLTPROC) ] ; then			\
@@ -59,13 +55,10 @@ NEWS: $(top_srcdir)/docs/news.xsl $(top_srcdir)/docs/news.html.in
 	   | perl -pe 's/[ \t]+$$//'				\
 	   > $@-t && mv $@-t $@ ; fi
 
-$(top_srcdir)/HACKING: $(top_srcdir)/docs/hacking1.xsl \
-			$(top_srcdir)/docs/hacking2.xsl \
-			$(top_srcdir)/docs/wrapstring.xsl \
-			$(top_srcdir)/docs/hacking.html.in
+$(top_srcdir)/HACKING: $(top_srcdir)/docs/hacking1.xsl $(top_srcdir)/docs/hacking2.xsl \
+                       $(top_srcdir)/docs/wrapstring.xsl $(top_srcdir)/docs/hacking.html.in
 	$(AM_V_GEN)if [ -x $(XSLTPROC) ] ; then \
-	   $(XSLTPROC) --nonet $(top_srcdir)/docs/hacking1.xsl \
-		$(top_srcdir)/docs/hacking.html.in | \
+	   $(XSLTPROC) --nonet $(top_srcdir)/docs/hacking1.xsl $(top_srcdir)/docs/hacking.html.in | \
 	   $(XSLTPROC) --nonet $(top_srcdir)/docs/hacking2.xsl - \
 	   | perl -0777 -pe 's/\n\n+$$/\n/' \
 	   > $@-t && mv $@-t $@ ; fi;
@@ -75,6 +68,11 @@ rpm: clean
 
 check-local: all tests
 
+tests:
+	@(cd docs/examples ; $(MAKE) MAKEFLAGS+=--silent tests)
+	@(if [ "$(pythondir)" != "" ] ; then cd python ; \
+	  $(MAKE) MAKEFLAGS+=--silent tests ; fi)
+
 cov: clean-cov
 	mkdir $(top_builddir)/coverage
 	$(LCOV) -c -o $(top_builddir)/coverage/libvirt.info.tmp \

README-hacking

@@ -15,7 +15,7 @@ Specific development tools and versions will be checked for and listed by
 the bootstrap script.
 
 Valgrind <http://valgrind.org/> is also highly recommended, if
-Valgrind supports your architecture.
+Valgrind supports your architecture. See also README-valgrind.
 
 While building from a just-cloned source tree may require installing a
 few prerequisites, later, a plain `git pull && make' should be sufficient.

autobuild.sh

@@ -8,13 +8,6 @@ set -v
 test -n "$1" && RESULTS=$1 || RESULTS=results.log
 : ${AUTOBUILD_INSTALL_ROOT=$HOME/builder}
 
-# If run under the autobuilder, we must use --nodeps with rpmbuild;
-# but this can lead to odd error diagnosis for normal development.
-nodeps=
-if test "${AUTOBUILD_COUNTER+set}"; then
-  nodeps=--nodeps
-fi
-
 test -f Makefile && make -k distclean || :
 rm -rf coverage
 
@@ -67,7 +60,7 @@ else
 fi
 
 if test -f /usr/bin/rpmbuild ; then
-  rpmbuild $nodeps \
+  rpmbuild --nodeps \
      --define "extra_release $EXTRA_RELEASE" \
      --define "_sourcedir `pwd`" \
      -ba --clean libvirt.spec
@@ -85,7 +78,9 @@ if test -x /usr/bin/i686-w64-mingw32-gcc ; then
     --host=i686-w64-mingw32 \
     --prefix="$AUTOBUILD_INSTALL_ROOT/i686-w64-mingw32/sys-root/mingw" \
     --enable-expensive-tests \
-    --enable-werror
+    --enable-werror \
+    --without-libvirtd \
+    --without-python
 
   make
   make install
@@ -104,7 +99,9 @@ if test -x /usr/bin/x86_64-w64-mingw32-gcc ; then
     --host=x86_64-w64-mingw32 \
     --prefix="$AUTOBUILD_INSTALL_ROOT/x86_64-w64-mingw32/sys-root/mingw" \
     --enable-expensive-tests \
-    --enable-werror
+    --enable-werror \
+    --without-libvirtd \
+    --without-python
 
   make
   make install
@@ -114,7 +111,7 @@ fi
 
 if test -x /usr/bin/i686-w64-mingw32-gcc && test -x /usr/bin/x86_64-w64-mingw32-gcc ; then
   if test -f /usr/bin/rpmbuild ; then
-    rpmbuild $nodeps \
+    rpmbuild --nodeps \
        --define "extra_release $EXTRA_RELEASE" \
        --define "_sourcedir `pwd`" \
        -ba --clean mingw-libvirt.spec

autogen.sh

@@ -35,7 +35,7 @@ if test -z "$NOCONFIGURE" ; then
     echo "Running ./configure with $EXTRA_ARGS $@"
   else
     if test -z "$*" && test ! -f "$THEDIR/config.status"; then
-        echo "I am going to run ./configure with no arguments - if you wish"
+        echo "I am going to run ./configure with no arguments - if you wish "
         echo "to pass any to it, please specify them on the $0 command line."
     fi
   fi
@@ -64,7 +64,7 @@ bootstrap_hash()
 # like to run 'git clean -x -f po' to fix it; but only ./bootstrap regenerates
 # the required file po/Makevars.
 # Only run bootstrap from a git checkout, never from a tarball.
-if test -d .git || test -f .git; then
+if test -d .git; then
     curr_status=.git-module-status t=
     if test "$no_git"; then
         t=no-git

bootstrap

@@ -1,10 +1,10 @@
 #! /bin/sh
 # Print a version string.
-scriptversion=2013-12-05.23; # UTC
+scriptversion=2013-07-03.20; # UTC
 
 # Bootstrap this package from checked-out sources.
 
-# Copyright (C) 2003-2014 Free Software Foundation, Inc.
+# Copyright (C) 2003-2013 Free Software Foundation, Inc.
 
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -209,16 +209,12 @@ bootstrap_sync=false
 # Use git to update gnulib sources
 use_git=true
 
-check_exists() {
-  ($1 --version </dev/null) >/dev/null 2>&1
-  test $? -lt 126
-}
-
 # find_tool ENVVAR NAMES...
 # -------------------------
 # Search for a required program.  Use the value of ENVVAR, if set,
-# otherwise find the first of the NAMES that can be run.
-# If found, set ENVVAR to the program name, die otherwise.
+# otherwise find the first of the NAMES that can be run (i.e.,
+# supports --version).  If found, set ENVVAR to the program name,
+# die otherwise.
 #
 # FIXME: code duplication, see also gnu-web-doc-update.
 find_tool ()
@@ -228,21 +224,27 @@ find_tool ()
   find_tool_names=$@
   eval "find_tool_res=\$$find_tool_envvar"
   if test x"$find_tool_res" = x; then
-    for i; do
-      if check_exists $i; then
-        find_tool_res=$i
-        break
+    for i
+    do
+      if ($i --version </dev/null) >/dev/null 2>&1; then
+       find_tool_res=$i
+       break
       fi
     done
+  else
+    find_tool_error_prefix="\$$find_tool_envvar: "
   fi
-  if test x"$find_tool_res" = x; then
-    warn_ "one of these is required: $find_tool_names;"
-    die   "alternatively set $find_tool_envvar to a compatible tool"
-  fi
+  test x"$find_tool_res" != x \
+    || die "one of these is required: $find_tool_names"
+  ($find_tool_res --version </dev/null) >/dev/null 2>&1 \
+    || die "${find_tool_error_prefix}cannot run $find_tool_res --version"
   eval "$find_tool_envvar=\$find_tool_res"
   eval "export $find_tool_envvar"
 }
 
+# Find sha1sum, named gsha1sum on MacPorts, and shasum on Mac OS X 10.6.
+find_tool SHA1SUM sha1sum gsha1sum shasum
+
 # Override the default configuration, if necessary.
 # Make sure that bootstrap.conf is sourced from the current directory
 # if we were invoked as "sh bootstrap".
@@ -324,7 +326,7 @@ insert_if_absent() {
     die "Error: Duplicate entries in $file: " $duplicate_entries
   fi
   linesold=$(gitignore_entries $file | wc -l)
-  linesnew=$( { echo "$str"; cat $file; } | gitignore_entries | sort -u | wc -l)
+  linesnew=$(echo "$str" | gitignore_entries - $file | sort -u | wc -l)
   if [ $linesold != $linesnew ] ; then
     { echo "$str" | cat - $file > $file.bak && mv $file.bak $file; } \
       || die "insert_if_absent $file $str: failed"
@@ -467,7 +469,8 @@ check_versions() {
     if [ "$req_ver" = "-" ]; then
       # Merely require app to exist; not all prereq apps are well-behaved
       # so we have to rely on $? rather than get_version.
-      if ! check_exists $app; then
+      $app --version >/dev/null 2>&1
+      if [ 126 -le $? ]; then
         warn_ "Error: '$app' not found"
         ret=1
       fi
@@ -500,12 +503,6 @@ print_versions() {
   # can't depend on column -t
 }
 
-# Find sha1sum, named gsha1sum on MacPorts, shasum on Mac OS X 10.6.
-# Also find the compatible sha1 utility on the BSDs
-if test x"$SKIP_PO" = x; then
-  find_tool SHA1SUM sha1sum gsha1sum shasum sha1
-fi
-
 use_libtool=0
 # We'd like to use grep -E, to see if any of LT_INIT,
 # AC_PROG_LIBTOOL, AM_PROG_LIBTOOL is used in configure.ac,
@@ -551,21 +548,13 @@ if ! printf "$buildreq" | check_versions; then
   fi
 fi
 
-# Warn the user if autom4te appears to be broken; this causes known
-# issues with at least gettext 0.18.3.
-probe=$(echo 'm4_quote([hi])' | autom4te -l M4sugar -t 'm4_quote:$%' -)
-if test "x$probe" != xhi; then
-  warn_ "WARNING: your autom4te wrapper eats stdin;"
-  warn_ "if bootstrap fails, consider upgrading your autotools"
-fi
-
 echo "$0: Bootstrapping from checked-out $package sources..."
 
 # See if we can use gnulib's git-merge-changelog merge driver.
-if $use_git && test -d .git && check_exists git; then
+if $use_git && test -d .git && (git --version) >/dev/null 2>/dev/null ; then
   if git config merge.merge-changelog.driver >/dev/null ; then
     :
-  elif check_exists git-merge-changelog; then
+  elif (git-merge-changelog --version) >/dev/null 2>/dev/null ; then
     echo "$0: initializing git-merge-changelog driver"
     git config merge.merge-changelog.name 'GNU-style ChangeLog merge driver'
     git config merge.merge-changelog.driver 'git-merge-changelog %O %A %B'
@@ -703,10 +692,11 @@ update_po_files() {
     cksum_file="$ref_po_dir/$po.s1"
     if ! test -f "$cksum_file" ||
         ! test -f "$po_dir/$po.po" ||
-        ! $SHA1SUM -c "$cksum_file" < "$new_po" > /dev/null 2>&1; then
+        ! $SHA1SUM -c --status "$cksum_file" \
+            < "$new_po" > /dev/null; then
       echo "$me: updated $po_dir/$po.po..."
       cp "$new_po" "$po_dir/$po.po" \
-          && $SHA1SUM < "$new_po" > "$cksum_file" || return
+          && $SHA1SUM < "$new_po" > "$cksum_file"
     fi
   done
 }

bootstrap.conf

@@ -93,7 +93,6 @@ recv
 regex
 random_r
 sched
-secure_getenv
 send
 setenv
 setsockopt
@@ -176,11 +175,11 @@ fi
 # Tell gnulib to:
 #   require LGPLv2+
 #   apply any local diffs in gnulib/local/ dir
-#   put *.m4 files in m4/ dir
+#   put *.m4 files in new gnulib/m4/ dir
 #   put *.[ch] files in new gnulib/lib/ dir
 #   import gnulib tests in new gnulib/tests/ dir
 gnulib_name=libgnu
-m4_base=m4
+m4_base=gnulib/m4
 source_base=gnulib/lib
 tests_base=gnulib/tests
 gnulib_tool_option_extras="\
@@ -192,6 +191,11 @@ gnulib_tool_option_extras="\
 "
 local_gl_dir=gnulib/local
 
+# Convince bootstrap to use multiple m4 directories.
+: ${ACLOCAL=aclocal}
+ACLOCAL="$ACLOCAL -I m4"
+export ACLOCAL
+
 # Build prerequisites
 # Note that some of these programs are only required for 'make dist' to
 # succeed from a fresh git checkout; not all of these programs are
@@ -237,11 +241,13 @@ gnulib_extra_files="
 "
 
 
-bootstrap_post_import_hook()
+bootstrap_epilogue()
 {
   # Change paths in gnulib/tests/gnulib.mk from "../../.." to "../..",
-  # and make tests conditional by changing "TESTS" to "GNULIB_TESTS".
+  # and make tests conditional by changing "TESTS" to "GNULIB_TESTS",
+  # then ensure that gnulib/tests/Makefile.in is up-to-date.
   m=gnulib/tests/gnulib.mk
   sed 's,\.\./\.\./\.\.,../..,g; s/^TESTS /GNULIB_TESTS /' $m > $m-t
   mv -f $m-t $m
+  ${AUTOMAKE-automake} gnulib/tests/Makefile
 }

build-aux/bracket-spacing.pl

@@ -32,8 +32,8 @@ foreach my $file (@ARGV) {
     while (defined (my $line = <FILE>)) {
         my $data = $line;
 
-        # Kill any quoted , ; or "
-        $data =~ s/'[";,]'/'X'/g;
+        # Kill any quoted ; or "
+        $data =~ s,'[";]','X',g;
 
         # Kill any quoted strings
         $data =~ s,"([^\\\"]|\\.)*","XXX",g;
@@ -92,8 +92,8 @@ foreach my $file (@ARGV) {
 
         # Require whitespace immediately after keywords,
         # but none after the opening bracket
-        while ($data =~ /\b(if|for|while|switch|return)\(/ ||
-               $data =~ /\b(if|for|while|switch|return)\s+\(\s/) {
+        while ($data =~ /(if|for|while|switch|return)\(/ ||
+               $data =~ /(if|for|while|switch|return)\s+\(\s/) {
             print "$file:$.: $line";
             $ret = 1;
             last;
@@ -114,7 +114,7 @@ foreach my $file (@ARGV) {
             last;
         }
 
-        # Forbid whitespace before ";" or ",". Things like below are allowed:
+        # Forbid whitespace before ";". Things like below are allowed:
         #
         # 1) The expression is empty for "for" loop. E.g.
         #   for (i = 0; ; i++)
@@ -124,7 +124,7 @@ foreach my $file (@ARGV) {
         #          errno == EINTR)
         #       ;
         #
-        while ($data =~ /[^;\s]\s+[;,]/) {
+        while ($data =~ /[^;\s]\s+;/) {
             print "$file:$.: $line";
             $ret = 1;
             last;
@@ -137,24 +137,6 @@ foreach my $file (@ARGV) {
             $ret = 1;
             last;
         }
-
-        # Require EOL, space, or enum/struct end after comma.
-        while ($data =~ /,[^ \\\n)}]/) {
-            print "$file:$.: $line";
-            $ret = 1;
-            last;
-        }
-
-        # Require spaces around assignment '=', compounds and '=='
-        # with the exception of virAssertCmpInt()
-        while ($data =~ /[^!<>&|\-+*\/%\^'= ]=\+[^=]/ ||
-               $data =~ /[^!<>&|\-+*\/%\^'=]=[^= \\\n]/ ||
-               $data =~ /[\S]==/ ||
-               ($data =~ /==[^\s,]/ && $data !~ /[\s]virAssertCmpInt\(/)) {
-            print "$file:$.: $line";
-            $ret = 1;
-            last;
-        }
     }
     close FILE;
 }

cfg.mk

@@ -1,5 +1,5 @@
 # Customize Makefile.maint.                           -*- makefile -*-
-# Copyright (C) 2008-2014 Red Hat, Inc.
+# Copyright (C) 2008-2013 Red Hat, Inc.
 # Copyright (C) 2003-2008 Free Software Foundation, Inc.
 
 # This program is free software: you can redistribute it and/or modify
@@ -33,9 +33,8 @@ gnulib_dir = $(srcdir)/.gnulib
 # This is all gnulib files, as well as generated files for RPC code.
 generated_files = \
   $(srcdir)/daemon/*_dispatch.h \
-  $(srcdir)/src/*/*_dispatch.h \
   $(srcdir)/src/remote/*_client_bodies.h \
-  $(srcdir)/src/*/*_protocol.[ch] \
+  $(srcdir)/src/remote/*_protocol.[ch] \
   $(srcdir)/gnulib/lib/*.[ch]
 
 # We haven't converted all scripts to using gnulib's init.sh yet.
@@ -90,7 +89,7 @@ endif
 
 # Files that should never cause syntax check failures.
 VC_LIST_ALWAYS_EXCLUDE_REGEX = \
-  (^(HACKING|docs/(news\.html\.in|.*\.patch))|\.(po|fig|gif|ico|png))$$
+  (^(HACKING|docs/(news\.html\.in|.*\.patch))|\.po)$$
 
 # Functions like free() that are no-ops on NULL arguments.
 useless_free_options =				\
@@ -125,8 +124,9 @@ useless_free_options =				\
   --name=virDomainDeviceDefFree			\
   --name=virDomainDiskDefFree			\
   --name=virDomainEventCallbackListFree		\
-  --name=virObjectEventQueueFree		\
-  --name=virObjectEventStateFree		\
+  --name=virDomainEventFree			\
+  --name=virDomainEventQueueFree		\
+  --name=virDomainEventStateFree		\
   --name=virDomainFSDefFree			\
   --name=virDomainGraphicsDefFree		\
   --name=virDomainHostdevDefFree		\
@@ -204,6 +204,7 @@ useless_free_options =				\
 # y virDomainDeviceDefFree
 # y virDomainDiskDefFree
 # y virDomainEventCallbackListFree
+# y virDomainEventFree
 # y virDomainEventQueueFree
 # y virDomainFSDefFree
 # n virDomainFree
@@ -421,12 +422,6 @@ sc_prohibit_gethostname:
 	halt='use virGetHostname, not gethostname'			\
 	  $(_sc_search_regexp)
 
-sc_prohibit_readdir:
-	@prohibit='\breaddir *\('					\
-	exclude='exempt from syntax-check'				\
-	halt='use virDirRead, not readdir'				\
-	  $(_sc_search_regexp)
-
 sc_prohibit_gettext_noop:
 	@prohibit='gettext_noop *\('					\
 	halt='use N_, not gettext_noop'					\
@@ -472,18 +467,6 @@ sc_correct_id_types:
 	halt="use pid_t for pid, uid_t for uid, gid_t for gid"		\
 	  $(_sc_search_regexp)
 
-# "const fooPtr a" is the same as "foo * const a", even though it is
-# usually desired to have "foo const *a".  It's easier to just prevent
-# the confusing mix of typedef vs. const placement.
-# Also requires that all 'fooPtr' typedefs are actually pointers.
-sc_forbid_const_pointer_typedef:
-	@prohibit='(^|[^"])const \w*Ptr'				\
-	halt='"const fooPtr var" does not declare what you meant'	\
-	  $(_sc_search_regexp)
-	@prohibit='typedef [^(]+ [^*]\w*Ptr\b'				\
-	halt='use correct style and type for Ptr typedefs'		\
-	  $(_sc_search_regexp)
-
 # Forbid sizeof foo or sizeof (foo), require sizeof(foo)
 sc_size_of_brackets:
 	@prohibit='sizeof\s'						\
@@ -523,11 +506,6 @@ sc_prohibit_virBufferAsprintf_with_string_literal:
 	halt='use virBufferAddLit, not virBufferAsprintf, with a string literal' \
 	  $(_sc_search_regexp)
 
-sc_forbid_manual_xml_indent:
-	@prohibit='virBuffer.*" +<'					      \
-	halt='use virBufferAdjustIndent instead of spaces when indenting xml' \
-	  $(_sc_search_regexp)
-
 # Not only do they fail to deal well with ipv6, but the gethostby*
 # functions are also not thread-safe.
 sc_prohibit_gethostby:
@@ -567,23 +545,6 @@ sc_avoid_attribute_unused_in_header:
 	halt='use ATTRIBUTE_UNUSED in .c rather than .h files'		\
 	  $(_sc_search_regexp)
 
-sc_prohibit_int_ijk:
-	@prohibit='\<(int|unsigned) ([^(]* )*(i|j|k)\>(\s|,|;)'		\
-	halt='use size_t, not int/unsigned int for loop vars i, j, k'	\
-	  $(_sc_search_regexp)
-
-sc_prohibit_loop_iijjkk:
-	@prohibit='\<(int|unsigned) ([^=]+ )*(ii|jj|kk)\>(\s|,|;)'	\
-	halt='use i, j, k for loop iterators, not ii, jj, kk' 		\
-	  $(_sc_search_regexp)
-
-# RHEL 5 gcc can't grok "for (int i..."
-sc_prohibit_loop_var_decl:
-	@prohibit='\<for *\(\w+[ *]+\w+'				\
-	in_vc_files='\.[ch]$$'						\
-	halt='declare loop iterators outside the for statement'		\
-	  $(_sc_search_regexp)
-
 # Many of the function names below came from this filter:
 # git grep -B2 '\<_('|grep -E '\.c- *[[:alpha:]_][[:alnum:]_]* ?\(.*[,;]$' \
 # |sed 's/.*\.c-  *//'|perl -pe 's/ ?\(.*//'|sort -u \
@@ -596,6 +557,16 @@ msg_gen_function += regerror
 msg_gen_function += vah_error
 msg_gen_function += vah_warning
 msg_gen_function += virGenericReportError
+msg_gen_function += virLibConnError
+msg_gen_function += virLibDomainError
+msg_gen_function += virLibDomainSnapshotError
+msg_gen_function += virLibInterfaceError
+msg_gen_function += virLibNetworkError
+msg_gen_function += virLibNodeDeviceError
+msg_gen_function += virLibNWFilterError
+msg_gen_function += virLibSecretError
+msg_gen_function += virLibStoragePoolError
+msg_gen_function += virLibStorageVolError
 msg_gen_function += virRaiseError
 msg_gen_function += virReportError
 msg_gen_function += virReportErrorHelper
@@ -625,7 +596,7 @@ sc_libvirt_unmarked_diagnostics:
 	  $(_sc_search_regexp)
 	@{ grep     -nE '\<$(func_re) *\(.*;$$' $$($(VC_LIST_EXCEPT));   \
 	   grep -A1 -nE '\<$(func_re) *\(.*,$$' $$($(VC_LIST_EXCEPT)); } \
-	   | $(SED) 's/_("\([^\"]\|\\.\)\+"//;s/[	 ]"%s"//'		\
+	   | sed 's/_("\([^\"]\|\\.\)\+"//;s/[	 ]"%s"//'		\
 	   | grep '[	 ]"' &&						\
 	  { echo '$(ME): found unmarked diagnostic(s)' 1>&2;		\
 	    exit 1; } || :
@@ -650,7 +621,7 @@ sc_prohibit_newline_at_end_of_diagnostic:
 sc_prohibit_diagnostic_without_format:
 	@{ grep     -nE '\<$(func_re) *\(.*;$$' $$($(VC_LIST_EXCEPT));   \
 	   grep -A2 -nE '\<$(func_re) *\(.*,$$' $$($(VC_LIST_EXCEPT)); } \
-	   | $(SED) -rn -e ':l; /[,"]$$/ {N;b l;}'				 \
+	   | sed -rn -e ':l; /[,"]$$/ {N;b l;}'				 \
 		-e '/(xenapiSessionErrorHandler|vah_(error|warning))/d'	 \
 		-e '/\<$(func_re) *\([^"]*"([^%"]|"\n[^"]*")*"[,)]/p'	 \
            | grep -vE 'VIR_ERROR' &&					 \
@@ -672,7 +643,7 @@ sc_prohibit_useless_translation:
 # or \n on one side of the split.
 sc_require_whitespace_in_translation:
 	@grep -n -A1 '"$$' $$($(VC_LIST_EXCEPT))   			\
-	   | $(SED) -ne ':l; /"$$/ {N;b l;}; s/"\n[^"]*"/""/g; s/\\n/ /g'	\
+	   | sed -ne ':l; /"$$/ {N;b l;}; s/"\n[^"]*"/""/g; s/\\n/ /g'	\
 		-e '/_(.*[^\ ]""[^\ ]/p' | grep . &&			\
 	  { echo '$(ME): missing whitespace at line split' 1>&2;	\
 	    exit 1; } || :
@@ -692,11 +663,11 @@ sc_preprocessor_indentation:
 sc_spec_indentation:
 	@if cppi --version >/dev/null 2>&1; then			\
 	  for f in $$($(VC_LIST_EXCEPT) | grep '\.spec\.in$$'); do	\
-	    $(SED) -e 's|#|// #|; s|%ifn*\(arch\)* |#if a // |'		\
+	    sed -e 's|#|// #|; s|%ifn*\(arch\)* |#if a // |'		\
 		-e 's/%\(else\|endif\|define\)/#\1/'			\
 		-e 's/^\( *\)\1\1\1#/#\1/'				\
 		-e 's|^\( *[^#/ ]\)|// \1|; s|^\( */[^/]\)|// \1|' $$f	\
-	    | cppi -a -c 2>&1 | $(SED) "s|standard input|$$f|";		\
+	    | cppi -a -c 2>&1 | sed "s|standard input|$$f|";		\
 	  done | { if grep . >&2; then false; else :; fi; }		\
 	    || { echo '$(ME): incorrect preprocessor indentation' 1>&2;	\
 		exit 1; };						\
@@ -704,27 +675,6 @@ sc_spec_indentation:
 	  echo '$(ME): skipping test $@: cppi not installed' 1>&2;	\
 	fi
 
-# Nested conditionals are easier to understand if we enforce that endifs
-# can be paired back to the if
-sc_makefile_conditionals:
-	@prohibit='(else|endif)($$| *#)'				\
-	in_vc_files='Makefile\.am'					\
-	halt='match "if FOO" with "endif FOO" in Makefiles'		\
-	  $(_sc_search_regexp)
-
-# Long lines can be harder to diff; too long, and git send-email chokes.
-# For now, only enforce line length on files where we have intentionally
-# fixed things and don't want to regress.
-sc_prohibit_long_lines:
-	@prohibit='.{90}'						\
-	in_vc_files='\.arg[sv]'						\
-	halt='Wrap long lines in expected output files'			\
-	  $(_sc_search_regexp)
-	@prohibit='.{80}'						\
-	in_vc_files='Makefile\.am'					\
-	halt='Wrap long lines in Makefiles'				\
-	  $(_sc_search_regexp)
-
 sc_copyright_format:
 	@require='Copyright .*Red 'Hat', Inc\.'				\
 	containing='Copyright .*Red 'Hat				\
@@ -766,17 +716,16 @@ sc_prohibit_gettext_markup:
 # lower-level code must not include higher-level headers.
 cross_dirs=$(patsubst $(srcdir)/src/%.,%,$(wildcard $(srcdir)/src/*/.))
 cross_dirs_re=($(subst / ,/|,$(cross_dirs)))
-mid_dirs=access|conf|cpu|locking|network|node_device|rpc|security|storage
 sc_prohibit_cross_inclusion:
 	@for dir in $(cross_dirs); do					\
 	  case $$dir in							\
 	    util/) safe="util";;					\
-	    access/ | conf/) safe="($$dir|conf|util)";;			\
-	    locking/) safe="($$dir|util|conf|rpc)";;			\
-	    cpu/| network/| node_device/| rpc/| security/| storage/)	\
-	      safe="($$dir|util|conf|storage)";;			\
+	    locking/)							\
+	      safe="($$dir|util|conf|rpc)";;				\
+	    cpu/ | locking/ | network/ | rpc/ | security/)		\
+	      safe="($$dir|util|conf)";;				\
 	    xenapi/ | xenxs/ ) safe="($$dir|util|conf|xen)";;		\
-	    *) safe="($$dir|$(mid_dirs)|util)";;			\
+	    *) safe="($$dir|util|conf|cpu|network|locking|rpc|security)";; \
 	  esac;								\
 	  in_vc_files="^src/$$dir"					\
 	  prohibit='^# *include .$(cross_dirs_re)'			\
@@ -789,7 +738,7 @@ sc_prohibit_cross_inclusion:
 # elements added to the enum by using a _LAST marker.
 sc_require_enum_last_marker:
 	@grep -A1 -nE '^[^#]*VIR_ENUM_IMPL *\(' $$($(VC_LIST_EXCEPT))	\
-	   | $(SED) -ne '/VIR_ENUM_IMPL[^,]*,$$/N'				\
+	   | sed -ne '/VIR_ENUM_IMPL[^,]*,$$/N'				\
 	     -e '/VIR_ENUM_IMPL[^,]*,[^,]*[^_,][^L,][^A,][^S,][^T,],/p'	\
 	     -e '/VIR_ENUM_IMPL[^,]*,[^,]\{0,4\},/p'			\
 	   | grep . &&							\
@@ -857,96 +806,10 @@ sc_prohibit_config_h_in_headers:
 	halt='headers should not include <config.h>'			\
 	  $(_sc_search_regexp)
 
-sc_prohibit_unbounded_arrays_in_rpc:
-	@prohibit='<>'							\
-	in_vc_files='\.x$$'						\
-	halt='Arrays in XDR must have a upper limit set for <NNN>'	\
-	  $(_sc_search_regexp)
-
-sc_prohibit_getenv:
-	@prohibit='\b(secure_)?getenv *\('				\
-	exclude='exempt from syntax-check'				\
-	halt='Use virGetEnv{Allow,Block}SUID instead of getenv'		\
-	  $(_sc_search_regexp)
-
-sc_prohibit_atoi:
-	@prohibit='\bato(i|f|l|ll|q) *\('	\
-	halt='Use virStrToLong* instead of atoi, atol, atof, atoq, atoll' \
-	  $(_sc_search_regexp)
-
-sc_prohibit_wrong_filename_in_comment:
-	@fail=0;                                                       \
-	awk 'BEGIN {                                                   \
-	  fail=0;                                                      \
-	} FNR < 3 {                                                    \
-	  n=match($$0, /[[:space:]][^[:space:]]*[.][ch][[:space:]:]/); \
-	  if (n > 0) {                                                 \
-	    A=substr($$0, RSTART+1, RLENGTH-2);                        \
-	    n=split(FILENAME, arr, "/");                               \
-	    if (A != arr[n]) {                                         \
-	      print "in " FILENAME ": " A " mentioned in comments ";   \
-	      fail=1;                                                  \
-	    }                                                          \
-	  }                                                            \
-	} END {                                                        \
-	  if (fail == 1) {                                             \
-	    exit 1;                                                    \
-	  }                                                            \
-	}' $$($(VC_LIST_EXCEPT) | grep '\.[ch]$$') || fail=1;          \
-	if test $$fail -eq 1; then                                     \
-	  { echo '$(ME): The file name in comments must match the'     \
-	    'actual file name' 1>&2; exit 1; }	                       \
-	fi;
-
-sc_prohibit_virConnectOpen_in_virsh:
-	@prohibit='\bvirConnectOpen[a-zA-Z]* *\('                      \
-	in_vc_files='^tools/virsh-.*\.[ch]$$'                          \
-	halt='Use vshConnect() in virsh instead of virConnectOpen*'    \
-	  $(_sc_search_regexp)
-
-sc_require_space_before_label:
-	@prohibit='^(   ?)?[_a-zA-Z0-9]+:$$'                           \
-	in_vc_files='\.[ch]$$'                                         \
-	halt="Top-level labels should be indented by one space"        \
-	  $(_sc_search_regexp)
-
-sc_curly_braces_style:
-	@files=$$($(VC_LIST_EXCEPT) | grep '\.[ch]$$');                \
-	$(GREP) -nHP                                                   \
-'^\s*(?!([a-zA-Z_]*for_?each[a-zA-Z_]*) ?\()([_a-zA-Z0-9]+( [_a-zA-Z0-9]+)* ?\()?(\*?[_a-zA-Z0-9]+(,? \*?[_a-zA-Z0-9\[\]]+)+|void)\) ?\{' \
-	$$files && { echo '$(ME): Non-K&R style used for curly'        \
-			  'braces around function body, see'           \
-			  'HACKING' 1>&2; exit 1; } || :
-
-sc_prohibit_windows_special_chars_in_filename:
-	@files=$$($(VC_LIST_EXCEPT) | grep '[:*?"<>|]');               \
-	test -n "$$files" && { echo '$(ME): Windows special chars'     \
-	  'in filename not allowed:' 1>&2; echo $$files 1>&2; exit 1; } || :
-
-sc_prohibit_mixed_case_abbreviations:
-	@prohibit='Pci|Usb|Scsi'			\
-	in_vc_files='\.[ch]$$'				\
-	halt='Use PCI, USB, SCSI, not Pci, Usb, Scsi'	\
-	  $(_sc_search_regexp)
-
-# Require #include <locale.h> in all files that call setlocale()
-sc_require_locale_h:
-	@require='include.*locale\.h'					\
-	containing='setlocale *('					\
-	halt='setlocale() requires <locale.h>'				\
-	  $(_sc_search_regexp)
-
-sc_prohibit_empty_first_line:
-	@awk 'BEGIN { fail=0; }						\
-	FNR == 1 { if ($$0 == "") { print FILENAME ":1:"; fail=1; } }	\
-	END { if (fail == 1) {						\
-	  print "$(ME): Prohibited empty first line" > "/dev/stderr";	\
-	} exit fail; }' $$($(VC_LIST_EXCEPT));
 
 # We don't use this feature of maint.mk.
 prev_version_file = /dev/null
 
-ifneq ($(_gl-Makefile),)
 ifeq (0,$(MAKELEVEL))
   _curr_status = .git-module-status
   # The sed filter accommodates those who check out on a commit from which
@@ -959,7 +822,7 @@ ifeq (0,$(MAKELEVEL))
   # b653eda3ac4864de205419d9f41eec267cb89eeb
   #
   # Keep this logic in sync with autogen.sh.
-  _submodule_hash = $(SED) 's/^[ +-]//;s/ .*//'
+  _submodule_hash = sed 's/^[ +-]//;s/ .*//'
   _update_required := $(shell						\
       cd '$(srcdir)';							\
       test -d .git || { echo 0; exit; };				\
@@ -979,7 +842,6 @@ ifeq (0,$(MAKELEVEL))
 maint.mk Makefile: _autogen
   endif
 endif
-endif
 
 # It is necessary to call autogen any time gnulib changes.  Autogen
 # reruns configure, then we regenerate all Makefiles at once.
@@ -989,9 +851,7 @@ _autogen:
 	./config.status
 
 # regenerate HACKING as part of the syntax-check
-ifneq ($(_gl-Makefile),)
 syntax-check: $(top_srcdir)/HACKING bracket-spacing-check
-endif
 
 bracket-spacing-check:
 	$(AM_V_GEN)files=`$(VC_LIST) | grep '\.c$$'`; \
@@ -1015,17 +875,16 @@ $(srcdir)/src/remote/remote_client_bodies.h: $(srcdir)/src/remote/remote_protoco
 exclude_file_name_regexp--sc_avoid_strcase = ^tools/virsh\.h$$
 
 _src1=libvirt|fdstream|qemu/qemu_monitor|util/(vircommand|virfile)|xen/xend_internal|rpc/virnetsocket|lxc/lxc_controller|locking/lock_daemon
-_test1=shunloadtest|virnettlscontexttest|virnettlssessiontest|vircgroupmock
+_test1=shunloadtest|virnettlscontexttest|vircgroupmock
 exclude_file_name_regexp--sc_avoid_write = \
-  ^(src/($(_src1))|daemon/libvirtd|tools/virsh-console|tests/($(_test1)))\.c$$
+  ^(src/($(_src1))|daemon/libvirtd|tools/console|tests/($(_test1)))\.c$$
 
 exclude_file_name_regexp--sc_bindtextdomain = ^(tests|examples)/
 
 exclude_file_name_regexp--sc_copyright_usage = \
   ^COPYING(|\.LESSER)$$
 
-exclude_file_name_regexp--sc_flags_usage = \
-  ^(docs/|src/util/virnetdevtap\.c$$|tests/vir(cgroup|pci|usb)mock\.c$$)
+exclude_file_name_regexp--sc_flags_usage = ^(docs/|src/util/virnetdevtap\.c$$|tests/vircgroupmock\.c$$)
 
 exclude_file_name_regexp--sc_libvirt_unmarked_diagnostics = \
   ^(src/rpc/gendispatch\.pl$$|tests/)
@@ -1033,21 +892,24 @@ exclude_file_name_regexp--sc_libvirt_unmarked_diagnostics = \
 exclude_file_name_regexp--sc_po_check = ^(docs/|src/rpc/gendispatch\.pl$$)
 
 exclude_file_name_regexp--sc_prohibit_VIR_ERR_NO_MEMORY = \
-  ^(include/libvirt/virterror\.h|daemon/dispatch\.c|src/util/virerror\.c|docs/internals/oomtesting\.html\.in)$$
+  ^(include/libvirt/virterror\.h|daemon/dispatch\.c|src/util/virerror\.c)$$
 
 exclude_file_name_regexp--sc_prohibit_access_xok = ^src/util/virutil\.c$$
 
+exclude_file_name_regexp--sc_prohibit_always_true_header_tests = \
+  ^python/(libvirt-(lxc-|qemu-)?override|typewrappers)\.c$$
+
 exclude_file_name_regexp--sc_prohibit_asprintf = \
-  ^(bootstrap.conf$$|src/util/virstring\.[ch]$$|tests/vircgroupmock\.c$$)
+  ^(bootstrap.conf$$|src/util/virstring\.c$$|examples/domain-events/events-c/event-test\.c$$|tests/vircgroupmock\.c$$)
 
 exclude_file_name_regexp--sc_prohibit_strdup = \
-  ^(docs/|examples/|src/util/virstring\.c|tests/virnetserverclientmock.c$$)
+  ^(docs/|examples/|python/|src/util/virstring\.c$$)
 
 exclude_file_name_regexp--sc_prohibit_close = \
-  (\.p[yl]$$|^docs/|^(src/util/virfile\.c|src/libvirt\.c|tests/vir(cgroup|pci)mock\.c)$$)
+  (\.p[yl]$$|^docs/|^(src/util/virfile\.c|src/libvirt\.c|tests/vircgroupmock\.c)$$)
 
 exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF = \
-  (^tests/(qemuhelp|nodeinfo|virpcitest)data/|\.diff$$)
+  (^tests/(qemuhelp|nodeinfo)data/|\.(gif|ico|png|diff)$$)
 
 _src2=src/(util/vircommand|libvirt|lxc/lxc_controller|locking/lock_daemon)
 exclude_file_name_regexp--sc_prohibit_fork_wrappers = \
@@ -1062,10 +924,10 @@ exclude_file_name_regexp--sc_prohibit_newline_at_end_of_diagnostic = \
   ^src/rpc/gendispatch\.pl$$
 
 exclude_file_name_regexp--sc_prohibit_nonreentrant = \
-  ^((po|tests)/|docs/.*(py|html\.in)|run.in$$|tools/wireshark/util/genxdrstub\.pl$$)
+  ^((po|tests)/|docs/.*(py|html\.in)|run.in$$)
 
 exclude_file_name_regexp--sc_prohibit_raw_allocation = \
-  ^(docs/hacking\.html\.in)|(src/util/viralloc\.[ch]|examples/.*|tests/securityselinuxhelper\.c|tests/vircgroupmock\.c|tools/wireshark/src/packet-libvirt.c)$$
+  ^(docs/hacking\.html\.in)|(src/util/viralloc\.[ch]|examples/.*|tests/securityselinuxhelper\.c|tests/vircgroupmock\.c)$$
 
 exclude_file_name_regexp--sc_prohibit_readlink = \
   ^src/(util/virutil|lxc/lxc_container)\.c$$
@@ -1073,12 +935,12 @@ exclude_file_name_regexp--sc_prohibit_readlink = \
 exclude_file_name_regexp--sc_prohibit_setuid = ^src/util/virutil\.c$$
 
 exclude_file_name_regexp--sc_prohibit_sprintf = \
-  ^(docs/hacking\.html\.in)|(examples/systemtap/.*stp)|(src/dtrace2systemtap\.pl)|(src/rpc/gensystemtap\.pl)|(tools/wireshark/util/genxdrstub\.pl)$$
+  ^(docs/hacking\.html\.in)|(examples/systemtap/.*stp)|(src/dtrace2systemtap\.pl)|(src/rpc/gensystemtap\.pl)$$
 
 exclude_file_name_regexp--sc_prohibit_strncpy = ^src/util/virstring\.c$$
 
 exclude_file_name_regexp--sc_prohibit_strtol = \
-  ^(src/(util/virsexpr|(vbox|xen|xenxs)/.*)\.c)|(examples/domsuspend/suspend.c)$$
+  ^src/(util/virsexpr|(vbox|xen|xenxs)/.*)\.c$$
 
 exclude_file_name_regexp--sc_prohibit_xmlGetProp = ^src/util/virxml\.c$$
 
@@ -1093,7 +955,7 @@ exclude_file_name_regexp--sc_require_config_h_first = \
 	^(examples/|tools/virsh-edit\.c$$)
 
 exclude_file_name_regexp--sc_trailing_blank = \
-  /qemuhelpdata/|/sysinfodata/.*\.data|/nodeinfodata/.*\.cpuinfo$$
+  (/qemuhelpdata/|/sysinfodata/.*\.data|\.(fig|gif|ico|png)$$)
 
 exclude_file_name_regexp--sc_unmarked_diagnostics = \
   ^(docs/apibuild.py|tests/virt-aa-helper-test)$$
@@ -1106,22 +968,7 @@ exclude_file_name_regexp--sc_correct_id_types = \
 exclude_file_name_regexp--sc_m4_quote_check = m4/virt-lib.m4
 
 exclude_file_name_regexp--sc_prohibit_include_public_headers_quote = \
-  ^(src/internal\.h$$|tools/wireshark/src/packet-libvirt.h$$)
+  ^src/internal\.h$$
 
 exclude_file_name_regexp--sc_prohibit_include_public_headers_brackets = \
-  ^(tools/|examples/|include/libvirt/(virterror|libvirt-(qemu|lxc))\.h$$)
-
-exclude_file_name_regexp--sc_prohibit_int_ijk = \
-  ^(src/remote_protocol-structs|src/remote/remote_protocol.x|cfg.mk|include/)$
-
-exclude_file_name_regexp--sc_prohibit_getenv = \
-  ^tests/.*\.[ch]$$
-
-exclude_file_name_regexp--sc_avoid_attribute_unused_in_header = \
-  ^src/util/virlog\.h$$
-
-exclude_file_name_regexp--sc_prohibit_mixed_case_abbreviations = \
-  ^src/(vbox/vbox_CAPI.*.h|esx/esx_vi.(c|h)|esx/esx_storage_backend_iscsi.c)$$
-
-exclude_file_name_regexp--sc_prohibit_empty_first_line = \
-  ^(README|daemon/THREADS\.txt|src/esx/README|docs/library.xen|tests/vmwareverdata/fusion-5.0.3.txt|tests/nodeinfodata/linux-raspberrypi/cpu/offline)$$
+  ^(python/|tools/|examples/|include/libvirt/(virterror|libvirt-(qemu|lxc))\.h$$)

config-post.h

@@ -1,45 +0,0 @@
-/*
- * Copyright (C) 2013 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library.  If not, see
- * <http://www.gnu.org/licenses/>.
- */
-
-/*
- * Since virt-login-shell will be setuid, we must do everything
- * we can to avoid linking to other libraries. Many of them do
- * unsafe things in functions marked __atttribute__((constructor)).
- * The only way avoid to avoid such deps is to re-compile the
- * functions with the code in question disabled, and for that we
- * must override the main config.h rules. Hence this file :-(
- */
-
-#ifdef LIBVIRT_SETUID_RPC_CLIENT
-# undef HAVE_LIBDEVMAPPER_H
-# undef HAVE_LIBNL
-# undef HAVE_LIBNL3
-# undef HAVE_LIBSASL2
-# undef WITH_CAPNG
-# undef WITH_CURL
-# undef WITH_DTRACE_PROBES
-# undef WITH_GNUTLS
-# undef WITH_GNUTLS_GCRYPT
-# undef WITH_MACVTAP
-# undef WITH_NUMACTL
-# undef WITH_SASL
-# undef WITH_SSH2
-# undef WITH_VIRTUALPORT
-# undef WITH_YAJL
-# undef WITH_YAJL2
-#endif

daemon/Makefile.am

@@ -1,6 +1,6 @@
 ## Process this file with automake to produce Makefile.in
 
-## Copyright (C) 2005-2014 Red Hat, Inc.
+## Copyright (C) 2005-2013 Red Hat, Inc.
 ##
 ## This library is free software; you can redistribute it and/or
 ## modify it under the terms of the GNU Lesser General Public
@@ -18,7 +18,6 @@
 
 INCLUDES = \
 	-I$(top_builddir)/gnulib/lib -I$(top_srcdir)/gnulib/lib \
-	-I$(top_srcdir) \
 	-I$(top_builddir)/include -I$(top_srcdir)/include \
 	-I$(top_builddir)/src -I$(top_srcdir)/src \
 	-I$(top_srcdir)/src/util \
@@ -30,20 +29,22 @@ INCLUDES = \
 
 CLEANFILES =
 
-DAEMON_GENERATED =			\
-		remote_dispatch.h	\
-		lxc_dispatch.h		\
-		qemu_dispatch.h		\
+DAEMON_GENERATED =					\
+		$(srcdir)/remote_dispatch.h		\
+		$(srcdir)/lxc_dispatch.h		\
+		$(srcdir)/qemu_dispatch.h		\
 		$(NULL)
 
 DAEMON_SOURCES =					\
 		libvirtd.c libvirtd.h			\
+		libvirtd-config.c libvirtd-config.h	\
 		remote.c remote.h			\
 		stream.c stream.h			\
+		../src/remote/remote_protocol.c		\
+		../src/remote/lxc_protocol.c		\
+		../src/remote/qemu_protocol.c		\
 		$(DAEMON_GENERATED)
 
-LIBVIRTD_CONF_SOURCES = libvirtd-config.c libvirtd-config.h
-
 DISTCLEANFILES =
 EXTRA_DIST =						\
 	remote_dispatch.h				\
@@ -66,9 +67,7 @@ EXTRA_DIST =						\
 	THREADS.txt					\
 	libvirtd.pod.in					\
 	libvirtd.8.in					\
-	$(DAEMON_SOURCES)				\
-	$(LIBVIRTD_CONF_SOURCES)			\
-	$(NULL)
+	$(DAEMON_SOURCES)
 
 BUILT_SOURCES =
 
@@ -76,43 +75,23 @@ REMOTE_PROTOCOL = $(top_srcdir)/src/remote/remote_protocol.x
 LXC_PROTOCOL = $(top_srcdir)/src/remote/lxc_protocol.x
 QEMU_PROTOCOL = $(top_srcdir)/src/remote/qemu_protocol.x
 
-remote_dispatch.h: $(srcdir)/../src/rpc/gendispatch.pl \
+$(srcdir)/remote_dispatch.h: $(srcdir)/../src/rpc/gendispatch.pl \
 		$(REMOTE_PROTOCOL)
 	$(AM_V_GEN)$(PERL) -w $(srcdir)/../src/rpc/gendispatch.pl \
-	  --mode=server remote REMOTE $(REMOTE_PROTOCOL) \
-	  > $(srcdir)/remote_dispatch.h
+	  --mode=server remote REMOTE $(REMOTE_PROTOCOL) > $@
 
-lxc_dispatch.h: $(srcdir)/../src/rpc/gendispatch.pl \
+$(srcdir)/lxc_dispatch.h: $(srcdir)/../src/rpc/gendispatch.pl \
 		$(LXC_PROTOCOL)
 	$(AM_V_GEN)$(PERL) -w $(srcdir)/../src/rpc/gendispatch.pl \
-	  --mode=server lxc LXC $(LXC_PROTOCOL) \
-	  > $(srcdir)/lxc_dispatch.h
+	  --mode=server lxc LXC $(LXC_PROTOCOL) > $@
 
-qemu_dispatch.h: $(srcdir)/../src/rpc/gendispatch.pl \
+$(srcdir)/qemu_dispatch.h: $(srcdir)/../src/rpc/gendispatch.pl \
 		$(QEMU_PROTOCOL)
 	$(AM_V_GEN)$(PERL) -w $(srcdir)/../src/rpc/gendispatch.pl \
-	  --mode=server qemu QEMU $(QEMU_PROTOCOL) \
-	  > $(srcdir)/qemu_dispatch.h
+	  --mode=server qemu QEMU $(QEMU_PROTOCOL) > $@
 
 if WITH_LIBVIRTD
 
-# Build a convenience library, for reuse in tests/libvirtdconftest
-noinst_LTLIBRARIES = libvirtd_conf.la
-libvirtd_conf_la_SOURCES = $(LIBVIRTD_CONF_SOURCES)
-libvirtd_conf_la_CFLAGS = \
-	$(LIBXML_CFLAGS) \
-	$(XDR_CFLAGS) \
-	$(WARN_CFLAGS) $(PIE_CFLAGS) \
-	$(COVERAGE_CFLAGS) \
-	$(NULL)
-libvirtd_conf_la_LDFLAGS =				\
-	$(RELRO_LDFLAGS)				\
-	$(PIE_LDFLAGS)					\
-	$(COVERAGE_LDFLAGS)				\
-	$(NO_INDIRECT_LDFLAGS)				\
-	$(NULL)
-libvirtd_conf_la_LIBADD = $(LIBXML_LIBS)
-
 man8_MANS = libvirtd.8
 
 sbin_PROGRAMS = libvirtd
@@ -146,11 +125,9 @@ libvirtd_CFLAGS = \
 	-DQEMUD_PID_FILE="\"$(QEMUD_PID_FILE)\""
 
 libvirtd_LDFLAGS =					\
-	$(RELRO_LDFLAGS)				\
 	$(PIE_LDFLAGS)					\
-	$(COVERAGE_LDFLAGS)				\
-	$(NO_INDIRECT_LDFLAGS)				\
-	$(NULL)
+	$(RELRO_LDFLAGS)				\
+	$(COVERAGE_LDFLAGS)
 
 libvirtd_LDADD =					\
 	$(LIBXML_LIBS)					\
@@ -162,67 +139,64 @@ libvirtd_LDADD =					\
 
 if WITH_DTRACE_PROBES
 libvirtd_LDADD += ../src/libvirt_probes.lo
-endif WITH_DTRACE_PROBES
+endif
 
 libvirtd_LDADD += \
-	libvirtd_conf.la \
 	../src/libvirt-lxc.la \
-	../src/libvirt-qemu.la \
-	../src/libvirt_driver_remote.la \
-	$(NULL)
+	../src/libvirt-qemu.la
 
 if ! WITH_DRIVER_MODULES
 if WITH_QEMU
     libvirtd_LDADD += ../src/libvirt_driver_qemu.la
 if WITH_DTRACE_PROBES
     libvirtd_LDADD += ../src/libvirt_qemu_probes.lo
-endif WITH_DTRACE_PROBES
-endif WITH_QEMU
+endif
+endif
 
 if WITH_LXC
     libvirtd_LDADD += ../src/libvirt_driver_lxc.la
-endif WITH_LXC
+endif
 
 if WITH_XEN
     libvirtd_LDADD += ../src/libvirt_driver_xen.la
-endif WITH_XEN
+endif
 
 if WITH_LIBXL
     libvirtd_LDADD += ../src/libvirt_driver_libxl.la
-endif WITH_LIBXL
+endif
 
 if WITH_UML
     libvirtd_LDADD += ../src/libvirt_driver_uml.la
-endif WITH_UML
+endif
 
 if WITH_VBOX
     libvirtd_LDADD += ../src/libvirt_driver_vbox.la
-endif WITH_VBOX
+endif
 
 if WITH_STORAGE
     libvirtd_LDADD += ../src/libvirt_driver_storage.la
-endif WITH_STORAGE
+endif
 
 if WITH_NETWORK
     libvirtd_LDADD += ../src/libvirt_driver_network.la
-endif WITH_NETWORK
+endif
 
 if WITH_INTERFACE
     libvirtd_LDADD += ../src/libvirt_driver_interface.la
-endif WITH_INTERFACE
+endif
 
 if WITH_NODE_DEVICES
     libvirtd_LDADD += ../src/libvirt_driver_nodedev.la
-endif WITH_NODE_DEVICES
+endif
 
 if WITH_SECRETS
     libvirtd_LDADD += ../src/libvirt_driver_secret.la
-endif WITH_SECRETS
+endif
 
 if WITH_NWFILTER
     libvirtd_LDADD += ../src/libvirt_driver_nwfilter.la
-endif WITH_NWFILTER
-endif ! WITH_DRIVER_MODULES
+endif
+endif
 
 libvirtd_LDADD += ../src/libvirt.la
 
@@ -230,11 +204,11 @@ if WITH_POLKIT
 if WITH_POLKIT0
 policydir = $(datadir)/PolicyKit/policy
 policyauth = auth_admin_keep_session
-else ! WITH_POLKIT0
+else
 policydir = $(datadir)/polkit-1/actions
 policyauth = auth_admin_keep
-endif ! WITH_POLKIT0
-endif WITH_POLKIT
+endif
+endif
 
 libvirtd.policy: libvirtd.policy.in $(top_builddir)/config.status
 	$(AM_V_GEN) sed \
@@ -243,16 +217,14 @@ libvirtd.policy: libvirtd.policy.in $(top_builddir)/config.status
 	mv $@-t $@
 BUILT_SOURCES += libvirtd.policy
 
-install-data-local: install-init-redhat install-init-systemd \
-		install-init-upstart \
+install-data-local: install-init-redhat install-init-systemd install-init-upstart \
 		install-data-sasl install-data-polkit \
 		install-logrotate install-sysctl
 	$(MKDIR_P) $(DESTDIR)$(localstatedir)/log/libvirt \
 		   $(DESTDIR)$(localstatedir)/run/libvirt \
 		   $(DESTDIR)$(localstatedir)/lib/libvirt
 
-uninstall-local:: uninstall-init-redhat uninstall-init-systemd \
-		uninstall-init-upstart \
+uninstall-local:: uninstall-init-redhat uninstall-init-systemd uninstall-init-upstart \
 		uninstall-data-sasl uninstall-data-polkit \
 		uninstall-logrotate uninstall-sysctl
 	rmdir $(DESTDIR)$(localstatedir)/log/libvirt || :
@@ -266,10 +238,10 @@ install-data-polkit::
 uninstall-data-polkit::
 	rm -f $(DESTDIR)$(policydir)/org.libvirt.unix.policy
 	rmdir $(DESTDIR)$(policydir) || :
-else ! WITH_POLKIT
+else
 install-data-polkit::
 uninstall-data-polkit::
-endif ! WITH_POLKIT
+endif
 
 remote.c: $(DAEMON_GENERATED)
 remote.h: $(DAEMON_GENERATED)
@@ -308,14 +280,10 @@ install-logrotate: $(LOGROTATE_CONFS)
 		   $(DESTDIR)$(localstatedir)/log/libvirt/lxc/ \
 		   $(DESTDIR)$(localstatedir)/log/libvirt/uml/ \
 		   $(DESTDIR)$(sysconfdir)/logrotate.d/
-	$(INSTALL_DATA) libvirtd.logrotate \
-		$(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd
-	$(INSTALL_DATA) libvirtd.qemu.logrotate \
-		$(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.qemu
-	$(INSTALL_DATA) libvirtd.lxc.logrotate \
-		$(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.lxc
-	$(INSTALL_DATA) libvirtd.uml.logrotate \
-		$(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.uml
+	$(INSTALL_DATA) libvirtd.logrotate $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd
+	$(INSTALL_DATA) libvirtd.qemu.logrotate $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.qemu
+	$(INSTALL_DATA) libvirtd.lxc.logrotate $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.lxc
+	$(INSTALL_DATA) libvirtd.uml.logrotate $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.uml
 
 uninstall-logrotate:
 	rm -f $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd \
@@ -346,10 +314,10 @@ install-sysctl:
 uninstall-sysctl:
 	rm -f $(DESTDIR)$(prefix)/lib/sysctl.d/libvirtd.conf
 	rmdir $(DESTDIR)$(prefix)/lib/sysctl.d || :
-else ! WITH_SYSCTL
+else
 install-sysctl:
 uninstall-sysctl:
-endif ! WITH_SYSCTL
+endif
 
 if LIBVIRT_INIT_SCRIPT_RED_HAT
 
@@ -363,10 +331,10 @@ install-init-redhat: install-sysconfig libvirtd.init
 uninstall-init-redhat: uninstall-sysconfig
 	rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/libvirtd
 	rmdir $(DESTDIR)$(sysconfdir)/rc.d/init.d || :
-else ! LIBVIRT_INIT_SCRIPT_RED_HAT
+else
 install-init-redhat:
 uninstall-init-redhat:
-endif ! LIBVIRT_INIT_SCRIPT_RED_HAT
+endif # LIBVIRT_INIT_SCRIPT_RED_HAT
 
 
 if LIBVIRT_INIT_SCRIPT_UPSTART
@@ -379,15 +347,15 @@ install-init-upstart: install-sysconfig
 uninstall-init-upstart: uninstall-sysconfig
 	rm -f $(DESTDIR)$(sysconfdir)/event.d/libvirtd
 	rmdir $(DESTDIR)$(sysconfdir)/event.d || :
-else ! LIBVIRT_INIT_SCRIPT_UPSTART
+else
 install-init-upstart:
 uninstall-init-upstart:
-endif ! LIBVIRT_INIT_SCRIPT_UPSTART
+endif # LIBVIRT_INIT_SCRIPT_UPSTART
 
 
 if LIBVIRT_INIT_SCRIPT_SYSTEMD
 
-SYSTEMD_UNIT_DIR = $(prefix)/lib/systemd/system
+SYSTEMD_UNIT_DIR = /lib/systemd/system
 BUILT_SOURCES += libvirtd.service
 
 install-init-systemd: install-sysconfig libvirtd.service
@@ -398,10 +366,10 @@ install-init-systemd: install-sysconfig libvirtd.service
 uninstall-init-systemd: uninstall-sysconfig
 	rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirtd.service
 	rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) || :
-else ! LIBVIRT_INIT_SCRIPT_SYSTEMD
+else
 install-init-systemd:
 uninstall-init-systemd:
-endif ! LIBVIRT_INIT_SCRIPT_SYSTEMD
+endif # LIBVIRT_INIT_SCRIPT_SYSTEMD
 
 libvirtd.init: libvirtd.init.in $(top_builddir)/config.status
 	$(AM_V_GEN)sed						\
@@ -438,10 +406,10 @@ check-augeas: test_libvirtd.aug
 # are used by nearly every other library.
 libvirtd_LDADD += ../gnulib/lib/libgnu.la $(LIBSOCKET)
 
-else ! WITH_LIBVIRTD
+else # WITH_LIBVIRTD
 install-data-local: install-data-sasl
 uninstall-local:: uninstall-data-sasl
-endif ! WITH_LIBVIRTD
+endif # WITH_LIBVIRTD
 
 POD2MAN = pod2man -c "Virtualization Support" \
 			-r "$(PACKAGE)-$(VERSION)" -s 8
@@ -455,16 +423,15 @@ $(srcdir)/libvirtd.8.in: libvirtd.pod.in $(top_srcdir)/configure.ac
 if WITH_SASL
 install-data-sasl:
 	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/sasl2/
-	$(INSTALL_DATA) $(srcdir)/libvirtd.sasl \
-		$(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
+	$(INSTALL_DATA) $(srcdir)/libvirtd.sasl $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
 
 uninstall-data-sasl:
 	rm -f $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
 	rmdir $(DESTDIR)$(sysconfdir)/sasl2/ || :
-else ! WITH_SASL
+else
 install-data-sasl:
 uninstall-data-sasl:
-endif ! WITH_SASL
+endif
 
 
 CLEANFILES += $(BUILT_SOURCES) $(man8_MANS)

daemon/libvirtd-config.c

@@ -1,7 +1,7 @@
 /*
- * libvirtd-config.c: daemon start of day, guest process & i/o management
+ * libvirtd.c: daemon start of day, guest process & i/o management
  *
- * Copyright (C) 2006-2012, 2014 Red Hat, Inc.
+ * Copyright (C) 2006-2012 Red Hat, Inc.
  * Copyright (C) 2006 Daniel P. Berrange
  *
  * This library is free software; you can redistribute it and/or
@@ -37,8 +37,6 @@
 
 #define VIR_FROM_THIS VIR_FROM_CONF
 
-VIR_LOG_INIT("daemon.libvirtd-config");
-
 /* Allocate an array of malloc'd strings from the config file, filename
  * (used only in diagnostics), using handle "conf".  Upon error, return -1
  * and free any allocated memory.  Otherwise, save the array in *list_arg
@@ -69,8 +67,7 @@ remoteConfigGetStringList(virConfPtr conf, const char *key, char ***list_arg,
         break;
 
     case VIR_CONF_LIST: {
-        int len = 0;
-        size_t i;
+        int i, len = 0;
         virConfValuePtr pp;
         for (pp = p->list; pp; pp = pp->next)
             len++;
@@ -90,7 +87,7 @@ remoteConfigGetStringList(virConfPtr conf, const char *key, char ***list_arg,
                 return -1;
             }
             if (VIR_STRDUP(list[i], pp->str) < 0) {
-                size_t j;
+                int j;
                 for (j = 0; j < i; j++)
                     VIR_FREE(list[j]);
                 VIR_FREE(list);
@@ -158,12 +155,7 @@ checkType(virConfValuePtr p, const char *filename,
     } while (0)
 
 
-static int
-remoteConfigGetAuth(virConfPtr conf,
-                    const char *key,
-                    int *auth,
-                    const char *filename)
-{
+static int remoteConfigGetAuth(virConfPtr conf, const char *key, int *auth, const char *filename) {
     virConfValuePtr p;
 
     p = virConfGetValue(conf, key);
@@ -208,14 +200,16 @@ daemonConfigFilePath(bool privileged, char **configfile)
 
         if (virAsprintf(configfile, "%s/libvirtd.conf", configdir) < 0) {
             VIR_FREE(configdir);
-            goto error;
+            goto no_memory;
         }
         VIR_FREE(configdir);
     }
 
     return 0;
 
- error:
+no_memory:
+    virReportOOMError();
+error:
     return -1;
 }
 
@@ -226,8 +220,10 @@ daemonConfigNew(bool privileged ATTRIBUTE_UNUSED)
     char *localhost;
     int ret;
 
-    if (VIR_ALLOC(data) < 0)
+    if (VIR_ALLOC(data) < 0) {
+        virReportOOMError();
         return NULL;
+    }
 
     data->listen_tls = 1;
     data->listen_tcp = 0;
@@ -265,14 +261,15 @@ daemonConfigNew(bool privileged ATTRIBUTE_UNUSED)
 
     data->min_workers = 5;
     data->max_workers = 20;
-    data->max_clients = 5000;
-    data->max_anonymous_clients = 20;
+    data->max_clients = 20;
 
     data->prio_workers = 5;
 
     data->max_requests = 20;
     data->max_client_requests = 5;
 
+    data->log_buffer_size = 64;
+
     data->audit_level = 1;
     data->audit_logging = 0;
 
@@ -297,11 +294,13 @@ daemonConfigNew(bool privileged ATTRIBUTE_UNUSED)
     }
     VIR_FREE(localhost);
     if (ret < 0)
-        goto error;
+        goto no_memory;
 
     return data;
 
- error:
+no_memory:
+    virReportOOMError();
+error:
     daemonConfigFree(data);
     return NULL;
 }
@@ -420,8 +419,6 @@ daemonConfigLoadOptions(struct daemonConfig *data,
     GET_CONF_INT(conf, filename, min_workers);
     GET_CONF_INT(conf, filename, max_workers);
     GET_CONF_INT(conf, filename, max_clients);
-    GET_CONF_INT(conf, filename, max_queued_clients);
-    GET_CONF_INT(conf, filename, max_anonymous_clients);
 
     GET_CONF_INT(conf, filename, prio_workers);
 
@@ -436,6 +433,7 @@ daemonConfigLoadOptions(struct daemonConfig *data,
     GET_CONF_INT(conf, filename, log_level);
     GET_CONF_STR(conf, filename, log_filters);
     GET_CONF_STR(conf, filename, log_outputs);
+    GET_CONF_INT(conf, filename, log_buffer_size);
 
     GET_CONF_INT(conf, filename, keepalive_interval);
     GET_CONF_INT(conf, filename, keepalive_count);
@@ -443,7 +441,7 @@ daemonConfigLoadOptions(struct daemonConfig *data,
 
     return 0;
 
- error:
+error:
     return -1;
 }
 

daemon/libvirtd-config.h

@@ -1,5 +1,5 @@
 /*
- * libvirtd-config.h: daemon start of day, guest process & i/o management
+ * libvirtd.c: daemon start of day, guest process & i/o management
  *
  * Copyright (C) 2006-2012 Red Hat, Inc.
  * Copyright (C) 2006 Daniel P. Berrange
@@ -63,8 +63,6 @@ struct daemonConfig {
     int min_workers;
     int max_workers;
     int max_clients;
-    int max_queued_clients;
-    int max_anonymous_clients;
 
     int prio_workers;
 
@@ -74,6 +72,7 @@ struct daemonConfig {
     int log_level;
     char *log_filters;
     char *log_outputs;
+    int log_buffer_size;
 
     int audit_level;
     int audit_logging;

daemon/libvirtd.aug

@@ -56,8 +56,6 @@ module Libvirtd =
    let processing_entry = int_entry "min_workers"
                         | int_entry "max_workers"
                         | int_entry "max_clients"
-                        | int_entry "max_queued_clients"
-                        | int_entry "max_anonymous_clients"
                         | int_entry "max_requests"
                         | int_entry "max_client_requests"
                         | int_entry "prio_workers"

daemon/libvirtd.c

@@ -1,7 +1,7 @@
 /*
  * libvirtd.c: daemon start of day, guest process & i/o management
  *
- * Copyright (C) 2006-2014 Red Hat, Inc.
+ * Copyright (C) 2006-2012 Red Hat, Inc.
  * Copyright (C) 2006 Daniel P. Berrange
  *
  * This library is free software; you can redistribute it and/or
@@ -35,7 +35,6 @@
 #include "libvirt_internal.h"
 #include "virerror.h"
 #include "virfile.h"
-#include "virlog.h"
 #include "virpidfile.h"
 #include "virprocess.h"
 
@@ -78,9 +77,6 @@
 # ifdef WITH_VBOX
 #  include "vbox/vbox_driver.h"
 # endif
-# ifdef WITH_BHYVE
-#  include "bhyve/bhyve_driver.h"
-# endif
 # ifdef WITH_NETWORK
 #  include "network/bridge_driver.h"
 # endif
@@ -104,9 +100,6 @@
 #include "configmake.h"
 
 #include "virdbus.h"
-#include "cpu/cpu_map.h"
-
-VIR_LOG_INIT("daemon.libvirtd");
 
 #if WITH_SASL
 virNetSASLContextPtr saslCtxt = NULL;
@@ -115,8 +108,6 @@ virNetServerProgramPtr remoteProgram = NULL;
 virNetServerProgramPtr qemuProgram = NULL;
 virNetServerProgramPtr lxcProgram = NULL;
 
-volatile bool driversInitialized = false;
-
 enum {
     VIR_DAEMON_ERR_NONE = 0,
     VIR_DAEMON_ERR_PIDFILE,
@@ -210,7 +201,7 @@ static int daemonForkIntoBackground(const char *argv0)
             VIR_FORCE_CLOSE(statuspipe[1]);
 
             /* We wait to make sure the first child forked successfully */
-            if (virProcessWait(pid, NULL, false) < 0)
+            if (virProcessWait(pid, NULL) < 0)
                 goto error;
 
             /* If we get here, then the grandchild was spawned, so we
@@ -242,7 +233,7 @@ static int daemonForkIntoBackground(const char *argv0)
         }
     }
 
- error:
+error:
     VIR_FORCE_CLOSE(statuspipe[0]);
     VIR_FORCE_CLOSE(statuspipe[1]);
     return -1;
@@ -272,7 +263,7 @@ daemonPidFilePath(bool privileged,
 
         if (virAsprintf(pidfile, "%s/libvirtd.pid", rundir) < 0) {
             VIR_FREE(rundir);
-            goto error;
+            goto no_memory;
         }
 
         VIR_FREE(rundir);
@@ -280,7 +271,9 @@ daemonPidFilePath(bool privileged,
 
     return 0;
 
- error:
+no_memory:
+    virReportOOMError();
+error:
     return -1;
 }
 
@@ -292,10 +285,10 @@ daemonUnixSocketPaths(struct daemonConfig *config,
 {
     if (config->unix_sock_dir) {
         if (virAsprintf(sockfile, "%s/libvirt-sock", config->unix_sock_dir) < 0)
-            goto error;
+            goto no_memory;
         if (privileged &&
             virAsprintf(rosockfile, "%s/libvirt-sock-ro", config->unix_sock_dir) < 0)
-            goto error;
+            goto no_memory;
     } else {
         if (privileged) {
             if (VIR_STRDUP(*sockfile, LOCALSTATEDIR "/run/libvirt/libvirt-sock") < 0 ||
@@ -317,7 +310,7 @@ daemonUnixSocketPaths(struct daemonConfig *config,
 
             if (virAsprintf(sockfile, "%s/libvirt-sock", rundir) < 0) {
                 VIR_FREE(rundir);
-                goto error;
+                goto no_memory;
             }
 
             VIR_FREE(rundir);
@@ -325,7 +318,9 @@ daemonUnixSocketPaths(struct daemonConfig *config,
     }
     return 0;
 
- error:
+no_memory:
+    virReportOOMError();
+error:
     return -1;
 }
 
@@ -412,9 +407,6 @@ static void daemonInitialize(void)
 # ifdef WITH_VBOX
     virDriverLoadModule("vbox");
 # endif
-# ifdef WITH_BHYVE
-    virDriverLoadModule("bhyve");
-# endif
 #else
 # ifdef WITH_NETWORK
     networkRegister();
@@ -452,9 +444,6 @@ static void daemonInitialize(void)
 # ifdef WITH_VBOX
     vboxRegister();
 # endif
-# ifdef WITH_BHYVE
-    bhyveRegister();
-# endif
 #endif
 }
 
@@ -500,7 +489,6 @@ static int daemonSetupNetworking(virNetServerPtr srv,
                                            NULL,
 #endif
                                            false,
-                                           config->max_queued_clients,
                                            config->max_client_requests)))
         goto error;
     if (sock_path_ro) {
@@ -513,7 +501,6 @@ static int daemonSetupNetworking(virNetServerPtr srv,
                                                  NULL,
 #endif
                                                  true,
-                                                 config->max_queued_clients,
                                                  config->max_client_requests)))
             goto error;
     }
@@ -539,7 +526,6 @@ static int daemonSetupNetworking(virNetServerPtr srv,
                                                      NULL,
 #endif
                                                      false,
-                                                     config->max_queued_clients,
                                                      config->max_client_requests)))
                 goto error;
 
@@ -580,7 +566,6 @@ static int daemonSetupNetworking(virNetServerPtr srv,
                                             config->auth_tls,
                                             ctxt,
                                             false,
-                                            config->max_queued_clients,
                                             config->max_client_requests))) {
                 virObjectUnref(ctxt);
                 goto error;
@@ -618,7 +603,7 @@ static int daemonSetupNetworking(virNetServerPtr srv,
 
     return 0;
 
- error:
+error:
 #if WITH_GNUTLS
     virObjectUnref(svcTLS);
 #endif
@@ -662,6 +647,8 @@ daemonSetupLogging(struct daemonConfig *config,
 
     virLogSetFromEnv();
 
+    virLogSetBufferSize(config->log_buffer_size);
+
     if (virLogGetNbFilters() == 0)
         virLogParseFilters(config->log_filters);
 
@@ -679,7 +666,7 @@ daemonSetupLogging(struct daemonConfig *config,
         char *tmp;
         if (access("/run/systemd/journal/socket", W_OK) >= 0) {
             if (virAsprintf(&tmp, "%d:journald", virLogGetDefaultPriority()) < 0)
-                goto error;
+                goto no_memory;
             virLogParseOutputs(tmp);
             VIR_FREE(tmp);
         }
@@ -697,7 +684,7 @@ daemonSetupLogging(struct daemonConfig *config,
                 if (virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log",
                                 virLogGetDefaultPriority(),
                                 LOCALSTATEDIR) == -1)
-                    goto error;
+                    goto no_memory;
             } else {
                 char *logdir = virGetUserCacheDirectory();
                 mode_t old_umask;
@@ -715,13 +702,13 @@ daemonSetupLogging(struct daemonConfig *config,
                 if (virAsprintf(&tmp, "%d:file:%s/libvirtd.log",
                                 virLogGetDefaultPriority(), logdir) == -1) {
                     VIR_FREE(logdir);
-                    goto error;
+                    goto no_memory;
                 }
                 VIR_FREE(logdir);
             }
         } else {
             if (virAsprintf(&tmp, "%d:stderr", virLogGetDefaultPriority()) < 0)
-                goto error;
+                goto no_memory;
         }
         virLogParseOutputs(tmp);
         VIR_FREE(tmp);
@@ -735,7 +722,9 @@ daemonSetupLogging(struct daemonConfig *config,
 
     return 0;
 
- error:
+no_memory:
+    virReportOOMError();
+error:
     return -1;
 }
 
@@ -925,8 +914,6 @@ static void daemonRunStateInit(void *opaque)
         goto cleanup;
     }
 
-    driversInitialized = true;
-
 #ifdef HAVE_DBUS
     /* Tie the non-priviledged libvirtd to the session/shutdown lifecycle */
     if (!virNetServerIsPrivileged(srv)) {
@@ -948,7 +935,7 @@ static void daemonRunStateInit(void *opaque)
 #endif
     /* Only now accept clients from network */
     virNetServerUpdateServices(srv, true);
- cleanup:
+cleanup:
     daemonInhibitCallback(false, srv);
     virObjectUnref(srv);
     virObjectUnref(sysident);
@@ -1006,7 +993,7 @@ static int migrateProfile(void)
         goto cleanup;
     }
 
-    config_home = virGetEnvBlockSUID("XDG_CONFIG_HOME");
+    config_home = getenv("XDG_CONFIG_HOME");
     if (config_home && config_home[0] != '\0') {
         if (VIR_STRDUP(xdg_dir, config_home) < 0)
             goto cleanup;
@@ -1053,13 +1040,12 @@ daemonUsage(const char *argv0, bool privileged)
               "  %s [options]\n"
               "\n"
               "Options:\n"
-              "  -h | --help            Display program help:\n"
               "  -v | --verbose         Verbose messages.\n"
               "  -d | --daemon          Run as a daemon & write PID file.\n"
               "  -l | --listen          Listen for TCP/IP connections.\n"
               "  -t | --timeout <secs>  Exit after timeout period.\n"
               "  -f | --config <file>   Configuration file.\n"
-              "  -V | --version         Display version information.\n"
+              "     | --version         Display version information.\n"
               "  -p | --pid-file <file> Change name of PID file.\n"
               "\n"
               "libvirt management daemon:\n"),
@@ -1071,26 +1057,26 @@ daemonUsage(const char *argv0, bool privileged)
                   "  Default paths:\n"
                   "\n"
                   "    Configuration file (unless overridden by -f):\n"
-                  "      %s\n"
+                  "      %s/libvirt/libvirtd.conf\n"
                   "\n"
                   "    Sockets:\n"
-                  "      %s\n"
-                  "      %s\n"
+                  "      %s/run/libvirt/libvirt-sock\n"
+                  "      %s/run/libvirt/libvirt-sock-ro\n"
                   "\n"
                   "    TLS:\n"
-                  "      CA certificate:     %s\n"
-                  "      Server certificate: %s\n"
-                  "      Server private key: %s\n"
+                  "      CA certificate:     %s/pki/CA/caert.pem\n"
+                  "      Server certificate: %s/pki/libvirt/servercert.pem\n"
+                  "      Server private key: %s/pki/libvirt/private/serverkey.pem\n"
                   "\n"
                   "    PID file (unless overridden by -p):\n"
                   "      %s/run/libvirtd.pid\n"
                   "\n"),
-                LIBVIRTD_CONFIGURATION_FILE,
-                LIBVIRTD_PRIV_UNIX_SOCKET,
-                LIBVIRTD_PRIV_UNIX_SOCKET_RO,
-                LIBVIRT_CACERT,
-                LIBVIRT_SERVERCERT,
-                LIBVIRT_SERVERKEY,
+                SYSCONFDIR,
+                LOCALSTATEDIR,
+                LOCALSTATEDIR,
+                SYSCONFDIR,
+                SYSCONFDIR,
+                SYSCONFDIR,
                 LOCALSTATEDIR);
     } else {
         fprintf(stderr, "%s",
@@ -1114,6 +1100,10 @@ daemonUsage(const char *argv0, bool privileged)
     }
 }
 
+enum {
+    OPT_VERSION = 129
+};
+
 #define MAX_LISTEN 5
 int main(int argc, char **argv) {
     virNetServerPtr srv = NULL;
@@ -1135,14 +1125,14 @@ int main(int argc, char **argv) {
     mode_t old_umask;
 
     struct option opts[] = {
-        { "verbose", no_argument, &verbose, 'v'},
-        { "daemon", no_argument, &godaemon, 'd'},
-        { "listen", no_argument, &ipsock, 'l'},
+        { "verbose", no_argument, &verbose, 1},
+        { "daemon", no_argument, &godaemon, 1},
+        { "listen", no_argument, &ipsock, 1},
         { "config", required_argument, NULL, 'f'},
         { "timeout", required_argument, NULL, 't'},
         { "pid-file", required_argument, NULL, 'p'},
-        { "version", no_argument, NULL, 'V' },
-        { "help", no_argument, NULL, 'h' },
+        { "version", no_argument, NULL, OPT_VERSION },
+        { "help", no_argument, NULL, '?' },
         {0, 0, 0, 0}
     };
 
@@ -1154,16 +1144,38 @@ int main(int argc, char **argv) {
         exit(EXIT_FAILURE);
     }
 
-    virUpdateSelfLastChanged(argv[0]);
-
-    virFileActivateDirOverride(argv[0]);
+    if (strstr(argv[0], "lt-libvirtd") ||
+        strstr(argv[0], "/daemon/.libs/libvirtd")) {
+        char *tmp = strrchr(argv[0], '/');
+        if (!tmp) {
+            fprintf(stderr, _("%s: cannot identify driver directory\n"), argv[0]);
+            exit(EXIT_FAILURE);
+        }
+        *tmp = '\0';
+        char *driverdir;
+        if (virAsprintf(&driverdir, "%s/../../src/.libs", argv[0]) < 0) {
+            fprintf(stderr, _("%s: initialization failed\n"), argv[0]);
+            exit(EXIT_FAILURE);
+        }
+        if (access(driverdir, R_OK) < 0) {
+            fprintf(stderr, _("%s: expected driver directory '%s' is missing\n"),
+                    argv[0], driverdir);
+            exit(EXIT_FAILURE);
+        }
+        virLockManagerSetPluginDir(driverdir);
+#ifdef WITH_DRIVER_MODULES
+        virDriverModuleInitialize(driverdir);
+#endif
+        *tmp = '/';
+        /* Must not free 'driverdir' - it is still used */
+    }
 
     while (1) {
         int optidx = 0;
         int c;
         char *tmp;
 
-        c = getopt_long(argc, argv, "ldf:p:t:vVh", opts, &optidx);
+        c = getopt_long(argc, argv, "ldf:p:t:v", opts, &optidx);
 
         if (c == -1) {
             break;
@@ -1209,17 +1221,17 @@ int main(int argc, char **argv) {
             }
             break;
 
-        case 'V':
+        case OPT_VERSION:
             daemonVersion(argv[0]);
-            exit(EXIT_SUCCESS);
-
-        case 'h':
-            daemonUsage(argv[0], privileged);
-            exit(EXIT_SUCCESS);
+            return 0;
 
         case '?':
-        default:
             daemonUsage(argv[0], privileged);
+            return 2;
+
+        default:
+            VIR_ERROR(_("%s: internal error: unknown flag: %c"),
+                      argv[0], c);
             exit(EXIT_FAILURE);
         }
     }
@@ -1342,7 +1354,7 @@ int main(int argc, char **argv) {
     umask(old_umask);
 
     /* Try to claim the pidfile, exiting if we can't */
-    if ((pid_file_fd = virPidFileAcquirePath(pid_file, false, getpid())) < 0) {
+    if ((pid_file_fd = virPidFileAcquirePath(pid_file, getpid())) < 0) {
         ret = VIR_DAEMON_ERR_PIDFILE;
         goto cleanup;
     }
@@ -1356,7 +1368,6 @@ int main(int argc, char **argv) {
                                 config->max_workers,
                                 config->prio_workers,
                                 config->max_clients,
-                                config->max_anonymous_clients,
                                 config->keepalive_interval,
                                 config->keepalive_count,
                                 !!config->keepalive_required,
@@ -1511,7 +1522,7 @@ int main(int argc, char **argv) {
     virHookCall(VIR_HOOK_DRIVER_DAEMON, "-", VIR_HOOK_DAEMON_OP_SHUTDOWN,
                 0, "shutdown", NULL, NULL);
 
- cleanup:
+cleanup:
     virNetlinkEventServiceStopAll();
     virObjectUnref(remoteProgram);
     virObjectUnref(lxcProgram);
@@ -1540,8 +1551,7 @@ int main(int argc, char **argv) {
 
     daemonConfigFree(config);
 
-    if (driversInitialized)
-        virStateCleanup();
+    virStateCleanup();
 
     return ret;
 }

daemon/libvirtd.conf

@@ -48,10 +48,6 @@
 # Override the default configuration which binds to all network
 # interfaces. This can be a numeric IPv4/6 address, or hostname
 #
-# If the libvirtd service is started in parallel with network
-# startup (e.g. with systemd), binding to addresses other than
-# the wildcards (0.0.0.0/::) might not be available yet.
-#
 #listen_addr = "192.168.0.1"
 
 
@@ -67,7 +63,7 @@
 # unique on the immediate broadcast network.
 #
 # The default is "Virtualization Host HOSTNAME", where HOSTNAME
-# is substituted for the short hostname of the machine (without domain)
+# is subsituted for the short hostname of the machine (without domain)
 #
 #mdns_name = "Virtualization Host Joe Demo"
 
@@ -87,8 +83,8 @@
 # Set the UNIX socket permissions for the R/O socket. This is used
 # for monitoring VM status only
 #
-# Default allows any user. If setting group ownership, you may want to
-# restrict this too.
+# Default allows any user. If setting group ownership may want to
+# restrict this to:
 #unix_sock_ro_perms = "0777"
 
 # Set the UNIX socket permissions for the R/W socket. This is used
@@ -98,7 +94,7 @@
 # the default will change to allow everyone (eg, 0777)
 #
 # If not using PolicyKit and setting group ownership for access
-# control, then you may want to relax this too.
+# control then you may want to relax this to:
 #unix_sock_rw_perms = "0770"
 
 # Set the name of the directory in which sockets will be found/created.
@@ -117,7 +113,7 @@
 #  - sasl: use SASL infrastructure. The actual auth scheme is then
 #          controlled from /etc/sasl2/libvirt.conf. For the TCP
 #          socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
-#          For non-TCP or TLS sockets, any scheme is allowed.
+#          For non-TCP or TLS sockets,  any scheme is allowed.
 #
 #  - polkit: use PolicyKit to authenticate. This is only suitable
 #            for use on the UNIX sockets. The default policy will
@@ -220,7 +216,7 @@
 #tls_no_verify_certificate = 1
 
 
-# A whitelist of allowed x509 Distinguished Names
+# A whitelist of allowed x509  Distinguished Names
 # This list may contain wildcards such as
 #
 #    "C=GB,ST=London,L=London,O=Red Hat,CN=*"
@@ -259,18 +255,8 @@
 
 # The maximum number of concurrent client connections to allow
 # over all sockets combined.
-#max_clients = 5000
+#max_clients = 20
 
-# The maximum length of queue of connections waiting to be
-# accepted by the daemon. Note, that some protocols supporting
-# retransmission may obey this so that a later reattempt at
-# connection succeeds.
-#max_queued_clients = 1000
-
-# The maximum length of queue of accepted but not yet not
-# authenticated clients. The default value is zero, meaning
-# the feature is disabled.
-#max_anonymous_clients = 20
 
 # The minimum limit sets the number of workers to start up
 # initially. If the number of active clients exceeds this,
@@ -282,13 +268,13 @@
 
 
 # The number of priority workers. If all workers from above
-# pool are stuck, some calls marked as high priority
+# pool will stuck, some calls marked as high priority
 # (notably domainDestroy) can be executed in this pool.
 #prio_workers = 5
 
 # Total global limit on concurrent RPC calls. Should be
 # at least as large as max_workers. Beyond this, RPC requests
-# will be read into memory and queued. This directly impacts
+# will be read into memory and queued. This directly impact
 # memory usage, currently each request requires 256 KB of
 # memory. So by default up to 5 MB of memory is used
 #
@@ -326,7 +312,7 @@
 #    3: WARNING
 #    4: ERROR
 #
-# Multiple filters can be defined in a single @filters, they just need to be
+# Multiple filter can be defined in a single @filters, they just need to be
 # separated by spaces.
 #
 # e.g. to only get warning or errors from the remote layer and only errors
@@ -348,16 +334,16 @@
 #    3: WARNING
 #    4: ERROR
 #
-# Multiple outputs can be defined, they just need to be separated by spaces.
+# Multiple output can be defined, they just need to be separated by spaces.
 # e.g. to log all warnings and errors to syslog under the libvirtd ident:
 #log_outputs="3:syslog:libvirtd"
 #
 
-# Log debug buffer size:
-#
-# This configuration option is no longer used, since the global
-# log buffer functionality has been removed. Please configure
-# suitable log_outputs/log_filters settings to obtain logs.
+# Log debug buffer size: default 64
+# The daemon keeps an internal debug log buffer which will be dumped in case
+# of crash or upon receiving a SIGUSR2 signal. This setting allows to override
+# the default buffer size in kilobytes.
+# If value is 0 or less the debug log buffer is deactivated
 #log_buffer_size = 64
 
 
@@ -395,7 +381,7 @@
 ###################################################################
 # Keepalive protocol:
 # This allows libvirtd to detect broken client connections or even
-# dead clients.  A keepalive message is sent to a client after
+# dead client.  A keepalive message is sent to a client after
 # keepalive_interval seconds of inactivity to check if the client is
 # still responding; keepalive_count is a maximum number of keepalive
 # messages that are allowed to be sent to the client without getting
@@ -404,7 +390,7 @@
 # keepalive_interval * (keepalive_count + 1) seconds since the last
 # message received from the client.  If keepalive_interval is set to
 # -1, libvirtd will never send keepalive requests; however clients
-# can still send them and the daemon will send responses.  When
+# can still send them and the deamon will send responses.  When
 # keepalive_count is set to 0, connections will be automatically
 # closed after keepalive_interval seconds of inactivity without
 # sending any keepalive messages.

daemon/libvirtd.h

@@ -1,7 +1,7 @@
 /*
  * libvirtd.h: daemon data structure definitions
  *
- * Copyright (C) 2006-2014 Red Hat, Inc.
+ * Copyright (C) 2006-2013 Red Hat, Inc.
  * Copyright (C) 2006 Daniel P. Berrange
  *
  * This library is free software; you can redistribute it and/or
@@ -32,6 +32,7 @@
 # include "remote_protocol.h"
 # include "lxc_protocol.h"
 # include "qemu_protocol.h"
+# include "virlog.h"
 # include "virthread.h"
 # if WITH_SASL
 #  include "virnetsaslcontext.h"
@@ -42,20 +43,13 @@ typedef struct daemonClientStream daemonClientStream;
 typedef daemonClientStream *daemonClientStreamPtr;
 typedef struct daemonClientPrivate daemonClientPrivate;
 typedef daemonClientPrivate *daemonClientPrivatePtr;
-typedef struct daemonClientEventCallback daemonClientEventCallback;
-typedef daemonClientEventCallback *daemonClientEventCallbackPtr;
 
 /* Stores the per-client connection state */
 struct daemonClientPrivate {
     /* Hold while accessing any data except conn */
     virMutex lock;
 
-    daemonClientEventCallbackPtr *domainEventCallbacks;
-    size_t ndomainEventCallbacks;
-    daemonClientEventCallbackPtr *networkEventCallbacks;
-    size_t nnetworkEventCallbacks;
-    daemonClientEventCallbackPtr *qemuEventCallbacks;
-    size_t nqemuEventCallbacks;
+    int domainEventCallbackID[VIR_DOMAIN_EVENT_ID_LAST];
 
 # if WITH_SASL
     virNetSASLSessionPtr sasl;

daemon/libvirtd.init.in

@@ -9,11 +9,9 @@
 # Should-Start: $named
 # Should-Start: xend
 # Should-Start: avahi-daemon
-# Should-Start: virtlockd
 # Required-Stop: $network messagebus
 # Should-Stop: $named
 # Default-Start: 3 4 5
-# Default-Stop: 0 1 2 6
 # Short-Description: daemon for libvirt virtualization API
 # Description: This is a daemon for managing guest instances
 #              and libvirt virtual networks

daemon/libvirtd.pod.in

@@ -36,10 +36,6 @@ from the configuration.
 
 =over
 
-=item B<-h, --help>
-
-Display command line help usage then exit.
-
 =item B<-d, --daemon>
 
 Run as a daemon & write PID file.

daemon/libvirtd.sasl

@@ -27,5 +27,5 @@ mech_list: digest-md5
 
 # If using digest-md5 for username/passwds, then this is the file
 # containing the passwds. Use 'saslpasswd2 -a libvirt [username]'
-# to add entries, and 'sasldblistusers2 -f [sasldb_path]' to browse it
+# to add entries, and 'sasldblistusers2 -a libvirt' to browse it
 sasldb_path: /etc/libvirt/passwd.db

daemon/libvirtd.service.in

@@ -9,17 +9,12 @@ Before=libvirt-guests.service
 After=network.target
 After=dbus.service
 After=iscsid.service
-After=apparmor.service
-Documentation=man:libvirtd(8)
-Documentation=http://libvirt.org
 
 [Service]
-Type=notify
 EnvironmentFile=-/etc/sysconfig/libvirtd
 ExecStart=@sbindir@/libvirtd $LIBVIRTD_ARGS
 ExecReload=/bin/kill -HUP $MAINPID
 KillMode=process
-Restart=on-failure
 # Override the maximum number of opened files
 #LimitNOFILE=2048
 

daemon/libvirtd.sysconf

@@ -20,14 +20,5 @@
 #
 #SDL_AUDIODRIVER=pulse
 
-# Override the maximum number of opened files.
-# This only works with traditional init scripts.
-# In the systemd world, the limit can only be changed by overriding
-# LimitNOFILE for libvirtd.service. To do that, just create a *.conf
-# file in /etc/systemd/system/libvirtd.service.d/ (for example
-# /etc/systemd/system/libvirtd.service.d/openfiles.conf) and write
-# the following two lines in it:
-#   [Service]
-#   LimitNOFILE=2048
-#
+# Override the maximum number of opened files
 #LIBVIRTD_NOFILES_LIMIT=2048

daemon/stream.c

@@ -32,8 +32,6 @@
 
 #define VIR_FROM_THIS VIR_FROM_STREAMS
 
-VIR_LOG_INIT("daemon.stream");
-
 struct daemonClientStream {
     daemonClientPrivatePtr priv;
     int refs;
@@ -260,7 +258,7 @@ daemonStreamEvent(virStreamPtr st, int events, void *opaque)
         daemonStreamUpdateEvents(stream);
     }
 
- cleanup:
+cleanup:
     virMutexUnlock(&priv->lock);
 }
 
@@ -301,7 +299,7 @@ daemonStreamFilter(virNetServerClientPtr client ATTRIBUTE_UNUSED,
     daemonStreamUpdateEvents(stream);
     ret = 1;
 
- cleanup:
+cleanup:
     virMutexUnlock(&stream->priv->lock);
     return ret;
 }
@@ -327,8 +325,10 @@ daemonCreateClientStream(virNetServerClientPtr client,
     VIR_DEBUG("client=%p, proc=%d, serial=%d, st=%p",
               client, header->proc, header->serial, st);
 
-    if (VIR_ALLOC(stream) < 0)
+    if (VIR_ALLOC(stream) < 0) {
+        virReportOOMError();
         return NULL;
+    }
 
     stream->refs = 1;
     stream->priv = priv;

daemon/test_libvirtd.aug.in

@@ -34,9 +34,7 @@ module Test_libvirtd =
              { "1" = "joe@EXAMPLE.COM" }
              { "2" = "fred@EXAMPLE.COM" }
         }
-        { "max_clients" = "5000" }
-        { "max_queued_clients" = "1000" }
-        { "max_anonymous_clients" = "20" }
+        { "max_clients" = "20" }
         { "min_workers" = "5" }
         { "max_workers" = "20" }
         { "prio_workers" = "5" }

docs/Makefile.am

@@ -25,6 +25,8 @@ DOC_SOURCE_DIR=../src
 
 DEVHELP_DIR=$(datadir)/gtk-doc/html/libvirt
 
+BUILT_SOURCES=hvsupport.html.in
+
 apihtml =			\
   html/index.html		\
   html/libvirt-libvirt.html	\
@@ -87,12 +89,6 @@ internals_html_in = \
   $(patsubst $(srcdir)/%,%,$(wildcard $(srcdir)/internals/*.html.in))
 internals_html = $(internals_html_in:%.html.in=%.html)
 
-# todo.html is special - it is shipped in the tarball, but we
-# have a dedicated 'todo' target to rebuild it from a proper
-# config file, all other users are able to build it locally.
-# For all other files, since we ship pre-built html in the
-# tarball, we must also ship the sources, even when those
-# sources are themselves generated.
 dot_html_in = $(notdir $(wildcard $(srcdir)/*.html.in)) \
   todo.html.in \
   hvsupport.html.in
@@ -132,7 +128,7 @@ fig = \
   migration-unmanaged-direct.fig
 
 EXTRA_DIST=					\
-  apibuild.py genaclperms.pl \
+  apibuild.py \
   site.xsl newapi.xsl news.xsl page.xsl \
   hacking1.xsl hacking2.xsl wrapstring.xsl \
   $(dot_html) $(dot_html_in) $(gif) $(apihtml) $(apipng) \
@@ -140,22 +136,15 @@ EXTRA_DIST=					\
   $(xml) $(qemu_xml) $(lxc_xml) $(fig) $(png) $(css) \
   $(patches) $(dot_php_in) $(dot_php_code_in) $(dot_php)\
   $(internals_html_in) $(internals_html) \
-  sitemap.html.in aclperms.htmlinc \
+  sitemap.html.in \
   todo.pl hvsupport.pl todo.cfg-example
 
-acl.html:: $(srcdir)/aclperms.htmlinc
-
-$(srcdir)/aclperms.htmlinc: $(top_srcdir)/src/access/viraccessperm.h \
-        $(srcdir)/genaclperms.pl Makefile.am
-	$(AM_V_GEN)$(PERL) $(srcdir)/genaclperms.pl $< > $@
-
 MAINTAINERCLEANFILES = \
   $(addprefix $(srcdir)/,$(dot_html)) \
   $(addprefix $(srcdir)/,$(apihtml)) \
   $(addprefix $(srcdir)/,$(devhelphtml)) \
   $(addprefix $(srcdir)/,$(internals_html)) \
-  $(addprefix $(srcdir)/,$(dot_php)) \
-  $(srcdir)/hvsupport.html.in $(srcdir)/aclperms.htmlinc
+  $(addprefix $(srcdir)/,$(dot_php))
 
 all-am: web
 
@@ -173,25 +162,17 @@ todo.html.in: todo.pl
 		|| { rm $@ && exit 1; }; \
 	else \
 		echo "Stubbing $@"; \
-		printf "%s\n" \
-		  "<html xmlns=\"http://www.w3.org/1999/xhtml\">" \
-		  "<body>" \
-		  "<h1>Todo list unavailable: no config file</h1>" \
-		  "</body></html>" > $@ ; \
+		echo "<html xmlns=\"http://www.w3.org/1999/xhtml\"><body><h1>Todo list unavailable: no config file</h1></body></html>" > $@ ; \
 	fi
 
 todo:
 	rm -f todo.html.in
 	$(MAKE) todo.html
 
-hvsupport.html:: $(srcdir)/hvsupport.html.in
-
-$(srcdir)/hvsupport.html.in: $(srcdir)/hvsupport.pl \
-		$(srcdir)/../src/libvirt_public.syms \
+hvsupport.html.in: $(srcdir)/hvsupport.pl $(srcdir)/../src/libvirt_public.syms \
 	$(srcdir)/../src/libvirt_qemu.syms $(srcdir)/../src/libvirt_lxc.syms \
 	$(srcdir)/../src/driver.h
-	$(AM_V_GEN)$(PERL) $(srcdir)/hvsupport.pl $(srcdir)/../src > $@ \
-		|| { rm $@ && exit 1; }
+	$(AM_V_GEN)$(PERL) $(srcdir)/hvsupport.pl $(srcdir)/../src > $@ || { rm $@ && exit 1; }
 
 .PHONY: todo
 
@@ -235,14 +216,13 @@ internals/%.html.tmp: internals/%.html.in subsite.xsl page.xsl sitemap.html.in
 %.php: %.php.tmp %.php.code.in
 	@if [ -x $(XSLTPROC) ] ; then \
 	  echo "Scripting $@"; \
-	    sed -e '/<span id="php_placeholder"><\/span>/r '"$(srcdir)/$@.code.in" \
+	    sed -e '/<a id="php_placeholder"><\/a>/r '"$(srcdir)/$@.code.in" \
 	    -e /php_placeholder/d < $@.tmp > $(srcdir)/$@ \
 	    || { rm $(srcdir)/$@ && exit 1; }; fi
 
 html/index.html: libvirt-api.xml newapi.xsl page.xsl sitemap.html.in
 	$(AM_V_GEN)if [ -x $(XSLTPROC) ] ; then \
 	  $(XSLTPROC) --nonet -o $(srcdir)/ \
-	  --stringparam builddir '$(abs_top_builddir)' \
 	  $(srcdir)/newapi.xsl $(srcdir)/libvirt-api.xml ; fi && \
 	if test -x $(XMLLINT) && test -x $(XMLCATALOG) ; then \
 	  if $(XMLCATALOG) '$(XML_CATALOG_FILE)' "-//W3C//DTD XHTML 1.0 Strict//EN" \
@@ -292,14 +272,12 @@ $(APIBUILD_STAMP): $(srcdir)/apibuild.py \
 
 
 check-local: all
-dist-local: all
 
 clean-local:
 	rm -f *~ *.bak *.hierarchy *.signals *-unused.txt *.html
 
 maintainer-clean-local: clean-local
-	rm -rf $(srcdir)/libvirt-api.xml $(srcdir)/libvirt-refs.xml \
-		todo.html.in
+	rm -rf $(srcdir)/libvirt-api.xml $(srcdir)/libvirt-refs.xml todo.html.in hvsupport.html.in
 	rm -rf $(srcdir)/libvirt-qemu-api.xml $(srcdir)/libvirt-qemu-refs.xml
 	rm -rf $(srcdir)/libvirt-lxc-api.xml $(srcdir)/libvirt-lxc-refs.xml
 	rm -rf $(APIBUILD_STAMP)

docs/acl.html.in

@@ -1,100 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Client access control</h1>
-    <p>
-      Libvirt's client access control framework allows administrators
-      to setup fine grained permission rules across client users,
-      managed objects and API operations. This allows client connections
-      to be locked down to a minimal set of privileges.
-    </p>
-
-    <ul id="toc"></ul>
-
-    <h2><a name="intro">Access control introduction</a></h2>
-
-    <p>
-      In a default configuration, the libvirtd daemon has three levels
-      of access control. All connections start off in an unauthenticated
-      state, where the only API operations allowed are those required
-      to complete authentication. After successful authentication, a
-      connection either has full, unrestricted access to all libvirt
-      API calls, or is locked down to only "read only" operations,
-      according to what socket a client connection originated on.
-    </p>
-
-    <p>
-      The access control framework allows authenticated connections to
-      have fine grained permission rules to be defined by the administrator.
-      Every API call in libvirt has a set of permissions that will
-      be validated against the object being used. For example, the
-      <code>virDomainSetSchedulerParametersFlags</code> method will
-      check whether the client user has the <code>write</code>
-      permission on the <code>domain</code> object instance passed
-      in as a parameter. Further permissions will also be checked
-      if certain flags are set in the API call. In addition to
-      checks on the object passed in to an API call, some methods
-      will filter their results. For example the <code>virConnectListAllDomains</code>
-      method will check the <code>search_domains</code> on the <code>connect</code>
-      object, but will also filter the returned <code>domain</code>
-      objects to only those on which the client user has the
-      <code>getattr</code> permission.
-    </p>
-
-    <h2><a name="drivers">Access control drivers</a></h2>
-
-    <p>
-      The access control framework is designed as a pluggable
-      system to enable future integration with arbitrary access
-      control technologies. By default, the <code>none</code>
-      driver is used, which does no access control checks at
-      all. At this time, libvirt ships with support for using
-      <a href="http://www.freedesktop.org/wiki/Software/polkit/">polkit</a> as a real access
-      control driver. To learn how to use the polkit access
-      driver consult <a href="aclpolkit.html">the configuration
-      docs</a>.
-    </p>
-
-    <p>
-      The access driver is configured in the <code>libvirtd.conf</code>
-      configuration file, using the <code>access_drivers</code>
-      parameter. This parameter accepts an array of access control
-      driver names. If more than one access driver is requested,
-      then all must succeed in order for access to be granted.
-      To enable 'polkit' as the driver:
-    </p>
-
-    <pre>
-# augtool -s set '/files/etc/libvirt/libvirtd.conf/access_drivers[1]' polkit
-    </pre>
-
-    <p>
-      And to reset back to the default (no-op) driver
-    </p>
-
-
-    <pre>
-# augtool -s rm /files/etc/libvirt/libvirtd.conf/access_drivers
-    </pre>
-
-    <p>
-      <strong>Note:</strong> changes to libvirtd.conf require that
-      the libvirtd daemon be restarted.
-    </p>
-
-    <h2><a name="perms">Objects and permissions</a></h2>
-
-    <p>
-      Libvirt applies access control to all the main object
-      types in its API. Each object type, in turn, has a set
-      of permissions defined. To determine what permissions
-      are checked for specific API call, consult the
-      <a href="html/libvirt-libvirt.html">API reference manual</a>
-      documentation for the API in question.
-    </p>
-
-    <div id="include" filename="aclperms.htmlinc"/>
-
-  </body>
-</html>

docs/aclpolkit.html.in

@@ -1,408 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Polkit access control</h1>
-
-    <p>
-      Libvirt's client <a href="acl.html">access control framework</a> allows
-      administrators to setup fine grained permission rules across client users,
-      managed objects and API operations. This allows client connections
-      to be locked down to a minimal set of privileges. The polkit driver
-      provides a simple implementation of the access control framework.
-    </p>
-
-    <ul id="toc"></ul>
-
-    <h2><a name="intro">Introduction</a></h2>
-
-    <p>
-      A default install of libvirt will typically use
-      <a href="http://www.freedesktop.org/wiki/Software/polkit/">polkit</a>
-      to authenticate the initial user connection to libvirtd. This is a
-      very coarse grained check though, either allowing full read-write
-      access to all APIs, or just read-only access. The polkit access
-      control driver in libvirt builds on this capability to allow for
-      fine grained control over the operations a user may perform on an
-      object.
-    </p>
-
-    <h2><a name="perms">Permission names</a></h2>
-
-    <p>
-      The libvirt <a href="acl.html#perms">object names and permission names</a>
-      are mapped onto polkit action names using the simple pattern:
-    </p>
-
-    <pre>org.libvirt.api.$object.$permission
-</pre>
-
-    <p>
-      The only caveat is that any underscore characters in the
-      object or permission names are converted to hyphens. So,
-      for example, the <code>search_storage_vols</code> permission
-      on the <code>storage_pool</code> object maps to the polkit
-      action:
-    </p>
-    <pre>org.libvirt.api.storage-pool.search-storage-vols
-</pre>
-
-    <p>
-      The default policy for any permission which corresponds to
-      a "read only" operation, is to allow access. All other
-      permissions default to deny access.
-    </p>
-
-    <h2><a name="attrs">Object identity attributes</a></h2>
-
-    <p>
-      To allow polkit authorization rules to be written to match
-      against individual object instances, libvirt provides a number
-      of authorization detail attributes when performing a permission
-      check. The set of attributes varies according to the type
-      of object being checked
-    </p>
-
-    <h3><a name="object_connect">virConnectPtr</a></h3>
-    <table class="acl">
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a name="object_domain">virDomainPtr</a></h3>
-    <table class="acl">
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>domain_name</td>
-          <td>Name of the domain, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>domain_uuid</td>
-          <td>UUID of the domain, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a name="object_interface">virInterfacePtr</a></h3>
-    <table class="acl">
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>interface_name</td>
-          <td>Name of the network interface, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>interface_mac</td>
-          <td>MAC address of the network interface, not unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a name="object_network">virNetworkPtr</a></h3>
-    <table class="acl">
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>network_name</td>
-          <td>Name of the network, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>network_uuid</td>
-          <td>UUID of the network, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a name="object_node_device">virNodeDevicePtr</a></h3>
-    <table class="acl">
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>node_device_name</td>
-          <td>Name of the node device, unique to the local host</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a name="object_nwfilter">virNWFilterPtr</a></h3>
-    <table class="acl">
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>nwfilter_name</td>
-          <td>Name of the network filter, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>nwfilter_uuid</td>
-          <td>UUID of the network filter, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a name="object_secret">virSecretPtr</a></h3>
-    <table class="acl">
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>secret_uuid</td>
-          <td>UUID of the secret, globally unique</td>
-        </tr>
-        <tr>
-          <td>secret_usage_volume</td>
-          <td>Name of the associated volume, if any</td>
-        </tr>
-        <tr>
-          <td>secret_usage_ceph</td>
-          <td>Name of the associated Ceph server, if any</td>
-        </tr>
-        <tr>
-          <td>secret_usage_target</td>
-          <td>Name of the associated iSCSI target, if any</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a name="object_storage_pool">virStoragePoolPtr</a></h3>
-    <table class="acl">
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>pool_name</td>
-          <td>Name of the storage pool, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>pool_uuid</td>
-          <td>UUID of the storage pool, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a name="object_storage_vol">virStorageVolPtr</a></h3>
-    <table class="acl">
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>pool_name</td>
-          <td>Name of the storage pool, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>pool_uuid</td>
-          <td>UUID of the storage pool, globally unique</td>
-        </tr>
-        <tr>
-          <td>vol_name</td>
-          <td>Name of the storage volume, unique to the pool</td>
-        </tr>
-        <tr>
-          <td>vol_key</td>
-          <td>Key of the storage volume, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-
-    <h2><a name="user">User identity attributes</a></h2>
-
-    <p>
-      At this point in time, the only attribute provided by
-      libvirt to identify the user invoking the operation
-      is the PID of the client program. This means that the
-      polkit access control driver is only useful if connections
-      to libvirt are restricted to its UNIX domain socket. If
-      connections are being made to a TCP socket, no identifying
-      information is available and access will be denied.
-      Also note that if the client is connecting via an SSH
-      tunnel, it is the local SSH user that will be identified.
-      In future versions, it is expected that more information
-      about the client user will be provided, including the
-      SASL / Kerberos username and/or x509 distinguished
-      name obtained from the authentication provider in use.
-    </p>
-
-
-    <h2><a name="checks">Writing access control policies</a></h2>
-
-    <p>
-      If using versions of polkit prior to 0.106 then it is only
-      possible to validate (user, permission) pairs via the <code>.pkla</code>
-      files. Fully validation of the (user, permission, object) triple
-      requires the new JavaScript <code>.rules</code> support that
-      was introduced in version 0.106. The latter is what will be
-      described here.
-    </p>
-
-    <p>
-      Libvirt does not ship any rules files by default. It merely
-      provides a definition of the default behaviour for each
-      action (permission). As noted earlier, permissions which
-      correspond to read-only operations in libvirt will be allowed
-      to all users by default; everything else is denied by default.
-      Defining custom rules requires creation of a file in the
-      <code>/etc/polkit-1/rules.d</code> directory with a name
-      chosen by the administrator (<code>100-libvirt-acl.rules</code>
-      would be a reasonable choice). See the <code>polkit(8)</code>
-      manual page for a description of how to write these files
-      in general. The key idea is to create a file containing
-      something like
-    </p>
-
-    <pre>
-      polkit.addRule(function(action, subject) {
-        ....logic to check 'action' and 'subject'...
-      });
-    </pre>
-
-    <p>
-      In this code snippet above, the <code>action</code> object
-      instance will represent the libvirt permission being checked
-      along with identifying attributes for the object it is being
-      applied to. The <code>subject</code> meanwhile will identify
-      the libvirt client app (with the caveat above about it only
-      dealing with local clients connected via the UNIX socket).
-      On the <code>action</code> object, the permission name is
-      accessible via the <code>id</code> attribute, while the
-      object identifying attributes are exposed via the
-      <code>lookup</code> method.
-    </p>
-
-    <h3><a name="exconnect">Example: restricting ability to connect to drivers</a></h3>
-
-    <p>
-      Consider a local user <code>berrange</code>
-      who has been granted permission to connect to libvirt in
-      full read-write mode. The goal is to only allow them to
-      use the <code>QEMU</code> driver and not the Xen or LXC
-      drivers which are also available in libvirtd.
-      To achieve this we need to write a rule which checks
-      whether the <code>connect_driver</code> attribute
-      is <code>QEMU</code>, and match on an action
-      name of <code>org.libvirt.api.connect.getattr</code>. Using
-      the javascript rules format, this ends up written as
-    </p>
-
-    <pre>
-polkit.addRule(function(action, subject) {
-    if (action.id == "org.libvirt.api.connect.getattr" &amp;&amp;
-        subject.user == "berrange") {
-          if (action.lookup("connect_driver") == 'QEMU') {
-            return polkit.Result.YES;
-          } else {
-            return polkit.Result.NO;
-          }
-    }
-});
-    </pre>
-
-    <h3><a name="exdomain">Example: restricting access to a single domain</a></h3>
-
-    <p>
-      Consider a local user <code>berrange</code>
-      who has been granted permission to connect to libvirt in
-      full read-write mode. The goal is to only allow them to
-      see the domain called <code>demo</code> on the LXC driver.
-      To achieve this we need to write a rule which checks
-      whether the <code>connect_driver</code> attribute
-      is <code>LXC</code> and the <code>domain_name</code>
-      attribute is <code>demo</code>, and match on a action
-      name of <code>org.libvirt.api.domain.getattr</code>. Using
-      the javascript rules format, this ends up written as
-    </p>
-
-    <pre>
-polkit.addRule(function(action, subject) {
-    if (action.id == "org.libvirt.api.domain.getattr" &amp;&amp;
-        subject.user == "berrange") {
-          if (action.lookup("connect_driver") == 'LXC' &amp;&amp;
-              action.lookup("domain_name") == 'demo') {
-            return polkit.Result.YES;
-          } else {
-            return polkit.Result.NO;
-          }
-    }
-});
-    </pre>
-  </body>
-</html>

docs/api.html.in

@@ -207,7 +207,7 @@
     virtualization <a href="#Functions">functions</a>. Depending upon the
     driver being used, calls will be routed through the remote driver to
     the libvirtd daemon. The daemon will reference the connection specific
-    driver in order to retrieve the requested information and then pass
+    driver in order to retreive the requested information and then pass
     back status and/or data through the connection back to the application.
     The application can then decide what to do with that data, such as
     display, write log data, etc. <a href="migration.html">Migration</a>

docs/api_extension.html.in

@@ -180,13 +180,12 @@
         being called and its parameters;</li>
       <li>MUST call virResetLastError();</li>
       <li>SHOULD confirm that the connection is valid with
-        virCheckConnectReturn() or virCheckConnectGoto();</li>
+        VIR_IS_CONNECT(conn);</li>
       <li><strong>SECURITY: If the API requires a connection with write
           privileges, MUST confirm that the connection flags do not
-          indicate that the connection is read-only with
-          virCheckReadOnlyGoto();</strong></li>
+          indicate that the connection is read-only;</strong></li>
       <li>SHOULD do basic validation of the parameters that are being
-        passed in, using helpers like virCheckNonNullArgGoto();</li>
+        passed in;</li>
       <li>MUST confirm that the driver for this connection exists and that
         it implements this function;</li>
       <li>MUST call the internal API;</li>

docs/apibuild.py

@@ -111,7 +111,7 @@ class identifier:
         self.extra = extra
         self.lineno = lineno
         self.static = 0
-        if conditionals is None or len(conditionals) == 0:
+        if conditionals == None or len(conditionals) == 0:
             self.conditionals = None
         else:
             self.conditionals = conditionals[:]
@@ -123,13 +123,13 @@ class identifier:
         r = "%s %s:" % (self.type, self.name)
         if self.static:
             r = r + " static"
-        if self.module is not None:
+        if self.module != None:
             r = r + " from %s" % (self.module)
-        if self.info is not None:
+        if self.info != None:
             r = r + " " +  `self.info`
-        if self.extra is not None:
+        if self.extra != None:
             r = r + " " + `self.extra`
-        if self.conditionals is not None:
+        if self.conditionals != None:
             r = r + " " + `self.conditionals`
         return r
 
@@ -149,7 +149,7 @@ class identifier:
     def set_static(self, static):
         self.static = static
     def set_conditionals(self, conditionals):
-        if conditionals is None or len(conditionals) == 0:
+        if conditionals == None or len(conditionals) == 0:
             self.conditionals = None
         else:
             self.conditionals = conditionals[:]
@@ -178,17 +178,17 @@ class identifier:
         if self.name == debugsym and not quiet:
             print "=> update %s : %s" % (debugsym, (module, type, info,
                                          extra, conditionals))
-        if header is not None and self.header is None:
+        if header != None and self.header == None:
             self.set_header(module)
-        if module is not None and (self.module is None or self.header == self.module):
+        if module != None and (self.module == None or self.header == self.module):
             self.set_module(module)
-        if type is not None and self.type is None:
+        if type != None and self.type == None:
             self.set_type(type)
-        if info is not None:
+        if info != None:
             self.set_info(info)
-        if extra is not None:
+        if extra != None:
             self.set_extra(extra)
-        if conditionals is not None:
+        if conditionals != None:
             self.set_conditionals(conditionals)
 
 class index:
@@ -217,10 +217,10 @@ class index:
            d = identifier(name, header, module, type, lineno, info, extra, conditionals)
            self.identifiers[name] = d
 
-        if d is not None and static == 1:
+        if d != None and static == 1:
             d.set_static(1)
 
-        if d is not None and name is not None and type is not None:
+        if d != None and name != None and type != None:
             self.references[name] = d
 
         if name == debugsym and not quiet:
@@ -239,10 +239,10 @@ class index:
            d = identifier(name, header, module, type, lineno, info, extra, conditionals)
            self.identifiers[name] = d
 
-        if d is not None and static == 1:
+        if d != None and static == 1:
             d.set_static(1)
 
-        if d is not None and name is not None and type is not None:
+        if d != None and name != None and type != None:
             if type == "function":
                 self.functions[name] = d
             elif type == "functype":
@@ -432,7 +432,7 @@ class CLexer:
             else:
                 line = self.line
                 self.line = ""
-            if line is None:
+            if line == None:
                 return None
 
             if line[0] == '#':
@@ -461,7 +461,7 @@ class CLexer:
                     tok = tok + line
                     if found == 0:
                         line = self.getline()
-                        if line is None:
+                        if line == None:
                             return None
                 self.last = ('string', tok)
                 return self.last
@@ -486,7 +486,7 @@ class CLexer:
                     tok = tok + line
                     if found == 0:
                         line = self.getline()
-                        if line is None:
+                        if line == None:
                             return None
                 self.last = ('comment', tok)
                 return self.last
@@ -598,7 +598,7 @@ class CParser:
             self.is_header = 0
         self.input = open(filename)
         self.lexer = CLexer(self.input)
-        if idx is None:
+        if idx == None:
             self.index = index()
         else:
             self.index = idx
@@ -707,7 +707,7 @@ class CParser:
         com = token[1]
         if self.top_comment == "":
             self.top_comment = com
-        if self.comment is None or com[0] == '*':
+        if self.comment == None or com[0] == '*':
             self.comment = com
         else:
             self.comment = self.comment + com
@@ -731,7 +731,7 @@ class CParser:
         args = []
         desc = ""
 
-        if self.comment is None:
+        if self.comment == None:
             if not quiet:
                 self.warning("Missing comment for type %s" % (name))
             return((args, desc))
@@ -780,7 +780,7 @@ class CParser:
         args = []
         desc = ""
 
-        if self.comment is None:
+        if self.comment == None:
             if not quiet:
                 self.warning("Missing comment for macro %s" % (name))
             return((args, desc))
@@ -860,7 +860,7 @@ class CParser:
         desc = ""
         retdesc = ""
 
-        if self.comment is None:
+        if self.comment == None:
             if not quiet:
                 self.warning("Missing comment for function %s" % (name))
             return(((ret[0], retdesc), args, desc))
@@ -926,7 +926,7 @@ class CParser:
                 if i < len(l) and l[i] == ' ':
                     i = i + 1
                 l = l[i:]
-            if len(l) >= 6 and l[0:7] == "Returns":
+            if len(l) >= 6 and  l[0:7] == "returns" or l[0:7] == "Returns":
                 try:
                     l = string.split(l, ' ', 1)[1]
                 except:
@@ -958,7 +958,7 @@ class CParser:
              #
             i = 0
             while i < nbargs:
-                if args[i][2] is None and args[i][0] != "void" and args[i][1] is not None:
+                if args[i][2] == None and args[i][0] != "void" and args[i][1] != None:
                     self.warning("Function comment for %s lacks description of arg %s" % (name, args[i][1]))
                 i = i + 1
             if retdesc == "" and ret[0] != "void":
@@ -975,7 +975,7 @@ class CParser:
         name = token[1]
         if name == "#include":
             token = self.lexer.token()
-            if token is None:
+            if token == None:
                 return None
             if token[0] == 'preproc':
                 self.index_add(token[1], self.filename, not self.is_header,
@@ -984,14 +984,14 @@ class CParser:
             return token
         if name == "#define":
             token = self.lexer.token()
-            if token is None:
+            if token == None:
                 return None
             if token[0] == 'preproc':
                  # TODO macros with arguments
                 name = token[1]
                 lst = []
                 token = self.lexer.token()
-                while token is not None and token[0] == 'preproc' and \
+                while token != None and token[0] == 'preproc' and \
                       token[1][0] != '#':
                     lst.append(token[1])
                     token = self.lexer.token()
@@ -1059,7 +1059,7 @@ class CParser:
                 self.conditionals = self.conditionals[:-1]
             self.defines = self.defines[:-1]
         token = self.lexer.token()
-        while token is not None and token[0] == 'preproc' and \
+        while token != None and token[0] == 'preproc' and \
             token[1][0] != '#':
             token = self.lexer.token()
         return token
@@ -1076,7 +1076,7 @@ class CParser:
         global ignored_words
 
         token = self.lexer.token()
-        while token is not None:
+        while token != None:
             if token[0] == 'comment':
                 token = self.parseComment(token)
                 continue
@@ -1088,7 +1088,7 @@ class CParser:
                 return token
             elif token[0] == "name" and token[1] == "__attribute":
                 token = self.lexer.token()
-                while token is not None and token[1] != ";":
+                while token != None and token[1] != ";":
                     token = self.lexer.token()
                 return token
             elif token[0] == "name" and ignored_words.has_key(token[1]):
@@ -1109,20 +1109,20 @@ class CParser:
      # Parse a typedef, it records the type and its name.
      #
     def parseTypedef(self, token):
-        if token is None:
+        if token == None:
             return None
         token = self.parseType(token)
-        if token is None:
+        if token == None:
             self.error("parsing typedef")
             return None
         base_type = self.type
         type = base_type
          #self.debug("end typedef type", token)
-        while token is not None:
+        while token != None:
             if token[0] == "name":
                 name = token[1]
                 signature = self.signature
-                if signature is not None:
+                if signature != None:
                     type = string.split(type, '(')[0]
                     d = self.mergeFunctionComment(name,
                             ((type, None), signature), 1)
@@ -1143,15 +1143,15 @@ class CParser:
                 self.error("parsing typedef: expecting a name")
                 return token
              #self.debug("end typedef", token)
-            if token is not None and token[0] == 'sep' and token[1] == ',':
+            if token != None and token[0] == 'sep' and token[1] == ',':
                 type = base_type
                 token = self.token()
-                while token is not None and token[0] == "op":
+                while token != None and token[0] == "op":
                     type = type + token[1]
                     token = self.token()
-            elif token is not None and token[0] == 'sep' and token[1] == ';':
+            elif token != None and token[0] == 'sep' and token[1] == ';':
                 break
-            elif token is not None and token[0] == 'name':
+            elif token != None and token[0] == 'name':
                 type = base_type
                 continue
             else:
@@ -1165,7 +1165,7 @@ class CParser:
      # the balancing } included
      #
     def parseBlock(self, token):
-        while token is not None:
+        while token != None:
             if token[0] == "sep" and token[1] == "{":
                 token = self.token()
                 token = self.parseBlock(token)
@@ -1205,7 +1205,7 @@ class CParser:
     def parseStruct(self, token):
         fields = []
          #self.debug("start parseStruct", token)
-        while token is not None:
+        while token != None:
             if token[0] == "sep" and token[1] == "{":
                 token = self.token()
                 token = self.parseTypeBlock(token)
@@ -1220,7 +1220,7 @@ class CParser:
                  #self.debug("before parseType", token)
                 token = self.parseType(token)
                  #self.debug("after parseType", token)
-                if token is not None and token[0] == "name":
+                if token != None and token[0] == "name":
                     fname = token[1]
                     token = self.token()
                     if token[0] == "sep" and token[1] == ";":
@@ -1236,12 +1236,12 @@ class CParser:
                         self.comment = None
                     else:
                         self.error("parseStruct: expecting ;", token)
-                elif token is not None and token[0] == "sep" and token[1] == "{":
+                elif token != None and token[0] == "sep" and token[1] == "{":
                     token = self.token()
                     token = self.parseTypeBlock(token)
-                    if token is not None and token[0] == "name":
+                    if token != None and token[0] == "name":
                         token = self.token()
-                    if token is not None and token[0] == "sep" and token[1] == ";":
+                    if token != None and token[0] == "sep" and token[1] == ";":
                         token = self.token()
                     else:
                         self.error("parseStruct: expecting ;", token)
@@ -1260,7 +1260,7 @@ class CParser:
     def parseUnion(self, token):
         fields = []
         # self.debug("start parseUnion", token)
-        while token is not None:
+        while token != None:
             if token[0] == "sep" and token[1] == "{":
                 token = self.token()
                 token = self.parseTypeBlock(token)
@@ -1275,7 +1275,7 @@ class CParser:
                 # self.debug("before parseType", token)
                 token = self.parseType(token)
                 # self.debug("after parseType", token)
-                if token is not None and token[0] == "name":
+                if token != None and token[0] == "name":
                     fname = token[1]
                     token = self.token()
                     if token[0] == "sep" and token[1] == ";":
@@ -1286,12 +1286,12 @@ class CParser:
                         self.comment = None
                     else:
                         self.error("parseUnion: expecting ;", token)
-                elif token is not None and token[0] == "sep" and token[1] == "{":
+                elif token != None and token[0] == "sep" and token[1] == "{":
                     token = self.token()
                     token = self.parseTypeBlock(token)
-                    if token is not None and token[0] == "name":
+                    if token != None and token[0] == "name":
                         token = self.token()
-                    if token is not None and token[0] == "sep" and token[1] == ";":
+                    if token != None and token[0] == "sep" and token[1] == ";":
                         token = self.token()
                     else:
                         self.error("parseUnion: expecting ;", token)
@@ -1312,15 +1312,15 @@ class CParser:
         name = None
         self.comment = None
         comment = ""
-        value = "0"
-        while token is not None:
+        value = "-1"
+        while token != None:
             if token[0] == "sep" and token[1] == "{":
                 token = self.token()
                 token = self.parseTypeBlock(token)
             elif token[0] == "sep" and token[1] == "}":
-                if name is not None:
+                if name != None:
                     self.cleanupComment()
-                    if self.comment is not None:
+                    if self.comment != None:
                         comment = self.comment
                         self.comment = None
                     self.enums.append((name, value, comment))
@@ -1328,8 +1328,8 @@ class CParser:
                 return token
             elif token[0] == "name":
                     self.cleanupComment()
-                    if name is not None:
-                        if self.comment is not None:
+                    if name != None:
+                        if self.comment != None:
                             comment = string.strip(self.comment)
                             self.comment = None
                         self.enums.append((name, value, comment))
@@ -1446,30 +1446,12 @@ class CParser:
 
         return token
 
-    def parseVirLogInit(self, token):
-        if token[0] != "string":
-            self.error("parsing VIR_LOG_INIT: expecting string", token)
-
-        token = self.token()
-
-        if token[0] != "sep":
-            self.error("parsing VIR_LOG_INIT: expecting ')'", token)
-
-        if token[1] != ')':
-            self.error("parsing VIR_LOG_INIT: expecting ')'", token)
-
-        token = self.token()
-        if token[0] == "sep" and token[1] == ';':
-            token = self.token()
-
-        return token
-
      #
      # Parse a C definition block, used for structs or unions it parse till
      # the balancing }
      #
     def parseTypeBlock(self, token):
-        while token is not None:
+        while token != None:
             if token[0] == "sep" and token[1] == "{":
                 token = self.token()
                 token = self.parseTypeBlock(token)
@@ -1490,7 +1472,7 @@ class CParser:
         self.struct_fields = []
         self.union_fields = []
         self.signature = None
-        if token is None:
+        if token == None:
             return token
 
         while token[0] == "name" and (
@@ -1542,13 +1524,13 @@ class CParser:
             if token[0] == "name":
                 nametok = token
                 token = self.token()
-            if token is not None and token[0] == "sep" and token[1] == "{":
+            if token != None and token[0] == "sep" and token[1] == "{":
                 token = self.token()
                 token = self.parseStruct(token)
-            elif token is not None and token[0] == "op" and token[1] == "*":
+            elif token != None and token[0] == "op" and token[1] == "*":
                 self.type = self.type + " " + nametok[1] + " *"
                 token = self.token()
-                while token is not None and token[0] == "op" and token[1] == "*":
+                while token != None and token[0] == "op" and token[1] == "*":
                     self.type = self.type + " *"
                     token = self.token()
                 if token[0] == "name":
@@ -1557,11 +1539,11 @@ class CParser:
                 else:
                     self.error("struct : expecting name", token)
                     return token
-            elif token is not None and token[0] == "name" and nametok is not None:
+            elif token != None and token[0] == "name" and nametok != None:
                 self.type = self.type + " " + nametok[1]
                 return token
 
-            if nametok is not None:
+            if nametok != None:
                 self.lexer.push(token)
                 token = nametok
             return token
@@ -1576,14 +1558,14 @@ class CParser:
             if token[0] == "name":
                 nametok = token
                 token = self.token()
-            if token is not None and token[0] == "sep" and token[1] == "{":
+            if token != None and token[0] == "sep" and token[1] == "{":
                 token = self.token()
                 token = self.parseUnion(token)
-            elif token is not None and token[0] == "name" and nametok is not None:
+            elif token != None and token[0] == "name" and nametok != None:
                 self.type = self.type + " " + nametok[1]
                 return token
 
-            if nametok is not None:
+            if nametok != None:
                 self.lexer.push(token)
                 token = nametok
             return token
@@ -1595,13 +1577,13 @@ class CParser:
                 self.type = self.type + " " + token[1]
             self.enums = []
             token = self.token()
-            if token is not None and token[0] == "sep" and token[1] == "{":
+            if token != None and token[0] == "sep" and token[1] == "{":
                 token = self.token()
                 token = self.parseEnumBlock(token)
             else:
                 self.error("parsing enum: expecting '{'", token)
             enum_type = None
-            if token is not None and token[0] != "name":
+            if token != None and token[0] != "name":
                 self.lexer.push(token)
                 token = ("name", "enum")
             else:
@@ -1613,40 +1595,28 @@ class CParser:
             return token
         elif token[0] == "name" and token[1] == "VIR_ENUM_DECL":
             token = self.token()
-            if token is not None and token[0] == "sep" and token[1] == "(":
+            if token != None and token[0] == "sep" and token[1] == "(":
                 token = self.token()
                 token = self.parseVirEnumDecl(token)
             else:
                 self.error("parsing VIR_ENUM_DECL: expecting '('", token)
-            if token is not None:
+            if token != None:
                 self.lexer.push(token)
                 token = ("name", "virenumdecl")
             return token
 
         elif token[0] == "name" and token[1] == "VIR_ENUM_IMPL":
             token = self.token()
-            if token is not None and token[0] == "sep" and token[1] == "(":
+            if token != None and token[0] == "sep" and token[1] == "(":
                 token = self.token()
                 token = self.parseVirEnumImpl(token)
             else:
                 self.error("parsing VIR_ENUM_IMPL: expecting '('", token)
-            if token is not None:
+            if token != None:
                 self.lexer.push(token)
                 token = ("name", "virenumimpl")
             return token
 
-        elif token[0] == "name" and token[1] == "VIR_LOG_INIT":
-            token = self.token()
-            if token is not None and token[0] == "sep" and token[1] == "(":
-                token = self.token()
-                token = self.parseVirLogInit(token)
-            else:
-                self.error("parsing VIR_LOG_INIT: expecting '('", token)
-            if token is not None:
-                self.lexer.push(token)
-                token = ("name", "virloginit")
-            return token
-
         elif token[0] == "name":
             if self.type == "":
                 self.type = token[1]
@@ -1657,7 +1627,7 @@ class CParser:
                        token)
             return token
         token = self.token()
-        while token is not None and (token[0] == "op" or
+        while token != None and (token[0] == "op" or
               token[0] == "name" and token[1] == "const"):
             self.type = self.type + " " + token[1]
             token = self.token()
@@ -1665,22 +1635,22 @@ class CParser:
          #
          # if there is a parenthesis here, this means a function type
          #
-        if token is not None and token[0] == "sep" and token[1] == '(':
+        if token != None and token[0] == "sep" and token[1] == '(':
             self.type = self.type + token[1]
             token = self.token()
-            while token is not None and token[0] == "op" and token[1] == '*':
+            while token != None and token[0] == "op" and token[1] == '*':
                 self.type = self.type + token[1]
                 token = self.token()
-            if token is None or token[0] != "name" :
+            if token == None or token[0] != "name" :
                 self.error("parsing function type, name expected", token)
                 return token
             self.type = self.type + token[1]
             nametok = token
             token = self.token()
-            if token is not None and token[0] == "sep" and token[1] == ')':
+            if token != None and token[0] == "sep" and token[1] == ')':
                 self.type = self.type + token[1]
                 token = self.token()
-                if token is not None and token[0] == "sep" and token[1] == '(':
+                if token != None and token[0] == "sep" and token[1] == '(':
                     token = self.token()
                     type = self.type
                     token = self.parseSignature(token)
@@ -1698,25 +1668,25 @@ class CParser:
          #
          # do some lookahead for arrays
          #
-        if token is not None and token[0] == "name":
+        if token != None and token[0] == "name":
             nametok = token
             token = self.token()
-            if token is not None and token[0] == "sep" and token[1] == '[':
+            if token != None and token[0] == "sep" and token[1] == '[':
                 self.type = self.type + " " + nametok[1]
-                while token is not None and token[0] == "sep" and token[1] == '[':
+                while token != None and token[0] == "sep" and token[1] == '[':
                     self.type = self.type + token[1]
                     token = self.token()
-                    while token is not None and token[0] != 'sep' and \
+                    while token != None and token[0] != 'sep' and \
                           token[1] != ']' and token[1] != ';':
                         self.type = self.type + token[1]
                         token = self.token()
-                if token is not None and token[0] == 'sep' and token[1] == ']':
+                if token != None and token[0] == 'sep' and token[1] == ']':
                     self.type = self.type + token[1]
                     token = self.token()
                 else:
                     self.error("parsing array type, ']' expected", token)
                     return token
-            elif token is not None and token[0] == "sep" and token[1] == ':':
+            elif token != None and token[0] == "sep" and token[1] == ':':
                  # remove :12 in case it's a limited int size
                 token = self.token()
                 token = self.token()
@@ -1730,25 +1700,25 @@ class CParser:
      #    up to the ')' included
     def parseSignature(self, token):
         signature = []
-        if token is not None and token[0] == "sep" and token[1] == ')':
+        if token != None and token[0] == "sep" and token[1] == ')':
             self.signature = []
             token = self.token()
             return token
-        while token is not None:
+        while token != None:
             token = self.parseType(token)
-            if token is not None and token[0] == "name":
+            if token != None and token[0] == "name":
                 signature.append((self.type, token[1], None))
                 token = self.token()
-            elif token is not None and token[0] == "sep" and token[1] == ',':
+            elif token != None and token[0] == "sep" and token[1] == ',':
                 token = self.token()
                 continue
-            elif token is not None and token[0] == "sep" and token[1] == ')':
+            elif token != None and token[0] == "sep" and token[1] == ')':
                  # only the type was provided
                 if self.type == "...":
                     signature.append((self.type, "...", None))
                 else:
                     signature.append((self.type, None, None))
-            if token is not None and token[0] == "sep":
+            if token != None and token[0] == "sep":
                 if token[1] == ',':
                     token = self.token()
                     continue
@@ -1843,17 +1813,17 @@ class CParser:
         static = 0
         if token[1] == 'extern':
             token = self.token()
-            if token is None:
+            if token == None:
                 return token
             if token[0] == 'string':
                 if token[1] == 'C':
                     token = self.token()
-                    if token is None:
+                    if token == None:
                         return token
                     if token[0] == 'sep' and token[1] == "{":
                         token = self.token()
 #                        print 'Entering extern "C line ', self.lineno()
-                        while token is not None and (token[0] != 'sep' or
+                        while token != None and (token[0] != 'sep' or
                               token[1] != "}"):
                             if token[0] == 'name':
                                 token = self.parseGlobal(token)
@@ -1870,7 +1840,7 @@ class CParser:
         elif token[1] == 'static':
             static = 1
             token = self.token()
-            if token is None or  token[0] != 'name':
+            if token == None or  token[0] != 'name':
                 return token
 
         if token[1] == 'typedef':
@@ -1879,22 +1849,22 @@ class CParser:
         else:
             token = self.parseType(token)
             type_orig = self.type
-        if token is None or token[0] != "name":
+        if token == None or token[0] != "name":
             return token
         type = type_orig
         self.name = token[1]
         token = self.token()
-        while token is not None and (token[0] == "sep" or token[0] == "op"):
+        while token != None and (token[0] == "sep" or token[0] == "op"):
             if token[0] == "sep":
                 if token[1] == "[":
                     type = type + token[1]
                     token = self.token()
-                    while token is not None and (token[0] != "sep" or \
+                    while token != None and (token[0] != "sep" or \
                           token[1] != ";"):
                         type = type + token[1]
                         token = self.token()
 
-            if token is not None and token[0] == "op" and token[1] == "=":
+            if token != None and token[0] == "op" and token[1] == "=":
                  #
                  # Skip the initialization of the variable
                  #
@@ -1904,15 +1874,15 @@ class CParser:
                     token = self.parseBlock(token)
                 else:
                     self.comment = None
-                    while token is not None and (token[0] != "sep" or \
+                    while token != None and (token[0] != "sep" or \
                           (token[1] != ';' and token[1] != ',')):
                             token = self.token()
                 self.comment = None
-                if token is None or token[0] != "sep" or (token[1] != ';' and
+                if token == None or token[0] != "sep" or (token[1] != ';' and
                    token[1] != ','):
                     self.error("missing ';' or ',' after value")
 
-            if token is not None and token[0] == "sep":
+            if token != None and token[0] == "sep":
                 if token[1] == ";":
                     self.comment = None
                     token = self.token()
@@ -1927,7 +1897,7 @@ class CParser:
                 elif token[1] == "(":
                     token = self.token()
                     token = self.parseSignature(token)
-                    if token is None:
+                    if token == None:
                         return None
                     if token[0] == "sep" and token[1] == ";":
                         self.checkLongLegacyFunction(self.name, type, self.signature)
@@ -1950,10 +1920,10 @@ class CParser:
                                     "variable", type)
                     type = type_orig
                     token = self.token()
-                    while token is not None and token[0] == "sep":
+                    while token != None and token[0] == "sep":
                         type = type + token[1]
                         token = self.token()
-                    if token is not None and token[0] == "name":
+                    if token != None and token[0] == "name":
                         self.name = token[1]
                         token = self.token()
                 else:
@@ -1965,7 +1935,7 @@ class CParser:
         if not quiet:
             print "Parsing %s" % (self.filename)
         token = self.token()
-        while token is not None:
+        while token != None:
             if token[0] == 'name':
                 token = self.parseGlobal(token)
             else:
@@ -2007,7 +1977,7 @@ class docBuilder:
         print >>sys.stderr, "Error:", msg
 
     def indexString(self, id, str):
-        if str is None:
+        if str == None:
             return
         str = string.replace(str, "'", ' ')
         str = string.replace(str, '"', ' ')
@@ -2099,17 +2069,17 @@ class docBuilder:
         id = self.idx.enums[name]
         output.write("    <enum name='%s' file='%s'" % (name,
                      self.modulename_file(id.header)))
-        if id.info is not None:
+        if id.info != None:
             info = id.info
-            if info[0] is not None and info[0] != '':
+            if info[0] != None and info[0] != '':
                 try:
                     val = eval(info[0])
                 except:
                     val = info[0]
                 output.write(" value='%s'" % (val))
-            if info[2] is not None and info[2] != '':
+            if info[2] != None and info[2] != '':
                 output.write(" type='%s'" % info[2])
-            if info[1] is not None and info[1] != '':
+            if info[1] != None and info[1] != '':
                 output.write(" info='%s'" % escape(info[1]))
         output.write("/>\n")
 
@@ -2117,15 +2087,15 @@ class docBuilder:
         id = self.idx.macros[name]
         output.write("    <macro name='%s' file='%s'>\n" % (name,
                      self.modulename_file(id.header)))
-        if id.info is not None:
+        if id.info != None:
             try:
                 (args, desc) = id.info
-                if desc is not None and desc != "":
+                if desc != None and desc != "":
                     output.write("      <info><![CDATA[%s]]></info>\n" % (desc))
                     self.indexString(name, desc)
                 for arg in args:
                     (name, desc) = arg
-                    if desc is not None and desc != "":
+                    if desc != None and desc != "":
                         output.write("      <arg name='%s' info='%s'/>\n" % (
                                      name, escape(desc)))
                         self.indexString(name, desc)
@@ -2140,7 +2110,7 @@ class docBuilder:
         output.write("        <union>\n")
         for f in field[3]:
             desc = f[2]
-            if desc is None:
+            if desc == None:
                 desc = ''
             else:
                 desc = escape(desc)
@@ -2163,7 +2133,7 @@ class docBuilder:
                     for field in self.idx.structs[name].info:
                         desc = field[2]
                         self.indexString(name, desc)
-                        if desc is None:
+                        if desc == None:
                             desc = ''
                         else:
                             desc = escape(desc)
@@ -2181,7 +2151,7 @@ class docBuilder:
                          name, self.modulename_file(id.header), id.info))
             try:
                 desc = id.extra
-                if desc is not None and desc != "":
+                if desc != None and desc != "":
                     output.write(">\n      <info><![CDATA[%s]]></info>\n" % (desc))
                     output.write("    </typedef>\n")
                 else:
@@ -2191,7 +2161,7 @@ class docBuilder:
 
     def serialize_variable(self, output, name):
         id = self.idx.variables[name]
-        if id.info is not None:
+        if id.info != None:
             output.write("    <variable name='%s' file='%s' type='%s'/>\n" % (
                     name, self.modulename_file(id.header), id.info))
         else:
@@ -2209,7 +2179,7 @@ class docBuilder:
         #
         # Processing of conditionals modified by Bill 1/1/05
         #
-        if id.conditionals is not None:
+        if id.conditionals != None:
             apstr = ""
             for cond in id.conditionals:
                 if apstr != "":
@@ -2220,10 +2190,10 @@ class docBuilder:
             (ret, params, desc) = id.info
             output.write("      <info><![CDATA[%s]]></info>\n" % (desc))
             self.indexString(name, desc)
-            if ret[0] is not None:
+            if ret[0] != None:
                 if ret[0] == "void":
                     output.write("      <return type='void'/>\n")
-                elif (ret[1] is None or ret[1] == '') and not ignored_functions.has_key(name):
+                elif (ret[1] == None or ret[1] == '') and not ignored_functions.has_key(name):
                     self.error("Missing documentation for return of function `%s'" % name)
                 else:
                     output.write("      <return type='%s' info='%s'/>\n" % (
@@ -2232,7 +2202,7 @@ class docBuilder:
             for param in params:
                 if param[0] == 'void':
                     continue
-                if (param[2] is None or param[2] == ''):
+                if (param[2] == None or param[2] == ''):
                     if ignored_functions.has_key(name):
                         output.write("      <arg name='%s' type='%s' info=''/>\n" % (param[1], param[0]))
                     else:
@@ -2249,7 +2219,7 @@ class docBuilder:
         module = self.modulename_file(file)
         output.write("    <file name='%s'>\n" % (module))
         dict = self.headers[file]
-        if dict.info is not None:
+        if dict.info != None:
             for data in ('Summary', 'Description', 'Author'):
                 try:
                     output.write("     <%s>%s</%s>\n" % (
@@ -2382,12 +2352,12 @@ class docBuilder:
         ids.sort()
         for id in ids:
             if id[0] != letter:
-                if letter is not None:
+                if letter != None:
                     output.write("    </letter>\n")
                 letter = id[0]
                 output.write("    <letter name='%s'>\n" % (letter))
             output.write("      <ref name='%s'/>\n" % (id))
-        if letter is not None:
+        if letter != None:
             output.write("    </letter>\n")
 
     def serialize_xrefs_references(self, output):
@@ -2413,8 +2383,8 @@ class docBuilder:
             if len(index[id]) > 30:
                 continue
             if id[0] != letter:
-                if letter is None or count > 200:
-                    if letter is not None:
+                if letter == None or count > 200:
+                    if letter != None:
                         output.write("      </letter>\n")
                         output.write("    </chunk>\n")
                         count = 0
@@ -2422,7 +2392,7 @@ class docBuilder:
                     output.write("    <chunk name='chunk%s'>\n" % (chunk))
                     first_letter = id[0]
                     chunk = chunk + 1
-                elif letter is not None:
+                elif letter != None:
                     output.write("      </letter>\n")
                 letter = id[0]
                 output.write("      <letter name='%s'>\n" % (letter))
@@ -2437,7 +2407,7 @@ class docBuilder:
                 output.write("          <ref name='%s'/>\n" % (token))
                 count = count + 1
             output.write("        </word>\n")
-        if letter is not None:
+        if letter != None:
             output.write("      </letter>\n")
             output.write("    </chunk>\n")
             if count != 0:

docs/apps.html.in

@@ -103,19 +103,6 @@
         in a virtual machine.  It prints out a list of facts about the
         virtual machine, derived from heuristics.
       </dd>
-      <dt><a href="http://sourceware.org/systemtap/">stap</a></dt>
-      <dd>
-        SystemTap is a tool used to gather rich information about a running
-        system through the use of scripts. Starting from v2.4, the front-end
-        application stap can use libvirt to gather data within virtual
-        machines.
-      </dd>
-      <dt><a href="https://github.com/pradels/vagrant-libvirt/">vagrant-libvirt</a></dt>
-      <dd>
-        Vagrant-Libvirt is a Vagrant plugin that uses libvirt to manage virtual
-        machines. It is a command line tool for developers that makes it very
-        fast and easy to deploy and re-deploy an environment of vm's.
-      </dd>
     </dl>
 
     <h2><a name="configmgmt">Configuration Management</a></h2>
@@ -257,15 +244,6 @@
         integrates libvirt for VM monitoring, live migration, and life-cycle
         management.
       </dd>
-
-      <dt><a href="http://www.openstack.org">OpenStack</a></dt>
-      <dd>
-        OpenStack is a "cloud operating system" usable for both public
-        and private clouds.  Its various parts take care of compute,
-        storage and networking resources and interface with the user
-        using a dashboard.  Compute part uses libvirt to manage VM
-        life-cycle, monitoring and so on.
-      </dd>
     </dl>
 
     <h2><a name="libraries">Libraries</a></h2>
@@ -283,24 +261,19 @@
         host, and there is a subproject to allow merging changes into the
         Windows Registry in Windows guests.
       </dd>
-
-      <dt><a href="http://sandbox.libvirt.org">libvirt-sandbox</a></dt>
-      <dd>
-        A library and command line tools for simplifying the creation of
-        application sandboxes using virtualization technology. It currently
-        supports either KVM, QEMU or LXC as backends. Integration with
-        systemd facilitates sandboxing of system services like apache.
-      </dd>
-      <dt><a href="https://github.com/ohadlevy/virt#readme">Ruby
-          Libvirt Object bindings</a></dt>
-      <dd>
-        Allows using simple ruby objects to manipulate
-        hypervisors, guests, storage, network etc.  It is
-        based on top of
-        the <a href="http://libvirt.org/ruby">native ruby bindings</a>.
-      </dd>
     </dl>
 
+        <dl>
+            <dt><a href="https://github.com/ohadlevy/virt#readme">Ruby
+            Libvirt Object bindings</a></dt>
+            <dd>
+                Allows using simple ruby objects to manipulate
+                hypervisors, guests, storage, network etc.  It is
+                based on top of
+                the <a href="http://libvirt.org/ruby">native ruby
+                bindings</a>.
+            </dd>
+        </dl>
     <h2><a name="livecd">LiveCD / Appliances</a></h2>
 
     <dl>
@@ -399,15 +372,6 @@
         with FreeIPA for Kerberos authentication, and in the future,
         certificate management.
       </dd>
-      <dt><a href="http://ispsystem.com/en/software/vmmanager">VMmanager</a></dt>
-      <dd>
-        VMmanager is a software solution for virtualization management
-        that can be used both for hosting virtual machines and
-        building a cloud.  VMmanager can manage not only one server,
-        but a large cluster of hypervisors.  It delivers a number of
-        functions, such as live migration that allows for load
-        balancing between cluster nodes, monitoring CPU, memory.
-      </dd>
     </dl>
 
     <h2><a name="mobile">Mobile applications</a></h2>

docs/auditlog.html.in

@@ -1,321 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Audit log</h1>
-
-    <ul id="toc"></ul>
-
-    <h2><a name="intro">Introduction</a></h2>
-
-    <p>
-      A number of the libvirt virtualization drivers (QEMU/KVM and LXC) include
-      support for logging details of important operations to the host's audit
-      subsystem. This provides administrators / auditors with a canonical historical
-      record of changes to virtual machines' / containers' lifecycle states and
-      their configuration. On hosts which are running the Linux audit daemon,
-      the logs will usually end up in <code>/var/log/audit/audit.log</code>
-    </p>
-
-    <h2><a name="config">Configuration</a></h2>
-
-    <p>
-      The libvirt audit integration is enabled by default on any host which has
-      the Linux audit subsystem active, and disabled otherwise. It is possible
-      to alter this behaviour in the <code>/etc/libvirt/libvirtd.conf</code>
-      configuration file, via the <code>audit_level</code> parameter
-    </p>
-
-    <ul>
-      <li><code>audit_level=0</code> - libvirt auditing is disabled regardless
-        of host audit subsystem enablement.</li>
-      <li><code>audit_level=1</code> - libvirt auditing is enabled if the host
-        audit subsystem is enabled, otherwise it is disabled. This is the
-        default behaviour.</li>
-      <li><code>audit_level=2</code> - libvirt auditing is enabled regardless
-        of host audit subsystem enablement. If the host audit subsystem is
-        disabled, then libvirtd will refuse to complete startup and exit with
-        an error.</li>
-    </ul>
-
-    <p>
-      In addition to have formal messages sent to the audit subsystem it is
-      possible to tell libvirt to inject messages into its own logging
-      layer. This will result in messages ending up in the systemd journal
-      or <code>/var/log/libvirt/libivrtd.log</code> on non-systemd hosts.
-      This is disabled by default, but can be requested by setting the
-      <code>audit_logging=1</code> configuration parameter in the same file
-      mentioned above.
-    </p>
-
-    <h2><a name="types">Message types</a></h2>
-
-    <p>
-      Libvirt defines three core audit message types each of which will
-      be described below. There are a number of common fields that will
-      be reported for all message types.
-    </p>
-
-    <dl>
-      <dt>pid</dt>
-      <dd>Process ID of the libvirtd daemon generating the audit record.</dd>
-      <dt>uid</dt>
-      <dd>User ID of the libvirtd daemon process generating the audit record.</dd>
-      <dt>subj</dt>
-      <dd>Security context of the libvirtd daemon process generating the audit record.</dd>
-      <dt>msg</dt>
-      <dd>String containing a list of key=value pairs specific to the type of audit record being reported.</dd>
-    </dl>
-
-    <p>
-      Some fields in the <code>msg</code> string are common to audit records
-    </p>
-
-    <dl>
-      <dt>virt</dt>
-      <dd>Type of virtualization driver used. One of <code>qemu</code> or <code>lxc</code></dd>
-      <dt>vm</dt>
-      <dd>Host driver unique name of the guest</dd>
-      <dt>uuid</dt>
-      <dd>Globally unique identifier for the guest</dd>
-      <dt>exe</dt>
-      <dd>Path of the libvirtd daemon</dd>
-      <dt>hostname</dt>
-      <dd>Currently unused</dd>
-      <dt>addr</dt>
-      <dd>Currently unused</dd>
-      <dt>terminal</dt>
-      <dd>Currently unused</dd>
-      <dt>res</dt>
-      <dd>Result of the action, either <code>success</code> or <code>failed</code></dd>
-    </dl>
-
-    <h3><a name="typecontrol">VIRT_CONTROL</a></h3>
-
-    <p>
-      Reports change in the lifecycle state of a virtual machine. The <code>msg</code>
-      field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt>op</dt>
-      <dd>Type of operation performed. One of <code>start</code>, <code>stop</code> or <code>init</code></dd>
-      <dt>reason</dt>
-      <dd>The reason which caused the operation to happen</dd>
-      <dt>vm-pid</dt>
-      <dd>ID of the primary/leading process associated with the guest</dd>
-      <dt>init-pid</dt>
-      <dd>ID of the <code>init</code> process in a container. Only if <code>op=init</code> and <code>virt=lxc</code></dd>
-      <dt>pid-ns</dt>
-      <dd>Namespace ID of the <code>init</code> process in a container. Only if <code>op=init</code> and <code>virt=lxc</code></dd>
-    </dl>
-
-    <h3><a name="typemachine">VIRT_MACHINE_ID</a></h3>
-
-    <p>
-      Reports the association of a security context with a guest. The <code>msg</code>
-      field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt>model</dt>
-      <dd>The security driver type. One of <code>selinux</code> or <code>apparmor</code></dd>
-      <dt>vm-ctx</dt>
-      <dd>Security context for the guest process</dd>
-      <dt>img-ctx</dt>
-      <dd>Security context for the guest disk images and other assigned host resources</dd>
-    </dl>
-
-    <h3><a name="typeresource">VIRT_RESOURCE</a></h3>
-
-    <p>
-      Reports the usage of a host resource by a guest. The fields include will
-      vary according to the type of device being reported. When the guest is
-      initially booted records will be generated for all assigned resources.
-      If any changes are made to the running guest configuration, for example
-      hotplug devices, or adjust resources allocation, further records will
-      be generated.
-    </p>
-
-    <h4><a name="typeresourcevcpu">Virtual CPU</a></h4>
-
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt>reason</dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt>resrc</dt>
-      <dd>The type of resource assigned. Set to <code>vcpu</code></dd>
-      <dt>old-vcpu</dt>
-      <dd>Original vCPU count, or 0</dd>
-      <dt>new-vcpu</dt>
-      <dd>Updated vCPU count</dd>
-    </dl>
-
-
-    <h4><a name="typeresourcemem">Memory</a></h4>
-
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt>reason</dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt>resrc</dt>
-      <dd>The type of resource assigned. Set to <code>mem</code></dd>
-      <dt>old-mem</dt>
-      <dd>Original memory size in bytes, or 0</dd>
-      <dt>new-mem</dt>
-      <dd>Updated memory size in bytes</dd>
-    </dl>
-
-    <h4><a name="typeresourcedisk">Disk</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt>reason</dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt>resrc</dt>
-      <dd>The type of resource assigned. Set to <code>disk</code></dd>
-      <dt>old-disk</dt>
-      <dd>Original host file or device path acting as the disk backing file</dd>
-      <dt>new-disk</dt>
-      <dd>Updated host file or device path acting as the disk backing file</dd>
-    </dl>
-
-    <h4><a name="typeresourcenic">Network interface</a></h4>
-
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt>reason</dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt>resrc</dt>
-      <dd>The type of resource assigned. Set to <code>net</code></dd>
-      <dt>old-net</dt>
-      <dd>Original MAC address of the guest network interface</dd>
-      <dt>new-net</dt>
-      <dd>Updated MAC address of the guest network interface</dd>
-    </dl>
-
-    <p>
-      If there is a host network interface associated with the guest NIC then
-      further records may be generated
-    </p>
-
-    <dl>
-      <dt>reason</dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt>resrc</dt>
-      <dd>The type of resource assigned. Set to <code>net</code></dd>
-      <dt>net</dt>
-      <dd>MAC address of the host network interface</dd>
-      <dt>rdev</dt>
-      <dd>Name of the host network interface</dd>
-    </dl>
-
-    <h4><a name="typeresourcefs">Filesystem</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt>reason</dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt>resrc</dt>
-      <dd>The type of resource assigned. Set to <code>fs</code></dd>
-      <dt>old-fs</dt>
-      <dd>Original host directory, file or device path backing the filesystem </dd>
-      <dt>new-fs</dt>
-      <dd>Updated host directory, file or device path backing the filesystem</dd>
-    </dl>
-
-    <h4><a name="typeresourcehost">Host device</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt>reason</dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt>resrc</dt>
-      <dd>The type of resource assigned. Set to <code>hostdev</code> or <code>dev</code></dd>
-      <dt>dev</dt>
-      <dd>The unique bus identifier of the USB, PCI or SCSI device, if <code>resrc=dev</code></dd>
-      <dt>disk</dt>
-      <dd>The path of the block device assigned to the guest, if <code>resrc=hostdev</code></dd>
-      <dt>chardev</dt>
-      <dd>The path of the character device assigned to the guest, if <code>resrc=hostdev</code></dd>
-    </dl>
-
-    <h4><a name="typeresourcetpm">TPM</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt>reason</dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt>resrc</dt>
-      <dd>The type of resource assigned. Set to <code>tpm</code></dd>
-      <dt>device</dt>
-      <dd>The path of the host TPM device assigned to the guest</dd>
-    </dl>
-
-    <h4><a name="typeresourcerng">RNG</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt>reason</dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt>resrc</dt>
-      <dd>The type of resource assigned. Set to <code>rng</code></dd>
-      <dt>old-rng</dt>
-      <dd>Original path of the host entropy source for the RNG</dd>
-      <dt>new-rng</dt>
-      <dd>Updated path of the host entropy source for the RNG</dd>
-    </dl>
-
-
-    <h4><a name="typeresourceredir">Redirected device</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt>reason</dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt>resrc</dt>
-      <dd>The type of resource assigned. Set to <code>redir</code></dd>
-      <dt>bus</dt>
-      <dd>The bus type, only <code>usb</code> allowed</dd>
-      <dt>device</dt>
-      <dd>The device type, only <code>USB redir</code> allowed</dd>
-    </dl>
-
-    <h4><a name="typeresourcecgroup">Control group</a></h4>
-
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt>reason</dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt>resrc</dt>
-      <dd>The type of resource assigned. Set to <code>cgroup</code></dd>
-      <dt>cgroup</dt>
-      <dd>The name of the cgroup controller</dd>
-    </dl>
-
-  </body>
-</html>

docs/auth.html.in

@@ -2,14 +2,12 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
   <body>
-    <h1>Connection authentication</h1>
+    <h1 >Authentication &amp; access control</h1>
     <p>
       When connecting to libvirt, some connections may require client
       authentication before allowing use of the APIs. The set of possible
       authentication mechanisms is administrator controlled, independent
-      of applications using libvirt. Once authenticated, libvirt can apply
-      fine grained <a href="acl.html">access control</a> to the operations
-      performed by a client.
+      of applications using libvirt.
     </p>
 
     <ul id="toc"></ul>

docs/bugs.html.in

@@ -132,7 +132,7 @@
       crash, the simplest is to run the program under gdb, reproduce the
       steps leading to the crash and then issue a gdb "bt -a" command to
       get the stack trace, attach it to the bug. Note that for the
-      data to be really useful libvirt debug information must be present
+      data to be really useful libvirt debug informations must be present
       for example by installing libvirt debuginfo package on Fedora or
       Red Hat Enterprise Linux (with debuginfo-install libvirt) prior
       to running gdb.</p>
@@ -147,11 +147,11 @@
       <pre> #  ps -o etime,pid `pgrep libvirt`
 ... note the process id from the output
 # gdb /usr/sbin/libvirtd
-.... some information about gdb and loading debug data
-(gdb) attach $the_daemon_process_id
+.... some informations about gdb and loading debug data
+(gdb) attach $the_damon_process_id
 ....
 (gdb) thread apply all bt
-.... information to attach to the bug
+.... informations to attach to the bug
 (gdb)
 </pre>
 

docs/cgroups.html.in

@@ -33,9 +33,9 @@
 
     <p>
       The LXC driver is capable of using the <code>cpuset</code>,
-      <code>cpu</code>, <code>cpuacct</code>, <code>freezer</code>,
+      <code>cpu</code>, <code>cpuset</code>, <code>freezer</code>,
       <code>memory</code>, <code>blkio</code> and <code>devices</code>
-      controllers. The <code>cpuacct</code>, <code>devices</code>
+      controllers. The <code>cpuset</code>, <code>devices</code>
       and <code>memory</code> controllers are compulsory. Without
       them mounted, no containers can be started. If any of the
       other controllers are not mounted, the resource management APIs
@@ -47,121 +47,17 @@
     <p>
       As of libvirt 1.0.5 or later, the cgroups layout created by libvirt has been
       simplified, in order to facilitate the setup of resource control policies by
-      administrators / management applications. The new layout is based on the concepts
-      of "partitions" and "consumers". A "consumer" is a cgroup which holds the
-      processes for a single virtual machine or container. A "partition" is a cgroup
-      which does not contain any processes, but can have resource controls applied.
-      A "partition" will have zero or more child directories which may be either
-      "consumer" or "partition".
-    </p>
-
-    <p>
-      As of libvirt 1.1.1 or later, the cgroups layout will have some slight
-      differences when running on a host with systemd 205 or later. The overall
-      tree structure is the same, but there are some differences in the naming
-      conventions for the cgroup directories. Thus the following docs split
-      in two, one describing systemd hosts and the other non-systemd hosts.
-    </p>
-
-    <h3><a name="currentLayoutSystemd">Systemd cgroups integration</a></h3>
-
-    <p>
-      On hosts which use systemd, each consumer maps to a systemd scope unit,
-      while partitions map to a system slice unit.
-    </p>
-
-    <h4><a name="systemdScope">Systemd scope naming</a></h4>
-
-    <p>
-      The systemd convention is for the scope name of virtual machines / containers
-      to be of the general format <code>machine-$NAME.scope</code>. Libvirt forms the
-      <code>$NAME</code> part of this by concatenating the driver type with the name
-      of the guest, and then escaping any systemd reserved characters.
-      So for a guest <code>demo</code> running under the <code>lxc</code> driver,
-      we get a <code>$NAME</code> of <code>lxc-demo</code> which when escaped is
-      <code>lxc\x2ddemo</code>. So the complete scope name is <code>machine-lxc\x2ddemo.scope</code>.
-      The scope names map directly to the cgroup directory names.
-    </p>
-
-    <h4><a name="systemdSlice">Systemd slice naming</a></h4>
-
-    <p>
-      The systemd convention for slice naming is that a slice should include the
-      name of all of its parents prepended on its own name. So for a libvirt
-      partition <code>/machine/engineering/testing</code>, the slice name will
-      be <code>machine-engineering-testing.slice</code>. Again the slice names
-      map directly to the cgroup directory names. Systemd creates three top level
-      slices by default, <code>system.slice</code> <code>user.slice</code> and
-      <code>machine.slice</code>. All virtual machines or containers created
-      by libvirt will be associated with <code>machine.slice</code> by default.
-    </p>
-
-    <h4><a name="systemdLayout">Systemd cgroup layout</a></h4>
-
-    <p>
-      Given this, a possible systemd cgroups layout involving 3 qemu guests,
-      3 lxc containers and 3 custom child slices, would be:
-    </p>
-
-    <pre>
-$ROOT
-  |
-  +- system.slice
-  |   |
-  |   +- libvirtd.service
-  |
-  +- machine.slice
-      |
-      +- machine-qemu\x2dvm1.scope
-      |   |
-      |   +- emulator
-      |   +- vcpu0
-      |   +- vcpu1
-      |
-      +- machine-qemu\x2dvm2.scope
-      |   |
-      |   +- emulator
-      |   +- vcpu0
-      |   +- vcpu1
-      |
-      +- machine-qemu\x2dvm3.scope
-      |   |
-      |   +- emulator
-      |   +- vcpu0
-      |   +- vcpu1
-      |
-      +- machine-engineering.slice
-      |   |
-      |   +- machine-engineering-testing.slice
-      |   |   |
-      |   |   +- machine-lxc\x2dcontainer1.scope
-      |   |
-      |   +- machine-engineering-production.slice
-      |       |
-      |       +- machine-lxc\x2dcontainer2.scope
-      |
-      +- machine-marketing.slice
-          |
-          +- machine-lxc\x2dcontainer3.scope
-    </pre>
-
-    <h3><a name="currentLayoutGeneric">Non-systemd cgroups layout</a></h3>
-
-    <p>
-      On hosts which do not use systemd, each consumer has a corresponding cgroup
-      named <code>$VMNAME.libvirt-{qemu,lxc}</code>. Each consumer is associated
-      with exactly one partition, which also have a corresponding cgroup usually
-      named <code>$PARTNAME.partition</code>. The exceptions to this naming rule
-      are the three top level default partitions, named <code>/system</code> (for
-      system services), <code>/user</code> (for user login sessions) and
-      <code>/machine</code> (for virtual machines and containers). By default
-      every consumer will of course be associated with the <code>/machine</code>
-      partition.
-    </p>
-
-    <p>
-      Given this, a possible systemd cgroups layout involving 3 qemu guests,
-      3 lxc containers and 2 custom child slices, would be:
+      administrators / management applications. The layout is based on the concepts of
+      "partitions" and "consumers". Each virtual machine or container is a consumer,
+      and has a corresponding cgroup named <code>$VMNAME.libvirt-{qemu,lxc}</code>.
+      Each consumer is associated with exactly one partition, which also have a
+      corresponding cgroup usually named <code>$PARTNAME.partition</code>. The
+      exceptions to this naming rule are the three top level default partitions,
+      named <code>/system</code> (for system services), <code>/user</code> (for
+      user login sessions) and <code>/machine</code> (for virtual machines and
+      containers). By default every consumer will of course be associated with
+      the <code>/machine</code> partition. This leads to a hierarchy that looks
+      like
     </p>
 
     <pre>
@@ -191,21 +87,23 @@ $ROOT
       |   +- vcpu0
       |   +- vcpu1
       |
-      +- engineering.partition
-      |   |
-      |   +- testing.partition
-      |   |   |
-      |   |   +- container1.libvirt-lxc
-      |   |
-      |   +- production.partition
-      |       |
-      |       +- container2.libvirt-lxc
+      +- container1.libvirt-lxc
       |
-      +- marketing.partition
-          |
-          +- container3.libvirt-lxc
+      +- container2.libvirt-lxc
+      |
+      +- container3.libvirt-lxc
     </pre>
 
+    <p>
+      The default cgroups layout ensures that, when there is contention for
+      CPU time, it is shared equally between system services, user sessions
+      and virtual machines / containers. This prevents virtual machines from
+      locking the administrator out of the host, or impacting execution of
+      system services. Conversely, when there is no contention from
+      system services / user sessions, it is possible for virtual machines
+      to fully utilize the host CPUs.
+    </p>
+
     <h2><a name="customPartiton">Using custom partitions</a></h2>
 
     <p>
@@ -228,55 +126,13 @@ $ROOT
   ...
     </pre>
 
-    <p>
-      Note that the partition names in the guest XML are using a
-      generic naming format, not the low level naming convention
-      required by the underlying host OS. That is, you should not include
-      any of the <code>.partition</code> or <code>.slice</code>
-      suffixes in the XML config. Given a partition name
-      <code>/machine/production</code>, libvirt will automatically
-      apply the platform specific translation required to get
-      <code>/machine/production.partition</code> (non-systemd)
-      or <code>/machine.slice/machine-production.slice</code>
-      (systemd) as the underlying cgroup name
-    </p>
-
     <p>
       Libvirt will not auto-create the cgroups directory to back
       this partition. In the future, libvirt / virsh will provide
       APIs / commands to create custom partitions, but currently
-      this is left as an exercise for the administrator.
-    </p>
-
-    <p>
-      <strong>Note:</strong> the ability to place guests in custom
-      partitions is only available with libvirt &gt;= 1.0.5, using
-      the new cgroup layout. The legacy cgroups layout described
-      later in this document did not support customization per guest.
-    </p>
-
-    <h3><a name="createSystemd">Creating custom partitions (systemd)</a></h3>
-
-    <p>
-      Given the XML config above, the admin on a systemd based host would
-      need to create a unit file <code>/etc/systemd/system/machine-production.slice</code>
-    </p>
-
-    <pre>
-# cat &gt; /etc/systemd/system/machine-testing.slice &lt;&lt;EOF
-[Unit]
-Description=VM testing slice
-Before=slices.target
-Wants=machine.slice
-EOF
-# systemctl start machine-testing.slice
-    </pre>
-
-    <h3><a name="createNonSystemd">Creating custom partitions (non-systemd)</a></h3>
-
-    <p>
-      Given the XML config above, the admin on a non-systemd based host
-      would need to create a cgroup named '/machine/production.partition'
+      this is left as an exercise for the administrator. For
+      example, given the XML config above, the admin would need
+      to create a cgroup named '/machine/production.partition'
     </p>
 
     <pre>
@@ -291,6 +147,18 @@ EOF
   done
 </pre>
 
+    <p>
+      <strong>Note:</strong> the cgroups directory created as a ".partition"
+      suffix, but the XML config does not require this suffix.
+    </p>
+
+    <p>
+      <strong>Note:</strong> the ability to place guests in custom
+      partitions is only available with libvirt &gt;= 1.0.5, using
+      the new cgroup layout. The legacy cgroups layout described
+      later did not support customization per guest.
+    </p>
+
     <h2><a name="resourceAPIs">Resource management APIs/commands</a></h2>
 
     <p>

docs/downloads.html.in

@@ -22,9 +22,7 @@
     <p>
       Once an hour, an automated snapshot is made from the git server
       source tree. These snapshots should be usable, but we make no guarantees
-      about their stability; furthermore, they should NOT be
-      considered formal releases, and they may have transient security
-      problems that will not be assigned a CVE.
+      about their stability:
     </p>
 
     <ul>
@@ -32,28 +30,6 @@
       <li><a href="http://libvirt.org/sources/libvirt-git-snapshot.tar.gz">libvirt.org HTTP server</a></li>
     </ul>
 
-    <h2><a name="maintenance">Maintenance releases</a></h2>
-    <p>
-      In the git repository are several stable maintenance branches,
-      matching the
-      pattern <code>v<i>major</i>.<i>minor</i>.<i>micro</i>-maint</code>;
-      these branches are forked off the corresponding
-      <code>v<i>major</i>.<i>minor</i>.<i>micro</i></code> formal
-      release, and may have further releases of the
-      form <code>v<i>major</i>.<i>minor</i>.<i>micro</i>.<i>rel</i></code>.
-      These maintenance branches should only contain bug fixes, and no
-      new features, backported from the master branch, and are
-      supported as long as at least one downstream distribution
-      expresses interest in a given branch.  These maintenance
-      branches are considered during CVE analysis.
-    </p>
-
-    <p>
-      For more details about contents of maintenance releases, see
-      <a href="http://wiki.libvirt.org/page/Maintenance_Releases">the
-      wiki page</a>.
-    </p>
-
     <h2><a name="git">GIT source repository</a></h2>
 
     <p>

docs/drivers.html.in

@@ -33,7 +33,6 @@
       <li><strong><a href="drvhyperv.html">Microsoft Hyper-V</a></strong></li>
       <li><strong><a href="drvphyp.html">IBM PowerVM (phyp)</a></strong></li>
       <li><strong><a href="drvparallels.html">Parallels</a></strong></li>
-      <li><strong><a href="drvbhyve.html">Bhyve</a></strong> - The BSD Hypervisor</li>
     </ul>
 
     <h2><a name="storage">Storage drivers</a></h2>

docs/drvbhyve.html.in

@@ -1,139 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Bhyve driver</h1>
-
-    <ul id="toc"></ul>
-
-<p>
-Bhyve is a FreeBSD hypervisor. It first appeared in FreeBSD 10.0. However, it's
-recommended to keep tracking FreeBSD 10-STABLE to make sure all new features
-of bhyve are supported.
-
-In order to enable bhyve on your FreeBSD host, you'll need to load the <code>vmm</code>
-kernel module. Additionally, <code>if_tap</code> and <code>if_bridge</code> modules
-should be loaded for networking support.
-</p>
-
-<p>
-Additional information on bhyve could be obtained on <a href="http://bhyve.org/">bhyve.org</a>.
-</p>
-
-<h2><a name="uri">Connections to the Bhyve driver</a></h2>
-<p>
-The libvirt bhyve driver is a single-instance privileged driver. Some sample
-connection URIs are:
-</p>
-
-<pre>
-bhyve:///system                     (local access)
-bhyve+unix:///system                (local access)
-bhyve+ssh://root@example.com/system (remote access, SSH tunnelled)
-</pre>
-
-<h2><a name="exconfig">Example guest domain XML configurations</a></h2>
-
-<h3>Example config</h3>
-<p>
-The bhyve driver in libvirt is in its early stage and under active development. So it supports
-only limited number of features bhyve provides. All the supported features could be found
-in this sample domain XML.
-</p>
-
-<p>
-A limitation that is not obvious from this sample domain XML is that currently only a
-single network and a single disk device are supported for each domain (as PCI slot allocation code
-in libvirt bhyve driver is yet to be implemented).
-</p>
-
-<pre>
-&lt;domain type='bhyve'&gt;
-  &lt;name&gt;bhyve&lt;/name&gt;
-  &lt;uuid&gt;df3be7e7-a104-11e3-aeb0-50e5492bd3dc&lt;/uuid&gt;
-    &lt;memory&gt;219136&lt;/memory&gt;
-    &lt;currentMemory&gt;219136&lt;/currentMemory&gt;
-    &lt;vcpu&gt;1&lt;/vcpu&gt;
-    &lt;os&gt;
-       &lt;type&gt;hvm&lt;/type&gt;
-    &lt;/os&gt;
-    &lt;features&gt;
-      &lt;apic/&gt;
-      &lt;acpi/&gt;
-    &lt;/features&gt;
-    &lt;clock offset='utc'/&gt;
-    &lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;
-    &lt;on_reboot&gt;restart&lt;/on_reboot&gt;
-    &lt;on_crash&gt;destroy&lt;/on_crash&gt;
-    &lt;devices&gt;
-      &lt;disk type='file'&gt;
-        &lt;driver name='file' type='raw'/&gt;
-        &lt;source file='/path/to/bhyve_freebsd.img'/&gt;
-        &lt;target dev='hda' bus='sata'/&gt;
-      &lt;/disk&gt;
-      &lt;interface type='bridge'&gt;
-        &lt;model type='virtio'/&gt;
-        &lt;source bridge="virbr0"/&gt;
-      &lt;/interface&gt;
-    &lt;/devices&gt;
-&lt;/domain&gt;
-</pre>
-
-
-<h2><a name="usage">Guest usage / management</a></h2>
-
-<h3><a name="console">Connecting to a guest console</a></h3>
-
-<p>
-Guest console connection is supported through the <code>nmdm</code> device. It could be enabled by adding
-the following to the domain XML (<span class="since">Since 1.2.4</span>):
-</p>
-
-<pre>
-  ...
-  &lt;devices&gt;
-    &lt;serial type="nmdm"&gt;
-      &lt;source master="/dev/nmdm0A" slave="/dev/nmdm0B"/&gt;
-    &lt;/serial&gt;
-  &lt;/devices&gt;
-  ...</pre>
-
-
-<p>Make sure to load the <code>nmdm</code> kernel module if you plan to use that.</p>
-
-<p>
-Then <code>virsh console</code> command can be used to connect to the text console
-of a guest.</p>
-
-<p><b>NB:</b> Some versions of bhyve have a bug that prevents guests from booting
-until the console is opened by a client. This bug was fixed in FreeBSD
-<a href="http://svnweb.freebsd.org/changeset/base/262884">r262884</a>. If
-an older version is used, one either has to open a console manually with <code>virsh console</code>
-to let a guest boot or start a guest using:</p>
-
-<pre>start --console domname</pre>
-
-<h3><a name="xmltonative">Converting from domain XML to Bhyve args</a></h3>
-
-<p>
-The <code>virsh domxml-to-native</code> command can preview the actual
-<code>bhyve</code> commands that will be executed for a given domain.
-It outputs two lines, the first line is a <code>bhyveload</code> command and
-the second is a <code>bhyve</code> command.
-</p>
-
-<p>Please note that the <code>virsh domxml-to-native</code> doesn't do any
-real actions other than printing the command, for example, it doesn't try to
-find a proper TAP interface and create it, like what is done when starting
-a domain; and always returns <code>tap0</code> for the network interface. So
-if you're going to run these commands manually, most likely you might want to
-tweak them.</p>
-
-<pre>
-# virsh -c "bhyve:///system"  domxml-to-native --format bhyve-argv --xml /path/to/bhyve.xml
-/usr/sbin/bhyveload -m 214 -d /home/user/vm1.img vm1
-/usr/sbin/bhyve -c 2 -m 214 -A -I -H -P -s 0:0,hostbridge -s 3:0,virtio-net,tap0,mac=52:54:00:5d:74:e3 -s 2:0,virtio-blk,/home/user/vm1.img -s 1,lpc -l com1,/dev/nmdm0A vm1
-</pre>
-
-  </body>
-</html>

docs/drvesx.html.in

@@ -148,7 +148,7 @@ vpx://example-vcenter.com/folder1/dc1/folder2/example-esx.com
             </td>
             <td>
                 If set to 1, this disables libcurl client checks of the server's
-                SSL certificate. The default value is 0. See the
+                SSL certificate. The default value it 0. See the
                 <a href="#certificates">Certificates for HTTPS</a> section for
                 details.
             </td>
@@ -164,7 +164,7 @@ vpx://example-vcenter.com/folder1/dc1/folder2/example-esx.com
                 If set to 1, the driver answers all
                 <a href="#questions">questions</a> with the default answer.
                 If set to 0, questions are reported as errors. The default
-                value is 0. <span class="since">Since 0.7.5</span>.
+                value it 0. <span class="since">Since 0.7.5</span>.
             </td>
         </tr>
         <tr>

docs/drvlxc.html.in

@@ -40,11 +40,15 @@ primary "host" OS environment, the libvirt LXC driver requires that
 certain kernel namespaces are compiled in. Libvirt currently requires
 the 'mount', 'ipc', 'pid', and 'uts' namespaces to be available. If
 separate network interfaces are desired, then the 'net' namespace is
-required. If the guest configuration declares a
-<a href="formatdomain.html#elementsOSContainer">UID or GID mapping</a>,
-the 'user' namespace will be enabled to apply these. <strong>A suitably
-configured UID/GID mapping is a pre-requisite to making containers
-secure, in the absence of sVirt confinement.</strong>
+required. In the near future, the 'user' namespace will optionally be
+supported.
+</p>
+
+<p>
+<strong>NOTE: In the absence of support for the 'user' namespace,
+processes inside containers cannot be securely isolated from host
+process without the use of a mandatory access control technology
+such as SELinux or AppArmor.</strong>
 </p>
 
 <h2><a name="init">Default container setup</a></h2>
@@ -163,240 +167,11 @@ first console will be <code>/dev/tty1</code>, with further consoles
 numbered incrementally from there.
 </p>
 
-<p>
-Since /dev/ttyN and /dev/console are linked to the pts devices. The
-tty device of login program is pts device. the pam module securetty
-may prevent root user from logging in container. If you want root
-user to log in container successfully, add the pts device to the file
-/etc/securetty of container.
-</p>
-
 <p>
 Further block or character devices will be made available to containers
 depending on their configuration.
 </p>
 
-<h2><a name="security">Security considerations</a></h2>
-
-<p>
-The libvirt LXC driver is fairly flexible in how it can be configured,
-and as such does not enforce a requirement for strict security
-separation between a container and the host. This allows it to be used
-in scenarios where only resource control capabilities are important,
-and resource sharing is desired. Applications wishing to ensure secure
-isolation between a container and the host must ensure that they are
-writing a suitable configuration.
-</p>
-
-<h3><a name="securenetworking">Network isolation</a></h3>
-
-<p>
-If the guest configuration does not list any network interfaces,
-the <code>network</code> namespace will not be activated, and thus
-the container will see all the host's network interfaces. This will
-allow apps in the container to bind to/connect from TCP/UDP addresses
-and ports from the host OS. It also allows applications to access
-UNIX domain sockets associated with the host OS, which are in the
-abstract namespace. If access to UNIX domains sockets in the abstract
-namespace is not wanted, then applications should set the
-<code>&lt;privnet/&gt;</code> flag in the
-<code>&lt;features&gt;....&lt;/features&gt;</code> element.
-</p>
-
-<h3><a name="securefs">Filesystem isolation</a></h3>
-
-<p>
-If the guest configuration does not list any filesystems, then
-the container will be set up with a root filesystem that matches
-the host's root filesystem. As noted earlier, only a few locations
-such as <code>/dev</code>, <code>/proc</code> and <code>/sys</code>
-will be altered. This means that, in the absence of restrictions
-from sVirt, a process running as user/group N:M inside the container
-will be able to access almost exactly the same files as a process
-running as user/group N:M in the host.
-</p>
-
-<p>
-There are multiple options for restricting this. It is possible to
-simply map the existing root filesystem through to the container in
-read-only mode. Alternatively a completely separate root filesystem
-can be configured for the guest. In both cases, further sub-mounts
-can be applied to customize the content that is made visible. Note
-that in the absence of sVirt controls, it is still possible for the
-root user in a container to unmount any sub-mounts applied. The user
-namespace feature can also be used to restrict access to files based
-on the UID/GID mappings.
-</p>
-
-<p>
-Sharing the host filesystem tree, also allows applications to access
-UNIX domains sockets associated with the host OS, which are in the
-filesystem namespaces. It should be noted that a number of init
-systems including at least <code>systemd</code> and <code>upstart</code>
-have UNIX domain socket which are used to control their operation.
-Thus, if the directory/filesystem holding their UNIX domain socket is
-exposed to the container, it will be possible for a user in the container
-to invoke operations on the init service in the same way it could if
-outside the container. This also applies to other applications in the
-host which use UNIX domain sockets in the filesystem, such as DBus,
-Libvirtd, and many more. If this is not desired, then applications
-should either specify the UID/GID mapping in the configuration to
-enable user namespaces and thus block access to the UNIX domain socket
-based on permissions, or should ensure the relevant directories have
-a bind mount to hide them. This is particularly important for the
-<code>/run</code> or <code>/var/run</code> directories.
-</p>
-
-
-<h3><a name="secureusers">User and group isolation</a></h3>
-
-<p>
-If the guest configuration does not list any ID mapping, then the
-user and group IDs used inside the container will match those used
-outside the container. In addition, the capabilities associated with
-a process in the container will infer the same privileges they would
-for a process in the host. This has obvious implications for security,
-since a root user inside the container will be able to access any
-file owned by root that is visible to the container, and perform more
-or less any privileged kernel operation. In the absence of additional
-protection from sVirt, this means that the root user inside a container
-is effectively as powerful as the root user in the host. There is no
-security isolation of the root user.
-</p>
-
-<p>
-The ID mapping facility was introduced to allow for stricter control
-over the privileges of users inside the container. It allows apps to
-define rules such as "user ID 0 in the container maps to user ID 1000
-in the host". In addition the privileges associated with capabilities
-are somewhat reduced so that they cannot be used to escape from the
-container environment. A full description of user namespaces is outside
-the scope of this document, however LWN has
-<a href="https://lwn.net/Articles/532593/">a good write-up on the topic</a>.
-From the libvirt point of view, the key thing to remember is that defining
-an ID mapping for users and groups in the container XML configuration
-causes libvirt to activate the user namespace feature.
-</p>
-
-
-<h2><a name="activation">Systemd Socket Activation Integration</a></h2>
-
-<p>
-The libvirt LXC driver provides the ability to pass across pre-opened file
-descriptors when starting LXC guests. This allows for libvirt LXC to support
-systemd's <a href="http://0pointer.de/blog/projects/socket-activated-containers.html">socket
-activation capability</a>, where an incoming client connection
-in the host OS will trigger the startup of a container, which runs another
-copy of systemd which gets passed the server socket, and then activates the
-actual service handler in the container.
-</p>
-
-<p>
-Let us assume that you already have a LXC guest created, running
-a systemd instance as PID 1 inside the container, which has an
-SSHD service configured. The goal is to automatically activate
-the container when the first SSH connection is made. The first
-step is to create a couple of unit files for the host OS systemd
-instance. The <code>/etc/systemd/system/mycontainer.service</code>
-unit file specifies how systemd will start the libvirt LXC container
-</p>
-
-<pre>
-[Unit]
-Description=My little container
-
-[Service]
-ExecStart=/usr/bin/virsh -c lxc:/// start --pass-fds 3 mycontainer
-ExecStop=/usr/bin/virsh -c lxc:/// destroy mycontainer
-Type=oneshot
-RemainAfterExit=yes
-KillMode=none
-</pre>
-
-<p>
-The <code>--pass-fds 3</code> argument specifies that the file
-descriptor number 3 that <code>virsh</code> inherits from systemd,
-is to be passed into the container. Since <code>virsh</code> will
-exit immediately after starting the container, the <code>RemainAfterExit</code>
-and <code>KillMode</code> settings must be altered from their defaults.
-</p>
-
-<p>
-Next, the <code>/etc/systemd/system/mycontainer.socket</code> unit
-file is created to get the host systemd to listen on port 23 for
-TCP connections. When this unit file is activated by the first
-incoming connection, it will cause the <code>mycontainer.service</code>
-unit to be activated with the FD corresponding to the listening TCP
-socket passed in as FD 3.
-</p>
-
-<pre>
-[Unit]
-Description=The SSH socket of my little container
-
-[Socket]
-ListenStream=23
-</pre>
-
-<p>
-Port 23 was picked here so that the container doesn't conflict
-with the host's SSH which is on the normal port 22. That's it
-in terms of host side configuration.
-</p>
-
-<p>
-Inside the container, the <code>/etc/systemd/system/sshd.socket</code>
-unit file must be created
-</p>
-
-<pre>
-[Unit]
-Description=SSH Socket for Per-Connection Servers
-
-[Socket]
-ListenStream=23
-Accept=yes
-</pre>
-
-<p>
-The <code>ListenStream</code> value listed in this unit file, must
-match the value used in the host file. When systemd in the container
-receives the pre-opened FD from libvirt during container startup, it
-looks at the <code>ListenStream</code> values to figure out which
-FD to give to which service. The actual service to start is defined
-by a correspondingly named <code>/etc/systemd/system/sshd@.service</code>
-</p>
-
-<pre>
-[Unit]
-Description=SSH Per-Connection Server for %I
-
-[Service]
-ExecStart=-/usr/sbin/sshd -i
-StandardInput=socket
-</pre>
-
-<p>
-Finally, make sure this SSH service is set to start on boot of the container,
-by running the following command inside the container:
-</p>
-
-<pre>
-# mkdir -p /etc/systemd/system/sockets.target.wants/
-# ln -s /etc/systemd/system/sshd.socket /etc/systemd/system/sockets.target.wants/
-</pre>
-
-<p>
-This example shows how to activate the container based on an incoming
-SSH connection. If the container was also configured to have an httpd
-service, it may be desirable to activate it upon either an httpd or a
-sshd connection attempt. In this case, the <code>mycontainer.socket</code>
-file in the host would simply list multiple socket ports. Inside the
-container a separate <code>xxxxx.socket</code> file would need to be
-created for each service, with a corresponding <code>ListenStream</code>
-value set.
-</p>
-
 <!--
 <h2>Container configuration</h2>
 
@@ -555,7 +330,7 @@ and LXC. For further details about usage of virsh consult its
 manual page.
 </p>
 
-<h3><a name="usageSave">Defining (saving) container configuration</a></h3>
+<h3><a name="usageSave">Defining (saving) container configuration></a></h3>
 
 <p>
 The <code>virsh define</code> command takes an XML configuration
@@ -620,7 +395,7 @@ to PID 1 inside the container.
 
 <p>
 If the container does not respond to the graceful shutdown
-request, it can be forcibly stopped using the <code>virsh destroy</code>
+request, it can be forceably stopped using the <code>virsh destroy</code>
 </p>
 
 <pre>
@@ -659,25 +434,16 @@ running, this will turn it into a "transient" guest.
 
 <p>
 The <code>virsh console</code> command can be used to connect
-to the text console associated with a container.
+to the text console associated with a container. If the container
+has been configured with multiple console devices, then the
+<code>--devname</code> argument can be used to choose the
+console to connect to
 </p>
 
 <pre>
 # virsh -c lxc:/// console myguest
 </pre>
 
-<p>
-If the container has been configured with multiple console devices,
-then the <code>--devname</code> argument can be used to choose the
-console to connect to.
-In LXC, multiple consoles will be named
-as 'console0', 'console1', 'console2', etc.
-</p>
-
-<pre>
-# virsh -c lxc:/// console myguest --devname console1
-</pre>
-
 <h3><a name="usageEnter">Running commands in a container</a></h3>
 
 <p>
@@ -702,37 +468,5 @@ host
 # virt-top -c lxc:///
 </pre>
 
-<h3><a name="usageConvert">Converting LXC container configuration</a></h3>
-
-<p>
-The <code>virsh domxml-from-native</code> command can be used to convert
-most of the LXC container configuration into a domain XML fragment
-</p>
-
-<pre>
-# virsh -c lxc:/// domxml-from-native lxc-tools /var/lib/lxc/myguest/config
-</pre>
-
-<p>
-This conversion has some limitations due to the fact that the
-domxml-from-native command output has to be independent of the host. Here
-are a few things to take care of before converting:
-</p>
-
-<ul>
-<li>
-Replace the fstab file referenced by <tt>lxc.mount</tt> by the corresponding
-lxc.mount.entry lines.
-</li>
-<li>
-Replace all relative sizes of tmpfs mount entries to absolute sizes. Also
-make sure that tmpfs entries all have a size option (default is 50%).
-</li>
-<li>
-Define <tt>lxc.cgroup.memory.limit_in_bytes</tt> to properly limit the memory
-available to the container. The conversion will use 64MiB as the default.
-</li>
-</ul>
-
   </body>
 </html>

docs/drvuml.html.in

@@ -65,7 +65,7 @@ uml+ssh://root@example.com/system    (remote access, SSH tunnelled)
     </p>
 
     <p>
-      Once booted the primary console is connected to a PTY, and
+      Once booted the primary console is connected toa PTY, and
       thus accessible with "virsh console" or equivalent tools
     </p>
 

docs/drvvmware.html.in

@@ -2,11 +2,10 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
     <body>
-        <h1>VMware Workstation / Player / Fusion hypervisors driver</h1>
+        <h1>VMware Workstation / Player hypervisors driver</h1>
         <p>
-        The libvirt VMware driver should be able to manage any Workstation,
-        Player, Fusion version supported by the VMware VIX API. See the
-        compatibility list
+        The libvirt VMware Workstation driver should be able to manage any Workstation and
+        Player version supported by the VMware VIX API. See the compatibility list
         <a href="http://www.vmware.com/support/developer/vix-api/vix110_reference/">here</a>.
     </p>
     <p>
@@ -22,22 +21,17 @@
         The <a href="http://www.vmware.com/">VMware Workstation and
         Player</a> hypervisors
       </li>
-      <li>
-        The <a href="http://www.vmware.com/fusion">VMware Fusion</a>
-        hypervisor
-      </li>
     </ul>
 
     <h2>Connections to VMware driver</h2>
 
     <p>
     The libvirt VMware driver provides per-user drivers (the "session" instance).
-    Three uris are available:
+    Two uris are available:
     </p>
     <ul>
       <li>"vmwareplayer" for VMware Player</li>
       <li>"vmwarews" for VMware Workstation</li>
-      <li>"vmwarefusion" for VMware Fusion</li>
     </ul>
     <p>
     Some example connection URIs for the driver are:
@@ -46,7 +40,6 @@
 <pre>
 vmwareplayer:///session                  (local access to VMware Player per-user instance)
 vmwarews:///session                      (local access to VMware Workstation per-user instance)
-vmwarefusion:///session                      (local access to VMware Fusion per-user instance)
 vmwarews+tcp://user@example.com/session  (remote access to VMware Workstation, SASl/Kerberos)
 vmwarews+ssh://user@example.com/session  (remote access to VMware Workstation, SSH tunnelled)
 </pre>

docs/firewall.html.in

@@ -142,7 +142,7 @@ MASQUERADE all  --  *      *       192.168.122.0/24    !192.168.122.0/24</pre>
     <p><a href="http://www.dmtf.org/standards/cim/cim_schema_v2230/CIM_Network.pdf">http://www.dmtf.org/standards/cim/cim_schema_v2230/CIM_Network.pdf</a></p>
     <p>The filters are managed in libvirt as a top level, standalone object.
        This allows the filters to then be referenced by any libvirt object
-       that requires their functionality, instead tying them only to use
+       that requires their functionality, instead tieing them only to use
        by guest NICs. In the current implementation, filters can be associated
        with individual guest NICs via the libvirt domain XML format. In the
        future we might allow filters to be associated with the virtual network
@@ -272,7 +272,7 @@ f5c78134-9da4-0c60-a9f0-fb37bc21ac1f  no-other-rarp-traffic
        to update them. This ensures the guests have their iptables/ebtables
        rules recreated.
     </p>
-    <p>To associate the clean-traffic filter with a guest, edit the
+    <p>To associate the clean-trafffic filter with a guest, edit the
        guest XML config and change the <code>&lt;interface&gt;</code> element
        to include a <code>&lt;filterref&gt;</code> and also specify the
        whitelisted <code>&lt;ip address/&gt;</code> the guest is allowed to

docs/formatcaps.html.in

@@ -4,107 +4,19 @@
   <body>
     <h1>Driver capabilities XML format</h1>
 
-    <ul id="toc"></ul>
-
-    <h2><a name="elements">Element and attribute overview</a></h2>
-
-    <p>As new virtualization engine support gets added to libvirt, and to
-    handle cases like QEMU supporting a variety of emulations, a query
-    interface has been added in 0.2.1 allowing to list the set of supported
-    virtualization capabilities on the host:</p>
-
-    <pre>    char * virConnectGetCapabilities (virConnectPtr conn);</pre>
-
-    <p>The value returned is an XML document listing the virtualization
-    capabilities of the host and virtualization engine to which
-    <code>@conn</code> is connected. One can test it using <code>virsh</code>
-    command line tool command '<code>capabilities</code>', it dumps the XML
-    associated to the current connection. </p>
-
-    <p>As can be seen seen in the <a href="#elementExamples">example</a>, the
-    capabilities XML consists of the <code>capabilities</code> element which
-    have exactly one <code>host</code> child element to report information on
-    host capabilities, and zero or more <code>guest</code> element to express
-    the set of architectures the host can run at the moment.</p>
-
-
-    <h3><a name="elementHost">Host capabilities</a></h3>
-
-    <p>The <code>&lt;host/&gt;</code> element consists of the following child
-    elements:</p>
-    <dl>
-      <dt><code>uuid</code></dt>
-      <dd>The host UUID.</dd>
-
-      <dt><code>cpu</code></dt>
-      <dd>The host CPU architecture and features.</dd>
-
-      <dt><code>power_management</code></dt>
-      <dd>whether host is capable of memory suspend, disk hibernation, or
-      hybrid suspend.</dd>
-
-      <dt><code>migration</code></dt>
-      <dd>This element exposes information on the hypervisor's migration
-      capabilities, like live migration, supported URI transports, and so
-      on.</dd>
-
-      <dt><code>topology</code></dt>
-      <dd>This element embodies the host internal topology. Management
-      applications may want to learn this information when orchestrating new
-      guests - e.g. due to reduce inter-NUMA node transfers.</dd>
-
-      <dt><code>secmodel</code></dt>
-      <dd>To find out default security labels for different security models you
-      need to parse this element. In contrast with the former elements, this is
-      repeated for each security model the libvirt daemon currently supports.
-      </dd>
-    </dl>
-
-
-    <h3><a name="elementGuest">Guest capabilities</a></h3>
-
-    <p>While the <a href="#elementHost">previous section</a> aims at host
-    capabilities, this one focuses on capabilities available to a guest
-    using a given hypervisor. The <code>&lt;guest/&gt;</code> element will
-    typically wrap up the following elements:</p>
-
-    <dl>
-        <dt><code>os_type</code></dt>
-        <dd>This expresses what kind of operating system the hypervisor
-        is able to run. Possible values are:
-        <dl>
-          <dt>xen</dt>
-          <dd>for XEN</dd>
-
-          <dt>linux</dt>
-          <dd>legacy alias for <code>xen</code></dd>
-
-          <dt>hvm</dt>
-          <dd>Unmodified operating system</dd>
-
-          <dt>exe</dt>
-          <dd>Container based virtualization</dd>
-
-          <dt>uml</dt>
-          <dd>User Mode Linux</dd>
-        </dl>
-        </dd>
-
-        <dt><code>arch</code></dt>
-        <dd>This element brings some information on supported guest architecture.</dd>
-
-        <dt><code>features</code></dt>
-        <dd>This optional element encases possible features that can be used
-        with a guest of described type.</dd>
-    </dl>
-
-    <h3><a name="elementExamples">Examples</a></h3>
-
-    <p>For example, in the case of a 64-bit machine with hardware
-    virtualization capabilities enabled in the chip and
-    BIOS you will see:</p>
-
-    <pre>&lt;capabilities&gt;
+        <p>As new virtualization engine support gets added to libvirt, and to handle
+cases like QEmu supporting a variety of emulations, a query interface has
+been added in 0.2.1 allowing to list the set of supported virtualization
+capabilities on the host:</p>
+        <pre>    char * virConnectGetCapabilities (virConnectPtr conn);</pre>
+        <p>The value returned is an XML document listing the virtualization
+capabilities of the host and virtualization engine to which
+<code>@conn</code> is connected. One can test it using <code>virsh</code>
+command line tool command '<code>capabilities</code>', it dumps the XML
+associated to the current connection. For example in the case of a 64 bits
+machine with hardware virtualization capabilities enabled in the chip and
+BIOS you will see</p>
+        <pre>&lt;capabilities&gt;
   <span style="color: #E50000">&lt;host&gt;
     &lt;cpu&gt;
       &lt;arch&gt;x86_64&lt;/arch&gt;
@@ -155,5 +67,30 @@
   &lt;/guest&gt;</span>
   ...
 &lt;/capabilities&gt;</pre>
+        <p>The first block (in red) indicates the host hardware
+          capabilities, such as CPU properties and the power
+          management features of the host platform.  CPU models are
+          shown as additional features relative to the closest base
+          model, within a feature block (the block is similar to what
+          you will find in a Xen fully virtualized domain
+          description). Further, the power management features
+          supported by the host are shown, such as Suspend-to-RAM (S3),
+          Suspend-to-Disk (S4) and Hybrid-Suspend (a combination of S3
+          and S4). In case the host does not support
+          any such feature, then an empty &lt;power_management/&gt;
+          tag will be shown. </p>
+        <p>The second block (in blue) indicates the paravirtualization
+          support of the Xen support, you will see the os_type of xen
+          to indicate a paravirtual kernel, then architecture
+          information and potential features.</p>
+        <p>The third block (in green) gives similar information but
+          when running a 32 bit OS fully virtualized with Xen using
+          the hvm support.</p>
+        <p>This section is likely to be updated and augmented in the
+          future,
+          see <a href="https://www.redhat.com/archives/libvir-list/2007-March/msg00215.html">the
+          discussion</a> which led to the capabilities format in the
+          mailing-list archives.</p>
+
   </body>
 </html>

docs/formatnetwork.html.in

@@ -155,7 +155,7 @@
   </forward>
 ...</pre>
             <p>
-            A single IPv4 address can be set by setting
+            An singe IPv4 address can be set by setting
             <code>start</code> and <code>end</code> attributes to
             the same value.
             </p>
@@ -282,22 +282,17 @@
             definition. <span class="since"> Since 0.10.0</span>
 
             <p>
-              To force use of a particular type of device assignment,
-              a &lt;forward type='hostdev'&gt; interface can have an
-              optional <code>driver</code> sub-element with
-              a <code>name</code> attribute set to either "vfio" (VFIO
-              is a new method of device assignment that is compatible
-              with UEFI Secure Boot) or "kvm" (the legacy device
-              assignment handled directly by the KVM kernel module)
-              <span class="since">Since 1.0.5 (QEMU and KVM only,
-              requires kernel 3.6 or newer)</span>. When specified,
-              device assignment will fail if the requested method of
-              device assignment isn't available on the host. When not
-              specified, the default is "vfio" on systems where the
-              VFIO driver is available and loaded, and "kvm" on older
-              systems, or those where the VFIO driver hasn't been
-              loaded <span class="since">Since 1.1.3</span> (prior to
-              that the default was always "kvm").
+              To use VFIO device assignment rather than
+              traditional/legacy KVM device assignment (VFIO is a new
+              method of device assignment that is compatible with UEFI
+              Secure Boot), a &lt;forward type='hostdev'&gt; interface
+              can have an optional <code>driver</code> sub-element
+              with a <code>name</code> attribute set to "vfio". To use
+              legacy KVM device assignment you can
+              set <code>name</code> to "kvm" (or simply omit the
+              &lt;driver&gt; element, since "kvm" is currently the
+              default).
+              <span class="since">Since 1.0.5 (QEMU and KVM only, requires kernel 3.6 or newer)</span>
             </p>
 
             <p>Note that this "intelligent passthrough" of network
@@ -416,112 +411,24 @@
 ...</pre>
 
       <p>
-        The <code>&lt;bandwidth&gt;</code> element allows setting
-        quality of service for a particular network
-        (<span class="since">since 0.9.4</span>). Setting
-        <code>bandwidth</code> for a network is supported only
-        for networks with a <code>&lt;forward&gt;</code> mode
-        of <code>route</code>, <code>nat</code>, or no mode at all
-        (i.e. an "isolated" network). Setting <code>bandwidth</code>
-        is <b>not</b> supported for forward modes
-        of <code>bridge</code>, <code>passthrough</code>, <code>private</code>,
-        or <code>hostdev</code>. Attempts to do this will lead to
-        a failure to define the network or to create a transient network.
-      </p>
-      <p>
-        The <code>&lt;bandwidth&gt;</code> element can only be a
-        subelement of a domain's <code>&lt;interface&gt;</code>, a
-        subelement of a <code>&lt;network&gt;</code>, or a subelement of
-        a <code>&lt;portgroup&gt;</code> in a <code>&lt;network&gt;</code>.
-      </p>
-      <p>
-        As a subelement of a domain's <code>&lt;interface&gt;</code>,
-        the bandwidth only applies to that one interface of the domain.
-        As a subelement of a <code>&lt;network&gt;</code>, the bandwidth
-        is a total aggregate bandwidth to/from all guest interfaces attached
-        to that network, <b>not</b> to each guest interface individually.
-        If a domain's <code>&lt;interface&gt;</code> has
-        <code>&lt;bandwidth&gt;</code> element values higher
-        than the aggregate for the entire network, then the aggregate
-        bandwidth for the <code>&lt;network&gt;</code> takes precedence.
-        This is because the two choke points are independent of each other
-        where the domain's <code>&lt;interface&gt;</code> bandwidth control
-        is applied on the interface's tap device, while the
-        <code>&lt;network&gt;</code> bandwidth control is applied on the
-        interface part of the bridge device created for that network.
-      </p>
-      <p>
-        As a subelement of a
-        <code>&lt;portgroup&gt;</code> in a <code>&lt;network&gt;</code>,
-        if a domain's <code>&lt;interface&gt;</code> has a
-        <code>portgroup</code> attribute in its
-        <code>&lt;source&gt;</code> element <b>and</b> if the
-        <code>&lt;interface&gt;</code>
-        itself has no <code>&lt;bandwidth&gt;</code> element, then the
-        <code>&lt;bandwidth&gt;</code> element of the portgroup will be
-        applied individually to each guest interface defined to be a
-        member of that portgroup. Any <code>&lt;bandwidth&gt;</code>
-        element in the domain's <code>&lt;interface&gt;</code> definition
-        will override the setting in the portgroup
-        (<span class="since">since 1.0.1</span>).
-      </p>
-      <p>
-        Incoming and outgoing traffic can be shaped independently. The
-        <code>bandwidth</code> element can have at most one
-        <code>inbound</code> and at most one <code>outbound</code>
-        child element. Leaving either of these children elements out
-        results in no QoS applied for that traffic direction.  So,
-        when you want to shape only incoming traffic, use
-        <code>inbound</code> only, and vice versa. Each of these
-        elements have one mandatory attribute - <code>average</code> (or
-        <code>floor</code> as described below). The attributes are as follows,
-        where accepted values for each attribute is an integer number.
-      </p>
-        <dl>
-          <dt><code>average</code></dt>
-          <dd>
-          Specifies the desired average bit rate for the interface
-          being shaped (in kilobytes/second).
-          </dd>
-          <dt><code>peak</code></dt>
-          <dd>
-          Optional attribute which specifies the maximum rate at
-          which the bridge can send data (in kilobytes/second).
-          Note the limitation of implementation: this attribute in the
-          <code>outbound</code> element is ignored (as Linux ingress
-          filters don't know it yet).
-          </dd>
-          <dt><code>burst</code></dt>
-          <dd>
-          Optional attribute which specifies the amount of kilobytes that
-          can be transmitted in a single burst at <code>peak</code> speed.
-          </dd>
-          <dt><code>floor</code></dt>
-          <dd>
-          Optional attribute available only for the <code>inbound</code>
-          element. This attribute guarantees minimal throughput for
-          shaped interfaces. This, however, requires that all traffic
-          goes through one point where QoS decisions can take place, hence
-          why this attribute works only for virtual networks for now
-          (that is <code>&lt;interface type='network'/&gt;</code> with a
-          forward type of route, nat, or no forward at all). Moreover, the
-          virtual network the interface is connected to is required to have
-          at least inbound QoS set (<code>average</code> at least). If
-          using the <code>floor</code> attribute users don't need to specify
-          <code>average</code>. However, <code>peak</code> and
-          <code>burst</code> attributes still require <code>average</code>.
-          Currently, the Linux kernel doesn't allow ingress qdiscs to have
-          any classes therefore <code>floor</code> can be applied only
-          on <code>inbound</code> and not <code>outbound</code>.
-          </dd>
-        </dl>
-
-      <p>
-        Attributes <code>average</code>, <code>peak</code>, and
-        <code>burst</code> are available
-        <span class="since">since 0.9.4</span>, while the
-        <code>floor</code> attribute is available
-        <span class="since">since 1.0.1</span>.
+        This part of network XML provides setting quality of service. Incoming
+        and outgoing traffic can be shaped independently. The
+        <code>bandwidth</code> element can have at most one <code>inbound</code>
+        and at most one <code>outbound</code> child elements. Leaving any of these
+        children element out result in no QoS applied on that traffic direction.
+        So, when you want to shape only network's incoming traffic, use
+        <code>inbound</code> only, and vice versa. Each of these elements have one
+        mandatory attribute <code>average</code>. It specifies average bit rate on
+        interface being shaped. Then there are two optional attributes:
+        <code>peak</code>, which specifies maximum rate at which bridge can send
+        data, and <code>burst</code>, amount of bytes that can be burst at
+        <code>peak</code> speed. Accepted values for attributes are integer
+        numbers, The units for <code>average</code> and <code>peak</code> attributes
+        are kilobytes per second, and for the <code>burst</code> just kilobytes.
+        The rate is shared equally within domains connected to the network.
+        Moreover, <code>bandwidth</code> element can be included in
+        <code>portgroup</code> element.
+        <span class="since">Since 0.9.4</span>
       </p>
 
     <h5><a name="elementVlanTag">Setting VLAN tag (on supported network types only)</a></h5>
@@ -571,7 +478,7 @@
       <span class="since">Since 1.1.0</span>. This uses the optional
       <code>nativeMode</code> attribute on the <code>&lt;tag&gt;</code>
       element: <code>nativeMode</code> may be set to 'tagged' or
-      'untagged'. The id attribute of the element sets the native vlan.
+      'untagged'. The id atribute of the element sets the native vlan.
     </p>
     <p>
       <code>&lt;vlan&gt;</code> elements can also be specified in
@@ -628,7 +535,7 @@
       network), and each portgroup has a name, as well as various
       subelements associated with it. The currently supported
       subelements are <code>&lt;bandwidth&gt;</code>
-      (described <a href="formatnetwork.html#elementQoS">here</a>)
+      (documented <a href="formatdomain.html#elementQoS">here</a>)
       and <code>&lt;virtualport&gt;</code>
       (documented <a href="formatdomain.html#elementsNICSDirect">here</a>).
       If a domain interface definition specifies a portgroup (by
@@ -684,7 +591,7 @@
       This particular route would *not* be preferred if there was
       another existing rout on the system with the same address and
       prefix but with a lower value for the metric. If there is a
-      route in the host system configuration that should be overridden
+      route in the host system configuration that should be overriden
       by a route in a virtual network whenever the virtual network is
       running, the configuration for the system-defined route should
       be modified to have a higher metric, and the route on the
@@ -724,8 +631,6 @@
         &lt;domain name="example.com"/&gt;
         &lt;dns&gt;
           &lt;txt name="example" value="example value" /&gt;
-          &lt;forwarder addr="8.8.8.8"/&gt;
-          &lt;forwarder addr="8.8.4.4"/&gt;
           &lt;srv service='name' protocol='tcp' domain='test-domain-name' target='.' port='1024' priority='10' weight='10'/&gt;
           &lt;host ip='192.168.122.2'&gt;
             &lt;hostname&gt;myhost&lt;/hostname&gt;
@@ -758,36 +663,11 @@
         with the idiosyncrasies of the platform where libvirt is
         running. <span class="since">Since 0.8.8</span>
       </dd>
-      <dt><code>dns</code></dt>
-      <dd> The dns element of a network contains configuration
-        information for the virtual network's DNS
-        server <span class="since">Since 0.9.3</span>.
-
-        <p>
-          The dns element
-          can have an optional <code>forwardPlainNames</code>
-          attribute <span class="since">Since 1.1.2</span>.
-          If <code>forwardPlainNames</code> is "no", then DNS resolution
-          requests for names that are not qualified with a domain
-          (i.e. names with no "." character) will not be forwarded to
-          the host's upstream DNS server - they will only be resolved if
-          they are known locally within the virtual network's own DNS
-          server. If <code>forwardPlainNames</code> is "yes",
-          unqualified names <b>will</b> be forwarded to the upstream DNS
-          server if they can't be resolved by the virtual network's own
-          DNS server.
-        </p>
-
-        Currently supported sub-elements of <code>&lt;dns&gt;</code> are:
+      <dt><code>dns</code></dt><dd>
+        The dns element of a network contains configuration information for the
+        virtual network's DNS server. <span class="since">Since 0.9.3</span>
+        Currently supported elements are:
         <dl>
-          <dt><code>forwarder</code></dt>
-          <dd>A <code>dns</code> element can have 0 or
-            more <code>forwarder</code> elements.  Each forwarder
-            element defines an IP address to be used as forwarder in
-            DNS server configuration. The addr attribute is required
-            and defines the IP address of every
-            forwarder. <span class="since">Since 1.1.3</span>
-          </dd>
           <dt><code>txt</code></dt>
           <dd>A <code>dns</code> element can have 0 or more <code>txt</code> elements.
             Each txt element defines a DNS TXT record and has two attributes, both

docs/formatnode.html.in

@@ -110,28 +110,6 @@
                 have a list of <code>address</code> subelements, one
                 for each VF on this PF.
               </dd>
-              <dt><code>numa</code></dt>
-              <dd>
-                This optional element contains information on the PCI device
-                with respect to NUMA. For example, the optional
-                <code>node</code> attribute tells which NUMA node is the PCI
-                device associated with.
-              </dd>
-              <dt><code>pci-express</code></dt>
-              <dd>
-              This optional element contains information on PCI Express part of
-              the device. For example, it can contain a child element
-              <code>link</code> which addresses the PCI Express device's link.
-              While a device has it's own capabilities
-              (<code>validity='cap'</code>), the actual run time capabilities
-              are negotiated on the device initialization
-              (<code>validity='sta'</code>). The <code>link</code> element then
-              contains three attributes: <code>port</code> which says in which
-              port is the device plugged in, <code>speed</code> (in
-              GigaTransfers per second) and <code>width</code> for the number
-              of lanes used. Since the port can't be negotiated, it's not
-              exposed in <code>./pci-express/link/[@validity='sta']</code>.
-              </dd>
             </dl>
           </dd>
           <dt><code>usb_device</code></dt>
@@ -158,11 +136,11 @@
             <dl>
               <dt><code>number</code></dt>
               <dd>The device number.</dd>
-              <dt><code>class</code></dt>
+              <dt><code>number</code></dt>
               <dd>The device class.</dd>
-              <dt><code>subclass</code></dt>
+              <dt><code>number</code></dt>
               <dd>The device subclass.</dd>
-              <dt><code>protocol</code></dt>
+              <dt><code>number</code></dt>
               <dd>The device protocol.</dd>
               <dt><code>description</code></dt>
               <dd>If present, a description of the device.</dd>
@@ -176,13 +154,6 @@
               <dd>The interface name tied to this device.</dd>
               <dt><code>address</code></dt>
               <dd>If present, the MAC address of the device.</dd>
-              <dt><code>link</code></dt>
-              <dd>Optional to reflect the status of the link. It has
-                two optional attributes: <code>speed</code> in Mbits per
-                second and <code>state</code> to tell the state of the
-                link. So far, the whole element is just for output,
-                not setting.
-              </dd>
               <dt><code>capability</code></dt>
               <dd>A network protocol exposed by the device, where the
                 attribute <code>type</code> can be "80203" for IEEE
@@ -320,10 +291,6 @@
       &lt;address domain='0x0000' bus='0x02' slot='0x00' function='0x0'/&gt;
       &lt;address domain='0x0000' bus='0x02' slot='0x00' function='0x1'/&gt;
     &lt;/iommuGroup&gt;
-    &lt;pci-express&gt;
-      &lt;link validity='cap' port='1' speed='2.5' width='1'/&gt;
-      &lt;link validity='sta' speed='2.5' width='1'/&gt;
-    &lt;/pci-express&gt;
   &lt;/capability&gt;
 &lt;/device&gt;
     </pre>

docs/formatnwfilter.html.in

@@ -989,21 +989,11 @@
          <td>IP_ADDR</td>
          <td>Source IP address in ARP/RARP packet</td>
        </tr>
-       <tr>
-         <td>arpsrcipmask <span class="since">(Since 1.2.3)</span></td>
-         <td>IP_MASK</td>
-         <td>Source IP mask</td>
-       </tr>
        <tr>
          <td>arpdstipaddr</td>
          <td>IP_ADDR</td>
          <td>Destination IP address in ARP/RARP packet</td>
        </tr>
-       <tr>
-         <td>arpdstipmask <span class="since">(Since 1.2.3)</span></td>
-         <td>IP_MASK</td>
-         <td>Destination IP mask</td>
-       </tr>
        <tr>
          <td>comment <span class="since">(Since 0.8.5)</span></td>
          <td>STRING</td>
@@ -1837,7 +1827,7 @@
      initiate a connection from TCP port 80 back towards the VM.
      By default the connection state match that enables connection tracking
      and then enforcement of directionality of traffic is turned on. <br/>
-     The following shows an example XML fragment where this feature has been
+     The following shows an example XML fragement where this feature has been
      turned off for incoming connections to TCP port 12345.
     </p>
 <pre>
@@ -2089,9 +2079,9 @@
      To enable traffic for TCP ports 22 and 80 we will add 2 rules to
      enable this type of traffic. To allow the VM to send ping traffic
      we will add a rule for ICMP traffic. For simplicity reasons
-     we allow general ICMP traffic to be initiated from the VM, not
+     we allow general ICMP traffic to be initated from the VM, not
      just ICMP echo request and response messages. To then
-     disallow all other traffic to reach or be initiated by the
+     disallow all other traffic to reach or be initated by the
      VM we will then need to add a rule that drops all other traffic.
      Assuming our VM is called <i>test</i> and
      the interface we want to associate our filter with is called <i>eth0</i>,
@@ -2365,7 +2355,7 @@
       on the source system are equivalent to those on the target system
       and vice versa.
       <br/><br/>
-      Migration must occur between libvirt installations of version
+      Migration must occur between libvirt insallations of version
       0.8.1 or later in order not to lose the network traffic filters
       associated with an interface.
      </p>

docs/formatsecret.html.in

@@ -46,200 +46,48 @@
       </dd>
     </dl>
 
-    <h3><a name="VolumeUsageType">Usage type "volume"</a></h3>
+    <h3>Usage type "volume"</h3>
 
     <p>
       This secret is associated with a volume, and it is safe to delete the
       secret after the volume is deleted.  The <code>&lt;usage
       type='volume'&gt;</code> element must contain a
       single <code>volume</code> element that specifies the key of the volume
-      this secret is associated with. For example, create a volume-secret.xml
-      file as follows:
+      this secret is associated with.
     </p>
 
-    <pre>
-      &lt;secret ephemeral='no' private='yes'&gt;
-         &lt;description&gt;Super secret name of my first puppy&lt;/description&gt;
-         &lt;uuid&gt;0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f&lt;/uuid&gt;
-         &lt;usage type='volume'&gt;
-            &lt;volume&gt;/var/lib/libvirt/images/puppyname.img&lt;/volume&gt;
-         &lt;/usage&gt;
-      &lt;/secret&gt;
-    </pre>
+    <h3>Usage type "ceph"</h3>
 
-    <p>
-      Define the secret and set the pass phrase as follows:
-    </p>
-    <pre>
-      # virsh secret-define volume-secret.xml
-      Secret 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f created
-      #
-      # MYSECRET=`printf %s "open sesame" | base64`
-      # virsh secret-set-value 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f $MYSECRET
-      Secret value set
-      #
-    </pre>
-
-    <p>
-      The volume type secret can then be used in the XML for a storage volume
-      <a href="formatstorageencryption.html">encryption</a> as follows:
-    </p>
-    <pre>
-      &lt;encryption format='qcow'&gt;
-        &lt;secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/&gt;
-      &lt;/encryption&gt;
-    </pre>
-
-    <h3><a name="CephUsageType">Usage type "ceph"</a></h3>
     <p>
       This secret is associated with a Ceph RBD (rados block device).
       The <code>&lt;usage type='ceph'&gt;</code> element must contain
       a single <code>name</code> element that specifies a usage name
       for the secret.  The Ceph secret can then be used by UUID or by
       this usage name via the <code>&lt;auth&gt;</code> element of
-      a <a href="formatdomain.html#elementsDisks">disk device</a> or
-      a <a href="formatstorage.html">storage pool (rbd)</a>.
-      <span class="since">Since 0.9.7</span>. The following is an example
-      of the steps to be taken.  First create a ceph-secret.xml file:
+      a <a href="formatdomain.html#elementsDisks">disk
+      device</a>. <span class="since">Since 0.9.7</span>.
     </p>
 
-    <pre>
-      &lt;secret ephemeral='no' private='yes'&gt;
-         &lt;description&gt;CEPH passphrase example&lt;/description&gt;
-         &lt;usage type='ceph'&gt;
-            &lt;name&gt;ceph_example&lt;/name&gt;
-         &lt;/usage&gt;
-      &lt;/secret&gt;
-    </pre>
-
-    <p>
-      Next, use <code>virsh secret-define ceph-secret.xml</code> to define
-      the secret and <code>virsh secret-set-value</code> using the generated
-      UUID value and a base64 generated secret value in order to define the
-      chosen secret pass phrase.
-    </p>
-    <pre>
-      # virsh secret-define ceph-secret.xml
-      Secret 1b40a534-8301-45d5-b1aa-11894ebb1735 created
-      #
-      # virsh secret-list
-      UUID                                 Usage
-      -----------------------------------------------------------
-      1b40a534-8301-45d5-b1aa-11894ebb1735 cephx ceph_example
-      #
-      # CEPHPHRASE=`printf %s "pass phrase" | base64`
-      # virsh secret-set-value 1b40a534-8301-45d5-b1aa-11894ebb1735 $CEPHPHRASE
-      Secret value set
-
-      #
-    </pre>
-
-    <p>
-      The ceph secret can then be used by UUID or by the
-      usage name via the <code>&lt;auth&gt;</code> element in a domain's
-      <a href="formatdomain.html#elementsDisks"><code>&lt;disk&gt;</code></a>
-      element as follows:
-    </p>
-    <pre>
-      &lt;auth username='myname'&gt;
-        &lt;secret type='ceph' usage='ceph_example'/&gt;
-      &lt;/auth&gt;
-    </pre>
-
-    <p>
-      As well as the <code>&lt;auth&gt;</code> element in a
-      <a href="formatstorage.html">storage pool (rbd)</a>
-      <code>&lt;source&gt;</code> element as follows:
-    </p>
-    <pre>
-      &lt;auth type='ceph' username='myname'&gt;
-        &lt;secret usage='ceph_example'/&gt;
-      &lt;/auth&gt;
-    </pre>
-
-    <h3><a name="iSCSIUsageType">Usage type "iscsi"</a></h3>
+    <h3>Usage type "iscsi"</h3>
 
     <p>
       This secret is associated with an iSCSI target for CHAP authentication.
       The <code>&lt;usage type='iscsi'&gt;</code> element must contain
       a single <code>target</code> element that specifies a usage name
-      for the secret. The iSCSI secret can then be used by UUID or by
+      for the secret.  The iSCSI secret can then be used by UUID or by
       this usage name via the <code>&lt;auth&gt;</code> element of
-      a <a href="formatdomain.html#elementsDisks">disk device</a> or
-      a <a href="formatstorage.html">storage pool (iscsi)</a>.
-      <span class="since">Since 1.0.4</span>. The following is an example
-      of the XML that may be used to generate a secret for iSCSI CHAP
-      authentication. Assume the following sample entry in an iSCSI
-      authentication file:
-    </p>
-      <pre>
-      &lt;target iqn.2013-07.com.example:iscsi-pool&gt;
-      backing-store /home/tgtd/iscsi-pool/disk1
-      backing-store /home/tgtd/iscsi-pool/disk2
-      incominguser myname mysecret
-      &lt;/target&gt;
-      </pre>
-    <p>
-      Define an iscsi-secret.xml file to describe the secret. Use the
-      <code>incominguser</code> username used in your iSCSI authentication
-      configuration file as the value for the <code>username</code> attribute.
-      The <code>description</code> attribute should contain configuration
-      specific data. The <code>target</code> name may be any name of your
-      choosing to be used as the <code>usage</code> when used in the pool
-      or disk XML description.
+      a <a href="formatdomain.html#elementsDisks">disk
+      device</a>. <span class="since">Since 1.0.4</span>.
     </p>
+
+    <h2><a name="example">Example</a></h2>
+
     <pre>
       &lt;secret ephemeral='no' private='yes'&gt;
-         &lt;description&gt;Passphrase for the iSCSI example.com server&lt;/description&gt;
-         &lt;usage type='iscsi'&gt;
-            &lt;target&gt;libvirtiscsi&lt;/target&gt;
+         &lt;description&gt;LUKS passphrase for the main hard drive of our mail server&lt;/description&gt;
+         &lt;usage type='volume'&gt;
+            &lt;volume&gt;/var/lib/libvirt/images/mail.img&lt;/volume&gt;
          &lt;/usage&gt;
-      &lt;/secret&gt;
-    </pre>
-
-    <p>
-      Next, use <code>virsh secret-define iscsi-secret.xml</code> to define
-      the secret and <code>virsh secret-set-value</code> using the generated
-      UUID value and a base64 generated secret value in order to define the
-      chosen secret pass phrase.  The pass phrase must match the password
-      used in the iSCSI authentication configuration file.
-    </p>
-    <pre>
-      # virsh secret-define secret.xml
-      Secret c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 created
-
-      # virsh secret-list
-      UUID                                 Usage
-      -----------------------------------------------------------
-      c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 iscsi libvirtiscsi
-
-      # MYSECRET=`printf %s "mysecret" | base64`
-      # virsh secret-set-value c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 $MYSECRET
-      Secret value set
-      #
-    </pre>
-
-    <p>
-      The iSCSI secret can then be used by UUID or by the
-      usage name via the <code>&lt;auth&gt;</code> element in a domain's
-      <a href="formatdomain.html#elementsDisks"><code>&lt;disk&gt;</code></a>
-      element as follows:
-    </p>
-    <pre>
-      &lt;auth username='myname'&gt;
-        &lt;secret type='iscsi' usage='libvirtiscsi'/&gt;
-      &lt;/auth&gt;
-    </pre>
-
-    <p>
-      As well as the <code>&lt;auth&gt;</code> element in a
-      <a href="formatstorage.html">storage pool (iscsi)</a>
-      <code>&lt;source&gt;</code> element as follows:
-    </p>
-    <pre>
-      &lt;auth type='chap' username='myname'&gt;
-        &lt;secret usage='libvirtiscsi'/&gt;
-      &lt;/auth&gt;
-    </pre>
+      &lt;/secret&gt;</pre>
   </body>
 </html>

docs/formatsnapshot.html.in

@@ -170,22 +170,6 @@
             snapshots, the original file name becomes the read-only
             snapshot, and the new file name contains the read-write
             delta of all disk changes since the snapshot.
-
-            <span class="since">Since 1.2.2</span> the <code>disk</code> element
-            supports an optional attribute <code>type</code> if the
-            <code>snapshot</code> attribute is set to <code>external</code>.
-            This attribute specifies the snapshot target storage type and allows
-            to overwrite the default <code>file</code> type. The <code>type</code>
-            attribute along with the format of the <code>source</code>
-            sub-element is identical to the <code>source</code> element used in
-            domain disk definitions. See the
-            <a href="formatdomain.html#elementsDisks">disk devices</a> section
-            documentation for further information.
-
-            Libvirt currently supports the <code>type</code> element in the qemu
-            driver and supported values are <code>file</code>, <code>block</code>
-            and <code>network</code> with a protocol of <code>gluster</code>
-            <span class="since">(since 1.2.2)</span>.
           </dd>
         </dl>
       </dd>

docs/formatstorage.html.in

@@ -18,14 +18,9 @@
       The top level tag for a storage pool document is 'pool'. It has
       a single attribute <code>type</code>, which is one of <code>dir</code>,
       <code>fs</code>, <code>netfs</code>, <code>disk</code>,
-      <code>iscsi</code>, <code>logical</code>, <code>scsi</code>
-      (all <span class="since">since 0.4.1</span>), <code>mpath</code>
-      (<span class="since">since 0.7.1</span>), <code>rbd</code>
-      (<span class="since">since 0.9.13</span>), <code>sheepdog</code>
-      (<span class="since">since 0.10.0</span>),
-      or <code>gluster</code> (<span class="since">since
-      1.2.0</span>). This corresponds to the
+      <code>iscsi</code>, <code>logical</code>. This corresponds to the
       storage backend drivers listed further along in this document.
+      The storage pool XML format is available <span class="since">since 0.4.1</span>
     </p>
     <h3><a name="StoragePoolFirst">General metadata</a></h3>
 
@@ -69,8 +64,7 @@
     <p>
       A single <code>source</code> element is contained within the top level
       <code>pool</code> element. This tag is used to describe the source of
-      the storage pool. The set of child elements that it will contain
-      depend on the pool type, but come from the following child elements:
+      the storage pool. It can contain the following child elements:
     </p>
 
     <pre>
@@ -78,9 +72,6 @@
         &lt;source&gt;
           &lt;host name="iscsi.example.com"/&gt;
           &lt;device path="demo-target"/&gt;
-          &lt;auth type='chap' username='myname'&gt;
-            &lt;secret type='iscsi' usage='mycluster_myname'/&gt;
-          &lt;/auth&gt;
           &lt;vendor name="Acme"/&gt;
           &lt;product name="model"/&gt;
         &lt;/source&gt;
@@ -88,6 +79,7 @@
 
     <pre>
         ...
+        &lt;source&gt;
         &lt;source&gt;
           &lt;adapter type='fc_host' parent='scsi_host5' wwnn='20000000c9831b4b' wwpn='10000000c9831b4b'/&gt;
         &lt;/source&gt;
@@ -95,23 +87,17 @@
 
     <dl>
       <dt><code>device</code></dt>
-      <dd>Provides the source for pools backed by physical devices
-        (pool types <code>fs</code>, <code>logical</code>, <code>disk</code>,
-        <code>iscsi</code>).
+      <dd>Provides the source for pools backed by physical devices.
         May be repeated multiple times depending on backend driver. Contains
         a single attribute <code>path</code> which is the fully qualified
         path to the block device node. <span class="since">Since 0.4.1</span></dd>
-      <dt><code>dir</code></dt>
-      <dd>Provides the source for pools backed by directories (pool
-        type <code>dir</code>), or optionally to select a subdirectory
-        within a pool that resembles a filesystem (pool
-        type <code>gluster</code>). May
+      <dt><code>directory</code></dt>
+      <dd>Provides the source for pools backed by directories. May
         only occur once. Contains a single attribute <code>path</code>
         which is the fully qualified path to the backing directory.
         <span class="since">Since 0.4.1</span></dd>
       <dt><code>adapter</code></dt>
-      <dd>Provides the source for pools backed by SCSI adapters (pool
-        type <code>scsi</code>). May
+      <dd>Provides the source for pools backed by SCSI adapters. May
         only occur once. Attribute <code>name</code> is the SCSI adapter
         name (ex. "scsi_host1".  NB, although a name such as "host1" is
         still supported for backwards compatibility, it is not recommended).
@@ -132,45 +118,18 @@
         <span class="since">Since 0.6.2</span></dd>
       <dt><code>host</code></dt>
       <dd>Provides the source for pools backed by storage from a
-        remote server (pool types <code>netfs</code>, <code>iscsi</code>,
-        <code>rbd</code>, <code>sheepdog</code>, <code>gluster</code>). Will be
-        used in combination with a <code>directory</code>
+        remote server. Will be used in combination with a <code>directory</code>
         or <code>device</code> element. Contains an attribute <code>name</code>
         which is the hostname or IP address of the server. May optionally
         contain a <code>port</code> attribute for the protocol specific
         port number. <span class="since">Since 0.4.1</span></dd>
-      <dt><code>auth</code></dt>
-      <dd>If present, the <code>auth</code> element provides the
-        authentication credentials needed to access the source by the
-        setting of the <code>type</code> attribute (pool
-        types <code>iscsi</code>, <code>rbd</code>). The <code>type</code>
-        must be either "chap" or "ceph". Use "ceph" for
-        Ceph RBD (Rados Block Device) network sources and use "iscsi" for CHAP
-        (Challenge-Handshake Authentication Protocol) iSCSI
-        targets. Additionally a mandatory attribute
-        <code>username</code> identifies the username to use during
-        authentication as well as a sub-element <code>secret</code> with
-        a mandatory attribute <code>type</code>, to tie back to a
-        <a href="formatsecret.html">libvirt secret object</a> that
-        holds the actual password or other credentials. The domain XML
-        intentionally does not expose the password, only the reference
-        to the object that manages the password.
-        The <code>secret</code> element requires either a <code>uuid</code>
-        attribute with the UUID of the secret object or a <code>usage</code>
-        attribute matching the key that was specified in the
-        secret object.  <span class="since">Since 0.9.7 for "ceph" and
-        1.1.1 for "chap"</span>
-      </dd>
       <dt><code>name</code></dt>
       <dd>Provides the source for pools backed by storage from a
-        named element (pool types <code>logical</code>, <code>rbd</code>,
-        <code>sheepdog</code>, <code>gluster</code>).  Contains a
-        string identifier.
+        named element (e.g., a logical volume group name).
+        Contains a string identifier.
         <span class="since">Since 0.4.5</span></dd>
       <dt><code>format</code></dt>
-      <dd>Provides information about the format of the pool (pool
-        types <code>fs</code>, <code>netfs</code>, <code>disk</code>,
-        <code>logical</code>). This
+      <dd>Provides information about the format of the pool. This
         contains a single attribute <code>type</code> whose value is
         backend specific. This is typically used to indicate filesystem
         type, or network filesystem type, or partition table type, or
@@ -192,11 +151,7 @@
 
     <p>
       A single <code>target</code> element is contained within the top level
-      <code>pool</code> element for some types of pools (pool
-      types <code>dir</code>, <code>fs</code>, <code>netfs</code>,
-      <code>logical</code>, <code>disk</code>, <code>iscsi</code>,
-      <code>scsi</code>, <code>mpath</code>). This tag is used to
-      describe the mapping of
+      <code>pool</code> element. This tag is used to describe the mapping of
       the storage pool into the host filesystem. It can contain the following
       child elements:
     </p>
@@ -236,10 +191,11 @@
         <span class="since">Since 0.4.1</span>
       </dd>
       <dt><code>permissions</code></dt>
-      <dd>This is currently only useful for directory or filesystem based
-        pools, which are mapped as a directory into the local filesystem
-        namespace. It provides information about the permissions to use for the
-        final directory when the pool is built. The
+      <dd>Provides information about the default permissions to use
+        when creating volumes. This is currently only useful for directory
+        or filesystem based pools, where the volumes allocated are simple
+        files. For pools where the volumes are device nodes, the hotplug
+        scripts determine permissions. It contains 4 child elements. The
         <code>mode</code> element contains the octal permission set. The
         <code>owner</code> element contains the numeric user ID. The <code>group</code>
         element contains the numeric group ID. The <code>label</code> element
@@ -288,18 +244,14 @@
 
     <h2><a name="StorageVol">Storage volume XML</a></h2>
     <p>
-      A storage volume will generally be either a file or a device
-      node; <span class="since">since 1.2.0</span>, an optional
-      output-only attribute <code>type</code> lists the actual type
-      (file, block, dir, network, or netdir), which is also available
-      from <code>virStorageVolGetInfo()</code>.  The storage volume
-      XML format is available <span class="since">since 0.4.1</span>
+      A storage volume will be either a file or a device node.
+      The storage volume XML format is available <span class="since">since 0.4.1</span>
     </p>
 
     <h3><a name="StorageVolFirst">General metadata</a></h3>
 
     <pre>
-      &lt;volume type='file'&gt;
+      &lt;volume&gt;
         &lt;name&gt;sparse.img&lt;/name&gt;
         &lt;key&gt;/var/lib/xen/images/sparse.img&lt;/key&gt;
         &lt;allocation&gt;0&lt;/allocation&gt;
@@ -311,10 +263,8 @@
       <dd>Providing a name for the volume which is unique to the pool.
         This is mandatory when defining a volume.  <span class="since">Since 0.4.1</span></dd>
       <dt><code>key</code></dt>
-      <dd>Providing an identifier for the volume which identifies a
-          single volume. In some cases it's possible to have two distinct keys
-          identifying a single volume. This field cannot be set when creating
-          a volume: it is always generated.
+      <dd>Providing an identifier for the volume which is globally unique.
+          This cannot be set when creating a volume: it is always generated.
         <span class="since">Since 0.4.1</span></dd>
       <dt><code>allocation</code></dt>
       <dd>Providing the total storage allocation for the volume. This
@@ -507,10 +457,7 @@
         &lt;name&gt;virtimages&lt;/name&gt;
         &lt;source&gt;
           &lt;host name="iscsi.example.com"/&gt;
-          &lt;device path="iqn.2013-06.com.example:iscsi-pool"/&gt;
-          &lt;auth type='chap' username='myuser'&gt;
-            &lt;secret usage='libvirtiscsi'/&gt;
-          &lt;/auth&gt;
+          &lt;device path="demo-target"/&gt;
         &lt;/source&gt;
         &lt;target&gt;
           &lt;path&gt;/dev/disk/by-path&lt;/path&gt;

docs/genaclperms.pl

@@ -1,124 +0,0 @@
-#!/usr/bin/perl
-#
-# Copyright (C) 2013 Red Hat, Inc.
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library.  If not, see
-# <http://www.gnu.org/licenses/>.
-#
-
-use strict;
-use warnings;
-
-my @objects = (
-    "CONNECT", "DOMAIN", "INTERFACE",
-    "NETWORK","NODE_DEVICE", "NWFILTER",
-     "SECRET", "STORAGE_POOL", "STORAGE_VOL",
-    );
-
-my %class;
-
-foreach my $object (@objects) {
-    my $class = lc $object;
-
-    $class =~ s/(^\w|_\w)/uc $1/eg;
-    $class =~ s/_//g;
-    $class =~ s/Nwfilter/NWFilter/;
-    $class = "vir" . $class . "Ptr";
-
-    $class{$object} = $class;
-}
-
-my $objects = join ("|", @objects);
-
-my %opts;
-my $in_opts = 0;
-
-my %perms;
-
-while (<>) {
-    if ($in_opts) {
-        if (m,\*/,) {
-            $in_opts = 0;
-        } elsif (/\*\s*\@(\w+):\s*(.*?)\s*$/) {
-            $opts{$1} = $2;
-        }
-    } elsif (m,/\*\*,) {
-        $in_opts = 1;
-    } elsif (/VIR_ACCESS_PERM_($objects)_((?:\w|_)+),/) {
-        my $object = $1;
-        my $perm = lc $2;
-        next if $perm eq "last";
-
-        $perm =~ s/_/-/g;
-
-        $perms{$object} = {} unless exists $perms{$object};
-        $perms{$object}->{$perm} = {
-            desc => $opts{desc},
-            message => $opts{message},
-            anonymous => $opts{anonymous}
-        };
-        %opts = ();
-    }
-}
-
-print <<EOF;
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-EOF
-
-foreach my $object (sort { $a cmp $b } keys %perms) {
-    my $class = $class{$object};
-    my $olink = lc "object_" . $object;
-    print <<EOF;
-<h3><a name="$olink">$class</a></h3>
-<table class="acl">
-  <thead>
-    <tr>
-      <th>Permission</th>
-      <th>Description</th>
-    </tr>
-  </thead>
-  <tbody>
-EOF
-
-    foreach my $perm (sort { $a cmp $b } keys %{$perms{$object}}) {
-        my $description = $perms{$object}->{$perm}->{desc};
-
-        die "missing description for $object.$perm" unless
-            defined $description;
-
-        my $plink = lc "perm_" . $object . "_" . $perm;
-        $plink =~ s/-/_/g;
-
-        print <<EOF;
-    <tr>
-      <td><a name="$plink">$perm</a></td>
-      <td>$description</td>
-    </tr>
-EOF
-
-    }
-
-    print <<EOF;
-  </tbody>
-</table>
-EOF
-}
-
-print <<EOF;
-  </body>
-</html>
-EOF

docs/generic.css

@@ -1,3 +1,4 @@
+
 body {
   margin: 0em;
   padding: 0px;

docs/governance.html.in

@@ -1,294 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Project governance</h1>
-
-    <ul id="toc"></ul>
-
-    <p>
-      The libvirt project operates as a meritocratic, consensus-based community.
-      Anyone with an interest in the project can join the community, contributing
-      to the ongoing development of the project's work. This pages describes how
-      that participation takes place and how contributors earn merit, and thus
-      influence, within the community.
-    </p>
-
-    <h2><a name="codeofconduct">Code of conduct</a></h2>
-
-    <p>
-      The libvirt project community covers people from a wide variety of
-      countries, backgrounds and positions. This global diversity is a great
-      strength of the project, but can also lead to communication issues,
-      which may in turn cause unhappiness. To maximise happiness of the
-      project community taken as a whole, all members (whether users,
-      contributors or committers) are expected to abide by the project's
-      code of conduct. At a high level the code can be summarized as
-      <em>"be excellent to each other"</em>. Expanding on this:
-    </p>
-
-    <ul>
-      <li><strong>Be respectful:</strong> disagreements between people are to
-        be expected and are usually the sign of healthy debate and engagement.
-        Disagreements can lead to frustration and even anger for some members.
-        Turning to personal insults, intimidation or threatening behaviour does
-        not improve the situation though. Participants should thus take care to
-        ensure all communications / interactions stay professional at all times.</li>
-
-      <li><strong>Be considerate:</strong> remember that the community has members
-        with a diverse background many of whom have English as a second language.
-        What might appear impolite, may simply be a result of a lack of knowledge
-        of the English language. Bear in mind that actions will have an impact
-        on other community members and the project as a whole, so take potential
-        consequences into account before pursuing a course of action.</li>
-
-      <li><strong>Be forgiving:</strong> humans are fallible and as such prone
-        to make mistakes and inexplicably change their positions at times. Don't
-        assume that other members are acting with malicious intent. Be prepared
-        to forgive people who make mistakes and assist each other in learning
-        from them. Playing a blame game doesn't help anyone.</li>
-    </ul>
-
-    <h2><a name="roles">Roles and responsibilities</a></h2>
-
-    <h3><a href="users">Users</a></h3>
-
-    <p>
-      The users are anyone who has a need for the output of the project.
-      There are no rules or requirements to become a user of libvirt. Even
-      if the software does not yet work on their OS platform, a person can
-      be considered a potential future user and welcomed to participate.
-    </p>
-
-    <p>
-      Participation by users is key to ensuring the project moves in the
-      right direction, satisfying their real world needs. Users are
-      encouraged to participate in the broader libvirt community in any
-      number of ways:
-    </p>
-
-    <ul>
-      <li>Evangelism: spread the word about what libvirt is doing, how it
-        helps solve your problems. This can be via blog articles, social
-        media postings, video blogs, user group / conference presentations
-        and any other method of disseminating information</li>
-      <li>Feedback: let the developers know about what does and does not
-        work with the project. Talk to developers on the project's
-        IRC channel and mailing list, or find them at conferences. Tell
-        them what gaps the project has or where they should look for
-        future development</li>
-      <li>Moral support: developers live for recognition of the positive
-        impact their work has on users' lives. Give thanks to the developers
-        when evangelising the project, or when meeting them at user groups,
-        conferences, etc.</li>
-    </ul>
-
-    <p>
-      The above is not an exhaustive list of things users can do to
-      participate in the project. Further ideas and suggestions are
-      welcome. Users are encouraged to take their participation
-      further and become contributors to the project in any of the
-      ways listed in the next section.
-    </p>
-
-    <h3><a name="contributors">Contributors</a></h3>
-
-    <p>
-      The contributors are community members who have some concrete impact
-      to the ongoing development of the project. There are many ways in which
-      members can contribute, with no requirement to be a software engineer.
-      Many users can in fact consider themselves contributors merely by
-      engaging in evangelism for the project.
-    </p>
-
-    <ul>
-      <li>Bug reporting: improve the quality of the project by reporting
-        any problems found either to the project's own bug tracker, or to
-        that of the OS vendor shipping the libvirt code.</li>
-      <li>User help: join the <a href="contact.html">IRC channel or mailing list</a>
-        to assist or advice other users in troubleshooting the problems they face.</li>
-      <li>Feature requests: help set the direction for future work by
-        reporting details of features which are missing to the project's
-        own bug tracker or mailing lists.</li>
-      <li>Graphical design: contribute to the development of the project's
-        websites / wiki brand with improved graphics, styling or layout.</li>
-      <li>Code development: write and submit patches to address bugs or implement
-        new features</li>
-      <li>Architectural design: improve the usefulness of the project
-        by providing feedback on the design of proposed features, to
-        ensure they satisfy the broadest applicable needs and survive
-        the long term</li>
-      <li>Code review: look at patches which are submitted and critique
-        the code to identify bugs, potential design problems or other
-        issues which should be addressed before the code is accepted</li>
-      <li>Documentation: contribute to content on personal blogs, the
-        website, wiki, code comments, or any of the formal documentation
-        efforts.</li>
-      <li>Translation: join the Fedora transifex community to improve the
-        quality of translations needed by the libvirt project.</li>
-      <li>Testing: try proposed patches or release candidates and report
-        whether the build passes and the changes work as expected.</li>
-    </ul>
-
-    <p>
-      The above is not an exhaustive list of things members can do to
-      contribute to the project. Further ideas and suggestions are
-      welcome.
-    </p>
-
-    <p>
-      There are no special requirements to becoming a contributor other
-      than having the interest and ability to provide a contribution. The
-      libvirt project <strong>does not require</strong> any
-      <em>"Contributor License Agreement"</em>
-      to be signed prior to engagement with the community.
-    </p>
-
-    <p>
-      In making a contribution to the project, the community member is
-      implicitly stating that they accept the terms of the license under
-      which the work they are contributing to is distributed. They are
-      also implicitly stating that they have the legal right to make the
-      contribution, if doing so on behalf of a broader organization /
-      company. Most of the project's code is distributed under the GNU
-      Lesser General Public License, version 2 or later. Details of the
-      exact license under which contributions will be presumed to be
-      covered are found in the source repositories, or website in question.
-    </p>
-
-    <h3><a name="committers">Committers</a></h3>
-
-    <p>
-      The committers are the subset of contributors who have direct access
-      to commit code to the project's primary source code repositories, which
-      are currently using the GIT software. The committers are chosen based
-      on the quality of their contributions over a period of time. This includes
-      both the quality of code they submit, as well as the quality of reviews
-      they provide on other contributors' submissions and a demonstration that
-      they understand day-to-day operation of the project and its goals. There
-      is no minimum level of contribution required in order to become a committer,
-      though 2-3 months worth of quality contribution would be a rough guide.
-    </p>
-
-    <p>
-      There are no special requirements to becoming a committer other than to
-      have shown a willingness and ability to contribute to the project over
-      an extended period of time. Proposals for elevating contributors to
-      committers are typically made by existing committers, though contributors
-      are also welcome to make proposals. The decision to approve the elevation
-      of a contributor to a committer is made through "rough consensus" between
-      the existing committers.
-    </p>
-
-    <p>
-      The aim in elevating contributors to committers is to ensure that there
-      is a broad base of experience and expertize across all areas of the
-      project's work. Committers are not required to have knowledge across
-      all areas of the project's work. While an approved committer has the
-      technical ability to commit code to any area of the project, by convention
-      they will only commit to areas they feel themselves to be qualified to
-      evaluate the contribution. If in doubt, committers will defer to the
-      opinion of other committers with greater expertize in an area.
-    </p>
-
-    <p>
-      The committers hold the ultimate control over what contributions are
-      accepted by the project, however, this does not mean they have the
-      right to do whatever they want. Where there is debate and disagreement
-      between contributors, committers are expected to look at the issues with
-      an unbiased point of view and help achieve a "rough consensus". If the
-      committer has a conflict of interest in the discussion, for example due
-      to their position of employment, they are expected to put the needs of
-      the community project first. If they cannot put the community project
-      first, they must declare their conflict of interest, and allow other
-      non-conflicted committers to make any final decision.
-    </p>
-
-    <p>
-      The committers are expected to monitor contributions to areas of the
-      project where they have expertize and ensure that either some form of
-      feedback is provided to the contributor, or to accept their contribution.
-      There is no formal minimum level of approval required to accept a
-      contribution. Positive review by any committer experienced in the area
-      of work is considered to be enough to justify acceptance in normal
-      circumstances. Where one committer explicitly rejects a contribution,
-      however, other committers should not override that rejection without
-      first establishing a "rough consensus" amongst the broader group of
-      committers.
-    </p>
-
-    <p>
-      Being a committer is a privilege, not a right. In exceptional
-      circumstances, the privilege may be removed from an active
-      contributor. Such decisions will be taken based on "rough
-      consensus" amongst other committers. In the event that a committer
-      is no longer able to participate in the project, after some period
-      of inactivity passes, they may be asked to confirm that they wish
-      to retain their role as a committer.
-    </p>
-
-    <h3><a name="secteam">Security team</a></h3>
-
-    <p>
-      The security team consists of a subset of the project committers
-      along with representatives from vendors shipping the project's
-      software. The subset of project committers is chosen to be the
-      minimal size necessary to provide expertise spanning most of
-      the project's work. Further project committers may be requested
-      to engage in resolving specific security issues on a case by
-      case basis. Any vendor who is shipping the project's software
-      may submit a request for one or more of their representatives
-      to join the security team. Such requests must by approved by
-      existing members of the team vouching for the integrity of
-      the nominated person or organization.
-    </p>
-
-    <p>
-      Members of the security team are responsible for triaging and
-      resolving any security issues that are reported to the project.
-      They are expected to abide by the project's documented
-      <a href="securityprocess.html">security process</a>. In particular
-      they must respect any embargo period agreed amongst the team
-      before disclosing a private issue.
-    </p>
-
-    <h2><a name="roughconsensus">Rough consensus</a></h2>
-
-    <p>
-      A core concept for governance of the project described above is
-      that of "rough consensus". To expand on this, it is a process
-      of decision making that involves the following steps
-    </p>
-
-    <ul>
-      <li>Proposal</li>
-      <li>Discussion</li>
-      <li>Vote (exceptional circumstances only)</li>
-      <li>Decision</li>
-    </ul>
-
-    <p>
-      To put this into words, any contributor is welcome to make a proposal
-      for consideration. Any contributor may participate in the discussions
-      around the proposal. The discussion will usually result in agreement
-      between the interested parties, or at least agreement between the
-      committers. Only in the very exceptional circumstance where there
-      is disagreement between committers, would a vote be considered.
-      Even in these exceptional circumstances, it is usually found to be
-      obvious what the majority opinion of the committers is. In the event
-      that even a formal vote is tied, the committers will have to hold
-      ongoing discussions until the stalemate is resolved or the proposal
-      withdrawn.
-    </p>
-
-    <p>
-      The overall goal of the "rough consensus" process is to ensure that
-      decisions can be made within the project, with a minimum level of
-      bureaucracy and process. Implicit in this is that any person who does
-      not explicitly reject to a proposal is assumed to be supportive, or
-      at least agnostic.
-    </p>
-
-
-  </body>
-</html>

docs/hacking.html.in

@@ -45,7 +45,7 @@
                  --to=libvir-list@redhat.com master
 </pre>
         <p>(Note that the "git send-email" subcommand may not be in
-        the main git package and using it may require installation of a
+        the main git package and using it may require installion of a
         separate package, for example the "git-email" package in
         Fedora.)  For a single patch you can omit
         <code>--cover-letter</code>, but a series of two or more
@@ -122,7 +122,7 @@
           Some tests are skipped by default in a development environment,
           based on the time they take in comparison to the likelihood
           that those tests will turn up problems during incremental builds.
-          These tests default to being run when building from a
+          These tests default to being run when when building from a
           tarball or with the configure option --enable-expensive-tests;
           you can also force a one-time toggle of these tests by
           setting VIR_TEST_EXPENSIVE to 0 or 1 at make time, as in:
@@ -141,17 +141,6 @@
   VIR_TEST_DEBUG=1 make check    (or)
   VIR_TEST_DEBUG=2 make check
 </pre>
-
-        <p>
-          When debugging failures during development, it is possible
-          to focus in on just the failing subtests by using TESTS and
-          VIR_TEST_RANGE:
-        </p>
-
-<pre>
-  make check VIR_TEST_DEBUG=1 VIR_TEST_RANGE=3-5 TESTS=qemuxml2argvtest
-</pre>
-
         <p>
           Also, individual tests can be run from inside the <code>tests/</code>
           directory, like:
@@ -236,7 +225,7 @@
            not suppress real leaks, but it should be generic enough to
            cover multiple code paths. The format of the entry can be
            found in the documentation found at the
-           <a href="http://valgrind.org/">Valgrind home page</a>.
+           <a href="http://valgrind.org/">Valgrind home page.</a>
            The following trace was added to <code>tests/.valgrind.supp</code>
            in order to suppress the warning:
         </p>
@@ -261,7 +250,7 @@
       There is more on this subject, including lots of links to background
       reading on the subject, on
       <a href="http://et.redhat.com/~rjones/how-to-supply-code-to-open-source-projects/">
-        Richard Jones' guide to working with open source projects</a>.
+        Richard Jones' guide to working with open source projects</a>
     </p>
 
 
@@ -273,11 +262,26 @@
       In short, use spaces-not-TABs for indentation, use 4 spaces for each
       indentation level, and other than that, follow the K&amp;R style.
     </p>
+    <p>
+      If you use Emacs, add the following to one of one of your start-up files
+      (e.g., ~/.emacs), to help ensure that you get indentation right:
+    </p>
+<pre>
+  ;;; When editing C sources in libvirt, use this style.
+  (defun libvirt-c-mode ()
+    "C mode with adjusted defaults for use with libvirt."
+    (interactive)
+    (c-set-style "K&amp;R")
+    (setq indent-tabs-mode nil) ; indent using spaces, not TABs
+    (setq c-indent-level 4)
+    (setq c-basic-offset 4))
+  (add-hook 'c-mode-hook
+            '(lambda () (if (string-match "/libvirt" (buffer-file-name))
+                            (libvirt-c-mode))))
+</pre>
 
     <p>
-      If you use Emacs, the project includes a file .dir-locals.el
-      that sets up the preferred indentation. If you use vim,
-      append the following to your ~/.vimrc file:
+      If you use vim, append the following to your ~/.vimrc file:
     </p>
 <pre>
   set nocompatible
@@ -288,7 +292,7 @@
   set tabstop=8
   set shiftwidth=4
   set expandtab
-  set cinoptions=(0,:0,l1,t0,L3
+  set cinoptions=(0,:0,l1,t0
   filetype plugin indent on
   au FileType make setlocal noexpandtab
   au BufRead,BufNewFile *.am setlocal noexpandtab
@@ -387,43 +391,6 @@
       int foo(int wizz);    // Good
 </pre>
 
-    <h2><a name="comma">Commas</a></h2>
-
-    <p>
-      Commas should always be followed by a space or end of line, and
-      never have leading space; this is enforced during 'make
-      syntax-check'.
-    </p>
-    <pre>
-      call(a,b ,c);// Bad
-      call(a, b, c); // Good
-</pre>
-
-    <p>
-      When declaring an enum or using a struct initializer that
-      occupies more than one line, use a trailing comma.  That way,
-      future edits to extend the list only have to add a line, rather
-      than modify an existing line to add the intermediate comma.  Any
-      sentinel enumerator value with a name ending in _LAST is exempt,
-      since you would extend such an enum before the _LAST element.
-      Another reason to favor trailing commas is that it requires less
-      effort to produce via code generators.  Note that the syntax
-      checker is unable to enforce a style of trailing commas, so
-      there are counterexamples in existing code which do not use it;
-      also, while C99 allows trailing commas, remember that JSON and
-      XDR do not.
-    </p>
-    <pre>
-      enum {
-          VALUE_ONE,
-          VALUE_TWO // Bad
-      };
-      enum {
-          VALUE_THREE,
-          VALUE_FOUR, // Good
-      };
-</pre>
-
     <h2><a name="semicolon">Semicolons</a></h2>
 
     <p>
@@ -708,8 +675,10 @@
 <pre>
   virDomainPtr domain;
 
-  if (VIR_ALLOC(domain) &lt; 0)
+  if (VIR_ALLOC(domain) &lt; 0) {
+      virReportOOMError();
       return NULL;
+  }
 </pre>
       </li>
 
@@ -718,8 +687,10 @@
   virDomainPtr domains;
   size_t ndomains = 10;
 
-  if (VIR_ALLOC_N(domains, ndomains) &lt; 0)
+  if (VIR_ALLOC_N(domains, ndomains) &lt; 0) {
+      virReportOOMError();
       return NULL;
+  }
 </pre>
       </li>
 
@@ -728,8 +699,10 @@
   virDomainPtr *domains;
   size_t ndomains = 10;
 
-  if (VIR_ALLOC_N(domains, ndomains) &lt; 0)
+  if (VIR_ALLOC_N(domains, ndomains) &lt; 0) {
+      virReportOOMError();
       return NULL;
+  }
 </pre>
       </li>
 
@@ -741,8 +714,10 @@
   virDomainPtr domains;
   size_t ndomains = 0;
 
-  if (VIR_EXPAND_N(domains, ndomains, 1) &lt; 0)
+  if (VIR_EXPAND_N(domains, ndomains, 1) &lt; 0) {
+      virReportOOMError();
       return NULL;
+  }
   domains[ndomains - 1] = domain;
 </pre></li>
 
@@ -755,8 +730,10 @@
   size_t ndomains = 0;
   size_t ndomains_max = 0;
 
-  if (VIR_RESIZE_N(domains, ndomains_max, ndomains, 1) &lt; 0)
+  if (VIR_RESIZE_N(domains, ndomains_max, ndomains, 1) &lt; 0) {
+      virReportOOMError();
       return NULL;
+  }
   domains[ndomains++] = domain;
 </pre>
       </li>
@@ -1124,20 +1101,6 @@
       retry: If needing to jump upwards (e.g., retry on EINTR)
 </pre>
 
-    <p>
-    Top-level labels should be indented by one space (putting them on
-    the beginning of the line confuses function context detection in git):
-    </p>
-
-<pre>
-int foo()
-{
-    /* ... do stuff ... */
- cleanup:
-    /* ... do other stuff ... */
-}
-</pre>
-
 
 
     <h2><a name="committers">Libvirt committer guidelines</a></h2>

docs/hacking1.xsl

@@ -27,14 +27,4 @@
 <xsl:template match="html:i">'<xsl:apply-templates/>'</xsl:template>
 <xsl:template match="html:code">"<xsl:apply-templates/>"</xsl:template>
 
-<!-- likewise, reformat a tags in first pass -->
-<xsl:template match="html:a">
-<xsl:text> </xsl:text><xsl:apply-templates/>
-<xsl:if test="@href">
-  <xsl:text> &lt;</xsl:text><xsl:value-of select="@href"/>
-  <xsl:text>&gt;</xsl:text>
-</xsl:if>
-</xsl:template>
-
-
 </xsl:stylesheet>

docs/hacking2.xsl

@@ -138,4 +138,12 @@ from docs/hacking.html.in!
 </xsl:template>
 
 
+
+<xsl:template match="html:a">
+<xsl:value-of select="$newline"/><xsl:value-of select="$newline"/>
+<xsl:text>  </xsl:text><xsl:apply-templates/>
+<xsl:value-of select="$newline"/>
+<xsl:text>  </xsl:text><xsl:value-of select="@href"/>
+</xsl:template>
+
 </xsl:stylesheet>

docs/hooks.html.in

@@ -13,15 +13,9 @@
        actions occur:</p>
     <ul>
       <li>The libvirt daemon starts, stops, or reloads its
-          configuration
-          (<span class="since">since 0.8.0</span>)<br/><br/></li>
-      <li>A QEMU guest is started or stopped
-         (<span class="since">since 0.8.0</span>)<br/><br/></li>
-         <li>An LXC guest is started or stopped
-         (<span class="since">since 0.8.0</span>)<br/><br/></li>
-      <li>A network is started or stopped or an interface is
-          plugged/unplugged to/from the network
-          (<span class="since">since 1.2.2</span>)<br/><br/></li>
+          configuration<br/><br/></li>
+      <li>A QEMU guest is started or stopped<br/><br/></li>
+      <li>An LXC guest is started or stopped<br/><br/></li>
     </ul>
 
     <h2><a name="location">Script location</a></h2>
@@ -50,9 +44,6 @@
           Executed when a QEMU guest is started, stopped, or migrated<br/><br/></li>
       <li><code>/etc/libvirt/hooks/lxc</code><br /><br/>
           Executed when an LXC guest is started or stopped</li>
-      <li><code>/etc/libvirt/hooks/network</code><br/><br/>
-          Executed when a network is started or stopped or an
-          interface is plugged/unplugged to/from the network</li>
     </ul>
     <br/>
 
@@ -75,39 +66,6 @@
        XML description for the domain on their stdin. This includes items
        such the UUID of the domain and its storage information, and is
        intended to provide all the libvirt information the script needs.</p>
-    <p>For all cases, stdin of the network hook script is provided with the
-       full XML description of the network status in the following form:</p>
-
-<pre>&lt;hookData&gt;
-  &lt;network&gt;
-     &lt;name&gt;$network_name&lt;/name&gt;
-     &lt;uuid&gt;afca425a-2c3a-420c-b2fb-dd7b4950d722&lt;/uuid&gt;
-     ...
-  &lt;/network&gt;
-&lt;/hookData&gt;</pre>
-
-    <p>In the case of an interface
-       being plugged/unplugged to/from the network, the network XML will be
-       followed with the full XML description of the domain containing the
-       interface that is being plugged/unplugged:</p>
-
-<pre>&lt;hookData&gt;
-  &lt;network&gt;
-     &lt;name&gt;$network_name&lt;/name&gt;
-     &lt;uuid&gt;afca425a-2c3a-420c-b2fb-dd7b4950d722&lt;/uuid&gt;
-     ...
-  &lt;/network&gt;
-  &lt;domain type='$domain_type' id='$domain_id'&gt;
-     &lt;name&gt;$domain_name&lt;/name&gt;
-     &lt;uuid&gt;afca425a-2c3a-420c-b2fb-dd7b4950d722&lt;/uuid&gt;
-     ...
-  &lt;/domain&gt;
-&lt;/hookData&gt;</pre>
-
-    <p>Please note that this approach is different from other cases such as
-       <code>daemon</code>, <code>qemu</code> or <code>lxc</code> hook scripts,
-       because two XMLs may be passed here, while in the other cases only a single
-       XML is passed.</p>
 
     <p>The command line arguments take this approach:</p>
     <ol>
@@ -223,49 +181,25 @@
         <pre>/etc/libvirt/hooks/lxc guest_name reconnect begin -</pre>
       </li>
     </ul>
-
-    <h5><a name="network">/etc/libvirt/hooks/network</a></h5>
-    <ul>
-      <li><span class="since">Since 1.2.2</span>, before a network is started,
-        this script is called as:<br/>
-          <pre>/etc/libvirt/hooks/network network_name start begin -</pre></li>
-      <li>After the network is started, up &and; running, the script is
-        called as:<br/>
-          <pre>/etc/libvirt/hooks/network network_name started begin -</pre></li>
-      <li>When a network is shut down, this script is called as:<br/>
-          <pre>/etc/libvirt/hooks/network network_name stopped end -</pre></li>
-      <li>Later, when network is started and there's an interface from a
-        domain to be plugged into the network, the hook script is called as:<br/>
-          <pre>/etc/libvirt/hooks/network network_name plugged begin -</pre>
-        Please note, that in this case, the script is passed both network and
-        domain XMLs on its stdin.</li>
-      <li>When the domain from previous case is shutting down, the interface
-        is unplugged. This leads to another script invocation:<br/>
-          <pre>/etc/libvirt/hooks/network network_name unplugged begin -</pre>
-        And again, as in previous case, both network and domain XMLs are passed
-        onto script's stdin.</li>
-    </ul>
-
     <br/>
 
     <h2><a name="execution">Script execution</a></h2>
     <ul>
-      <li>The "start" operation for the guest and network hook scripts,
-          executes <b>prior</b> to the object (guest or network) being created.
-          This allows the object start operation to be aborted if the script
-          returns indicating failure.<br/><br/></li>
-      <li>The "shutdown" operation for the guest and network hook scripts,
-          executes <b>after</b> the object (guest or network) has stopped. If
-          the hook script indicates failure in its return, the shut down of the
-          object cannot be aborted because it has already been performed.
-          <br/><br/></li>
+      <li>The "start" operation for the guest hook scripts, qemu and lxc,
+          executes <b>prior</b> to the guest being created.  This allows the
+          guest start operation to be aborted if the script returns indicating
+          failure.<br/><br/></li>
+      <li>The "shutdown" operation for the guest hook scripts, qemu and lxc,
+          executes <b>after</b> the guest has stopped.  If the hook script
+          indicates failure in its return, the shut down of the guest cannot
+          be aborted because it has already been performed.<br/><br/></li>
       <li>Hook scripts execute in a synchronous fashion.  Libvirt waits
           for them to return before continuing the given operation.<br/><br/>
-          This is most noticeable with the guest or network start operation,
-          as a lengthy operation in the hook script can mean an extended wait
-          for the guest or network to be available to end users.<br/><br/></li>
+          This is most noticeable with the guest start operation, as a lengthy
+          operation in the hook script can mean an extended wait for the guest
+          to be available to end users.<br/><br/></li>
       <li>For a hook script to be utilised, it must have its execute bit set
-          (e.g. chmod o+rx <i>qemu</i>), and must be present when the libvirt
+          (ie. chmod o+rx <i>qemu</i>), and must be present when the libvirt
           daemon is started.<br/><br/></li>
       <li>If a hook script is added to a host after the libvirt daemon is
           already running, it won't be used until the libvirt daemon

docs/index.html.in

@@ -30,11 +30,6 @@
       <li>
         A <a href="/qpid/">QMF agent</a> for the AMQP/QPid messaging system
       </li>
-      <li>
-        A <a href="governance.html">technical meritocracy</a>, in which
-        participants gain influence over a project through recognition
-        of their contributions.
-      </li>
     </ul>
 
     <h2>libvirt supports:</h2>
@@ -74,9 +69,6 @@
       <li>
         The <a href="http://libvirt.org/drvparallels.html">Parallels</a> hypervisor
       </li>
-      <li>
-        The <a href="http://libvirt.org/drvbhyve.html">Bhyve</a> hypervisor
-      </li>
       <li>
         Virtual networks using bridging, NAT, VEPA and VN-LINK.
       </li>

docs/index.py

@@ -127,9 +127,9 @@ DB=None
 def createTable(db, name):
     global TABLES
 
-    if db is None:
+    if db == None:
         return -1
-    if name is None:
+    if name == None:
         return -1
     c = db.cursor()
 
@@ -147,7 +147,7 @@ def createTable(db, name):
 def checkTables(db, verbose = 1):
     global TABLES
 
-    if db is None:
+    if db == None:
         return -1
     c = db.cursor()
     nbtables = c.execute("show tables")
@@ -191,7 +191,7 @@ def checkTables(db, verbose = 1):
 def openMySQL(db="libvir", passwd=None, verbose = 1):
     global DB
 
-    if passwd is None:
+    if passwd == None:
         try:
             passwd = os.environ["MySQL_PASS"]
         except:
@@ -199,7 +199,7 @@ def openMySQL(db="libvir", passwd=None, verbose = 1):
             sys.exit(1)
 
     DB = MySQLdb.connect(passwd=passwd, db=db)
-    if DB is None:
+    if DB == None:
         return -1
     ret = checkTables(DB, verbose)
     return ret
@@ -207,13 +207,13 @@ def openMySQL(db="libvir", passwd=None, verbose = 1):
 def updateWord(name, symbol, relevance):
     global DB
 
-    if DB is None:
+    if DB == None:
         openMySQL()
-    if DB is None:
+    if DB == None:
         return -1
-    if name is None:
+    if name == None:
         return -1
-    if symbol is None:
+    if symbol == None:
         return -1
 
     c = DB.cursor()
@@ -238,15 +238,15 @@ def updateSymbol(name, module, type, desc):
     global DB
 
     updateWord(name, name, 50)
-    if DB is None:
+    if DB == None:
         openMySQL()
-    if DB is None:
+    if DB == None:
         return -1
-    if name is None:
+    if name == None:
         return -1
-    if module is None:
+    if module == None:
         return -1
-    if type is None:
+    if type == None:
         return -1
 
     try:
@@ -299,11 +299,11 @@ def addFunctype(name, module, desc = ""):
 def addPage(resource, title):
     global DB
 
-    if DB is None:
+    if DB == None:
         openMySQL()
-    if DB is None:
+    if DB == None:
         return -1
-    if resource is None:
+    if resource == None:
         return -1
 
     c = DB.cursor()
@@ -327,17 +327,17 @@ def addPage(resource, title):
 def updateWordHTML(name, resource, desc, id, relevance):
     global DB
 
-    if DB is None:
+    if DB == None:
         openMySQL()
-    if DB is None:
+    if DB == None:
         return -1
-    if name is None:
+    if name == None:
         return -1
-    if resource is None:
+    if resource == None:
         return -1
-    if id is None:
+    if id == None:
         id = ""
-    if desc is None:
+    if desc == None:
         desc = ""
     else:
         try:
@@ -367,11 +367,11 @@ def updateWordHTML(name, resource, desc, id, relevance):
 def checkXMLMsgArchive(url):
     global DB
 
-    if DB is None:
+    if DB == None:
         openMySQL()
-    if DB is None:
+    if DB == None:
         return -1
-    if url is None:
+    if url == None:
         return -1
 
     c = DB.cursor()
@@ -379,7 +379,7 @@ def checkXMLMsgArchive(url):
         ret = c.execute(
             """SELECT ID FROM archives WHERE resource='%s'""" % (url))
         row = c.fetchone()
-        if row is None:
+        if row == None:
             return -1
     except:
         return -1
@@ -389,13 +389,13 @@ def checkXMLMsgArchive(url):
 def addXMLMsgArchive(url, title):
     global DB
 
-    if DB is None:
+    if DB == None:
         openMySQL()
-    if DB is None:
+    if DB == None:
         return -1
-    if url is None:
+    if url == None:
         return -1
-    if title is None:
+    if title == None:
         title = ""
     else:
         title = string.replace(title, "'", " ")
@@ -408,7 +408,7 @@ def addXMLMsgArchive(url, title):
         cmd = """SELECT ID FROM archives WHERE resource='%s'""" % (url)
         ret = c.execute(cmd)
         row = c.fetchone()
-        if row is None:
+        if row == None:
             print "addXMLMsgArchive failed to get the ID: %s" % (url)
             return -1
     except:
@@ -420,13 +420,13 @@ def addXMLMsgArchive(url, title):
 def updateWordArchive(name, id, relevance):
     global DB
 
-    if DB is None:
+    if DB == None:
         openMySQL()
-    if DB is None:
+    if DB == None:
         return -1
-    if name is None:
+    if name == None:
         return -1
-    if id is None:
+    if id == None:
         return -1
 
     c = DB.cursor()
@@ -533,9 +533,9 @@ def splitIdentifier(str):
 def addWord(word, module, symbol, relevance):
     global wordsDict
 
-    if word is None or len(word) < 3:
+    if word == None or len(word) < 3:
         return -1
-    if module is None or symbol is None:
+    if module == None or symbol == None:
         return -1
     if dropWords.has_key(word):
         return 0
@@ -544,7 +544,7 @@ def addWord(word, module, symbol, relevance):
 
     if wordsDict.has_key(word):
         d = wordsDict[word]
-        if d is None:
+        if d == None:
             return 0
         if len(d) > 500:
             wordsDict[word] = None
@@ -559,7 +559,7 @@ def addWord(word, module, symbol, relevance):
     return relevance
 
 def addString(str, module, symbol, relevance):
-    if str is None or len(str) < 3:
+    if str == None or len(str) < 3:
         return -1
     ret = 0
     str = cleanupWordsString(str)
@@ -573,9 +573,9 @@ def addString(str, module, symbol, relevance):
 def addWordHTML(word, resource, id, section, relevance):
     global wordsDictHTML
 
-    if word is None or len(word) < 3:
+    if word == None or len(word) < 3:
         return -1
-    if resource is None or section is None:
+    if resource == None or section == None:
         return -1
     if dropWords.has_key(word):
         return 0
@@ -586,14 +586,14 @@ def addWordHTML(word, resource, id, section, relevance):
 
     if wordsDictHTML.has_key(word):
         d = wordsDictHTML[word]
-        if d is None:
+        if d == None:
             print "skipped %s" % (word)
             return 0
         try:
             (r,i,s) = d[resource]
-            if i is not None:
+            if i != None:
                 id = i
-            if s is not None:
+            if s != None:
                 section = s
             relevance = relevance + r
         except:
@@ -605,7 +605,7 @@ def addWordHTML(word, resource, id, section, relevance):
     return relevance
 
 def addStringHTML(str, resource, id, section, relevance):
-    if str is None or len(str) < 3:
+    if str == None or len(str) < 3:
         return -1
     ret = 0
     str = cleanupWordsString(str)
@@ -626,9 +626,9 @@ def addStringHTML(str, resource, id, section, relevance):
 def addWordArchive(word, id, relevance):
     global wordsDictArchive
 
-    if word is None or len(word) < 3:
+    if word == None or len(word) < 3:
         return -1
-    if id is None or id == -1:
+    if id == None or id == -1:
         return -1
     if dropWords.has_key(word):
         return 0
@@ -637,7 +637,7 @@ def addWordArchive(word, id, relevance):
 
     if wordsDictArchive.has_key(word):
         d = wordsDictArchive[word]
-        if d is None:
+        if d == None:
             print "skipped %s" % (word)
             return 0
         try:
@@ -652,7 +652,7 @@ def addWordArchive(word, id, relevance):
     return relevance
 
 def addStringArchive(str, id, relevance):
-    if str is None or len(str) < 3:
+    if str == None or len(str) < 3:
         return -1
     ret = 0
     str = cleanupWordsString(str)
@@ -683,9 +683,9 @@ def loadAPI(filename):
     return doc
 
 def foundExport(file, symbol):
-    if file is None:
+    if file == None:
         return 0
-    if symbol is None:
+    if symbol == None:
         return 0
     addFunction(symbol, file)
     l = splitIdentifier(symbol)
@@ -697,7 +697,7 @@ def analyzeAPIFile(top):
     count = 0
     name = top.prop("name")
     cur = top.children
-    while cur is not None:
+    while cur != None:
         if cur.type == 'text':
             cur = cur.next
             continue
@@ -712,7 +712,7 @@ def analyzeAPIFiles(top):
     count = 0
     cur = top.children
 
-    while cur is not None:
+    while cur != None:
         if cur.type == 'text':
             cur = cur.next
             continue
@@ -725,10 +725,10 @@ def analyzeAPIFiles(top):
 
 def analyzeAPIEnum(top):
     file = top.prop("file")
-    if file is None:
+    if file == None:
         return 0
     symbol = top.prop("name")
-    if symbol is None:
+    if symbol == None:
         return 0
 
     addEnum(symbol, file)
@@ -740,10 +740,10 @@ def analyzeAPIEnum(top):
 
 def analyzeAPIConst(top):
     file = top.prop("file")
-    if file is None:
+    if file == None:
         return 0
     symbol = top.prop("name")
-    if symbol is None:
+    if symbol == None:
         return 0
 
     addConst(symbol, file)
@@ -755,10 +755,10 @@ def analyzeAPIConst(top):
 
 def analyzeAPIType(top):
     file = top.prop("file")
-    if file is None:
+    if file == None:
         return 0
     symbol = top.prop("name")
-    if symbol is None:
+    if symbol == None:
         return 0
 
     addType(symbol, file)
@@ -769,10 +769,10 @@ def analyzeAPIType(top):
 
 def analyzeAPIFunctype(top):
     file = top.prop("file")
-    if file is None:
+    if file == None:
         return 0
     symbol = top.prop("name")
-    if symbol is None:
+    if symbol == None:
         return 0
 
     addFunctype(symbol, file)
@@ -783,10 +783,10 @@ def analyzeAPIFunctype(top):
 
 def analyzeAPIStruct(top):
     file = top.prop("file")
-    if file is None:
+    if file == None:
         return 0
     symbol = top.prop("name")
-    if symbol is None:
+    if symbol == None:
         return 0
 
     addStruct(symbol, file)
@@ -795,7 +795,7 @@ def analyzeAPIStruct(top):
         addWord(word, file, symbol, 10)
 
     info = top.prop("info")
-    if info is not None:
+    if info != None:
         info = string.replace(info, "'", " ")
         info = string.strip(info)
         l = string.split(info)
@@ -806,17 +806,17 @@ def analyzeAPIStruct(top):
 
 def analyzeAPIMacro(top):
     file = top.prop("file")
-    if file is None:
+    if file == None:
         return 0
     symbol = top.prop("name")
-    if symbol is None:
+    if symbol == None:
         return 0
     symbol = string.replace(symbol, "'", " ")
     symbol = string.strip(symbol)
 
     info = None
     cur = top.children
-    while cur is not None:
+    while cur != None:
         if cur.type == 'text':
             cur = cur.next
             continue
@@ -829,7 +829,7 @@ def analyzeAPIMacro(top):
     for word in l:
         addWord(word, file, symbol, 10)
 
-    if info is None:
+    if info == None:
         addMacro(symbol, file)
         print "Macro %s description has no <info>" % (symbol)
         return 0
@@ -845,17 +845,17 @@ def analyzeAPIMacro(top):
 
 def analyzeAPIFunction(top):
     file = top.prop("file")
-    if file is None:
+    if file == None:
         return 0
     symbol = top.prop("name")
-    if symbol is None:
+    if symbol == None:
         return 0
 
     symbol = string.replace(symbol, "'", " ")
     symbol = string.strip(symbol)
     info = None
     cur = top.children
-    while cur is not None:
+    while cur != None:
         if cur.type == 'text':
             cur = cur.next
             continue
@@ -863,23 +863,23 @@ def analyzeAPIFunction(top):
             info = cur.content
         elif cur.name == "return":
             rinfo = cur.prop("info")
-            if rinfo is not None:
+            if rinfo != None:
                 rinfo = string.replace(rinfo, "'", " ")
                 rinfo = string.strip(rinfo)
                 addString(rinfo, file, symbol, 7)
         elif cur.name == "arg":
             ainfo = cur.prop("info")
-            if ainfo is not None:
+            if ainfo != None:
                 ainfo = string.replace(ainfo, "'", " ")
                 ainfo = string.strip(ainfo)
                 addString(ainfo, file, symbol, 5)
             name = cur.prop("name")
-            if name is not None:
+            if name != None:
                 name = string.replace(name, "'", " ")
                 name = string.strip(name)
                 addWord(name, file, symbol, 7)
         cur = cur.next
-    if info is None:
+    if info == None:
         print "Function %s description has no <info>" % (symbol)
         addFunction(symbol, file, "")
     else:
@@ -898,7 +898,7 @@ def analyzeAPISymbols(top):
     count = 0
     cur = top.children
 
-    while cur is not None:
+    while cur != None:
         if cur.type == 'text':
             cur = cur.next
             continue
@@ -923,14 +923,14 @@ def analyzeAPISymbols(top):
 
 def analyzeAPI(doc):
     count = 0
-    if doc is None:
+    if doc == None:
         return -1
     root = doc.getRootElement()
     if root.name != "api":
         print "Unexpected root name"
         return -1
     cur = root.children
-    while cur is not None:
+    while cur != None:
         if cur.type == 'text':
             cur = cur.next
             continue
@@ -1056,7 +1056,7 @@ def analyzeHTMLPages():
 import time
 
 def getXMLDateArchive(t = None):
-    if t is None:
+    if t == None:
         t = time.time()
     T = time.gmtime(t)
     month = time.strftime("%B", T)
@@ -1065,7 +1065,7 @@ def getXMLDateArchive(t = None):
     return url
 
 def scanXMLMsgArchive(url, title, force = 0):
-    if url is None or title is None:
+    if url == None or title == None:
         return 0
 
     ID = checkXMLMsgArchive(url)
@@ -1082,7 +1082,7 @@ def scanXMLMsgArchive(url, title, force = 0):
         doc = libxml2.htmlParseFile(url, None)
     except:
         doc = None
-    if doc is None:
+    if doc == None:
         print "Failed to parse %s" % (url)
         return 0
 
@@ -1105,7 +1105,7 @@ def scanXMLDateArchive(t = None, force = 0):
         doc = libxml2.htmlParseFile(url, None)
     except:
         doc = None
-    if doc is None:
+    if doc == None:
         print "Failed to parse %s" % (url)
         return -1
     ctxt = doc.xpathNewContext()
@@ -1114,16 +1114,16 @@ def scanXMLDateArchive(t = None, force = 0):
     newmsg = 0
     for anchor in anchors:
         href = anchor.prop("href")
-        if href is None or href[0:3] != "msg":
+        if href == None or href[0:3] != "msg":
             continue
         try:
             links = links + 1
 
             msg = libxml2.buildURI(href, url)
             title = anchor.content
-            if title is not None and title[0:4] == 'Re: ':
+            if title != None and title[0:4] == 'Re: ':
                 title = title[4:]
-            if title is not None and title[0:6] == '[xml] ':
+            if title != None and title[0:6] == '[xml] ':
                 title = title[6:]
             newmsg = newmsg + scanXMLMsgArchive(msg, title, force)
 
@@ -1148,7 +1148,7 @@ def analyzeArchives(t = None, force = 0):
     skipped = 0
     for word in wordsDictArchive.keys():
         refs = wordsDictArchive[word]
-        if refs is None:
+        if refs  == None:
             skipped = skipped + 1
             continue
         for id in refs.keys():
@@ -1168,7 +1168,7 @@ def analyzeHTMLTop():
     skipped = 0
     for word in wordsDictHTML.keys():
         refs = wordsDictHTML[word]
-        if refs is None:
+        if refs  == None:
             skipped = skipped + 1
             continue
         for resource in refs.keys():
@@ -1197,7 +1197,7 @@ def analyzeAPITop():
     skipped = 0
     for word in wordsDict.keys():
         refs = wordsDict[word]
-        if refs is None:
+        if refs  == None:
             skipped = skipped + 1
             continue
         for (module, symbol) in refs.keys():

docs/internals/command.html.in

@@ -258,9 +258,8 @@
 <pre>
   int sharedfd = open("cmd.log", "w+");
   int childfd = open("conf.txt", "r");
-  virCommandPassFD(cmd, sharedfd, 0);
-  virCommandPassFD(cmd, childfd,
-                   VIR_COMMAND_PASS_FD_CLOSE_PARENT);
+  virCommandPreserveFD(cmd, sharedfd);
+  virCommandTransferFD(cmd, childfd);
   if (VIR_CLOSE(sharedfd) &lt; 0)
       goto cleanup;
 </pre>
@@ -430,7 +429,7 @@
   if (string)
       VIR_DEBUG("about to run %s", string);
   VIR_FREE(string);
-  if (virCommandRun(cmd, NULL) &lt; 0)
+  if (virCommandRun(cmd) &lt; 0)
       return -1;
 </pre>
 
@@ -458,24 +457,15 @@
       non-zero exit status can represent a success condition,
       it is possible to request the exit status and perform
       that check manually instead of letting <code>virCommandRun</code>
-      raise the error.  By default, the captured status is only
-      for a normal exit (death from a signal is treated as an error),
-      but a caller can use <code>virCommandRawStatus</code> to get
-      encoded status that includes any terminating signals.
+      raise the error
     </p>
 
 <pre>
   int status;
   if (virCommandRun(cmd, &amp;status) &lt; 0)
-      return -1;
-  if (status == 1) {
-    ...do stuff...
-  }
+     return -1;
 
-  virCommandRawStatus(cmd2);
-  if (virCommandRun(cmd2, &amp;status) &lt; 0)
-      return -1;
-  if (WIFEXITED(status) &amp;&amp; WEXITSTATUS(status) == 1) {
+  if (WEXITSTATUS(status) ...) {
     ...do stuff...
   }
 </pre>
@@ -547,7 +537,7 @@
       There is no need to check if <code>cmd</code> is NULL
       before calling <code>virCommandFree</code>. This scenario
       is handled automatically. If the command is still running,
-      it will be forcibly killed and cleaned up (via waitpid).
+      it will be forcably killed and cleaned up (via waitpid).
     </p>
 
     <h2><a name="example">Complete examples</a></h2>
@@ -560,8 +550,7 @@
 <pre>
 int runhook(const char *drvstr, const char *id,
             const char *opstr, const char *subopstr,
-            const char *extra)
-{
+            const char *extra) {
   int ret;
   char *path;
   virCommandPtr cmd;

docs/internals/oomtesting.html.in

@@ -1,213 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Out of memory testing</h1>
-
-    <ul id="toc"></ul>
-
-
-    <p>
-      This page describes how to use the test suite todo out of memory
-      testing.
-    </p>
-
-    <h2>Building with OOM testing</h2>
-
-    <p>
-      Since OOM testing requires hooking into the malloc APIs, it is
-      not enabled by default. The flag <code>--enable-test-oom</code>
-      must be given to <code>configure</code>. When this is done the
-      libvirt allocation APIs will have some hooks enabled.
-    </p>
-
-    <pre>
-$ ./configure --enable-test-oom
-</pre>
-
-
-    <h2><a name="basicoom">Basic OOM testing support</a></h2>
-
-    <p>
-      The first step in validating OOM usage is to run a test suite
-      with full OOM testing enabled. This is done by setting the
-      <code>VIR_TEST_OOM=1</code> environment variable. The way this
-      works is that it runs the test once normally to "prime" any
-      static memory allocations. Then it runs it once more counting
-      the total number of memory allocations. Then it runs it in a
-      loop failing a different memory allocation each time. For every
-      memory allocation failure triggered, it expects the test case
-      to return an error. OOM testing is quite slow requiring each
-      test case to be executed O(n) times, where 'n' is the total
-      number of memory allocations. This results in a total number
-      of memory allocations of '(n * (n + 1) ) / 2'
-    </p>
-
-    <pre>
-$ VIR_TEST_OOM=1 ./qemuxml2argvtest
- 1) QEMU XML-2-ARGV minimal                                           ... OK
-    Test OOM for nalloc=42 .......................................... OK
- 2) QEMU XML-2-ARGV minimal-s390                                      ... OK
-    Test OOM for nalloc=28 ............................ OK
- 3) QEMU XML-2-ARGV machine-aliases1                                  ... OK
-    Test OOM for nalloc=38 ...................................... OK
- 4) QEMU XML-2-ARGV machine-aliases2                                  ... OK
-    Test OOM for nalloc=38 ...................................... OK
- 5) QEMU XML-2-ARGV machine-core-on                                   ... OK
-    Test OOM for nalloc=37 ..................................... OK
-...snip...
-</pre>
-
-    <p>
-      In this output, the first line shows the normal execution and
-      the test number, and the second line shows the total number
-      of memory allocations from that test case.
-    </p>
-
-    <h3><a name="valgrind">Tracking failures with valgrind</a></h3>
-
-    <p>
-      The test suite should obviously *not* crash during OOM testing.
-      If it does crash, then to assist in tracking down the problem
-      it is worth using valgrind and only running a single test case.
-      For example, supposing test case 5 crashed. Then re-run the
-      test with
-    </p>
-
-    <pre>
-$ VIR_TEST_OOM=1 VIR_TEST_RANGE=5 ../run valgrind ./qemuxml2argvtest
-...snip...
- 5) QEMU XML-2-ARGV machine-core-on                                   ... OK
-    Test OOM for nalloc=37 ..................................... OK
-...snip...
-    </pre>
-
-    <p>
-      Valgrind should report the cause of the crash - for example a
-      double free or use of uninitialized memory or NULL pointer
-      access.
-    </p>
-
-    <h3><a name="stacktraces">Tracking failures with stack traces</a></h3>
-
-    <p>
-      With some really difficult bugs valgrind is not sufficient to
-      identify the cause. In this case, it is useful to identify the
-      precise allocation which was failed, to allow the code path
-      to the error to be traced. The <code>VIR_TEST_OOM</code>
-      env variable can be given a range of memory allocations to
-      test. So if a test case has 150 allocations, it can be told
-      to only test allocation numbers 7-10. The <code>VIR_TEST_OOM_TRACE</code>
-      variable can be used to print out stack traces.
-    </p>
-
-    <pre>
-$ VIR_TEST_OOM_TRACE=2 VIR_TEST_OOM=1:7-10 VIR_TEST_RANGE=5 \
-    ../run valgrind ./qemuxml2argvtest
- 5) QEMU XML-2-ARGV machine-core-on                                   ... OK
-    Test OOM for nalloc=37 !virAllocN
-/home/berrange/src/virt/libvirt/src/util/viralloc.c:180
-virDomainDefParseXML
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:11786 (discriminator 1)
-virDomainDefParseNode
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12677
-virDomainDefParse
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12621
-testCompareXMLToArgvFiles
-/home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:107
-virtTestRun
-/home/berrange/src/virt/libvirt/tests/testutils.c:266
-mymain
-/home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:388 (discriminator 2)
-virtTestMain
-/home/berrange/src/virt/libvirt/tests/testutils.c:791
-__libc_start_main
-??:?
-_start
-??:?
-!virAlloc
-/home/berrange/src/virt/libvirt/src/util/viralloc.c:133
-virDomainDiskDefParseXML
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:4790
-virDomainDefParseXML
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:11797
-virDomainDefParseNode
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12677
-virDomainDefParse
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12621
-testCompareXMLToArgvFiles
-/home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:107
-virtTestRun
-/home/berrange/src/virt/libvirt/tests/testutils.c:266
-mymain
-/home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:388 (discriminator 2)
-virtTestMain
-/home/berrange/src/virt/libvirt/tests/testutils.c:791
-__libc_start_main
-??:?
-_start
-??:?
-!virAllocN
-/home/berrange/src/virt/libvirt/src/util/viralloc.c:180
-virXPathNodeSet
-/home/berrange/src/virt/libvirt/src/util/virxml.c:609
-virDomainDefParseXML
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:11805
-virDomainDefParseNode
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12677
-virDomainDefParse
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12621
-testCompareXMLToArgvFiles
-/home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:107
-virtTestRun
-/home/berrange/src/virt/libvirt/tests/testutils.c:266
-mymain
-/home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:388 (discriminator 2)
-virtTestMain
-/home/berrange/src/virt/libvirt/tests/testutils.c:791
-__libc_start_main
-??:?
-_start
-??:?
-!virAllocN
-/home/berrange/src/virt/libvirt/src/util/viralloc.c:180
-virDomainDefParseXML
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:11808 (discriminator 1)
-virDomainDefParseNode
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12677
-virDomainDefParse
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12621
-testCompareXMLToArgvFiles
-/home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:107
-virtTestRun
-/home/berrange/src/virt/libvirt/tests/testutils.c:266
-mymain
-/home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:388 (discriminator 2)
-virtTestMain
-/home/berrange/src/virt/libvirt/tests/testutils.c:791
-__libc_start_main
-??:?
-_start
-??:?
-    </pre>
-
-    <h3><a name="noncrash">Non-crash related problems</a></h3>
-
-    <p>
-      Not all memory allocation bugs result in code crashing. Sometimes
-      the code will be silently ignoring the allocation failure, resulting
-      in incorrect data being produced. For example the XML parser may
-      mistakenly treat an allocation failure as indicating that an XML
-      attribute was not set in the input document. It is hard to identify
-      these problems from the test suite automatically. For this, the
-      test suites should be run with <code>VIR_TEST_DEBUG=1</code> set
-      and then stderr analysed for any unexpected data. For example,
-      the XML conversion may show an embedded "(null)" literal, or the
-      test suite might complain about missing elements / attributes
-      in the actual vs expected data. These are all signs of bugs in
-      OOM handling. In the future the OOM tests will be enhanced to
-      validate that an error VIR_ERR_NO_MEMORY is returned for each
-      allocation failed, rather than some other error.
-    </p>
-  </body>
-</html>

docs/internals/rpc.html.in

@@ -743,7 +743,7 @@
 
     <p>
       The main libvirt event loop thread is responsible for performing all
-      socket I/O. It will read incoming packets from clients and will
+      socket I/O. It will read incoming packets from clients and willl
       transmit outgoing packets to clients. It will handle the I/O to/from
       streams associated with client API calls. When doing client I/O it
       will also pass the data through any applicable encryption layer

docs/libvirt.css

@@ -1,3 +1,5 @@
+
+
 h1 {
     font-weight: normal;
     color: #3c857c;
@@ -475,37 +477,3 @@ dl.variablelist > dt {
 dl.variablelist > dt:after {
     content: ": ";
 }
-
-table.acl {
-    margin: 1em;
-    border-spacing: 0px;
-    border: 1px solid #ccc;
-}
-
-table.acl tr, table.acl td {
-    padding: 0.3em;
-}
-
-table.acl thead {
-    background: #ddd;
-}
-
-div.description pre.code {
-    border: 1px dashed grey;
-    background-color: inherit;
-    padding: 5px 10px 5px 10px;
-    margin-left: 2.5em;
-}
-
-a.headerlink {
-    text-decoration: none!important;
-    visibility: hidden;
-}
-
-h2:hover > a.headerlink,
-h3:hover > a.headerlink,
-h4:hover > a.headerlink,
-h5:hover > a.headerlink,
-h6:hover > a.headerlink {
-    visibility: visible;
-}

docs/logging.html.in

@@ -3,17 +3,30 @@
 <html xmlns="http://www.w3.org/1999/xhtml">
   <body>
     <h1 >Logging in the library and the daemon</h1>
-
     <p>Libvirt includes logging facilities starting from version 0.6.0,
        this complements the <a href="errors.html">error handling</a>
        mechanism and APIs to allow tracing through the execution of the
        library as well as in the libvirtd daemon.</p>
-
-    <ul id="toc"/>
-
-    <h2>
+    <ul>
+      <li>
+        <a href="#log_library">Logging in the library</a>
+      </li>
+      <li>
+        <a href="#log_config">Configuring logging in the library</a>
+      </li>
+      <li>
+        <a href="#log_daemon">Logging in the daemon</a>
+      </li>
+      <li>
+        <a href="#log_syntax">Syntax for filters and output values</a>
+      </li>
+      <li>
+        <a href="#log_examples">Examples</a>
+      </li>
+    </ul>
+    <h3>
       <a name="log_library">Logging in the library</a>
-    </h2>
+    </h3>
     <p>The logging functionalities in libvirt are based on 3 key concepts,
        similar to the one present in other generic logging facilities like
        log4j:</p>
@@ -38,10 +51,16 @@
           all messages to a debugging file but only allow errors to be
           logged through syslog.</li>
     </ul>
+    <p>Note that the logging module saves all logs to a <b>debug buffer</b>
+       filled in a round-robin fashion as to keep a full log of the
+       recent logs including all debug. The debug buffer can be resized
+       or deactivated in the daemon using the log_buffer_size variable,
+       default is 64 kB. This can be used when debugging the library
+       (see the virLogBuffer variable content).</p>
 
-    <h2>
+    <h3>
       <a name="log_config">Configuring logging in the library</a>
-    </h2>
+    </h3>
     <p>The library configuration of logging is through 3 environment variables
     allowing to control the logging behaviour:</p>
     <ul>
@@ -49,7 +68,7 @@
       <ul>
         <li>1 or "debug": asking the library to log every message emitted,
             though the filters can be used to avoid filling up the output</li>
-        <li>2 or "info": log all non-debugging information</li>
+        <li>2 or "info": log all non-debugging informations</li>
         <li>3 or "warn": log warnings and errors, that's the default value</li>
         <li>4 or "error": log only error messages</li>
       </ul></li>
@@ -60,9 +79,9 @@
        you specify an invalid value, it will be ignored with a warning. If you
        have an error in a filter or output string, some of the settings may be
        applied up to the point at which libvirt encountered the error.</p>
-    <h2>
+    <h3>
       <a name="log_daemon">Logging in the daemon</a>
-    </h2>
+    </h3>
     <p>Similarly the daemon logging behaviour can be tuned using 3 config
     variables, stored in the configuration file:</p>
     <ul>
@@ -70,7 +89,7 @@
       <ul>
         <li>4: only errors</li>
         <li>3: warnings and errors</li>
-        <li>2: information, warnings and errors</li>
+        <li>2: informations, warnings and errors</li>
         <li>1: debug and everything</li>
       </ul></li>
       <li>log_filters: defines logging filters</li>
@@ -79,13 +98,9 @@
     <p>When starting the libvirt daemon, any logging environment variable
        settings will override settings in the config file. Command line options
        take precedence over all. If no outputs are defined for libvirtd, it
-       will try to use</p>
-    <ul>
-      <li>0.10.0 or later: systemd journal, if <code>/run/systemd/journal/socket</code> exists</li>
-      <li>0.9.0 or later: file <code>/var/log/libvirt/libvirtd.log</code> if running as a daemon</li>
-      <li>before 0.9.0: syslog if running as a daemon</li>
-      <li>all versions: to stderr stream if running in the foreground</li>
-    </ul>
+       defaults to logging to /var/log/libvirt/libvirtd.log (before 0.9.0
+       it was using syslog) when it is running as a daemon, or to
+       stderr when it is running in the foreground.</p>
     <p>Libvirtd does not reload its logging configuration when issued a SIGHUP.
        If you want to reload the configuration, you must do a <code>service
        libvirtd restart</code> or manually stop and restart the daemon
@@ -95,9 +110,9 @@
        by default) in case of crash, this can also be activated explicitly
        for debugging purposes by sending the daemon a USR2 signal:</p>
        <pre>killall -USR2 libvirtd</pre>
-    <h2>
+    <h3>
       <a name="log_syntax">Syntax for filters and output values</a>
-    </h2>
+    </h3>
     <p>The syntax for filters and outputs is the same for both types of
        variables.</p>
     <p>The format for a filter is one of:</p>
@@ -131,7 +146,6 @@
       given <code>name</code> as the ident</li>
       <li><code>x:file:file_path</code> output to a file, with the given
       filepath</li>
-      <li><code>x:journald</code> output goes to systemd journal</li>
     </ul>
     <p>In all cases the x prefix is the minimal level, acting as a filter:</p>
     <ul>
@@ -145,81 +159,9 @@
        will log all warnings and errors to syslog under the libvirtd ident
        but also log all debug and information included in the
        file <code>/tmp/libvirt.log</code></p>
-
-    <h2><a name="journald">Systemd journal fields</a></h2>
-
-    <p>
-      When logging to the systemd journal, the following fields
-      are defined, in addition to any automatically recorded
-      <a href="http://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html">standard fields</a>:
-    </p>
-
-    <dl>
-      <dt><code>MESSAGE</code></dt>
-      <dd>The log message string</dd>
-      <dt><code>PRIORITY</code></dt>
-      <dd>The log priority value</dd>
-      <dt><code>LIBVIRT_SOURCE</code></dt>
-      <dd>The source type, one of "file", "error", "audit", "trace", "library"</dd>
-      <dt><code>CODE_FILE</code></dt>
-      <dd>The name of the file emitting the log record</dd>
-      <dt><code>CODE_LINE</code></dt>
-      <dd>The line number of the file emitting the log record</dd>
-      <dt><code>CODE_FUNC</code></dt>
-      <dd>The name of the function emitting the log record</dd>
-      <dt><code>LIBVIRT_DOMAIN</code></dt>
-      <dd>The libvirt error domain (values from virErrorDomain enum), if LIBVIRT_SOURCE="error"</dd>
-      <dt><code>LIBVIRT_CODE</code></dt>
-      <dd>The libvirt error code (values from virErrorCode enum), if LIBVIRT_SOURCE="error"</dd>
-    </dl>
-
-    <h3><a name="journaldids">Well known message ID values</a></h3>
-
-    <p>
-      Certain areas of the code will emit log records tagged with well known
-      unique id values, which are guaranteed never to change in the future.
-      This allows applications to identify critical log events without doing
-      string matching on the <code>MESSAGE</code> field.
-    </p>
-
-    <dl>
-      <dt><code>MESSAGE_ID=8ae2f3fb-2dbe-498e-8fbd-012d40afa361</code></dt>
-      <dd>Generated by the QEMU driver when it identifies a QEMU system
-        emulator binary, but is unable to extract information about its
-        capabilities. This is usually an indicator of a broken QEMU
-        build or installation. When this is emitted, the <code>LIBVIRT_QEMU_BINARY</code>
-        message field will provide the full path of the QEMU binary that failed.
-      </dd>
-    </dl>
-
-    <p>
-      The <code>journalctl</code> command can be used to search the journal
-      matching on specific message ID values
-    </p>
-
-    <pre>
- $ journalctl MESSAGE_ID=8ae2f3fb-2dbe-498e-8fbd-012d40afa361 --output=json
- { ...snip...
-   "LIBVIRT_SOURCE" : "file",
-   "PRIORITY" : "3",
-   "CODE_FILE" : "qemu/qemu_capabilities.c",
-   "CODE_LINE" : "2770",
-   "CODE_FUNC" : "virQEMUCapsLogProbeFailure",
-   "MESSAGE_ID" : "8ae2f3fb-2dbe-498e-8fbd-012d40afa361",
-   "LIBVIRT_QEMU_BINARY" : "/bin/qemu-system-xtensa",
-   "MESSAGE" : "Failed to probe capabilities for /bin/qemu-system-xtensa:" \
-               "internal error: Child process (LC_ALL=C LD_LIBRARY_PATH=/home/berrange" \
-               "/src/virt/libvirt/src/.libs PATH=/usr/lib64/ccache:/usr/local/sbin:" \
-               "/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin HOME=/root " \
-               "USER=root LOGNAME=root /bin/qemu-system-xtensa -help) unexpected " \
-               "exit status 127: /bin/qemu-system-xtensa: error while loading shared " \
-               "libraries: libglapi.so.0: cannot open shared object file: No such " \
-               "file or directory\n" }
-    </pre>
-
-    <h2>
+    <h3>
       <a name="log_examples">Examples</a>
-    </h2>
+    </h3>
     <p>For example setting up the following:</p>
     <pre>export LIBVIRT_DEBUG=1
 export LIBVIRT_LOG_OUTPUTS="1:file:virsh.log"</pre>
@@ -239,5 +181,9 @@ log_outputs="1:file:/var/log/libvirt/libvirtd.log"</pre>
     <p>in libvirtd.conf and restart the daemon will allow to
     gather a copious amount of debugging traces for the operations done
     in those areas.</p>
+    <p>On the other hand to deactivate the logbuffer in the daemon
+    for stable high load servers, set</p>
+    <pre>log_buffer_size=0</pre>
+    <p>in the libvirtd.conf.</p>
   </body>
 </html>

docs/newapi.xsl

@@ -25,75 +25,10 @@
   <!-- Build keys for all symbols -->
   <xsl:key name="symbols" match="/api/symbols/*" use="@name"/>
 
-  <xsl:param name="builddir" select="'..'"/>
-
   <!-- the target directory for the HTML output -->
   <xsl:variable name="htmldir">html</xsl:variable>
   <xsl:variable name="href_base">../</xsl:variable>
 
-  <xsl:variable name="acls">
-    <xsl:copy-of select="document('{$builddir}/src/libvirt_access.xml')/aclinfo/api"/>
-  </xsl:variable>
-  <xsl:variable name="qemuacls">
-    <xsl:copy-of select="document('{$builddir}/src/libvirt_access_qemu.xml')/aclinfo/api"/>
-  </xsl:variable>
-  <xsl:variable name="lxcacls">
-    <xsl:copy-of select="document('{$builddir}/src/libvirt_access_lxc.xml')/aclinfo/api"/>
-  </xsl:variable>
-
-  <xsl:template name="aclinfo">
-    <xsl:param name="api"/>
-
-    <xsl:if test="count(exsl:node-set($acls)/api[@name=$api]/check) > 0">
-      <h5>Access control parameter checks</h5>
-      <table class="acl">
-        <thead>
-          <tr>
-            <th>Object</th>
-            <th>Permission</th>
-            <th>Condition</th>
-          </tr>
-        </thead>
-        <xsl:apply-templates select="exsl:node-set($acls)/api[@name=$api]/check" mode="acl"/>
-      </table>
-    </xsl:if>
-    <xsl:if test="count(exsl:node-set($acls)/api[@name=$api]/filter) > 0">
-      <h5>Access control return value filters</h5>
-      <table class="acl">
-        <thead>
-          <tr>
-            <th>Object</th>
-            <th>Permission</th>
-          </tr>
-        </thead>
-        <xsl:apply-templates select="exsl:node-set($acls)/api[@name=$api]/filter" mode="acl"/>
-      </table>
-    </xsl:if>
-  </xsl:template>
-
-  <xsl:template match="check" mode="acl">
-    <tr>
-      <td><a href="../acl.html#object_{@object}"><xsl:value-of select="@object"/></a></td>
-      <td><a href="../acl.html#perm_{@object}_{@perm}"><xsl:value-of select="@perm"/></a></td>
-      <xsl:choose>
-        <xsl:when test="@flags">
-          <td><xsl:value-of select="@flags"/></td>
-        </xsl:when>
-        <xsl:otherwise>
-          <td>-</td>
-        </xsl:otherwise>
-      </xsl:choose>
-    </tr>
-  </xsl:template>
-
-  <xsl:template match="filter" mode="acl">
-    <tr>
-      <td><xsl:value-of select="@object"/></td>
-      <td><xsl:value-of select="@perm"/></td>
-    </tr>
-  </xsl:template>
-
-
   <xsl:template name="navbar">
     <xsl:variable name="previous" select="preceding-sibling::file[1]"/>
     <xsl:variable name="next" select="following-sibling::file[1]"/>
@@ -129,19 +64,6 @@
         <a href="libvirt-{$ref/@file}.html#{$ref/@name}"><xsl:value-of select="$stem"/></a>
         <xsl:value-of select="substring-after($token, $stem)"/>
       </xsl:when>
-      <xsl:when test="starts-with($token, 'http://')">
-        <a href="{$token}">
-          <xsl:value-of select="$token"/>
-        </a>
-      </xsl:when>
-      <xsl:when test="starts-with($token, '&lt;http://') and contains($token, '&gt;')">
-        <xsl:variable name="link"
-                      select="substring(substring-before($token, '&gt;'), 2)"/>
-        <a href="{$link}">
-          <xsl:value-of select="$link"/>
-        </a>
-        <xsl:value-of select="substring-after($token, '&gt;')"/>
-      </xsl:when>
       <xsl:otherwise>
         <xsl:value-of select="$token"/>
       </xsl:otherwise>
@@ -163,67 +85,6 @@
     </xsl:for-each>
   </xsl:template>
 
-
-  <!-- process blocks of text. blocks are separated by two consecutive line -->
-  <!-- breaks.                                                              -->
-  <!--                                                                      -->
-  <!-- blocks indented with at least 2 spaces are considered code blocks.   -->
-  <!--                                                                      -->
-  <!-- consecutive code blocks are collapsed into a single code block.      -->
-  <xsl:template name="formatblock">
-    <xsl:param name="block"/>
-    <xsl:param name="rest"/>
-
-    <xsl:variable name="multipleCodeBlocks"
-                  select="starts-with($block, '  ') and starts-with($rest, '  ')"/>
-
-    <xsl:choose>
-      <xsl:when test="$multipleCodeBlocks">
-        <xsl:call-template name="formatblock">
-          <xsl:with-param name="block">
-            <xsl:choose>
-              <xsl:when test="contains($rest, '&#xA;&#xA;')">
-                <xsl:value-of select="concat($block, '&#xA;  &#xA;',
-                                        substring-before($rest, '&#xA;&#xA;'))" />
-              </xsl:when>
-              <xsl:otherwise>
-                <xsl:value-of select="concat($block, '&#xA;  &#xA;', $rest)" />
-              </xsl:otherwise>
-            </xsl:choose>
-          </xsl:with-param>
-          <xsl:with-param name="rest" select="substring-after($rest, '&#xA;&#xA;')"/>
-        </xsl:call-template>
-      </xsl:when>
-      <xsl:when test="starts-with($block, '  ')">
-        <pre class="code"><xsl:for-each select="str:tokenize($block, '&#xA;')">
-          <xsl:choose>
-            <xsl:when test="starts-with(., '  ')">
-              <xsl:value-of select="substring(., 3)"/>
-            </xsl:when>
-            <xsl:otherwise>
-              <xsl:value-of select="."/>
-            </xsl:otherwise>
-          </xsl:choose>
-          <xsl:if test="position() != last()">
-            <xsl:text>&#xA;</xsl:text>
-          </xsl:if>
-        </xsl:for-each></pre>
-      </xsl:when>
-      <xsl:otherwise>
-        <p>
-          <xsl:call-template name="dumptext">
-            <xsl:with-param name="text" select="$block"/>
-          </xsl:call-template>
-        </p>
-      </xsl:otherwise>
-    </xsl:choose>
-    <xsl:if test="not($multipleCodeBlocks)">
-      <xsl:call-template name="formattext">
-        <xsl:with-param name="text" select="$rest"/>
-      </xsl:call-template>
-    </xsl:if>
-  </xsl:template>
-
   <xsl:template name="formattext">
     <xsl:param name="text" />
 
@@ -231,19 +92,28 @@
       <xsl:variable name="head" select="substring-before($text, '&#xA;&#xA;')"/>
       <xsl:variable name="rest" select="substring-after($text, '&#xA;&#xA;')"/>
 
-      <xsl:call-template name="formatblock">
-        <xsl:with-param name="block">
-          <xsl:choose>
-            <xsl:when test="contains($text, '&#xA;&#xA;')">
-              <xsl:value-of select="$head"/>
-            </xsl:when>
-            <xsl:otherwise>
-              <xsl:value-of select="$text"/>
-            </xsl:otherwise>
-          </xsl:choose>
-        </xsl:with-param>
-        <xsl:with-param name="rest" select="$rest"/>
-      </xsl:call-template>
+      <xsl:choose>
+        <xsl:when test="$head">
+          <p>
+            <xsl:call-template name="dumptext">
+              <xsl:with-param name="text" select="$head"/>
+            </xsl:call-template>
+          </p>
+        </xsl:when>
+        <xsl:when test="not($rest)">
+          <p>
+            <xsl:call-template name="dumptext">
+              <xsl:with-param name="text" select="$text"/>
+            </xsl:call-template>
+          </p>
+        </xsl:when>
+      </xsl:choose>
+
+      <xsl:if test="$rest">
+        <xsl:call-template name="formattext">
+          <xsl:with-param name="text" select="$rest"/>
+        </xsl:call-template>
+      </xsl:if>
     </xsl:if>
   </xsl:template>
 
@@ -429,7 +299,7 @@
     <xsl:variable name="name" select="string(@name)"/>
     <h3><a name="{$name}"><code><xsl:value-of select="$name"/></code></a></h3>
     <pre class="api"><span class="directive">#define</span><xsl:text> </xsl:text><xsl:value-of select="$name"/></pre>
-    <div class="description">
+    <div>
     <xsl:call-template name="formattext">
       <xsl:with-param name="text" select="info"/>
     </xsl:call-template>
@@ -581,7 +451,7 @@
     <xsl:text>)
 </xsl:text>
     </pre>
-    <div class="description">
+    <div>
     <xsl:call-template name="formattext">
       <xsl:with-param name="text" select="info"/>
     </xsl:call-template>
@@ -657,7 +527,7 @@
     </xsl:for-each>
     <xsl:text>)</xsl:text>
     </pre>
-    <div class="description">
+    <div>
     <xsl:call-template name="formattext">
       <xsl:with-param name="text" select="info"/>
     </xsl:call-template>
@@ -683,11 +553,6 @@
         </xsl:if>
       </dl>
     </xsl:if>
-    <div class="acl">
-      <xsl:call-template name="aclinfo">
-        <xsl:with-param name="api" select="$name"/>
-      </xsl:call-template>
-    </div>
   </xsl:template>
 
   <xsl:template match="exports" mode="toc">
@@ -703,11 +568,7 @@
       <h2 style="font-weight:bold;color:red;text-align:center">This module is deprecated</h2>
     </xsl:if>
     <xsl:if test="description">
-      <p>
-        <xsl:call-template name="dumptext">
-          <xsl:with-param name="text" select="description"/>
-        </xsl:call-template>
-      </p>
+      <p><xsl:value-of select="description"/></p>
     </xsl:if>
   </xsl:template>
 

docs/page.xsl

@@ -26,10 +26,6 @@
     <xsl:call-template name="toc"/>
   </xsl:template>
 
-  <xsl:template match="html:div[@id='include']" mode="content">
-    <xsl:call-template name="include"/>
-  </xsl:template>
-
   <!-- This processes the sitemap to form a context sensitive
        navigation menu for the current page -->
   <xsl:template match="html:ul" mode="menu">
@@ -178,31 +174,4 @@
     </html>
   </xsl:template>
 
-  <xsl:template name="include">
-    <xsl:variable name="inchtml">
-      <xsl:copy-of select="document(@filename)"/>
-    </xsl:variable>
-
-    <xsl:apply-templates select="exsl:node-set($inchtml)/html:html/html:body/*" mode="content"/>
-  </xsl:template>
-
-  <xsl:template match="html:h2 | html:h3 | html:h4 | html:h5 | html:h6" mode="content">
-    <xsl:element name="{name()}">
-      <xsl:apply-templates mode="copy" />
-      <xsl:if test="./html:a/@name">
-        <a class="headerlink" href="#{html:a/@name}" title="Permalink to this headline">&#xb6;</a>
-      </xsl:if>
-    </xsl:element>
-  </xsl:template>
-
-  <xsl:template match="text()" mode="copy">
-    <xsl:value-of select="."/>
-  </xsl:template>
-
-  <xsl:template match="node()" mode="copy">
-    <xsl:element name="{name()}">
-      <xsl:copy-of select="./@*"/>
-      <xsl:apply-templates mode="copy" />
-    </xsl:element>
-  </xsl:template>
 </xsl:stylesheet>

docs/remote.html.in

@@ -376,7 +376,7 @@ Note that parameter values must be
         <td> libssh2 </td>
         <td>
   A comma separated list of authentication methods to use. Default (is
-  "agent,privkey,keyboard-interactive". The order of the methods is preserved.
+  "agent,privkey,keyboard-interactive". The order of the methods is perserved.
   Some methods may require additional parameters.
 </td>
       </tr>

docs/schemas/Makefile.am

@@ -1,4 +1,4 @@
-## Copyright (C) 2005-2011, 2013-2014 Red Hat, Inc.
+## Copyright (C) 2005-2011, 2013 Red Hat, Inc.
 ##
 ## This library is free software; you can redistribute it and/or
 ## modify it under the terms of the GNU Lesser General Public
@@ -27,7 +27,8 @@ schema_DATA = \
 	nodedev.rng \
 	nwfilter.rng \
 	secret.rng \
-	storagecommon.rng \
+	storageencryption.rng \
+	storagefilefeatures.rng \
 	storagepool.rng \
 	storagevol.rng
 

docs/schemas/basictypes.rng

@@ -291,21 +291,13 @@
   </define>
 
   <define name='volName'>
-    <!-- directory pools allow almost any file name as a volume name -->
     <data type='string'>
-      <param name="pattern">[^/]+</param>
-      <except>
-        <choice>
-          <value>.</value>
-          <value>..</value>
-        </choice>
-      </except>
+      <param name="pattern">[a-zA-Z0-9_\+\-\.]+</param>
     </data>
   </define>
 
   <define name='archnames'>
     <choice>
-      <value>aarch64</value>
       <value>alpha</value>
       <value>armv7l</value>
       <value>cris</value>
@@ -380,46 +372,4 @@
     </element>
   </define>
 
-  <define name="isaaddress">
-    <optional>
-      <attribute name="iobase">
-        <data type="string">
-          <param name="pattern">0x[a-fA-F0-9]{1,4}</param>
-        </data>
-      </attribute>
-    </optional>
-    <optional>
-      <attribute name="irq">
-        <data type="string">
-          <param name="pattern">0x[a-fA-F0-9]</param>
-        </data>
-      </attribute>
-    </optional>
-  </define>
-
-  <define name="link-speed-state">
-    <optional>
-      <element name="link">
-        <optional>
-          <attribute name="speed">
-            <ref name="unsignedInt"/>
-          </attribute>
-        </optional>
-        <optional>
-          <attribute name="state">
-            <choice>
-              <value>unknown</value>
-              <value>notpresent</value>
-              <value>down</value>
-              <value>lowerlayerdown</value>
-              <value>testing</value>
-              <value>dormant</value>
-              <value>up</value>
-            </choice>
-          </attribute>
-        </optional>
-      </element>
-    </optional>
-  </define>
-
 </grammar>

docs/schemas/capability.rng

@@ -60,14 +60,6 @@
           <element name='doi'>
             <text/>
           </element>
-          <zeroOrMore>
-            <element name='baselabel'>
-              <attribute name='type'>
-                <text/>
-              </attribute>
-              <text/>
-            </element>
-          </zeroOrMore>
        </interleave>
     </element>
   </define>
@@ -118,9 +110,6 @@
         <empty/>
       </element>
     </zeroOrMore>
-    <zeroOrMore>
-      <ref name='pagesElem'/>
-    </zeroOrMore>
   </define>
 
   <define name='power_management'>
@@ -191,25 +180,6 @@
         <ref name='memory'/>
       </optional>
 
-      <zeroOrMore>
-        <ref name='pagesElem'/>
-      </zeroOrMore>
-
-      <optional>
-        <element name='distances'>
-          <zeroOrMore>
-            <element name='sibling'>
-              <attribute name='id'>
-                <ref name='unsignedInt'/>
-              </attribute>
-              <attribute name='value'>
-                <ref name='unsignedInt'/>
-              </attribute>
-            </element>
-          </zeroOrMore>
-        </element>
-      </optional>
-
       <optional>
         <element name='cpus'>
           <attribute name='num'>
@@ -320,11 +290,6 @@
           <text/>
         </attribute>
       </optional>
-      <optional>
-        <attribute name='maxCpus'>
-          <ref name='unsignedInt'/>
-        </attribute>
-      </optional>
       <text/>
     </element>
   </define>
@@ -393,12 +358,6 @@
             <empty/>
           </element>
         </optional>
-        <optional>
-          <element name='disksnapshot'>
-            <ref name='featuretoggle'/>
-            <empty/>
-          </element>
-        </optional>
       </interleave>
     </element>
   </define>
@@ -423,18 +382,4 @@
       <param name='pattern'>[a-zA-Z0-9\-_]+</param>
     </data>
   </define>
-
-  <define name='pagesElem'>
-    <element name='pages'>
-      <optional>
-        <attribute name='unit'>
-          <ref name='unit'/>
-        </attribute>
-      </optional>
-      <attribute name='size'>
-        <ref name='unsignedInt'/>
-      </attribute>
-      <ref name='unsignedInt'/>
-    </element>
-  </define>
 </grammar>

docs/schemas/domain.rng

@@ -1,21 +1,9 @@
 <?xml version="1.0"?>
 <grammar xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
-  <!-- Grammar for accepting a domain element, both as top level, and
-       also suitable for inclusion in domainsnapshot.rng -->
+  <!-- We handle only document defining a domain -->
   <start>
     <ref name="domain"/>
   </start>
 
   <include href='domaincommon.rng'/>
-
-  <define name='storageStartupPolicy' combine='choice'>
-    <!-- overrides the no-op version in storagecommon.rng -->
-    <ref name='startupPolicy'/>
-  </define>
-
-  <define name='storageSourceExtra' combine='choice'>
-    <!-- overrides the no-op version in storagecommon.rng -->
-    <ref name='diskspec'/>
-  </define>
-
 </grammar>

docs/schemas/domainsnapshot.rng

@@ -75,12 +75,7 @@
                 <ref name="UUID"/>
               </element>
             </element>
-            <!-- Nested grammar ensures that any of our overrides of
-                 storagecommon/domaincommon defines do not conflict
-                 with any domain.rng overrides.  -->
-            <grammar>
-              <include href='domain.rng'/>
-            </grammar>
+            <ref name='domain'/>
           </choice>
         </optional>
         <optional>
@@ -107,11 +102,6 @@
     </choice>
   </define>
 
-  <define name='storageSourceExtra' combine='choice'>
-    <!-- overrides the no-op version in storagecommon.rng -->
-    <ref name='disksnapshotdriver'/>
-  </define>
-
   <define name='disksnapshot'>
     <element name='disk'>
       <attribute name='name'>
@@ -133,64 +123,31 @@
               <value>external</value>
             </attribute>
           </optional>
-          <choice>
-            <group>
-              <optional>
-                <attribute name='type'>
-                  <value>file</value>
-                </attribute>
-              </optional>
-              <interleave>
+          <interleave>
+            <optional>
+              <element name='driver'>
                 <optional>
-                  <element name='source'>
-                    <optional>
-                      <attribute name='file'>
-                        <ref name='absFilePath'/>
-                      </attribute>
-                    </optional>
-                    <optional>
-                      <ref name='storageStartupPolicy'/>
-                    </optional>
-                    <empty/>
-                  </element>
+                  <attribute name='type'>
+                    <ref name='storageFormat'/>
+                  </attribute>
                 </optional>
-                <ref name='storageSourceExtra'/>
-              </interleave>
-            </group>
-            <group>
-              <attribute name='type'>
-                <value>block</value>
-              </attribute>
-              <interleave>
+                <empty/>
+              </element>
+            </optional>
+            <optional>
+              <element name='source'>
                 <optional>
-                  <element name="source">
-                    <attribute name="dev">
-                      <ref name="absFilePath"/>
-                    </attribute>
-                    <empty/>
-                  </element>
+                  <attribute name='file'>
+                    <ref name='absFilePath'/>
+                  </attribute>
                 </optional>
-                <ref name='storageSourceExtra'/>
-              </interleave>
-            </group>
-            <ref name='diskSourceNetwork'/>
-          </choice>
+                <empty/>
+              </element>
+            </optional>
+          </interleave>
         </group>
       </choice>
     </element>
   </define>
 
-  <define name='disksnapshotdriver'>
-    <optional>
-      <element name='driver'>
-        <optional>
-          <attribute name='type'>
-            <ref name='storageFormatBacking'/>
-          </attribute>
-        </optional>
-        <empty/>
-      </element>
-    </optional>
-  </define>
-
 </grammar>

docs/schemas/interface.rng

@@ -29,41 +29,34 @@
        Ethernet adapter
   -->
   <define name="basic-ethernet-content">
-    <interleave>
-      <attribute name="type">
-        <value>ethernet</value>
-      </attribute>
-      <ref name="name-attr"/>
-      <!-- If no MAC is given when the interface is defined, it is determined
-           by using the device name.
-           FIXME: What if device name and MAC don't specify the same NIC ? -->
-      <optional>
-        <element name="mac">
-          <attribute name="address"><ref name="macAddr"/></attribute>
-        </element>
-      </optional>
-      <ref name="link-speed-state"/>
-      <!-- FIXME: Allow (some) ethtool options -->
-    </interleave>
+    <attribute name="type">
+      <value>ethernet</value>
+    </attribute>
+    <ref name="name-attr"/>
+    <!-- If no MAC is given when the interface is defined, it is determined
+         by using the device name.
+         FIXME: What if device name and MAC don't specify the same NIC ? -->
+    <optional>
+      <element name="mac">
+        <attribute name="address"><ref name="macAddr"/></attribute>
+      </element>
+    </optional>
+    <!-- FIXME: Allow (some) ethtool options -->
   </define>
 
   <!-- Ethernet adapter without IP addressing, e.g. for a bridge -->
   <define name="bare-ethernet-interface">
     <element name="interface">
-      <interleave>
-        <ref name="basic-ethernet-content"/>
-      </interleave>
+      <ref name="basic-ethernet-content"/>
     </element>
   </define>
 
   <define name="ethernet-interface">
     <element name="interface">
-      <interleave>
-        <ref name="startmode"/>
-        <ref name="basic-ethernet-content"/>
-        <ref name="mtu"/>
-        <ref name="interface-addressing"/>
-      </interleave>
+      <ref name="startmode"/>
+      <ref name="basic-ethernet-content"/>
+      <ref name="mtu"/>
+      <ref name="interface-addressing"/>
     </element>
   </define>
 
@@ -78,7 +71,6 @@
          of the form DEVICE.VLAN
     -->
     <optional><ref name="name-attr"/></optional>
-    <ref name="link-speed-state"/>
   </define>
 
   <define name="vlan-device">
@@ -92,22 +84,18 @@
 
   <define name="bare-vlan-interface">
     <element name="interface">
-      <interleave>
-        <ref name="vlan-interface-common"/>
-        <ref name="vlan-device"/>
-      </interleave>
+      <ref name="vlan-interface-common"/>
+      <ref name="vlan-device"/>
     </element>
   </define>
 
   <define name="vlan-interface">
     <element name="interface">
-      <interleave>
-        <ref name="vlan-interface-common"/>
-        <ref name="startmode"/>
-        <ref name="mtu"/>
-        <ref name="interface-addressing"/>
-        <ref name="vlan-device"/>
-      </interleave>
+      <ref name="vlan-interface-common"/>
+      <ref name="startmode"/>
+      <ref name="mtu"/>
+      <ref name="interface-addressing"/>
+      <ref name="vlan-device"/>
     </element>
   </define>
 
@@ -116,33 +104,31 @@
   -->
   <define name="bridge-interface">
     <element name="interface">
-      <interleave>
-        <attribute name="type">
-          <value>bridge</value>
-        </attribute>
-        <ref name="name-attr"/>
-        <ref name="startmode"/>
-        <ref name="mtu"/>
-        <ref name="interface-addressing"/>
-        <element name="bridge">
-          <optional>
-            <attribute name="stp">
-              <ref name="on-or-off"/>
-            </attribute>
-          </optional>
-          <!-- Bridge forward delay (see 'brctl setfd') -->
-          <optional v:since="2">
-            <attribute name="delay"><ref name="timeval"/></attribute>
-          </optional>
-          <zeroOrMore>
-            <choice>
-              <ref name="bare-ethernet-interface"/>
-              <ref name="bare-vlan-interface"/>
-              <ref v:since="2" name="bare-bond-interface"/>
-            </choice>
-          </zeroOrMore>
-        </element>
-      </interleave>
+      <attribute name="type">
+        <value>bridge</value>
+      </attribute>
+      <ref name="name-attr"/>
+      <ref name="startmode"/>
+      <ref name="mtu"/>
+      <ref name="interface-addressing"/>
+      <element name="bridge">
+        <optional>
+          <attribute name="stp">
+            <ref name="on-or-off"/>
+          </attribute>
+        </optional>
+        <!-- Bridge forward delay (see 'brctl setfd') -->
+        <optional v:since="2">
+          <attribute name="delay"><ref name="timeval"/></attribute>
+        </optional>
+        <zeroOrMore>
+          <choice>
+            <ref name="bare-ethernet-interface"/>
+            <ref name="bare-vlan-interface"/>
+            <ref v:since="2" name="bare-bond-interface"/>
+          </choice>
+        </zeroOrMore>
+      </element>
     </element>
   </define>
   <!-- Jim Fehlig would like support for other bridge attributes, in
@@ -157,7 +143,6 @@
       <value>bond</value>
     </attribute>
     <ref name="name-attr"/>
-    <ref name="link-speed-state"/>
   </define>
 
   <define name="bond-element">
@@ -194,73 +179,67 @@
              xmit_hash_policy       (since 2.6.3/3.2.2)
       -->
 
-      <interleave>
-        <optional>
-          <choice>
-            <element name="miimon">
-              <!-- miimon frequency in ms -->
-              <attribute name="freq"><ref name="unsignedInt"/></attribute>
-              <optional>
-                <attribute name="downdelay"><ref name="unsignedInt"/></attribute>
-              </optional>
-              <optional>
-                <attribute name="updelay"><ref name="unsignedInt"/></attribute>
-              </optional>
-              <optional>
-                <!-- use_carrier -->
-                <attribute name="carrier">
-                  <choice>
-                    <!-- use MII/ETHTOOL ioctl -->
-                    <value>ioctl</value>
-                    <!-- use netif_carrier_ok() -->
-                    <value>netif</value>
-                  </choice>
-                </attribute>
-              </optional>
-            </element>
-            <element name="arpmon">
-              <attribute name="interval"><ref name="unsignedInt"/></attribute>
-              <attribute name="target"><ref name="ipv4Addr"/></attribute>
-              <optional>
-                <attribute name="validate">
-                  <choice>
-                    <value>none</value>
-                    <value>active</value>
-                    <value>backup</value>
-                    <value>all</value>
-                  </choice>
-                </attribute>
-              </optional>
-            </element>
-          </choice>
-        </optional>
+      <optional>
+        <choice>
+          <element name="miimon">
+            <!-- miimon frequency in ms -->
+            <attribute name="freq"><ref name="unsignedInt"/></attribute>
+            <optional>
+              <attribute name="downdelay"><ref name="unsignedInt"/></attribute>
+            </optional>
+            <optional>
+              <attribute name="updelay"><ref name="unsignedInt"/></attribute>
+            </optional>
+            <optional>
+              <!-- use_carrier -->
+              <attribute name="carrier">
+                <choice>
+                  <!-- use MII/ETHTOOL ioctl -->
+                  <value>ioctl</value>
+                  <!-- use netif_carrier_ok() -->
+                  <value>netif</value>
+                </choice>
+              </attribute>
+            </optional>
+          </element>
+          <element name="arpmon">
+            <attribute name="interval"><ref name="unsignedInt"/></attribute>
+            <attribute name="target"><ref name="ipv4Addr"/></attribute>
+            <optional>
+              <attribute name="validate">
+                <choice>
+                  <value>none</value>
+                  <value>active</value>
+                  <value>backup</value>
+                  <value>all</value>
+                </choice>
+              </attribute>
+            </optional>
+          </element>
+        </choice>
+      </optional>
 
-        <oneOrMore>
-          <!-- The slave interfaces -->
-          <ref name="bare-ethernet-interface"/>
-        </oneOrMore>
-      </interleave>
+      <oneOrMore>
+        <!-- The slave interfaces -->
+        <ref name="bare-ethernet-interface"/>
+      </oneOrMore>
     </element>
   </define>
 
   <define name="bare-bond-interface">
     <element name="interface">
-      <interleave>
-        <ref name="bond-interface-common"/>
-        <ref name="bond-element"/>
-      </interleave>
+      <ref name="bond-interface-common"/>
+      <ref name="bond-element"/>
     </element>
   </define>
 
   <define name="bond-interface">
     <element name="interface">
-      <interleave>
-        <ref name="bond-interface-common"/>
-        <ref name="startmode"/>
-        <ref name="mtu"/>
-        <ref name="interface-addressing"/>
-        <ref name="bond-element"/>
-      </interleave>
+      <ref name="bond-interface-common"/>
+      <ref name="startmode"/>
+      <ref name="mtu"/>
+      <ref name="interface-addressing"/>
+      <ref name="bond-element"/>
     </element>
   </define>
 
@@ -322,24 +301,22 @@
       <attribute name="family">
         <value>ipv4</value>
       </attribute>
-      <interleave>
-        <choice>
-          <ref name="dhcp-element"/>
-          <group>
-            <element name="ip">
-              <attribute name="address"><ref name="ipv4Addr"/></attribute>
-              <optional>
-                <attribute name="prefix"><ref name="ipv4Prefix"/></attribute>
-              </optional>
-            </element>
+      <choice>
+        <ref name="dhcp-element"/>
+        <group>
+          <element name="ip">
+            <attribute name="address"><ref name="ipv4Addr"/></attribute>
             <optional>
-              <element name="route">
-                <attribute name="gateway"><ref name="ipv4Addr"/></attribute>
-              </element>
+              <attribute name="prefix"><ref name="ipv4Prefix"/></attribute>
             </optional>
-          </group>
-        </choice>
-      </interleave>
+          </element>
+          <optional>
+            <element name="route">
+              <attribute name="gateway"><ref name="ipv4Addr"/></attribute>
+            </element>
+          </optional>
+        </group>
+      </choice>
     </element>
   </define>
 
@@ -348,27 +325,25 @@
       <attribute name="family">
         <value>ipv6</value>
       </attribute>
-      <interleave>
-        <optional>
-          <element name="autoconf"><empty/></element>
-        </optional>
-        <optional>
-          <ref name="dhcp-element"/>
-        </optional>
-        <zeroOrMore>
-          <element name="ip">
-            <attribute name="address"><ref name="ipv6Addr"/></attribute>
-            <optional>
-              <attribute name="prefix"><ref name="ipv6Prefix"/></attribute>
-            </optional>
-          </element>
-        </zeroOrMore>
-        <optional>
-          <element name="route">
-            <attribute name="gateway"><ref name="ipv6Addr"/></attribute>
-          </element>
-        </optional>
-      </interleave>
+      <optional>
+        <element name="autoconf"><empty/></element>
+      </optional>
+      <optional>
+        <ref name="dhcp-element"/>
+      </optional>
+      <zeroOrMore>
+        <element name="ip">
+          <attribute name="address"><ref name="ipv6Addr"/></attribute>
+          <optional>
+            <attribute name="prefix"><ref name="ipv6Prefix"/></attribute>
+          </optional>
+        </element>
+      </zeroOrMore>
+      <optional>
+        <element name="route">
+          <attribute name="gateway"><ref name="ipv6Addr"/></attribute>
+        </element>
+      </optional>
     </element>
   </define>
 

docs/schemas/network.rng

@@ -160,32 +160,6 @@
                   <empty/>
                 </element>
               </optional>
-              <optional>
-                <element name='nat'>
-                  <interleave>
-                    <optional>
-                      <element name='address'>
-                        <attribute name='start'>
-                          <ref name='ipv4Addr'/>
-                        </attribute>
-                        <attribute name='end'>
-                          <ref name='ipv4Addr'/>
-                        </attribute>
-                      </element>
-                    </optional>
-                    <optional>
-                      <element name='port'>
-                        <attribute name='start'>
-                          <ref name='port'/>
-                        </attribute>
-                        <attribute name='end'>
-                          <ref name='port'/>
-                        </attribute>
-                      </element>
-                    </optional>
-                  </interleave>
-                </element>
-              </optional>
             </interleave>
           </element>
         </optional>
@@ -233,21 +207,7 @@
         <!-- Define the DNS related elements like TXT records
              and other features in the <dns> element -->
         <optional>
-          <element name="dns">
-            <optional>
-              <attribute name="forwardPlainNames">
-                <choice>
-                  <value>yes</value>
-                  <value>no</value>
-                </choice>
-              </attribute>
-            </optional>
-            <interleave>
-              <zeroOrMore>
-                <element name="forwarder">
-                  <attribute name="addr"><ref name="ipAddr"/></attribute>
-                </element>
-              </zeroOrMore>
+            <element name="dns">
               <zeroOrMore>
                 <element name="txt">
                   <attribute name="name"><ref name="dnsName"/></attribute>
@@ -257,21 +217,13 @@
               <zeroOrMore>
                 <element name="srv">
                   <attribute name="service"><text/></attribute>
-                  <attribute name="protocol">
-                    <ref name="protocol"/>
-                  </attribute>
+                  <attribute name="protocol"><ref name="protocol"/></attribute>
                   <optional>
                     <attribute name="domain"><ref name="dnsName"/></attribute>
                     <attribute name="target"><text/></attribute>
-                    <attribute name="port">
-                      <ref name="unsignedShort"/>
-                    </attribute>
-                    <attribute name="priority">
-                      <ref name="unsignedShort"/>
-                    </attribute>
-                    <attribute name="weight">
-                      <ref name="unsignedShort"/>
-                    </attribute>
+                    <attribute name="port"><ref name="unsignedShort"/></attribute>
+                    <attribute name="priority"><ref name="unsignedShort"/></attribute>
+                    <attribute name="weight"><ref name="unsignedShort"/></attribute>
                   </optional>
                 </element>
               </zeroOrMore>
@@ -283,25 +235,24 @@
                   </oneOrMore>
                 </element>
               </zeroOrMore>
-            </interleave>
-          </element>
+            </element>
         </optional>
-        <optional>
-          <ref name="bandwidth"/>
-        </optional>
-        <optional>
+       <optional>
+         <ref name="bandwidth"/>
+       </optional>
+       <optional>
          <ref name="vlan"/>
-        </optional>
-        <optional>
-          <element name="link">
-            <attribute name="state">
-              <choice>
-                <value>up</value>
-                <value>down</value>
-              </choice>
-            </attribute>
-            <empty/>
-          </element>
+       </optional>
+       <optional>
+         <element name="link">
+           <attribute name="state">
+             <choice>
+               <value>up</value>
+               <value>down</value>
+             </choice>
+           </attribute>
+           <empty/>
+         </element>
         </optional>
 
         <!-- <ip> element -->

docs/schemas/networkcommon.rng

@@ -217,11 +217,4 @@
       </oneOrMore>
     </element>
   </define>
-
-  <define name='port'>
-    <data type='integer'>
-      <param name='minInclusive'>1</param>
-      <param name='maxInclusive'>65535</param>
-    </data>
-  </define>
 </grammar>

docs/schemas/nodedev.rng

@@ -12,9 +12,6 @@
       <!-- The name of the network, used to refer to it through the API
          and in virsh -->
       <element name="name"><text/></element>
-      <optional>
-        <element name="path"><text/></element>
-      </optional>
       <optional>
         <element name="parent"><text/></element>
       </optional>
@@ -158,45 +155,6 @@
       </element>
     </optional>
 
-    <optional>
-      <element name='numa'>
-        <optional>
-          <attribute name='node'>
-            <data type='int'/>
-          </attribute>
-        </optional>
-      </element>
-    </optional>
-
-    <optional>
-      <element name='pci-express'>
-        <zeroOrMore>
-          <element name='link'>
-            <attribute name='validity'>
-              <choice>
-                <value>cap</value>
-                <value>sta</value>
-              </choice>
-            </attribute>
-            <optional>
-              <attribute name='port'>
-                <ref name='unsignedInt'/>
-              </attribute>
-            </optional>
-            <optional>
-              <attribute name='speed'>
-                <data type="string">
-                  <param name="pattern">[0-9]+(.[0-9]+)?</param>
-                </data>
-              </attribute>
-            </optional>
-            <attribute name='width'>
-              <ref name='unsignedInt'/>
-            </attribute>
-          </element>
-        </zeroOrMore>
-      </element>
-    </optional>
   </define>
 
   <define name='capusbdev'>
@@ -272,7 +230,6 @@
         <ref name='mac'/>
       </element>
     </optional>
-    <ref name="link-speed-state"/>
 
     <zeroOrMore>
       <ref name='subcapnet'/>

docs/schemas/storagecommon.rng

@@ -1,96 +0,0 @@
-<?xml version="1.0"?>
-<!-- A Relax NG schema for common libvirt XML storage elements -->
-<grammar xmlns="http://relaxng.org/ns/structure/1.0"
-    datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
-
-  <!-- This schema is not designed for standalone use; another file
-       must include both this file and basictypes.rng -->
-
-  <define name='encryption'>
-    <element name='encryption'>
-      <attribute name='format'>
-        <choice>
-          <value>default</value>
-          <value>qcow</value>
-        </choice>
-      </attribute>
-      <zeroOrMore>
-        <ref name='secret'/>
-      </zeroOrMore>
-    </element>
-  </define>
-
-  <define name='secret'>
-    <element name='secret'>
-      <attribute name='type'>
-        <choice>
-          <value>passphrase</value>
-        </choice>
-      </attribute>
-      <attribute name='uuid'>
-        <ref name="UUID"/>
-      </attribute>
-    </element>
-  </define>
-
-  <define name='compat'>
-    <element name='compat'>
-      <data type='string'>
-        <param name='pattern'>[0-9]+\.[0-9]+</param>
-      </data>
-    </element>
-  </define>
-  <define name='fileFormatFeatures'>
-    <element name='features'>
-      <interleave>
-        <optional>
-          <element name='lazy_refcounts'>
-            <empty/>
-          </element>
-        </optional>
-      </interleave>
-    </element>
-  </define>
-
-  <!-- split the list of known storage formats into two, those where
-       we know how to follow backing chains, and all others -->
-  <define name='storageFormatBacking'>
-    <choice>
-      <value>cow</value>
-      <value>qcow</value>
-      <value>qcow2</value>
-      <value>qed</value>
-      <value>vmdk</value>
-    </choice>
-  </define>
-  <define name='storageFormat'>
-    <choice>
-      <value>raw</value>
-      <value>dir</value>
-      <value>bochs</value>
-      <value>cloop</value>
-      <value>dmg</value>
-      <value>iso</value>
-      <value>vpc</value>
-      <value>vdi</value>
-      <value>fat</value>
-      <value>vhd</value>
-      <ref name='storageFormatBacking'/>
-    </choice>
-  </define>
-
-  <define name='storageStartupPolicy'>
-    <!-- Use a combine='choice' override in client files that want to
-         add additional attributes to a <source> sub-element
-         associated with a storage source -->
-    <notAllowed/>
-  </define>
-
-  <define name='storageSourceExtra'>
-    <!-- Use a combine='choice' override in client files that want to
-         add additional elements as siblings of a <source> sub-element
-         associated with a storage source -->
-    <notAllowed/>
-  </define>
-
-</grammar>

docs/schemas/storageencryption.rng

@@ -0,0 +1,33 @@
+<?xml version="1.0"?>
+<!-- A Relax NG schema for the libvirt volume encryption XML format -->
+<grammar xmlns="http://relaxng.org/ns/structure/1.0"
+    datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
+
+  <define name='encryption'>
+    <element name='encryption'>
+      <attribute name='format'>
+        <choice>
+          <value>default</value>
+          <value>qcow</value>
+        </choice>
+      </attribute>
+      <zeroOrMore>
+        <ref name='secret'/>
+      </zeroOrMore>
+    </element>
+  </define>
+
+  <define name='secret'>
+    <element name='secret'>
+      <attribute name='type'>
+        <choice>
+          <value>passphrase</value>
+        </choice>
+      </attribute>
+      <attribute name='uuid'>
+          <ref name="UUID"/>
+      </attribute>
+    </element>
+  </define>
+
+</grammar>

docs/schemas/storagefilefeatures.rng

@@ -0,0 +1,24 @@
+<?xml version="1.0"?>
+<!-- A Relax NG schema for the libvirt volume features XML format -->
+<grammar xmlns="http://relaxng.org/ns/structure/1.0"
+    datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
+
+  <define name='compat'>
+    <element name='compat'>
+      <data type='string'>
+        <param name='pattern'>[0-9]+\.[0-9]+</param>
+      </data>
+    </element>
+  </define>
+  <define name='fileFormatFeatures'>
+    <element name='features'>
+      <interleave>
+        <optional>
+          <element name='lazy_refcounts'>
+            <empty/>
+          </element>
+        </optional>
+      </interleave>
+    </element>
+  </define>
+</grammar>

docs/schemas/storagepool.rng

@@ -21,7 +21,6 @@
         <ref name='poolmpath'/>
         <ref name='poolrbd'/>
         <ref name='poolsheepdog'/>
-        <ref name='poolgluster'/>
       </choice>
     </element>
   </define>
@@ -30,235 +29,181 @@
     <attribute name='type'>
       <value>dir</value>
     </attribute>
-    <interleave>
-      <ref name='commonmetadata'/>
-      <ref name='sizing'/>
-      <ref name='sourcedir'/>
-      <ref name='target'/>
-    </interleave>
+    <ref name='commonmetadata'/>
+    <ref name='sizing'/>
+    <ref name='sourcedir'/>
+    <ref name='target'/>
   </define>
 
   <define name='poolfs'>
     <attribute name='type'>
       <value>fs</value>
     </attribute>
-    <interleave>
-      <ref name='commonmetadata'/>
-      <ref name='sizing'/>
-      <ref name='sourcefs'/>
-      <ref name='target'/>
-    </interleave>
+    <ref name='commonmetadata'/>
+    <ref name='sizing'/>
+    <ref name='sourcefs'/>
+    <ref name='target'/>
   </define>
 
   <define name='poolnetfs'>
     <attribute name='type'>
       <value>netfs</value>
     </attribute>
-    <interleave>
-      <ref name='commonmetadata'/>
-      <ref name='sizing'/>
-      <ref name='sourcenetfs'/>
-      <ref name='target'/>
-    </interleave>
+    <ref name='commonmetadata'/>
+    <ref name='sizing'/>
+    <ref name='sourcenetfs'/>
+    <ref name='target'/>
   </define>
 
   <define name='poollogical'>
     <attribute name='type'>
       <value>logical</value>
     </attribute>
-    <interleave>
-      <ref name='commonmetadata'/>
-      <ref name='sizing'/>
-      <ref name='sourcelogical'/>
-      <ref name='targetlogical'/>
-    </interleave>
+    <ref name='commonmetadata'/>
+    <ref name='sizing'/>
+    <ref name='sourcelogical'/>
+    <ref name='target'/>
   </define>
 
   <define name='pooldisk'>
     <attribute name='type'>
       <value>disk</value>
     </attribute>
-    <interleave>
-      <ref name='commonmetadata'/>
-      <ref name='sizing'/>
-      <ref name='sourcedisk'/>
-      <ref name='target'/>
-    </interleave>
+    <ref name='commonmetadata'/>
+    <ref name='sizing'/>
+    <ref name='sourcedisk'/>
+    <ref name='target'/>
   </define>
 
   <define name='pooliscsi'>
     <attribute name='type'>
       <value>iscsi</value>
     </attribute>
-    <interleave>
-      <ref name='commonmetadata'/>
-      <ref name='sizing'/>
-      <ref name='sourceiscsi'/>
-      <ref name='target'/>
-    </interleave>
+    <ref name='commonmetadata'/>
+    <ref name='sizing'/>
+    <ref name='sourceiscsi'/>
+    <ref name='target'/>
   </define>
 
   <define name='poolscsi'>
     <attribute name='type'>
       <value>scsi</value>
     </attribute>
-    <interleave>
-      <ref name='commonmetadata'/>
-      <ref name='sizing'/>
-      <ref name='sourcescsi'/>
-      <ref name='target'/>
-    </interleave>
+    <ref name='commonmetadata'/>
+    <ref name='sizing'/>
+    <ref name='sourcescsi'/>
+    <ref name='target'/>
   </define>
 
   <define name='poolmpath'>
     <attribute name='type'>
       <value>mpath</value>
     </attribute>
-    <interleave>
-      <ref name='commonmetadata'/>
-      <ref name='sizing'/>
-      <optional>
-        <ref name='sourcempath'/>
-      </optional>
-      <ref name='target'/>
-    </interleave>
+    <ref name='commonmetadata'/>
+    <ref name='sizing'/>
+    <optional>
+      <ref name='sourcempath'/>
+    </optional>
+    <ref name='target'/>
   </define>
 
   <define name='poolrbd'>
     <attribute name='type'>
       <value>rbd</value>
     </attribute>
-    <interleave>
-      <ref name='commonmetadata'/>
-      <ref name='sizing'/>
-      <ref name='sourcerbd'/>
-    </interleave>
+    <ref name='commonmetadata'/>
+    <ref name='sizing'/>
+    <ref name='sourcerbd'/>
   </define>
 
   <define name='poolsheepdog'>
     <attribute name='type'>
       <value>sheepdog</value>
     </attribute>
-    <interleave>
-      <ref name='commonmetadata'/>
-      <ref name='sizing'/>
-      <ref name='sourcesheepdog'/>
-    </interleave>
-  </define>
-
-  <define name='poolgluster'>
-    <attribute name='type'>
-      <value>gluster</value>
-    </attribute>
-    <interleave>
-      <ref name='commonmetadata'/>
-      <ref name='sizing'/>
-      <ref name='sourcegluster'/>
-    </interleave>
+    <ref name='commonmetadata'/>
+    <ref name='sizing'/>
+    <ref name='sourcesheepdog'/>
   </define>
 
   <define name='sourceinfovendor'>
-    <interleave>
-      <optional>
-        <element name='vendor'>
-          <attribute name='name'>
-            <text/>
-          </attribute>
-        </element>
-      </optional>
-      <optional>
-        <element name='product'>
-          <attribute name='name'>
-            <text/>
-          </attribute>
-        </element>
-      </optional>
-    </interleave>
+    <optional>
+      <element name='vendor'>
+        <attribute name='name'>
+          <text/>
+        </attribute>
+      </element>
+    </optional>
+    <optional>
+      <element name='product'>
+        <attribute name='name'>
+          <text/>
+        </attribute>
+      </element>
+    </optional>
   </define>
 
   <define name='commonmetadata'>
-    <interleave>
-      <element name='name'>
-        <ref name='genericName'/>
+    <element name='name'>
+      <ref name='genericName'/>
+    </element>
+    <optional>
+      <element name='uuid'>
+        <ref name='UUID'/>
       </element>
-      <optional>
-        <element name='uuid'>
-          <ref name='UUID'/>
-        </element>
-      </optional>
-    </interleave>
+    </optional>
   </define>
 
   <define name='sizing'>
-    <interleave>
-      <optional>
-        <element name='capacity'>
-          <ref name='scaledInteger'/>
-        </element>
-      </optional>
-      <optional>
-        <element name='allocation'>
-          <ref name='scaledInteger'/>
-        </element>
-      </optional>
-      <optional>
-        <element name='available'>
-          <ref name='scaledInteger'/>
-        </element>
-      </optional>
-    </interleave>
+    <optional>
+      <element name='capacity'>
+        <ref name='scaledInteger'/>
+      </element>
+    </optional>
+    <optional>
+      <element name='allocation'>
+        <ref name='scaledInteger'/>
+      </element>
+    </optional>
+    <optional>
+      <element name='available'>
+        <ref name='scaledInteger'/>
+      </element>
+    </optional>
   </define>
 
   <define name='permissions'>
     <optional>
       <element name='permissions'>
-        <interleave>
-          <element name='mode'>
-            <ref name='octalMode'/>
-          </element>
-          <element name='owner'>
-            <choice>
-              <ref name='unsignedInt'/>
-              <value>-1</value>
-            </choice>
-          </element>
-          <element name='group'>
-            <choice>
-              <ref name='unsignedInt'/>
-              <value>-1</value>
-            </choice>
-          </element>
-          <optional>
-            <element name='label'>
-              <text/>
-            </element>
-          </optional>
-        </interleave>
+        <element name='mode'>
+          <ref name='octalMode'/>
+        </element>
+        <element name='owner'>
+          <choice>
+            <ref name='unsignedInt'/>
+            <value>-1</value>
+          </choice>
+        </element>
+        <element name='group'>
+          <choice>
+            <ref name='unsignedInt'/>
+            <value>-1</value>
+          </choice>
+        </element>
+        <optional>
+          <element name='label'>
+            <text/>
+        </element>
+        </optional>
       </element>
     </optional>
   </define>
 
   <define name='target'>
     <element name='target'>
-      <interleave>
-        <element name='path'>
-          <ref name='absFilePath'/>
-        </element>
-        <ref name='permissions'/>
-      </interleave>
-    </element>
-  </define>
-
-  <define name='targetlogical'>
-    <element name='target'>
-      <interleave>
-        <optional>
-          <element name='path'>
-            <ref name='absFilePath'/>
-          </element>
-        </optional>
-        <ref name='permissions'/>
-      </interleave>
+      <element name='path'>
+        <ref name='absFilePath'/>
+      </element>
+      <ref name='permissions'/>
     </element>
   </define>
 
@@ -321,7 +266,7 @@
   <define name='sourceinfodir'>
     <element name='dir'>
       <attribute name='path'>
-        <ref name='absDirPath'/>
+        <ref name='absFilePath'/>
       </attribute>
       <empty/>
     </element>
@@ -341,10 +286,22 @@
           <value>ceph</value>
         </choice>
       </attribute>
-      <attribute name='username'>
-        <text/>
-      </attribute>
-      <ref name='sourceinfoauthsecret'/>
+      <choice>
+        <attribute name='login'>
+          <text/>
+        </attribute>
+        <attribute name='username'>
+          <text/>
+        </attribute>
+      </choice>
+      <optional>
+        <attribute name='passwd'>
+          <text/>
+        </attribute>
+      </optional>
+      <optional>
+        <ref name='sourceinfoauthsecret'/>
+      </optional>
     </element>
   </define>
 
@@ -393,10 +350,11 @@
           <choice>
             <value>auto</value>
             <value>nfs</value>
-            <value>cifs</value>
-            <value>glusterfs</value>
           </choice>
         </attribute>
+        <optional>
+          <ref name='sourceinfovendor'/>
+        </optional>
       </element>
     </optional>
   </define>
@@ -456,86 +414,74 @@
 
   <define name='sourcefs'>
     <element name='source'>
-      <interleave>
-        <ref name='sourceinfodev'/>
-        <ref name='sourcefmtfs'/>
-        <optional>
-          <ref name='sourceinfovendor'/>
-        </optional>
-      </interleave>
+      <ref name='sourceinfodev'/>
+      <ref name='sourcefmtfs'/>
+      <optional>
+        <ref name='sourceinfovendor'/>
+      </optional>
     </element>
   </define>
 
   <define name='sourcenetfs'>
     <element name='source'>
-      <interleave>
-        <ref name='sourceinfohost'/>
-        <ref name='sourceinfodir'/>
-        <ref name='sourcefmtnetfs'/>
-        <optional>
-          <ref name='sourceinfovendor'/>
-        </optional>
-      </interleave>
+      <ref name='sourceinfohost'/>
+      <ref name='sourceinfodir'/>
+      <ref name='sourcefmtnetfs'/>
+      <optional>
+        <ref name='sourceinfovendor'/>
+      </optional>
     </element>
   </define>
 
   <define name='sourcelogical'>
     <element name='source'>
-      <interleave>
-        <oneOrMore>
-          <optional>
-            <ref name='sourceinfoname'/>
-          </optional>
-          <optional>
-            <ref name='sourceinfodev'/>
-          </optional>
-        </oneOrMore>
-        <ref name='sourcefmtlogical'/>
+      <oneOrMore>
         <optional>
-          <ref name='sourceinfovendor'/>
+          <ref name='sourceinfoname'/>
         </optional>
-      </interleave>
+        <optional>
+          <ref name='sourceinfodev'/>
+        </optional>
+      </oneOrMore>
+      <ref name='sourcefmtlogical'/>
+      <optional>
+        <ref name='sourceinfovendor'/>
+      </optional>
     </element>
   </define>
 
   <define name='sourcedisk'>
     <element name='source'>
-      <interleave>
-        <ref name='sourceinfodev'/>
-        <ref name='sourcefmtdisk'/>
-        <optional>
-          <ref name='sourceinfovendor'/>
-        </optional>
-      </interleave>
+      <ref name='sourceinfodev'/>
+      <ref name='sourcefmtdisk'/>
+      <optional>
+        <ref name='sourceinfovendor'/>
+      </optional>
     </element>
   </define>
 
   <define name='sourceiscsi'>
     <element name='source'>
-      <interleave>
-        <ref name='sourceinfohost'/>
-        <ref name='sourceinfodev'/>
-        <optional>
-          <ref name='initiatorinfo'/>
-        </optional>
-        <optional>
-          <ref name='sourceinfoauth'/>
-        </optional>
-        <optional>
-          <ref name='sourceinfovendor'/>
-        </optional>
-      </interleave>
+      <ref name='sourceinfohost'/>
+      <ref name='sourceinfodev'/>
+      <optional>
+        <ref name='initiatorinfo'/>
+      </optional>
+      <optional>
+        <ref name='sourceinfoauth'/>
+      </optional>
+      <optional>
+        <ref name='sourceinfovendor'/>
+      </optional>
     </element>
   </define>
 
   <define name='sourcescsi'>
     <element name='source'>
-      <interleave>
-        <ref name='sourceinfoadapter'/>
-        <optional>
-          <ref name='sourceinfovendor'/>
-        </optional>
-      </interleave>
+      <ref name='sourceinfoadapter'/>
+      <optional>
+        <ref name='sourceinfovendor'/>
+      </optional>
     </element>
   </define>
 
@@ -547,34 +493,18 @@
 
   <define name='sourcerbd'>
     <element name='source'>
-      <interleave>
-        <ref name='sourceinfoname'/>
-        <ref name='sourceinfohost'/>
-        <optional>
-          <ref name='sourceinfoauth'/>
-        </optional>
-      </interleave>
+      <ref name='sourceinfoname'/>
+      <ref name='sourceinfohost'/>
+      <optional>
+        <ref name='sourceinfoauth'/>
+      </optional>
     </element>
   </define>
 
   <define name='sourcesheepdog'>
     <element name='source'>
-      <interleave>
-        <ref name='sourceinfohost'/>
-        <ref name='sourceinfoname'/>
-      </interleave>
-    </element>
-  </define>
-
-  <define name='sourcegluster'>
-    <element name='source'>
-      <interleave>
-        <ref name='sourceinfohost'/>
-        <ref name='sourceinfoname'/>
-        <optional>
-          <ref name='sourceinfodir'/>
-        </optional>
-      </interleave>
+      <ref name='sourceinfohost'/>
+      <ref name='sourceinfoname'/>
     </element>
   </define>
 

docs/schemas/storagevol.rng

@@ -7,77 +7,61 @@
     <ref name='vol'/>
   </start>
 
-  <include href='storagecommon.rng'/>
+  <include href='storageencryption.rng'/>
+  <include href='storagefilefeatures.rng'/>
 
 
   <define name='vol'>
     <element name='volume'>
+      <element name='name'>
+        <ref name='volName'/>
+      </element>
       <optional>
-        <attribute name='type'>
-          <choice>
-            <value>file</value>
-            <value>block</value>
-            <value>dir</value>
-            <value>network</value>
-            <value>netdir</value>
-          </choice>
-        </attribute>
-      </optional>
-      <interleave>
-        <element name='name'>
-          <ref name='volName'/>
+        <element name='key'>
+          <text/>
         </element>
-        <optional>
-          <element name='key'>
-            <text/>
-          </element>
-        </optional>
-        <optional>
-          <ref name='source'/>
-        </optional>
-        <ref name='sizing'/>
-        <ref name='target'/>
-        <optional>
-          <ref name='backingStore'/>
-        </optional>
-      </interleave>
+      </optional>
+      <optional>
+        <ref name='source'/>
+      </optional>
+      <ref name='sizing'/>
+      <ref name='target'/>
+      <optional>
+        <ref name='backingStore'/>
+      </optional>
     </element>
   </define>
 
   <define name='sizing'>
-    <interleave>
-      <optional>
-        <element name='capacity'>
-          <ref name='scaledInteger'/>
-        </element>
-      </optional>
-      <optional>
-        <element name='allocation'>
-          <ref name='scaledInteger'/>
-        </element>
-      </optional>
-    </interleave>
+    <optional>
+      <element name='capacity'>
+        <ref name='scaledInteger'/>
+      </element>
+    </optional>
+    <optional>
+      <element name='allocation'>
+        <ref name='scaledInteger'/>
+      </element>
+    </optional>
   </define>
 
   <define name='permissions'>
     <optional>
       <element name='permissions'>
-        <interleave>
-          <element name='mode'>
-            <ref name='octalMode'/>
-          </element>
-          <element name='owner'>
-            <ref name='unsignedInt'/>
-          </element>
-          <element name='group'>
-            <ref name='unsignedInt'/>
-          </element>
-          <optional>
-            <element name='label'>
-              <text/>
-            </element>
-          </optional>
-        </interleave>
+        <element name='mode'>
+          <ref name='octalMode'/>
+        </element>
+        <element name='owner'>
+          <ref name='unsignedInt'/>
+        </element>
+        <element name='group'>
+          <ref name='unsignedInt'/>
+        </element>
+        <optional>
+          <element name='label'>
+            <text/>
+        </element>
+        </optional>
       </element>
     </optional>
   </define>
@@ -119,40 +103,33 @@
 
   <define name='target'>
     <element name='target'>
-      <interleave>
-        <optional>
-          <element name='path'>
-            <choice>
-              <data type='anyURI'/>
-              <ref name='absFilePath'/>
-            </choice>
-          </element>
-        </optional>
-        <ref name='format'/>
-        <ref name='permissions'/>
-        <ref name='timestamps'/>
-        <optional>
-          <ref name='encryption'/>
-        </optional>
-        <optional>
-          <ref name='compat'/>
-        </optional>
-        <optional>
-          <ref name='fileFormatFeatures'/>
-        </optional>
-      </interleave>
+      <optional>
+        <element name='path'>
+          <data type='anyURI'/>
+        </element>
+      </optional>
+      <ref name='format'/>
+      <ref name='permissions'/>
+      <ref name='timestamps'/>
+      <optional>
+        <ref name='encryption'/>
+      </optional>
+      <optional>
+        <ref name='compat'/>
+      </optional>
+      <optional>
+        <ref name='fileFormatFeatures'/>
+      </optional>
     </element>
   </define>
 
   <define name='backingStore'>
     <element name='backingStore'>
-      <interleave>
-        <element name='path'>
-          <ref name='absFilePath'/>
-        </element>
-        <ref name='format'/>
-        <ref name='permissions'/>
-      </interleave>
+      <element name='path'>
+        <ref name='absFilePath'/>
+      </element>
+      <ref name='format'/>
+      <ref name='permissions'/>
     </element>
   </define>
 
@@ -212,7 +189,18 @@
   <define name='formatfile'>
     <choice>
       <value>unknown</value>
-      <ref name='storageFormat'/>
+      <value>raw</value>
+      <value>dir</value>
+      <value>bochs</value>
+      <value>cloop</value>
+      <value>cow</value>
+      <value>dmg</value>
+      <value>iso</value>
+      <value>qcow</value>
+      <value>qcow2</value>
+      <value>qed</value>
+      <value>vmdk</value>
+      <value>vpc</value>
     </choice>
   </define>
 

docs/search.php.in

@@ -1,6 +1,5 @@
 <?xml version="1.0"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
   <body>
     <h1>Search the documentation on Libvirt.org</h1>
 
@@ -10,7 +9,7 @@
     it simply provide a set of keywords:
     </p>
 
-<span id="php_placeholder"/>
+<a id="php_placeholder"/>
 
     <img src="libvirtLogo.png" alt="libvirt Logo" />
 

docs/secureusage.html.in

@@ -1,171 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-
-    <h1>Secure Usage of Libvirt</h1>
-
-    <ul id="toc"></ul>
-
-    <p>
-      This page details information that application developers and
-      administrators of libvirt should be aware of when working with
-      libvirt, that may have a bearing on security of the system.
-    </p>
-
-
-    <h2><a name="diskimage">Disk image handling</a></h2>
-
-    <h3><a name="diskimageformat">Disk image format probing</a></h3>
-
-    <p>
-      Historically there have been multiple flaws in QEMU and most
-      projects using QEMU, related to handling of disk formats.
-      The problems occur when a guest is given a virtual disk backed
-      by raw disk format on the host. If the management application
-      on the host tries to auto-detect / probe the disk format, it
-      is vulnerable to a malicious guest which can write a qcow2
-      file header into its raw disk. If the management application
-      subsequently probes the disk, it will see it as a 'qcow2' disk
-      instead of a 'raw' disk. Since 'qcow2' disks can have a copy
-      on write backing file, such flaw can be leveraged to read
-      arbitrary files on the host. The same type of flaw may occur
-      if the management application allows users to upload pre-created
-      raw images.
-    </p>
-
-    <p>
-      <strong>Recommendation:</strong> never attempt to automatically
-      detect the format of a disk image based on file contents which
-      are accessible to / originate from an untrusted source.
-    </p>
-
-    <h3><a name="diskimagebacking">Disk image backing files</a></h3>
-
-    <p>
-      If a management application allows users to upload pre-created
-      disk images in non-raw formats, it can be tricked into giving
-      the user access to arbitrary host files via the copy-on-write
-      backing file feature. This is because the qcow2 disk format
-      header contains a filename field which can point to any location.
-      It can also point to network protocols such as NBD, HTTP, GlusterFS,
-      RBD and more. This could allow for compromise of almost arbitrary
-      data accessible on the LAN/WAN.
-    </p>
-
-    <p>
-      <strong>Recommendation:</strong> always validate that a disk
-      image originating from an untrusted source has no backing
-      file set. If a backing file is seen, reject the image.
-    </p>
-
-    <h3><a name="diskimagesize">Disk image size validation</a></h3>
-
-    <p>
-      If an application allows users to upload pre-created disk
-      images in non-raw formats, it is essential to validate the
-      logical disk image size, rather than the physical disk
-      image size. Non-raw disk images have a grow-on-demand
-      capability, so a user can provide a qcow2 image that may
-      be only 1 MB in size, but is configured to grow to many
-      TB in size.
-    </p>
-
-    <p>
-      <strong>Recommendation:</strong> if receiving a non-raw disk
-      image from an untrusted source, validate the logical image
-      size stored in the disk image metadata against some finite
-      limit.
-    </p>
-
-    <h3><a name="diskimageaccess">Disk image data access</a></h3>
-
-    <p>
-      If an untrusted disk image is ever mounted on the host OS by
-      a management application or administrator, this opens an
-      avenue of attack with which to potentially compromise the
-      host kernel. Filesystem drivers in OS kernels are often very
-      complex code and thus may have bugs lurking in them. With
-      Linux, there are a large number of filesystem drivers, many
-      of which attract little security analysis attention. Linux
-      will helpfully probe filesystem formats if not told to use an
-      explicit format, allowing an attacker the ability to target
-      specific weak filesystem drivers. Even commonly used and
-      widely audited filesystems such as <code>ext4</code> have had
-      <a href="https://lwn.net/Articles/538898/">bugs lurking in them</a>
-      undetected for years at a time.
-    </p>
-
-    <p>
-      <strong>Recommendation:</strong> if there is a need to access
-      the content of a disk image, use a single-use throwaway virtual
-      machine to access the data. Never mount disk images on the host
-      OS. Ideally make use of the <a href="http://libguestfs.org">libguestfs</a>
-      tools and APIs for accessing disks
-    </p>
-
-    <h2><a name="migration">Guest migration network</a></h2>
-
-    <p>
-      Most hypervisors with support for guest migration between hosts
-      make use of one (or more) network connections. Typically the source
-      host will connect to some port on the target host to initiate the
-      migration. There may be separate connections for co-ordinating the
-      migration, transferring memory state and transferring storage.
-      If the network over which migration takes place is accessible the
-      guest, or client applications, there is potential for data leakage
-      via packet snooping/capture. It is also possible for a malicious
-      guest or client to make attempts to connect to the target host
-      to trigger bogus migration operations, or at least inflict a denial
-      of service attack.
-    </p>
-
-    <p>
-      <strong>Recommendations:</strong> there are several things to consider
-      when performing migration
-    </p>
-
-    <ul>
-      <li>Use a specific address for establishing the migration
-        connection which is accessible only to the virtualization
-        hosts themselves, not libvirt clients or virtual guests.
-        Most hypervisors allow the management application to provide
-        the IP address of the target host as a way to
-        determine which network migration takes place on. This is
-        effectively the connect() socket address for the source host.</li>
-      <li>Use a specific address for listening for incoming migration
-        connections which is accessible only to the virtualization
-        hosts themselves, not libvirt clients or virtual guests.
-        Most hypervisors allow the management application to configure
-        the IP address on which the target host listens. This is
-        the bind() socket address for the target host.</li>
-      <li>Use an encrypted migration protocol. Some hypervisors
-        have support for encrypting the migration memory/storage
-        data. In other cases it can be tunnelled over the libvirtd
-        RPC protocol connections.</li>
-    </ul>
-
-    <h2><a name="storage">Storage encryption</a></h2>
-
-    <p>
-      Virtual disk images will typically contain confidential data
-      belonging to the owner of the virtual machine. It is desirable
-      to protect this against data center administrators as much as
-      possible. For example, a rogue storage administrator may attempt
-      to access disk contents directly from a storage host, or a network
-      administrator/attack may attempt to snoop on data packets relating
-      to storage access. Use of disk encryption on the virtualization
-      host can ensure that only the virtualization host administrator
-      can see the plain text contents of disk images.
-    </p>
-
-    <p>
-      <strong>Recommendation:</strong> make use of storage encryption
-      to protect non-local storage from attack by rogue network /
-      storage administrators or external attackers. This is particularly
-      important if the storage protocol itself does not offer any kind
-      of encryption capabilities.
-    </p>
-
-  </body>
-</html>

docs/securityprocess.html.in

@@ -67,7 +67,7 @@
       The libvirt security team operates a policy of
       <a href="http://en.wikipedia.org/wiki/Responsible_disclosure">responsible disclosure</a>.
       As such any security issue reported, that is not already publically disclosed
-      elsewhere, will have an embargo date assigned. Members of the security team agree
+      elswhere, will have an embargo date assigned. Members of the security team agree
       not to publically disclose any details of the security issue until the embargo
       date expires.
     </p>

docs/sitemap.html.in

@@ -68,16 +68,6 @@
                 <a href="auth.html">Authentication</a>
                 <span>Configure authentication for the libvirt daemon</span>
               </li>
-              <li>
-                <a href="acl.html">Access control</a>
-                <span>Configure access control libvirt APIs</span>
-                <ul>
-                  <li>
-                    <a href="aclpolkit.html">Polkit access control</a>
-                    <span>Using polkit for API access control</span>
-                  </li>
-                </ul>
-              </li>
               <li>
                 <a href="migration.html">Migration</a>
                 <span>Migrating guests between machines</span>
@@ -90,10 +80,6 @@
                 <a href="logging.html">Logging</a>
                 <span>The library and the daemon logging support</span>
               </li>
-              <li>
-                <a href="auditlog.html">Audit log</a>
-                <span>Audit trail logs for host operations</span>
-              </li>
               <li>
                 <a href="firewall.html">Firewall</a>
                 <span>Firewall and network filter configuration</span>
@@ -140,10 +126,6 @@
                 <a href="archnode.html">Node Devices</a>
                 <span>Enumerating host node devices</span>
               </li>
-              <li>
-                <a href="secureusage.html">Secure usage</a>
-                <span>Secure usage of the libvirt APIs</span>
-              </li>
             </ul>
           </li>
           <li>
@@ -248,10 +230,6 @@
                 <a href="drvparallels.html">Parallels</a>
                 <span>Driver for Parallels Cloud Server</span>
               </li>
-              <li>
-                <a href="drvbhyve.html">Bhyve</a>
-                <span>Driver for bhyve</span>
-              </li>
             </ul>
           </li>
           <li>
@@ -346,10 +324,6 @@
                 <a href="internals/locking.html">Lock managers</a>
                 <span>Use lock managers to protect disk content</span>
               </li>
-              <li>
-                <a href="internals/oomtesting.html">Out of memory testing</a>
-                <span>Simulating OOM conditions in the test suite</span>
-              </li>
             </ul>
           </li>
           <li>
@@ -360,10 +334,6 @@
             <a href="virshcmdref.html">Virsh Commands</a>
             <span>Command reference for virsh</span>
           </li>
-          <li>
-            <a href="governance.html">Governance</a>
-            <span>Project governance and code of conduct</span>
-          </li>
         </ul>
       </li>
       <li>

docs/storage.html.in

@@ -114,9 +114,6 @@
       <li>
         <a href="#StorageBackendSheepdog">Sheepdog backend</a>
       </li>
-      <li>
-        <a href="#StorageBackendGluster">Gluster backend</a>
-      </li>
     </ul>
 
     <h2><a name="StorageBackendDir">Directory pool</a></h2>
@@ -252,8 +249,7 @@
       a local block device as the source, it requires the name of a
       host and path of an exported directory. It will mount this network
       filesystem and manage files within the directory of its mount
-      point. It will default to using <code>auto</code> as the
-      protocol, which generally tries a mount via NFS first.
+      point. It will default to using NFS as the protocol.
     </p>
 
     <h3>Example pool input</h3>
@@ -263,7 +259,6 @@
         &lt;source&gt;
           &lt;host name="nfs.example.com"/&gt;
           &lt;dir path="/var/lib/virt/images"/&gt;
-          &lt;format type='nfs'/&gt;
         &lt;/source&gt;
         &lt;target&gt;
           &lt;path&gt;/var/lib/virt/images&lt;/path&gt;
@@ -280,15 +275,10 @@
         <code>nfs</code>
       </li>
       <li>
-        <code>glusterfs</code> - use the glusterfs FUSE file system.
-        For now, the <code>dir</code> specified as the source can only
-        be a gluster volume name, as gluster does not provide a way to
-        directly mount subdirectories within a volume.  (To bypass the
-        file system completely, see
-        the <a href="#StorageBackendGluster">gluster</a> pool.)
+        <code>glusterfs</code>
       </li>
       <li>
-        <code>cifs</code> - use the SMB (samba) or CIFS file system
+        <code>cifs</code>
       </li>
     </ul>
 
@@ -581,7 +571,7 @@
          &lt;/target&gt;
        &lt;/volume&gt;</pre>
 
-    <h3>Example disk attachment</h3>
+    <h3>Example disk attachement</h3>
     <p>RBD images can be attached to Qemu guests when Qemu is built
     with RBD support. Information about attaching a RBD image to a
     guest can be found
@@ -657,91 +647,5 @@
       The Sheepdog pool does not use the volume format type element.
     </p>
 
-    <h2><a name="StorageBackendGluster">Gluster pools</a></h2>
-    <p>
-      This provides a pool based on native Gluster access.  Gluster is
-      a distributed file system that can be exposed to the user via
-      FUSE, NFS or SMB (see the <a href="#StorageBackendNetfs">netfs</a>
-      pool for that usage); but for minimal overhead, the ideal access
-      is via native access (only possible for QEMU/KVM compiled with
-      libgfapi support).
-
-      The cluster and storage volume must already be running, and it
-      is recommended that the volume be configured with <code>gluster
-      volume set $volname storage.owner-uid=$uid</code>
-      and <code>gluster volume set $volname
-      storage.owner-gid=$gid</code> for the uid and gid that qemu will
-      be run as.  It may also be necessary to
-      set <code>rpc-auth-allow-insecure on</code> for the glusterd
-      service, as well as <code>gluster set $volname
-      server.allow-insecure on</code>, to allow access to the gluster
-      volume.
-
-      <span class="since">Since 1.2.0</span>
-    </p>
-
-    <h3>Example pool input</h3>
-    <p>A gluster volume corresponds to a libvirt storage pool.  If a
-      gluster volume could be mounted as <code>mount -t glusterfs
-      localhost:/volname /some/path</code>, then the following example
-      will describe the same pool without having to create a local
-      mount point.  Remember that with gluster, the mount point can be
-      through any machine in the cluster, and gluster will
-      automatically pick the ideal transport to the actual bricks
-      backing the gluster volume, even if on a different host than the
-      one named in the <code>host</code> designation.
-      The <code>&lt;name&gt;</code> element is always the volume name
-      (no slash).  The pool source also supports an
-      optional <code>&lt;dir&gt;</code> element with
-      a <code>path</code> attribute that lists the absolute name of a
-      subdirectory relative to the gluster volume to use instead of
-      the top-level directory of the volume.</p>
-    <pre>
-      &lt;pool type="gluster"&gt;
-        &lt;name&gt;myglusterpool&lt;/name&gt;
-        &lt;source&gt;
-          &lt;name&gt;volname&lt;/name&gt;
-          &lt;host name='localhost'/&gt;
-          &lt;dir path='/'/&gt;
-        &lt;/source&gt;
-      &lt;/pool&gt;</pre>
-
-    <h3>Example volume output</h3>
-    <p>Libvirt storage volumes associated with a gluster pool
-      correspond to the files that can be found when mounting the
-      gluster volume.  The <code>name</code> is the path relative to
-      the effective mount specified for the pool; and
-      the <code>key</code> is a string that identifies a single volume
-      uniquely. Currently the <code>key</code> attribute consists of the
-      URI of the volume but it may be changed to a UUID of the volume
-      in the future.</p>
-    <pre>
-       &lt;volume&gt;
-         &lt;name&gt;myfile&lt;/name&gt;
-         &lt;key&gt;gluster://localhost/volname/myfile&lt;/key&gt;
-         &lt;source&gt;
-         &lt;/source&gt;
-         &lt;capacity unit='bytes'&gt;53687091200&lt;/capacity&gt;
-         &lt;allocation unit='bytes'&gt;53687091200&lt;/allocation&gt;
-       &lt;/volume&gt;</pre>
-
-    <h3>Example disk attachment</h3>
-    <p>Files within a gluster volume can be attached to Qemu guests.
-    Information about attaching a Gluster image to a
-    guest can be found
-    at the <a href="formatdomain.html#elementsDisks">format domain</a>
-    page.</p>
-
-    <h3>Valid pool format types</h3>
-    <p>
-      The Gluster pool does not use the pool format type element.
-    </p>
-
-    <h3>Valid volume format types</h3>
-    <p>
-      The valid volume types are the same as for the <code>directory</code>
-      pool type.
-    </p>
-
   </body>
 </html>

examples/apparmor/Makefile.am

@@ -17,25 +17,5 @@
 EXTRA_DIST=				\
 	TEMPLATE			\
 	libvirt-qemu			\
-	libvirt-lxc 			\
 	usr.lib.libvirt.virt-aa-helper	\
 	usr.sbin.libvirtd
-
-if WITH_APPARMOR_PROFILES
-apparmordir = $(sysconfdir)/apparmor.d/
-apparmor_DATA = \
-	usr.lib.libvirt.virt-aa-helper \
-	usr.sbin.libvirtd \
-	$(NULL)
-
-abstractionsdir = $(apparmordir)/abstractions
-abstractions_DATA = \
-	libvirt-qemu \
-	libvirt-lxc \
-	$(NULL)
-
-templatesdir = $(apparmordir)/libvirt
-templates_DATA = \
-	TEMPLATE \
-	$(NULL)
-endif WITH_APPARMOR_PROFILES

examples/apparmor/TEMPLATE

@@ -5,5 +5,5 @@
 #include <tunables/global>
 
 profile LIBVIRT_TEMPLATE {
-  #include <abstractions/libvirt-driver>
+  #include <abstractions/libvirt-qemu>
 }

examples/apparmor/libvirt-lxc

@@ -1,17 +0,0 @@
-# Last Modified: Fri Feb  7 13:01:36 2014
-
-  #include <abstractions/base>
-
-  # Needed for lxc-enter-namespace
-  capability sys_admin,
-  capability sys_chroot,
-
-  # Added for lxc-enter-namespace --cmd /bin/bash
-  /bin/bash PUx,
-
-  /usr/sbin/cron PUx,
-  /usr/lib/systemd/systemd PUx,
-
-  /usr/lib/libsystemd-*.so.* mr,
-  /usr/lib/libudev-*.so.* mr,
-  /etc/ld.so.cache mr,

examples/apparmor/libvirt-qemu

@@ -9,10 +9,6 @@
   capability dac_read_search,
   capability chown,
 
-  # needed to drop privileges
-  capability setgid,
-  capability setuid,
-
   network inet stream,
   network inet6 stream,
 
@@ -24,7 +20,7 @@
 
   # For hostdev access. The actual devices will be added dynamically
   /sys/bus/usb/devices/ r,
-  /sys/devices/**/usb[0-9]*/** r,
+  /sys/devices/*/*/usb[0-9]*/** r,
 
   # WARNING: this gives the guest direct access to host hardware and specific
   # portions of shared memory. This is required for sound using ALSA with kvm,
@@ -36,8 +32,6 @@
   /{dev,run}/shmpulse-shm* rwk,
   /dev/snd/* rw,
   capability ipc_lock,
-  # spice
-  owner /{dev,run}/shm/spice.* rw,
   # 'kill' is not required for sound and is a security risk. Do not enable
   # unless you absolutely need it.
   deny capability kill,
@@ -64,7 +58,6 @@
   /usr/share/proll/** r,
   /usr/share/vgabios/** r,
   /usr/share/seabios/** r,
-  /usr/share/ovmf/** r,
 
   # access PKI infrastructure
   /etc/pki/libvirt-vnc/** r,
@@ -110,22 +103,15 @@
   /usr/bin/qemu-sparc32plus rmix,
   /usr/bin/qemu-sparc64 rmix,
   /usr/bin/qemu-x86_64 rmix,
-  /usr/lib/qemu/block-curl.so mr,
 
   # for save and resume
   /bin/dash rmix,
   /bin/dd rmix,
   /bin/cat rmix,
 
-  # for usb access
-  /dev/bus/usb/ r,
-  /etc/udev/udev.conf r,
-  /sys/bus/ r,
-  /sys/class/ r,
-
-  /usr/{lib,libexec}/qemu-bridge-helper Cx -> qemu_bridge_helper,
+  /usr/libexec/qemu-bridge-helper Cx,
   # child profile for bridge helper process
-  profile qemu_bridge_helper {
+  profile /usr/libexec/qemu-bridge-helper {
    #include <abstractions/base>
 
    capability setuid,
@@ -139,5 +125,5 @@
    /etc/qemu/** r,
    owner @{PROC}/*/status r,
 
-   /usr/{lib,libexec}/qemu-bridge-helper rmix,
+   /usr/libexec/qemu-bridge-helper rmix,
   }