Prep for release 1.1.3.2

The array of sasl_callback_t callbacks which is passed to sasl_client_new()
must be kept alive as long as the created sasl_conn_t object is alive as
cyrus-sasl uses this structure internally for things like logging, so
the memory used for callbacks must only be freed after sasl_dispose() has
been called.

During testing of successful SASL logins with
virsh -c qemu+tls:///system list --all
I've been getting invalid read reports from valgrind

==9237== Invalid read of size 8
==9237==    at 0x6E93B6F: _sasl_getcallback (common.c:1745)
==9237==    by 0x6E95430: _sasl_log (common.c:1850)
==9237==    by 0x16593D87: digestmd5_client_mech_dispose (digestmd5.c:4580)
==9237==    by 0x6E91653: client_dispose (client.c:332)
==9237==    by 0x6E9476A: sasl_dispose (common.c:851)
==9237==    by 0x4E225A1: virNetSASLSessionDispose (virnetsaslcontext.c:678)
==9237==    by 0x4CBC551: virObjectUnref (virobject.c:262)
==9237==    by 0x4E254D1: virNetSocketDispose (virnetsocket.c:1042)
==9237==    by 0x4CBC551: virObjectUnref (virobject.c:262)
==9237==    by 0x4E2701C: virNetSocketEventFree (virnetsocket.c:1794)
==9237==    by 0x4C965D3: virEventPollCleanupHandles (vireventpoll.c:583)
==9237==    by 0x4C96987: virEventPollRunOnce (vireventpoll.c:652)
==9237==    by 0x4C94730: virEventRunDefaultImpl (virevent.c:274)
==9237==    by 0x12C7BA: vshEventLoop (virsh.c:2407)
==9237==    by 0x4CD3D04: virThreadHelper (virthreadpthread.c:161)
==9237==    by 0x7DAEF32: start_thread (pthread_create.c:309)
==9237==    by 0x8C86EAC: clone (clone.S:111)
==9237==  Address 0xe2d61b0 is 0 bytes inside a block of size 168 free'd
==9237==    at 0x4A07577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==9237==    by 0x4C73827: virFree (viralloc.c:580)
==9237==    by 0x4DE4BC7: remoteAuthSASL (remote_driver.c:4219)
==9237==    by 0x4DE33D0: remoteAuthenticate (remote_driver.c:3639)
==9237==    by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832)
==9237==    by 0x4DDC8DC: remoteConnectOpen (remote_driver.c:1031)
==9237==    by 0x4D8595F: do_open (libvirt.c:1239)
==9237==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
==9237==    by 0x12762B: vshReconnect (virsh.c:337)
==9237==    by 0x12C9B0: vshInit (virsh.c:2470)
==9237==    by 0x12E9A5: main (virsh.c:3338)

This commit changes virNetSASLSessionNewClient() to take ownership of the SASL
callbacks. Then we can free them in virNetSASLSessionDispose() after the corresponding
sasl_conn_t has been freed.

(cherry picked from commit 13fdc6d63e)

.gitignore

@@ -3,7 +3,6 @@
 *.a
 *.cov
 *.exe
-*.exe.manifest
 *.gcda
 *.gcno
 *.gcov
@@ -14,7 +13,6 @@
 *.loT
 *.o
 *.orig
-*.pem
 *.pyc
 *.rej
 *.s
@@ -60,7 +58,6 @@
 /daemon/libvirtd.pod
 /daemon/libvirtd.policy
 /daemon/libvirtd.service
-/daemon/libvirtd.socket
 /daemon/test_libvirtd.aug
 /docs/aclperms.htmlinc
 /docs/apibuild.py.stamp
@@ -72,11 +69,9 @@
 /docs/libvirt-refs.xml
 /docs/search.php
 /docs/todo.html.in
-/examples/object-events/event-test
+/examples/domain-events/events-c/event-test
 /examples/dominfo/info1
 /examples/domsuspend/suspend
-/examples/dommigrate/dommigrate
-/examples/domtop/domtop
 /examples/hellolibvirt/hellolibvirt
 /examples/openauth/openauth
 /gnulib/lib/*
@@ -86,7 +81,7 @@
 /libtool
 /libvirt-*.tar.gz
 /libvirt-[0-9]*
-/libvirt*.pc
+/libvirt.pc
 /libvirt.spec
 /ltconfig
 /ltmain.sh
@@ -96,11 +91,20 @@
 /mkinstalldirs
 /po/*
 /proxy/
-/python/
+/python/generated.stamp
+/python/generator.py.stamp
+/python/libvirt-export.c
+/python/libvirt-lxc-export.c
+/python/libvirt-lxc.[ch]
+/python/libvirt-qemu-export.c
+/python/libvirt-qemu.[ch]
+/python/libvirt.[ch]
+/python/libvirt.py
+/python/libvirt_lxc.py
+/python/libvirt_qemu.py
 /run
 /sc_*
 /src/.*.stamp
-/src/*.pc
 /src/access/org.libvirt.api.policy
 /src/access/viraccessapicheck.c
 /src/access/viraccessapicheck.h
@@ -149,16 +153,75 @@
 /tests/*.log
 /tests/*.pid
 /tests/*.trs
+/tests/*xml2*test
 /tests/commandhelper
-/tests/*test
-!/tests/*schematest
-!/tests/virt-aa-helper-test
-/tests/objectlocking
-/tests/objectlocking-files.txt
-/tests/objectlocking.cm[ix]
+/tests/commandtest
+/tests/conftest
+/tests/cputest
+/tests/domainsnapshotxml2xmltest
+/tests/esxutilstest
+/tests/eventtest
+/tests/fchosttest
+/tests/fdstreamtest
+/tests/hashtest
+/tests/jsontest
+/tests/libvirtdconftest
+/tests/metadatatest
+/tests/networkxml2argvtest
+/tests/nodeinfotest
+/tests/nwfilterxml2xmltest
+/tests/object-locking
+/tests/object-locking-files.txt
+/tests/object-locking.cm[ix]
+/tests/openvzutilstest
+/tests/qemuagenttest
+/tests/qemuargv2xmltest
+/tests/qemuhelptest
+/tests/qemuhotplugtest
+/tests/qemumonitorjsontest
+/tests/qemumonitortest
+/tests/qemuxmlnstest
+/tests/qparamtest
 /tests/reconnect
+/tests/secaatest
+/tests/seclabeltest
+/tests/securityselinuxlabeltest
+/tests/securityselinuxtest
+/tests/sexpr2xmltest
+/tests/shunloadtest
+/tests/sockettest
 /tests/ssh
+/tests/statstest
+/tests/storagebackendsheepdogtest
+/tests/sysinfotest
 /tests/test_conf
+/tests/utiltest
+/tests/viratomictest
+/tests/virauthconfigtest
+/tests/virbitmaptest
+/tests/virbuftest
+/tests/vircgrouptest
+/tests/virdbustest
+/tests/virdrivermoduletest
+/tests/virendiantest
+/tests/virhashtest
+/tests/viridentitytest
+/tests/virkeycodetest
+/tests/virkeyfiletest
+/tests/virlockspacetest
+/tests/virlogtest
+/tests/virnet*test
+/tests/virportallocatortest
+/tests/virshtest
+/tests/virstoragetest
+/tests/virstringtest
+/tests/virsystemdtest
+/tests/virtimetest
+/tests/viruritest
+/tests/vmwarevertest
+/tests/vmx2xmltest
+/tests/xencapstest
+/tests/xmconfigtest
 /tools/*.[18]
 /tools/libvirt-guests.init
 /tools/libvirt-guests.service
@@ -168,12 +231,7 @@
 /tools/virsh-*-edit.c
 /tools/virt-*-validate
 /tools/virt-sanlock-cleanup
-/tools/wireshark/src/plugin.c
-/tools/wireshark/src/libvirt
 /update.log
-GPATH
-GRTAGS
-GTAGS
 Makefile
 Makefile.in
 TAGS

AUTHORS.in

@@ -9,7 +9,6 @@ The primary maintainers and people with commit access rights:
 
 Alex Jia <ajia@redhat.com>
 Anthony Liguori <aliguori@us.ibm.com>
-Cédric Bosdonnat <cbosdonnat@suse.com>
 Chris Lalancette <clalance@redhat.com>
 Christophe Fergeau <cfergeau@redhat.com>
 Claudio Bley <cbley@av-test.de>
@@ -19,7 +18,6 @@ Daniel Veillard <veillard@redhat.com>
 Dave Allan <dallan@redhat.com>
 Doug Goldstein <cardoe@gentoo.org>
 Eric Blake <eblake@redhat.com>
-Gao Feng <gaofeng@cn.fujitsu.com>
 Guannan Ren <gren@redhat.com>
 Guido Günther <agx@sigxcpu.org>
 Ján Tomko <jtomko@redhat.com>
@@ -28,16 +26,15 @@ Jim Meyering <meyering@redhat.com>
 Jiří Denemark <jdenemar@redhat.com>
 John Ferlan <jferlan@redhat.com>
 John Levon <john.levon@sun.com>
+Justin Clift <jclift@redhat.com>
 Laine Stump <laine@redhat.com>
 Mark McLoughlin <markmc@redhat.com>
 Martin Kletzander <mkletzan@redhat.com>
 Matthias Bolte <matthias.bolte@googlemail.com>
 Michal Prívozník <mprivozn@redhat.com>
 Osier Yang <jyang@redhat.com>
-Pavel Hrdina <phrdina@redhat.com>
 Peter Krempa <pkrempa@redhat.com>
 Richard W.M. Jones <rjones@redhat.com>
-Roman Bogorodskiy <bogorodskiy@gmail.com>
 Stefan Berger <stefanb@us.ibm.com>
 Wen Congyang <wency@cn.fujitsu.com>
 
@@ -46,7 +43,6 @@ Previous maintainers:
 Atsushi SAKAI <sakaia@jp.fujitsu.com>
 Dan Smith <danms@us.ibm.com>
 Dave Leskovec <dlesko@linux.vnet.ibm.com>
-Justin Clift <jclift@redhat.com>
 Karel Zak <kzak@redhat.com>
 
 Patches have also been contributed by:

ChangeLog-old

@@ -4286,7 +4286,7 @@ Wed Dec 17 21:45:39 GMT 2008 Daniel P. Berrange <berrange@redhat.com>
 
 Wed Dec 17 21:41:39 GMT 2008 Daniel P. Berrange <berrange@redhat.com>
 
-	* src/libvirt_sym.version.in: Remove non-existent symbols
+	* src/libvirt_sym.version.in: Remove non-existant symbols
 	(John Levon)
 
 Wed Dec 17 21:35:39 GMT 2008 Daniel P. Berrange <berrange@redhat.com>
@@ -12415,7 +12415,7 @@ Thu Jul 12 11:02:17 EST 2007 Daniel P. Berrange <berrange@redhat.com>
 
 Thu Jul 12 11:00:17 EST 2007 Daniel P. Berrange <berrange@redhat.com>
 
-	* qemud/qemud.c: Add explicit checks for existence of x509
+	* qemud/qemud.c: Add explicit checks for existance of x509
 	certificate & key files to get better error reporting than
 	GNU TLS offers when it can't load a file
 
@@ -13276,7 +13276,7 @@ Tue Apr 17 11:30:46 CEST 2007 Daniel Veillard <veillard@redhat.com>
 
 Mon Apr 16 09:11:04 EST 2007 Daniel P. Berrange <berrange@redhat.com>
 
-	* qemud/conf.c: Check for existence of QEMU binary path. Fix check
+	* qemud/conf.c: Check for existance of QEMU binary path. Fix check
 	for -no-kqemu flag to work with x86_64 on i386
 
 Mon Apr 16 09:09:04 EST 2007 Daniel P. Berrange <berrange@redhat.com>
@@ -13920,7 +13920,7 @@ Tue Feb 27 10:20:43 EST 2007 Daniel P. Berrange <berrange@redhat.com>
 
 	* src/xend_internal.c: Only hardcode port = 5900+domid if
 	running against old XenD < 3.0.3, because in newer XenD
-	port is guaranteed to be available in XenStore if the VNC
+	port is guarenteed to be available in XenStore if the VNC
 	server is running.
 
 Mon Feb 26 15:33:08 IST 2007 Mark McLoughlin <markmc@redhat.com>
@@ -15020,7 +15020,7 @@ Tue Nov  7 16:33:43 CET 2006 Daniel Veillard <veillard@redhat.com>
 Tue Oct 31 10:31:34 CET 2006 Daniel Veillard <veillard@redhat.com>
 
 	* src/xend_internal.c: when getting informations about a non
-	  existent domain, it is not a good idea to raise the HTTP
+	  existant domain, it is not a good idea to raise the HTTP
 	  404 GET error, the handling is better done somewhere up in
 	  the stack.
 
@@ -15228,7 +15228,7 @@ Sun Sep  3 12:34:23 EDT 2006 Daniel Berrange <berrange@redhat.com>
 	iterating over list of ids/names, because it is not neccessarily
 	the same as the value returned by virConnectNumOfDomains. Use qsort
 	to sort active domains by Id, and inactive domains by name, since
-	there is no guaranteed sort ordering when listing domains. For inactive
+	there is no guarenteed sort ordering when listing domains. For inactive
 	domains display a '-' instead of '-1' to make it clear they have no
 	sensible ID number.
 

HACKING

@@ -45,7 +45,7 @@ post your patches:
                  --to=libvir-list@redhat.com master
 
 (Note that the "git send-email" subcommand may not be in the main git package
-and using it may require installation of a separate package, for example the
+and using it may require installion of a separate package, for example the
 "git-email" package in Fedora.) For a single patch you can omit
 "--cover-letter", but a series of two or more patches needs a cover letter. If
 you get tired of typing "--to=libvir-list@redhat.com" designation you can set
@@ -109,7 +109,7 @@ issues, such as leaks or use of uninitialized variables.
 
 Some tests are skipped by default in a development environment, based on the
 time they take in comparison to the likelihood that those tests will turn up
-problems during incremental builds. These tests default to being run when
+problems during incremental builds. These tests default to being run when when
 building from a tarball or with the configure option --enable-expensive-tests;
 you can also force a one-time toggle of these tests by setting
 VIR_TEST_EXPENSIVE to 0 or 1 at make time, as in:
@@ -221,7 +221,7 @@ feature or changing the output of a program.
 
 There is more on this subject, including lots of links to background reading
 on the subject, on Richard Jones' guide to working with open source projects
-<http://people.redhat.com/rjones/how-to-supply-code-to-open-source-projects/>.
+<http://et.redhat.com/~rjones/how-to-supply-code-to-open-source-projects/>.
 
 
 Code indentation
@@ -232,9 +232,22 @@ but we do prefer that contributed code be formatted similarly. In short, use
 spaces-not-TABs for indentation, use 4 spaces for each indentation level, and
 other than that, follow the K&R style.
 
-If you use Emacs, the project includes a file .dir-locals.el that sets up the
-preferred indentation. If you use vim, append the following to your ~/.vimrc
-file:
+If you use Emacs, add the following to one of one of your start-up files
+(e.g., ~/.emacs), to help ensure that you get indentation right:
+
+  ;;; When editing C sources in libvirt, use this style.
+  (defun libvirt-c-mode ()
+    "C mode with adjusted defaults for use with libvirt."
+    (interactive)
+    (c-set-style "K&R")
+    (setq indent-tabs-mode nil) ; indent using spaces, not TABs
+    (setq c-indent-level 4)
+    (setq c-basic-offset 4))
+  (add-hook 'c-mode-hook
+            '(lambda () (if (string-match "/libvirt" (buffer-file-name))
+                            (libvirt-c-mode))))
+
+If you use vim, append the following to your ~/.vimrc file:
 
   set nocompatible
   filetype on
@@ -244,7 +257,7 @@ file:
   set tabstop=8
   set shiftwidth=4
   set expandtab
-  set cinoptions=(0,:0,l1,t0,L3
+  set cinoptions=(0,:0,l1,t0
   filetype plugin indent on
   au FileType make setlocal noexpandtab
   au BufRead,BufNewFile *.am setlocal noexpandtab
@@ -312,35 +325,6 @@ immediately prior to any closing bracket. E.g.
       int foo(int wizz);    // Good
 
 
-Commas
-======
-Commas should always be followed by a space or end of line, and never have
-leading space; this is enforced during 'make syntax-check'.
-
-      call(a,b ,c);// Bad
-      call(a, b, c); // Good
-
-When declaring an enum or using a struct initializer that occupies more than
-one line, use a trailing comma. That way, future edits to extend the list only
-have to add a line, rather than modify an existing line to add the
-intermediate comma. Any sentinel enumerator value with a name ending in _LAST
-is exempt, since you would extend such an enum before the _LAST element.
-Another reason to favor trailing commas is that it requires less effort to
-produce via code generators. Note that the syntax checker is unable to enforce
-a style of trailing commas, so there are counterexamples in existing code
-which do not use it; also, while C99 allows trailing commas, remember that
-JSON and XDR do not.
-
-      enum {
-          VALUE_ONE,
-          VALUE_TWO // Bad
-      };
-      enum {
-          VALUE_THREE,
-          VALUE_FOUR, // Good
-      };
-
-
 Semicolons
 ==========
 Semicolons should never have a space beforehand. Inside the condition of a
@@ -461,33 +445,6 @@ But if negating a complex condition is too ugly, then at least add braces:
       x = y;
   }
 
-Use hanging braces for compound statements: the opening brace of a compound
-statement should be on the same line as the condition being tested. Only
-top-level function bodies, nested scopes, and compound structure declarations
-should ever have { on a line by itself.
-
-  void
-  foo(int a, int b)
-  {                          // correct - function body
-      int 2d[][] = {
-        {                    // correct - complex initialization
-          1, 2,
-        },
-      };
-      if (a)
-      {                      // BAD: compound brace on its own line
-          do_stuff();
-      }
-      {                      // correct - nested scope
-          int tmp;
-          if (a < b) {       // correct - hanging brace
-              tmp = b;
-              b = a;
-              a = tmp;
-          }
-      }
-  }
-
 
 Preprocessor
 ============
@@ -504,7 +461,7 @@ Use parenthesis when checking if a macro is defined, and use indentation to
 track nesting:
 
   #if defined(HAVE_POSIX_FALLOCATE) && !defined(HAVE_FALLOCATE)
-  # define fallocate(a, ignored, b, c) posix_fallocate(a, b, c)
+  # define fallocate(a,ignored,b,c) posix_fallocate(a,b,c)
   #endif
 
 
@@ -803,7 +760,7 @@ Variable length string buffer
 =============================
 If there is a need for complex string concatenations, avoid using the usual
 sequence of malloc/strcpy/strcat/snprintf functions and make use of the
-virBuffer API described in virbuffer.h
+virBuffer API described in buf.h
 
 Typical usage is as follows:
 
@@ -821,8 +778,11 @@ Typical usage is as follows:
 
      ...
 
-     if (virBufferCheckError(&buf) < 0)
+     if (virBufferError(&buf)) {
+         virBufferFreeAndReset(&buf);
+         virReportOOMError();
          return NULL;
+     }
 
      return virBufferContentAndReset(&buf);
   }
@@ -939,16 +899,6 @@ When using goto, please use one of these standard labels if it makes sense:
   no_memory: A path only taken upon return with an OOM error code
       retry: If needing to jump upwards (e.g., retry on EINTR)
 
-Top-level labels should be indented by one space (putting them on the
-beginning of the line confuses function context detection in git):
-
-int foo()
-{
-    /* ... do stuff ... */
- cleanup:
-    /* ... do other stuff ... */
-}
-
 
 Libvirt committer guidelines
 ============================

Makefile.am

@@ -20,13 +20,11 @@ LCOV = lcov
 GENHTML = genhtml
 
 SUBDIRS = . gnulib/lib include src daemon tools docs gnulib/tests \
-  tests po examples/object-events examples/hellolibvirt \
-  examples/dominfo examples/domsuspend examples/apparmor \
-  examples/xml/nwfilter examples/openauth examples/systemtap \
-  tools/wireshark examples/dommigrate \
-  examples/lxcconvert examples/domtop
+  python tests po examples/domain-events/events-c examples/hellolibvirt \
+  examples/dominfo examples/domsuspend examples/python examples/apparmor \
+  examples/xml/nwfilter examples/openauth examples/systemtap
 
-ACLOCAL_AMFLAGS = -I m4
+ACLOCAL_AMFLAGS = -I m4 -I gnulib/m4
 
 XML_EXAMPLES = \
   $(patsubst $(srcdir)/%,%,$(wildcard $(addprefix $(srcdir)/examples/xml/, \
@@ -38,18 +36,17 @@ EXTRA_DIST = \
   libvirt.spec libvirt.spec.in \
   mingw-libvirt.spec.in \
   libvirt.pc.in \
-  libvirt-qemu.pc.in \
-  libvirt-lxc.pc.in \
   autobuild.sh \
   Makefile.nonreentrant \
   autogen.sh \
   cfg.mk \
+  examples/domain-events/events-python \
   run.in \
   AUTHORS.in \
   $(XML_EXAMPLES)
 
 pkgconfigdir = $(libdir)/pkgconfig
-pkgconfig_DATA = libvirt.pc libvirt-qemu.pc libvirt-lxc.pc
+pkgconfig_DATA = libvirt.pc
 
 NEWS: $(top_srcdir)/docs/news.xsl $(top_srcdir)/docs/news.html.in
 	$(AM_V_GEN)if [ -x $(XSLTPROC) ] ; then			\
@@ -75,6 +72,11 @@ rpm: clean
 
 check-local: all tests
 
+tests:
+	@(cd docs/examples ; $(MAKE) MAKEFLAGS+=--silent tests)
+	@(if [ "$(pythondir)" != "" ] ; then cd python ; \
+	  $(MAKE) MAKEFLAGS+=--silent tests ; fi)
+
 cov: clean-cov
 	mkdir $(top_builddir)/coverage
 	$(LCOV) -c -o $(top_builddir)/coverage/libvirt.info.tmp \

README-hacking

@@ -15,7 +15,7 @@ Specific development tools and versions will be checked for and listed by
 the bootstrap script.
 
 Valgrind <http://valgrind.org/> is also highly recommended, if
-Valgrind supports your architecture.
+Valgrind supports your architecture. See also README-valgrind.
 
 While building from a just-cloned source tree may require installing a
 few prerequisites, later, a plain `git pull && make' should be sufficient.

autobuild.sh

@@ -85,7 +85,9 @@ if test -x /usr/bin/i686-w64-mingw32-gcc ; then
     --host=i686-w64-mingw32 \
     --prefix="$AUTOBUILD_INSTALL_ROOT/i686-w64-mingw32/sys-root/mingw" \
     --enable-expensive-tests \
-    --enable-werror
+    --enable-werror \
+    --without-libvirtd \
+    --without-python
 
   make
   make install
@@ -104,7 +106,9 @@ if test -x /usr/bin/x86_64-w64-mingw32-gcc ; then
     --host=x86_64-w64-mingw32 \
     --prefix="$AUTOBUILD_INSTALL_ROOT/x86_64-w64-mingw32/sys-root/mingw" \
     --enable-expensive-tests \
-    --enable-werror
+    --enable-werror \
+    --without-libvirtd \
+    --without-python
 
   make
   make install

autogen.sh

@@ -35,7 +35,7 @@ if test -z "$NOCONFIGURE" ; then
     echo "Running ./configure with $EXTRA_ARGS $@"
   else
     if test -z "$*" && test ! -f "$THEDIR/config.status"; then
-        echo "I am going to run ./configure with no arguments - if you wish"
+        echo "I am going to run ./configure with no arguments - if you wish "
         echo "to pass any to it, please specify them on the $0 command line."
     fi
   fi

bootstrap

@@ -1,10 +1,10 @@
 #! /bin/sh
 # Print a version string.
-scriptversion=2013-12-05.23; # UTC
+scriptversion=2013-08-15.22; # UTC
 
 # Bootstrap this package from checked-out sources.
 
-# Copyright (C) 2003-2014 Free Software Foundation, Inc.
+# Copyright (C) 2003-2013 Free Software Foundation, Inc.
 
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -551,14 +551,6 @@ if ! printf "$buildreq" | check_versions; then
   fi
 fi
 
-# Warn the user if autom4te appears to be broken; this causes known
-# issues with at least gettext 0.18.3.
-probe=$(echo 'm4_quote([hi])' | autom4te -l M4sugar -t 'm4_quote:$%' -)
-if test "x$probe" != xhi; then
-  warn_ "WARNING: your autom4te wrapper eats stdin;"
-  warn_ "if bootstrap fails, consider upgrading your autotools"
-fi
-
 echo "$0: Bootstrapping from checked-out $package sources..."
 
 # See if we can use gnulib's git-merge-changelog merge driver.

bootstrap.conf

@@ -176,11 +176,11 @@ fi
 # Tell gnulib to:
 #   require LGPLv2+
 #   apply any local diffs in gnulib/local/ dir
-#   put *.m4 files in m4/ dir
+#   put *.m4 files in new gnulib/m4/ dir
 #   put *.[ch] files in new gnulib/lib/ dir
 #   import gnulib tests in new gnulib/tests/ dir
 gnulib_name=libgnu
-m4_base=m4
+m4_base=gnulib/m4
 source_base=gnulib/lib
 tests_base=gnulib/tests
 gnulib_tool_option_extras="\
@@ -192,6 +192,11 @@ gnulib_tool_option_extras="\
 "
 local_gl_dir=gnulib/local
 
+# Convince bootstrap to use multiple m4 directories.
+: ${ACLOCAL=aclocal}
+ACLOCAL="$ACLOCAL -I m4"
+export ACLOCAL
+
 # Build prerequisites
 # Note that some of these programs are only required for 'make dist' to
 # succeed from a fresh git checkout; not all of these programs are

build-aux/bracket-spacing.pl

@@ -32,8 +32,8 @@ foreach my $file (@ARGV) {
     while (defined (my $line = <FILE>)) {
         my $data = $line;
 
-        # Kill any quoted , ; = or "
-        $data =~ s/'[";,=]'/'X'/g;
+        # Kill any quoted ; or "
+        $data =~ s,'[";]','X',g;
 
         # Kill any quoted strings
         $data =~ s,"([^\\\"]|\\.)*","XXX",g;
@@ -114,7 +114,7 @@ foreach my $file (@ARGV) {
             last;
         }
 
-        # Forbid whitespace before ";" or ",". Things like below are allowed:
+        # Forbid whitespace before ";". Things like below are allowed:
         #
         # 1) The expression is empty for "for" loop. E.g.
         #   for (i = 0; ; i++)
@@ -124,7 +124,7 @@ foreach my $file (@ARGV) {
         #          errno == EINTR)
         #       ;
         #
-        while ($data =~ /[^;\s]\s+[;,]/) {
+        while ($data =~ /[^;\s]\s+;/) {
             print "$file:$.: $line";
             $ret = 1;
             last;
@@ -137,23 +137,6 @@ foreach my $file (@ARGV) {
             $ret = 1;
             last;
         }
-
-        # Require EOL, space, or enum/struct end after comma.
-        while ($data =~ /,[^ \\\n)}]/) {
-            print "$file:$.: $line";
-            $ret = 1;
-            last;
-        }
-
-        # Require spaces around assignment '=', compounds and '=='
-        # with the exception of virAssertCmpInt()
-        $data =~ s/(virAssertCmpInt\(.* ).?=,/$1op,/;
-        while ($data =~ /[^ ]\b[!<>&|\-+*\/%\^=]?=[^=]/ ||
-               $data =~ /=[^= \\\n]/) {
-            print "$file:$.: $line";
-            $ret = 1;
-            last;
-        }
     }
     close FILE;
 }

cfg.mk

@@ -1,5 +1,5 @@
 # Customize Makefile.maint.                           -*- makefile -*-
-# Copyright (C) 2008-2014 Red Hat, Inc.
+# Copyright (C) 2008-2013 Red Hat, Inc.
 # Copyright (C) 2003-2008 Free Software Foundation, Inc.
 
 # This program is free software: you can redistribute it and/or modify
@@ -90,7 +90,7 @@ endif
 
 # Files that should never cause syntax check failures.
 VC_LIST_ALWAYS_EXCLUDE_REGEX = \
-  (^(HACKING|docs/(news\.html\.in|.*\.patch))|\.(po|fig|gif|ico|png))$$
+  (^(HACKING|docs/(news\.html\.in|.*\.patch))|\.po)$$
 
 # Functions like free() that are no-ops on NULL arguments.
 useless_free_options =				\
@@ -125,8 +125,9 @@ useless_free_options =				\
   --name=virDomainDeviceDefFree			\
   --name=virDomainDiskDefFree			\
   --name=virDomainEventCallbackListFree		\
-  --name=virObjectEventQueueFree		\
-  --name=virObjectEventStateFree		\
+  --name=virDomainEventFree			\
+  --name=virDomainEventQueueFree		\
+  --name=virDomainEventStateFree		\
   --name=virDomainFSDefFree			\
   --name=virDomainGraphicsDefFree		\
   --name=virDomainHostdevDefFree		\
@@ -204,6 +205,7 @@ useless_free_options =				\
 # y virDomainDeviceDefFree
 # y virDomainDiskDefFree
 # y virDomainEventCallbackListFree
+# y virDomainEventFree
 # y virDomainEventQueueFree
 # y virDomainFSDefFree
 # n virDomainFree
@@ -421,12 +423,6 @@ sc_prohibit_gethostname:
 	halt='use virGetHostname, not gethostname'			\
 	  $(_sc_search_regexp)
 
-sc_prohibit_readdir:
-	@prohibit='\breaddir *\('					\
-	exclude='exempt from syntax-check'				\
-	halt='use virDirRead, not readdir'				\
-	  $(_sc_search_regexp)
-
 sc_prohibit_gettext_noop:
 	@prohibit='gettext_noop *\('					\
 	halt='use N_, not gettext_noop'					\
@@ -472,18 +468,6 @@ sc_correct_id_types:
 	halt="use pid_t for pid, uid_t for uid, gid_t for gid"		\
 	  $(_sc_search_regexp)
 
-# "const fooPtr a" is the same as "foo * const a", even though it is
-# usually desired to have "foo const *a".  It's easier to just prevent
-# the confusing mix of typedef vs. const placement.
-# Also requires that all 'fooPtr' typedefs are actually pointers.
-sc_forbid_const_pointer_typedef:
-	@prohibit='(^|[^"])const \w*Ptr'				\
-	halt='"const fooPtr var" does not declare what you meant'	\
-	  $(_sc_search_regexp)
-	@prohibit='typedef [^(]+ [^*]\w*Ptr\b'				\
-	halt='use correct style and type for Ptr typedefs'		\
-	  $(_sc_search_regexp)
-
 # Forbid sizeof foo or sizeof (foo), require sizeof(foo)
 sc_size_of_brackets:
 	@prohibit='sizeof\s'						\
@@ -523,11 +507,6 @@ sc_prohibit_virBufferAsprintf_with_string_literal:
 	halt='use virBufferAddLit, not virBufferAsprintf, with a string literal' \
 	  $(_sc_search_regexp)
 
-sc_forbid_manual_xml_indent:
-	@prohibit='virBuffer.*" +<'					      \
-	halt='use virBufferAdjustIndent instead of spaces when indenting xml' \
-	  $(_sc_search_regexp)
-
 # Not only do they fail to deal well with ipv6, but the gethostby*
 # functions are also not thread-safe.
 sc_prohibit_gethostby:
@@ -568,12 +547,12 @@ sc_avoid_attribute_unused_in_header:
 	  $(_sc_search_regexp)
 
 sc_prohibit_int_ijk:
-	@prohibit='\<(int|unsigned) ([^(=]* )*(i|j|k)\>(\s|,|;)'	\
+	@prohibit='\<(int|unsigned) ([^(]* )*(i|j|k)(\s|,|;)'		\
 	halt='use size_t, not int/unsigned int for loop vars i, j, k'	\
 	  $(_sc_search_regexp)
 
 sc_prohibit_loop_iijjkk:
-	@prohibit='\<(int|unsigned) ([^=]+ )*(ii|jj|kk)\>(\s|,|;)'	\
+	@prohibit='\<(int|unsigned) ([^=]+ )*(ii|jj|kk)(\s|,|;)'	\
 	halt='use i, j, k for loop iterators, not ii, jj, kk' 		\
 	  $(_sc_search_regexp)
 
@@ -596,6 +575,16 @@ msg_gen_function += regerror
 msg_gen_function += vah_error
 msg_gen_function += vah_warning
 msg_gen_function += virGenericReportError
+msg_gen_function += virLibConnError
+msg_gen_function += virLibDomainError
+msg_gen_function += virLibDomainSnapshotError
+msg_gen_function += virLibInterfaceError
+msg_gen_function += virLibNetworkError
+msg_gen_function += virLibNodeDeviceError
+msg_gen_function += virLibNWFilterError
+msg_gen_function += virLibSecretError
+msg_gen_function += virLibStoragePoolError
+msg_gen_function += virLibStorageVolError
 msg_gen_function += virRaiseError
 msg_gen_function += virReportError
 msg_gen_function += virReportErrorHelper
@@ -625,7 +614,7 @@ sc_libvirt_unmarked_diagnostics:
 	  $(_sc_search_regexp)
 	@{ grep     -nE '\<$(func_re) *\(.*;$$' $$($(VC_LIST_EXCEPT));   \
 	   grep -A1 -nE '\<$(func_re) *\(.*,$$' $$($(VC_LIST_EXCEPT)); } \
-	   | $(SED) 's/_("\([^\"]\|\\.\)\+"//;s/[	 ]"%s"//'		\
+	   | sed 's/_("\([^\"]\|\\.\)\+"//;s/[	 ]"%s"//'		\
 	   | grep '[	 ]"' &&						\
 	  { echo '$(ME): found unmarked diagnostic(s)' 1>&2;		\
 	    exit 1; } || :
@@ -650,7 +639,7 @@ sc_prohibit_newline_at_end_of_diagnostic:
 sc_prohibit_diagnostic_without_format:
 	@{ grep     -nE '\<$(func_re) *\(.*;$$' $$($(VC_LIST_EXCEPT));   \
 	   grep -A2 -nE '\<$(func_re) *\(.*,$$' $$($(VC_LIST_EXCEPT)); } \
-	   | $(SED) -rn -e ':l; /[,"]$$/ {N;b l;}'				 \
+	   | sed -rn -e ':l; /[,"]$$/ {N;b l;}'				 \
 		-e '/(xenapiSessionErrorHandler|vah_(error|warning))/d'	 \
 		-e '/\<$(func_re) *\([^"]*"([^%"]|"\n[^"]*")*"[,)]/p'	 \
            | grep -vE 'VIR_ERROR' &&					 \
@@ -672,7 +661,7 @@ sc_prohibit_useless_translation:
 # or \n on one side of the split.
 sc_require_whitespace_in_translation:
 	@grep -n -A1 '"$$' $$($(VC_LIST_EXCEPT))   			\
-	   | $(SED) -ne ':l; /"$$/ {N;b l;}; s/"\n[^"]*"/""/g; s/\\n/ /g'	\
+	   | sed -ne ':l; /"$$/ {N;b l;}; s/"\n[^"]*"/""/g; s/\\n/ /g'	\
 		-e '/_(.*[^\ ]""[^\ ]/p' | grep . &&			\
 	  { echo '$(ME): missing whitespace at line split' 1>&2;	\
 	    exit 1; } || :
@@ -692,11 +681,11 @@ sc_preprocessor_indentation:
 sc_spec_indentation:
 	@if cppi --version >/dev/null 2>&1; then			\
 	  for f in $$($(VC_LIST_EXCEPT) | grep '\.spec\.in$$'); do	\
-	    $(SED) -e 's|#|// #|; s|%ifn*\(arch\)* |#if a // |'		\
+	    sed -e 's|#|// #|; s|%ifn*\(arch\)* |#if a // |'		\
 		-e 's/%\(else\|endif\|define\)/#\1/'			\
 		-e 's/^\( *\)\1\1\1#/#\1/'				\
 		-e 's|^\( *[^#/ ]\)|// \1|; s|^\( */[^/]\)|// \1|' $$f	\
-	    | cppi -a -c 2>&1 | $(SED) "s|standard input|$$f|";		\
+	    | cppi -a -c 2>&1 | sed "s|standard input|$$f|";		\
 	  done | { if grep . >&2; then false; else :; fi; }		\
 	    || { echo '$(ME): incorrect preprocessor indentation' 1>&2;	\
 		exit 1; };						\
@@ -766,17 +755,16 @@ sc_prohibit_gettext_markup:
 # lower-level code must not include higher-level headers.
 cross_dirs=$(patsubst $(srcdir)/src/%.,%,$(wildcard $(srcdir)/src/*/.))
 cross_dirs_re=($(subst / ,/|,$(cross_dirs)))
-mid_dirs=access|conf|cpu|locking|network|node_device|rpc|security|storage
 sc_prohibit_cross_inclusion:
 	@for dir in $(cross_dirs); do					\
 	  case $$dir in							\
 	    util/) safe="util";;					\
-	    access/ | conf/) safe="($$dir|conf|util)";;			\
-	    locking/) safe="($$dir|util|conf|rpc)";;			\
-	    cpu/| network/| node_device/| rpc/| security/| storage/)	\
-	      safe="($$dir|util|conf|storage)";;			\
-	    xenapi/ | xenconfig/ ) safe="($$dir|util|conf|xen)";;	\
-	    *) safe="($$dir|$(mid_dirs)|util)";;			\
+	    locking/)							\
+	      safe="($$dir|util|conf|rpc)";;				\
+	    cpu/ | locking/ | network/ | rpc/ | security/)		\
+	      safe="($$dir|util|conf)";;				\
+	    xenapi/ | xenxs/ ) safe="($$dir|util|conf|xen)";;		\
+	    *) safe="($$dir|util|conf|cpu|network|locking|rpc|security)";; \
 	  esac;								\
 	  in_vc_files="^src/$$dir"					\
 	  prohibit='^# *include .$(cross_dirs_re)'			\
@@ -789,7 +777,7 @@ sc_prohibit_cross_inclusion:
 # elements added to the enum by using a _LAST marker.
 sc_require_enum_last_marker:
 	@grep -A1 -nE '^[^#]*VIR_ENUM_IMPL *\(' $$($(VC_LIST_EXCEPT))	\
-	   | $(SED) -ne '/VIR_ENUM_IMPL[^,]*,$$/N'				\
+	   | sed -ne '/VIR_ENUM_IMPL[^,]*,$$/N'				\
 	     -e '/VIR_ENUM_IMPL[^,]*,[^,]*[^_,][^L,][^A,][^S,][^T,],/p'	\
 	     -e '/VIR_ENUM_IMPL[^,]*,[^,]\{0,4\},/p'			\
 	   | grep . &&							\
@@ -869,103 +857,9 @@ sc_prohibit_getenv:
 	halt='Use virGetEnv{Allow,Block}SUID instead of getenv'		\
 	  $(_sc_search_regexp)
 
-sc_prohibit_atoi:
-	@prohibit='\bato(i|f|l|ll|q) *\('	\
-	halt='Use virStrToLong* instead of atoi, atol, atof, atoq, atoll' \
-	  $(_sc_search_regexp)
-
-sc_prohibit_wrong_filename_in_comment:
-	@fail=0;                                                       \
-	awk 'BEGIN {                                                   \
-	  fail=0;                                                      \
-	} FNR < 3 {                                                    \
-	  n=match($$0, /[[:space:]][^[:space:]]*[.][ch][[:space:]:]/); \
-	  if (n > 0) {                                                 \
-	    A=substr($$0, RSTART+1, RLENGTH-2);                        \
-	    n=split(FILENAME, arr, "/");                               \
-	    if (A != arr[n]) {                                         \
-	      print "in " FILENAME ": " A " mentioned in comments ";   \
-	      fail=1;                                                  \
-	    }                                                          \
-	  }                                                            \
-	} END {                                                        \
-	  if (fail == 1) {                                             \
-	    exit 1;                                                    \
-	  }                                                            \
-	}' $$($(VC_LIST_EXCEPT) | grep '\.[ch]$$') || fail=1;          \
-	if test $$fail -eq 1; then                                     \
-	  { echo '$(ME): The file name in comments must match the'     \
-	    'actual file name' 1>&2; exit 1; }	                       \
-	fi;
-
-sc_prohibit_virConnectOpen_in_virsh:
-	@prohibit='\bvirConnectOpen[a-zA-Z]* *\('                      \
-	in_vc_files='^tools/virsh-.*\.[ch]$$'                          \
-	halt='Use vshConnect() in virsh instead of virConnectOpen*'    \
-	  $(_sc_search_regexp)
-
-sc_require_space_before_label:
-	@prohibit='^(   ?)?[_a-zA-Z0-9]+:$$'                           \
-	in_vc_files='\.[ch]$$'                                         \
-	halt="Top-level labels should be indented by one space"        \
-	  $(_sc_search_regexp)
-
-# Doesn't catch all cases of mismatched braces across if-else, but it helps
-sc_require_if_else_matching_braces:
-	@prohibit='(  else( if .*\))? {|} else( if .*\))?$$)'		\
-	in_vc_files='\.[chx]$$'						\
-	halt="if one side of if-else uses {}, both sides must use it"	\
-	  $(_sc_search_regexp)
-
-sc_curly_braces_style:
-	@files=$$($(VC_LIST_EXCEPT) | grep '\.[ch]$$');			\
-	if $(GREP) -nHP							\
-'^\s*(?!([a-zA-Z_]*for_?each[a-zA-Z_]*) ?\()([_a-zA-Z0-9]+( [_a-zA-Z0-9]+)* ?\()?(\*?[_a-zA-Z0-9]+(,? \*?[_a-zA-Z0-9\[\]]+)+|void)\) ?\{'		\
-	$$files; then							\
-	  echo '$(ME): Non-K&R style used for curly braces around'	\
-		'function body, see HACKING' 1>&2; exit 1;		\
-	fi;								\
-	if $(GREP) -A1 -En ' ((if|for|while|switch) \(|(else|do)\b)[^{]*$$'\
-	  $$files | $(GREP) '^[^ ]*- *{'; then				\
-	  echo '$(ME): Use hanging braces for compound statements,'	\
-		'see HACKING' 1>&2; exit 1;				\
-	fi
-
-sc_prohibit_windows_special_chars_in_filename:
-	@files=$$($(VC_LIST_EXCEPT) | grep '[:*?"<>|]');               \
-	test -n "$$files" && { echo '$(ME): Windows special chars'     \
-	  'in filename not allowed:' 1>&2; echo $$files 1>&2; exit 1; } || :
-
-sc_prohibit_mixed_case_abbreviations:
-	@prohibit='Pci|Usb|Scsi'			\
-	in_vc_files='\.[ch]$$'				\
-	halt='Use PCI, USB, SCSI, not Pci, Usb, Scsi'	\
-	  $(_sc_search_regexp)
-
-# Require #include <locale.h> in all files that call setlocale()
-sc_require_locale_h:
-	@require='include.*locale\.h'					\
-	containing='setlocale *('					\
-	halt='setlocale() requires <locale.h>'				\
-	  $(_sc_search_regexp)
-
-sc_prohibit_empty_first_line:
-	@awk 'BEGIN { fail=0; }						\
-	FNR == 1 { if ($$0 == "") { print FILENAME ":1:"; fail=1; } }	\
-	END { if (fail == 1) {						\
-	  print "$(ME): Prohibited empty first line" > "/dev/stderr";	\
-	} exit fail; }' $$($(VC_LIST_EXCEPT));
-
-sc_prohibit_paren_brace:
-	@prohibit='\)\{$$'						\
-	in_vc_files='\.[chx]$$'						\
-	halt='Put space between closing parenthesis and opening brace'	\
-	  $(_sc_search_regexp)
-
 # We don't use this feature of maint.mk.
 prev_version_file = /dev/null
 
-ifneq ($(_gl-Makefile),)
 ifeq (0,$(MAKELEVEL))
   _curr_status = .git-module-status
   # The sed filter accommodates those who check out on a commit from which
@@ -978,7 +872,7 @@ ifeq (0,$(MAKELEVEL))
   # b653eda3ac4864de205419d9f41eec267cb89eeb
   #
   # Keep this logic in sync with autogen.sh.
-  _submodule_hash = $(SED) 's/^[ +-]//;s/ .*//'
+  _submodule_hash = sed 's/^[ +-]//;s/ .*//'
   _update_required := $(shell						\
       cd '$(srcdir)';							\
       test -d .git || { echo 0; exit; };				\
@@ -998,7 +892,6 @@ ifeq (0,$(MAKELEVEL))
 maint.mk Makefile: _autogen
   endif
 endif
-endif
 
 # It is necessary to call autogen any time gnulib changes.  Autogen
 # reruns configure, then we regenerate all Makefiles at once.
@@ -1008,9 +901,7 @@ _autogen:
 	./config.status
 
 # regenerate HACKING as part of the syntax-check
-ifneq ($(_gl-Makefile),)
 syntax-check: $(top_srcdir)/HACKING bracket-spacing-check
-endif
 
 bracket-spacing-check:
 	$(AM_V_GEN)files=`$(VC_LIST) | grep '\.c$$'`; \
@@ -1043,8 +934,7 @@ exclude_file_name_regexp--sc_bindtextdomain = ^(tests|examples)/
 exclude_file_name_regexp--sc_copyright_usage = \
   ^COPYING(|\.LESSER)$$
 
-exclude_file_name_regexp--sc_flags_usage = \
-  ^(docs/|src/util/virnetdevtap\.c$$|tests/vir(cgroup|pci|usb)mock\.c$$)
+exclude_file_name_regexp--sc_flags_usage = ^(docs/|src/util/virnetdevtap\.c$$|tests/vircgroupmock\.c$$)
 
 exclude_file_name_regexp--sc_libvirt_unmarked_diagnostics = \
   ^(src/rpc/gendispatch\.pl$$|tests/)
@@ -1052,21 +942,24 @@ exclude_file_name_regexp--sc_libvirt_unmarked_diagnostics = \
 exclude_file_name_regexp--sc_po_check = ^(docs/|src/rpc/gendispatch\.pl$$)
 
 exclude_file_name_regexp--sc_prohibit_VIR_ERR_NO_MEMORY = \
-  ^(include/libvirt/virterror\.h|daemon/dispatch\.c|src/util/virerror\.c|docs/internals/oomtesting\.html\.in)$$
+  ^(include/libvirt/virterror\.h|daemon/dispatch\.c|src/util/virerror\.c)$$
 
 exclude_file_name_regexp--sc_prohibit_access_xok = ^src/util/virutil\.c$$
 
+exclude_file_name_regexp--sc_prohibit_always_true_header_tests = \
+  ^python/(libvirt-(lxc-|qemu-)?override|typewrappers)\.c$$
+
 exclude_file_name_regexp--sc_prohibit_asprintf = \
-  ^(bootstrap.conf$$|src/util/virstring\.[ch]$$|tests/vircgroupmock\.c$$)
+  ^(bootstrap.conf$$|src/util/virstring\.[ch]$$|examples/domain-events/events-c/event-test\.c$$|tests/vircgroupmock\.c$$)
 
 exclude_file_name_regexp--sc_prohibit_strdup = \
-  ^(docs/|examples/|src/util/virstring\.c|tests/virnetserverclientmock.c$$)
+  ^(docs/|examples/|python/|src/util/virstring\.c|tests/virnetserverclientmock.c$$)
 
 exclude_file_name_regexp--sc_prohibit_close = \
-  (\.p[yl]$$|^docs/|^(src/util/virfile\.c|src/libvirt\.c|tests/vir(cgroup|pci)mock\.c)$$)
+  (\.p[yl]$$|^docs/|^(src/util/virfile\.c|src/libvirt\.c|tests/vircgroupmock\.c)$$)
 
 exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF = \
-  (^tests/(qemuhelp|nodeinfo|virpcitest)data/|\.diff$$)
+  (^tests/(qemuhelp|nodeinfo)data/|\.(gif|ico|png|diff)$$)
 
 _src2=src/(util/vircommand|libvirt|lxc/lxc_controller|locking/lock_daemon)
 exclude_file_name_regexp--sc_prohibit_fork_wrappers = \
@@ -1081,10 +974,10 @@ exclude_file_name_regexp--sc_prohibit_newline_at_end_of_diagnostic = \
   ^src/rpc/gendispatch\.pl$$
 
 exclude_file_name_regexp--sc_prohibit_nonreentrant = \
-  ^((po|tests)/|docs/.*(py|html\.in)|run.in$$|tools/wireshark/util/genxdrstub\.pl$$)
+  ^((po|tests)/|docs/.*(py|html\.in)|run.in$$)
 
 exclude_file_name_regexp--sc_prohibit_raw_allocation = \
-  ^(docs/hacking\.html\.in|src/util/viralloc\.[ch]|examples/.*|tests/(securityselinuxhelper|vircgroupmock)\.c|tools/wireshark/src/packet-libvirt\.c)$$
+  ^(docs/hacking\.html\.in)|(src/util/viralloc\.[ch]|examples/.*|tests/securityselinuxhelper\.c|tests/vircgroupmock\.c)$$
 
 exclude_file_name_regexp--sc_prohibit_readlink = \
   ^src/(util/virutil|lxc/lxc_container)\.c$$
@@ -1092,11 +985,12 @@ exclude_file_name_regexp--sc_prohibit_readlink = \
 exclude_file_name_regexp--sc_prohibit_setuid = ^src/util/virutil\.c$$
 
 exclude_file_name_regexp--sc_prohibit_sprintf = \
-  (^docs/hacking\.html\.in|\.stp|\.pl)$$
+  ^(docs/hacking\.html\.in)|(examples/systemtap/.*stp)|(src/dtrace2systemtap\.pl)|(src/rpc/gensystemtap\.pl)$$
 
 exclude_file_name_regexp--sc_prohibit_strncpy = ^src/util/virstring\.c$$
 
-exclude_file_name_regexp--sc_prohibit_strtol = ^examples/dom.*/.*\.c$$
+exclude_file_name_regexp--sc_prohibit_strtol = \
+  ^src/(util/virsexpr|(vbox|xen|xenxs)/.*)\.c$$
 
 exclude_file_name_regexp--sc_prohibit_xmlGetProp = ^src/util/virxml\.c$$
 
@@ -1111,7 +1005,7 @@ exclude_file_name_regexp--sc_require_config_h_first = \
 	^(examples/|tools/virsh-edit\.c$$)
 
 exclude_file_name_regexp--sc_trailing_blank = \
-  /qemuhelpdata/|/sysinfodata/.*\.data|/nodeinfodata/.*\.cpuinfo$$
+  (/qemuhelpdata/|/sysinfodata/.*\.data|\.(fig|gif|ico|png)$$)
 
 exclude_file_name_regexp--sc_unmarked_diagnostics = \
   ^(docs/apibuild.py|tests/virt-aa-helper-test)$$
@@ -1124,25 +1018,13 @@ exclude_file_name_regexp--sc_correct_id_types = \
 exclude_file_name_regexp--sc_m4_quote_check = m4/virt-lib.m4
 
 exclude_file_name_regexp--sc_prohibit_include_public_headers_quote = \
-  ^(src/internal\.h$$|tools/wireshark/src/packet-libvirt.h$$)
+  ^src/internal\.h$$
 
 exclude_file_name_regexp--sc_prohibit_include_public_headers_brackets = \
-  ^(tools/|examples/|include/libvirt/(virterror|libvirt-(qemu|lxc))\.h$$)
+  ^(python/|tools/|examples/|include/libvirt/(virterror|libvirt-(qemu|lxc))\.h$$)
 
 exclude_file_name_regexp--sc_prohibit_int_ijk = \
   ^(src/remote_protocol-structs|src/remote/remote_protocol.x|cfg.mk|include/)$
 
 exclude_file_name_regexp--sc_prohibit_getenv = \
   ^tests/.*\.[ch]$$
-
-exclude_file_name_regexp--sc_avoid_attribute_unused_in_header = \
-  ^src/util/virlog\.h$$
-
-exclude_file_name_regexp--sc_prohibit_mixed_case_abbreviations = \
-  ^src/(vbox/vbox_CAPI.*.h|esx/esx_vi.(c|h)|esx/esx_storage_backend_iscsi.c)$$
-
-exclude_file_name_regexp--sc_prohibit_empty_first_line = \
-  ^(README|daemon/THREADS\.txt|src/esx/README|docs/library.xen|tests/vmwareverdata/fusion-5.0.3.txt|tests/nodeinfodata/linux-raspberrypi/cpu/offline)$$
-
-exclude_file_name_regexp--sc_prohibit_useless_translation = \
-  ^tests/virpolkittest.c

configure.ac

@@ -1,6 +1,6 @@
 dnl Process this file with autoconf to produce a configure script.
 
-dnl Copyright (C) 2005-2014 Red Hat, Inc.
+dnl Copyright (C) 2005-2013 Red Hat, Inc.
 dnl
 dnl This library is free software; you can redistribute it and/or
 dnl modify it under the terms of the GNU Lesser General Public
@@ -16,7 +16,7 @@ dnl You should have received a copy of the GNU Lesser General Public
 dnl License along with this library.  If not, see
 dnl <http://www.gnu.org/licenses/>.
 
-AC_INIT([libvirt], [1.2.9], [libvir-list@redhat.com], [], [http://libvirt.org])
+AC_INIT([libvirt], [1.1.3.2], [libvir-list@redhat.com], [], [http://libvirt.org])
 AC_CONFIG_SRCDIR([src/libvirt.c])
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_HEADERS([config.h])
@@ -25,6 +25,7 @@ AC_CONFIG_MACRO_DIR([m4])
 dnl Make automake keep quiet about wildcards & other GNUmake-isms; also keep
 dnl quiet about the fact that we intentionally cater to automake 1.9
 AM_INIT_AUTOMAKE([-Wno-portability -Wno-obsolete tar-ustar subdir-objects])
+AM_MAINTAINER_MODE([enable])
 
 # Maintainer note - comment this line out if you plan to rerun
 # GNULIB_POSIXCHECK testing to see if libvirt should be using more modules.
@@ -175,7 +176,6 @@ case $host in
   *-*-linux*) with_linux=yes ;;
   *-*-darwin*) with_osx=yes ;;
   *-*-freebsd*) with_freebsd=yes ;;
-  *-*-mingw* | *-*-msvc* ) with_win=yes ;;
 esac
 
 if test $with_linux = no; then
@@ -192,30 +192,15 @@ if test $with_freebsd = yes; then
    with_firewalld=no
 fi
 
+if test $with_osx = yes; then
+   with_qemu=no
+fi
+
 AM_CONDITIONAL([WITH_LINUX], [test "$with_linux" = "yes"])
 AM_CONDITIONAL([WITH_FREEBSD], [test "$with_freebsd" = "yes"])
 
-# We don't support the daemon yet
-if test "$with_win" = "yes" ; then
-  with_libvirtd=no
-fi
-
-# The daemon requires remote support.  Likewise, if we are not using
-# RPC, we don't need several libraries.
-if test "$with_remote" = "no" ; then
-  with_libvirtd=no
-  with_gnutls=no
-  with_ssh2=no
-  with_sasl=no
-fi
-# Stateful drivers are useful only when building the daemon.
 if test "$with_libvirtd" = "no" ; then
   with_qemu=no
-  with_xen=no
-  with_lxc=no
-  with_libxl=no
-  with_uml=no
-  with_vbox=no
 fi
 
 # Check for compiler and library settings.
@@ -234,18 +219,15 @@ LIBVIRT_CHECK_CAPNG
 LIBVIRT_CHECK_CURL
 LIBVIRT_CHECK_DBUS
 LIBVIRT_CHECK_FUSE
-LIBVIRT_CHECK_GLUSTER
 LIBVIRT_CHECK_HAL
 LIBVIRT_CHECK_NETCF
 LIBVIRT_CHECK_NUMACTL
 LIBVIRT_CHECK_OPENWSMAN
 LIBVIRT_CHECK_PCIACCESS
-LIBVIRT_CHECK_READLINE
 LIBVIRT_CHECK_SANLOCK
 LIBVIRT_CHECK_SASL
 LIBVIRT_CHECK_SELINUX
 LIBVIRT_CHECK_SSH2
-LIBVIRT_CHECK_SYSTEMD_DAEMON
 LIBVIRT_CHECK_UDEV
 LIBVIRT_CHECK_YAJL
 
@@ -272,44 +254,17 @@ AC_CHECK_SIZEOF([long])
 
 dnl Availability of various common functions (non-fatal if missing),
 dnl and various less common threadsafe functions
-AC_CHECK_FUNCS_ONCE([cfmakeraw fallocate geteuid getgid getgrnam_r \
-  getmntent_r getpwuid_r getuid kill mmap newlocale posix_fallocate \
-  posix_memalign prlimit regexec sched_getaffinity setgroups setns \
-  setrlimit symlink sysctlbyname getifaddrs])
+AC_CHECK_FUNCS_ONCE([cfmakeraw geteuid getgid getgrnam_r getmntent_r \
+  getpwuid_r getuid kill mmap newlocale posix_fallocate posix_memalign \
+  prlimit regexec sched_getaffinity setgroups setns setrlimit symlink \
+  sysctlbyname])
 
-dnl Availability of pthread functions. Because of $LIB_PTHREAD, we
-dnl cannot use AC_CHECK_FUNCS_ONCE. LIB_PTHREAD and LIBMULTITHREAD
-dnl were set during gl_INIT by gnulib.
+dnl Availability of pthread functions (if missing, win32 threading is
+dnl assumed).  Because of $LIB_PTHREAD, we cannot use AC_CHECK_FUNCS_ONCE.
+dnl LIB_PTHREAD and LIBMULTITHREAD were set during gl_INIT by gnulib.
 old_LIBS=$LIBS
 LIBS="$LIBS $LIB_PTHREAD $LIBMULTITHREAD"
-
-pthread_found=yes
 AC_CHECK_FUNCS([pthread_mutexattr_init])
-AC_CHECK_HEADER([pthread.h],,[pthread_found=no])
-
-if test "$ac_cv_func_pthread_mutexattr_init:$pthread_found" != "yes:yes"
-then
-  AC_MSG_ERROR([A pthreads impl is required for building libvirt])
-fi
-
-dnl At least mingw64-winpthreads #defines pthread_sigmask to 0,
-dnl which in turn causes compilation to complain about unused variables.
-dnl Expose this broken implementation, so we can work around it.
-AC_CACHE_CHECK([whether pthread_sigmask does anything],
-  [lv_cv_pthread_sigmask_works],
-  [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
-    #include <sys/types.h>
-    #include <signal.h>
-  ]], [[
-    #ifdef pthread_sigmask
-    int (*foo)(int, const sigset_t *, sigset_t *) = &pthread_sigmask;
-    return !foo;
-    #endif
-  ]])], [lv_cv_pthread_sigmask_works=yes], [lv_cv_pthread_sigmask_works=no])])
-if test "x$lv_cv_pthread_sigmask_works" != xyes; then
-  AC_DEFINE([FUNC_PTHREAD_SIGMASK_BROKEN], [1],
-    [Define to 1 if pthread_sigmask is not a real function])
-fi
 LIBS=$old_libs
 
 dnl Availability of various common headers (non-fatal if missing).
@@ -409,8 +364,6 @@ dnl External programs that we can use if they are available.
 dnl We will hard-code paths to these programs unless we cannot
 dnl detect them, in which case we'll search for the program
 dnl along the $PATH at runtime and fail if it's not there.
-AC_PATH_PROG([DMIDECODE], [dmidecode], [dmidecode],
-	[/sbin:/usr/sbin:/usr/local/sbin:$PATH])
 AC_PATH_PROG([DNSMASQ], [dnsmasq], [dnsmasq],
 	[/sbin:/usr/sbin:/usr/local/sbin:$PATH])
 AC_PATH_PROG([RADVD], [radvd], [radvd],
@@ -423,23 +376,17 @@ AC_PATH_PROG([UDEVSETTLE], [udevsettle], [],
 	[/sbin:/usr/sbin:/usr/local/sbin:$PATH])
 AC_PATH_PROG([MODPROBE], [modprobe], [modprobe],
 	[/sbin:/usr/sbin:/usr/local/sbin:$PATH])
-AC_PATH_PROG([RMMOD], [rmmod], [rmmod],
-	[/sbin:/usr/sbin:/usr/local/sbin:$PATH])
 AC_PATH_PROG([OVSVSCTL], [ovs-vsctl], [ovs-vsctl],
 	[/sbin:/usr/sbin:/usr/local/sbin:$PATH])
 AC_PATH_PROG([SCRUB], [scrub], [scrub],
 	[/sbin:/usr/sbin:/usr/local/sbin:$PATH])
-AC_PATH_PROG([ADDR2LINE], [addr2line], [addr2line],
-        [/sbin:/usr/bin:/usr/sbin:/usr/local/sbin:$PATH])
 
-AC_DEFINE_UNQUOTED([DMIDECODE],["$DMIDECODE"],
-        [Location or name of the dmidecode program])
 AC_DEFINE_UNQUOTED([DNSMASQ],["$DNSMASQ"],
         [Location or name of the dnsmasq program])
 AC_DEFINE_UNQUOTED([RADVD],["$RADVD"],
         [Location or name of the radvd program])
 AC_DEFINE_UNQUOTED([TC],["$TC"],
-        [Location or name of the tc program (see iproute2)])
+        [Location or name of the tc profram (see iproute2)])
 AC_DEFINE_UNQUOTED([OVSVSCTL],["$OVSVSCTL"],
         [Location or name of the ovs-vsctl program])
 
@@ -455,14 +402,8 @@ if test -n "$MODPROBE"; then
   AC_DEFINE_UNQUOTED([MODPROBE],["$MODPROBE"],
         [Location or name of the modprobe program])
 fi
-if test -n "$RMMOD"; then
-  AC_DEFINE_UNQUOTED([RMMOD],["$RMMOD"],
-        [Location or name of the rmmod program])
-fi
 AC_DEFINE_UNQUOTED([SCRUB],["$SCRUB"],
         [Location or name of the scrub program (for wiping algorithms)])
-AC_DEFINE_UNQUOTED([ADDR2LINE],["$ADDR2LINE"],
-        [Location of addr2line program])
 
 dnl Specific dir for HTML output ?
 AC_ARG_WITH([html-dir], [AS_HELP_STRING([--with-html-dir=path],
@@ -569,10 +510,6 @@ AC_ARG_WITH([chrdev-lock-files],
     [location for UUCP style lock files for character devices
      (use auto for default paths on some platforms) @<:@default=auto@:>@])])
 m4_divert_text([DEFAULTS], [with_chrdev_lock_files=auto])
-AC_ARG_WITH([pm-utils],
-  [AS_HELP_STRING([--with-pm-utils],
-    [use pm-utils for power management @<:@default=yes@:>@])])
-m4_divert_text([DEFAULTS], [with_pm_utils=check])
 
 dnl
 dnl in case someone want to build static binaries
@@ -967,7 +904,7 @@ AM_CONDITIONAL([WITH_XEN], [test "$with_xen" = "yes"])
 AC_SUBST([XEN_CFLAGS])
 AC_SUBST([XEN_LIBS])
 
-AM_CONDITIONAL([WITH_XENCONFIG], [test "$with_libxl" = "yes" || test "$with_xen" = "yes"])
+AM_CONDITIONAL([WITH_XENXS], [test "$with_libxl" = "yes" || test "$with_xen" = "yes"])
 
 dnl
 dnl check for kernel headers required by xen_inotify
@@ -1046,30 +983,22 @@ dnl
 dnl Checks for the Parallels driver
 dnl
 
-
-if test "$with_parallels" = "yes" ||
-   test "$with_parallels" = "check"; then
-    PKG_CHECK_MODULES([PARALLELS_SDK], [parallels-sdk],
-                      [PARALLELS_SDK_FOUND=yes], [PARALLELS_SDK_FOUND=no])
-
-    if test "$with_parallels" = "yes" && test "$PARALLELS_SDK_FOUND" = "no"; then
-        AC_MSG_ERROR([Parallels Virtualization SDK is needed to build the Parallels driver.])
-    fi
-
-    with_parallels=$PARALLELS_SDK_FOUND
-    if test "$with_parallels" = "yes"; then
-        AC_DEFINE_UNQUOTED([WITH_PARALLELS], 1,
-                           [whether Parallels driver is enabled])
+if test "$with_parallels" = "check"; then
+    with_parallels=$with_linux
+    if test ! $host_cpu = 'x86_64'; then
+        with_parallels=no
     fi
 fi
+
+if test "$with_parallels" = "yes" && test "$with_linux" = "no"; then
+    AC_MSG_ERROR([The Parallels driver can be enabled on Linux only.])
+fi
+
+if test "$with_parallels" = "yes"; then
+    AC_DEFINE_UNQUOTED([WITH_PARALLELS], 1, [whether Parallels driver is enabled])
+fi
 AM_CONDITIONAL([WITH_PARALLELS], [test "$with_parallels" = "yes"])
 
-dnl
-dnl Checks for bhyve driver
-dnl
-
-LIBVIRT_DRIVER_CHECK_BHYVE
-
 dnl
 dnl check for shell that understands <> redirection without truncation,
 dnl needed by src/qemu/qemu_monitor_{text,json}.c.
@@ -1125,6 +1054,7 @@ dnl
 dnl check for kernel headers required by src/bridge.c
 dnl
 if test "$with_linux" = "yes"; then
+  if test "$with_qemu" = "yes" || test "$with_lxc" = "yes" ; then
     # Various kernel versions have headers that are not self-standing, but
     # yet are incompatible with the corresponding glibc headers.  In order
     # to guarantee compilation across a wide range of versions (from RHEL 5
@@ -1158,6 +1088,7 @@ if test "$with_linux" = "yes"; then
         #endif
         #include <linux/in6.h>
       ]])
+  fi
 fi
 
 
@@ -1413,10 +1344,8 @@ if test "$with_chrdev_lock_files" != "no"; then
     AC_MSG_ERROR([You must specify path for the lock files on this
 platform])
   fi
-  if test "$with_chrdev_lock_files" != "no"; then
-    AC_DEFINE_UNQUOTED([VIR_CHRDEV_LOCK_FILE_PATH], "$with_chrdev_lock_files",
-                       [path to directory containing UUCP device lock files])
-  fi
+  AC_DEFINE_UNQUOTED([VIR_CHRDEV_LOCK_FILE_PATH], "$with_chrdev_lock_files",
+                      [path to directory containing UUCP device lock files])
 fi
 AM_CONDITIONAL([VIR_CHRDEV_LOCK_FILE_PATH], [test "$with_chrdev_lock_files" != "no"])
 
@@ -1480,15 +1409,6 @@ elif test "with_secdriver_apparmor" != "no" ; then
 fi
 AM_CONDITIONAL([WITH_SECDRIVER_APPARMOR], [test "$with_secdriver_apparmor" != "no"])
 
-AC_ARG_WITH([apparmor-profiles],
-  [AS_HELP_STRING([--with-apparmor-profiles],
-    [install apparmor profiles @<:@default=no@:>@])],
-  [with_apparmor_profiles=yes],
-  [with_apparmor_profiles=no])
-if test "$with_apparmor" = "no"; then
-  with_apparmor_profiles="no"
-fi
-AM_CONDITIONAL([WITH_APPARMOR_PROFILES], [test "$with_apparmor_profiles" != "no"])
 
 dnl DTrace static probes
 AC_ARG_WITH([dtrace],
@@ -1525,7 +1445,7 @@ AC_ARG_WITH([numad],
 if test "$with_numad" != "no" ; then
   fail=0
 
-  AC_PATH_PROG([NUMAD], [numad], [], [/bin:/usr/bin:/usr/sbin])
+  AC_PATH_PROG([NUMAD], [numad], [], [/bin:/usr/bin])
 
   if test "$with_numad" = "check"; then
     test "$with_numactl" = "yes" || fail=1
@@ -1633,25 +1553,46 @@ fi
 
 AM_CONDITIONAL([WITH_PHYP],[test "$with_phyp" = "yes"])
 
-dnl
-dnl Should we build with pm-utils support?
-dnl
-if test "$with_pm_utils" = "check"; then
-    with_pm_utils=yes
-    if test "$with_dbus" = "yes"; then
-        if test "$init_systemd" = "yes"; then
-            with_pm_utils=no
-        fi
-    fi
-fi
-
-if test "$with_pm_utils" = "yes"; then
-    AC_DEFINE_UNQUOTED([WITH_PM_UTILS], 1, [whether to use pm-utils])
-fi
-AM_CONDITIONAL([WITH_PM_UTILS], [test "$with_pm_utils" = "yes"])
-
 dnl virsh libraries
-VIRSH_LIBS="$VIRSH_LIBS $READLINE_LIBS"
+AC_CHECK_HEADERS([readline/readline.h])
+
+# Check for readline.
+AC_CHECK_LIB([readline], [readline],
+	[lv_use_readline=yes; VIRSH_LIBS="$VIRSH_LIBS -lreadline"],
+	[lv_use_readline=no])
+
+# If the above test failed, it may simply be that -lreadline requires
+# some termcap-related code, e.g., from one of the following libraries.
+# See if adding one of them to LIBS helps.
+if test $lv_use_readline = no; then
+    lv_saved_libs=$LIBS
+    LIBS=
+    AC_SEARCH_LIBS([tgetent], [ncurses curses termcap termlib])
+    case $LIBS in
+      no*) ;;  # handle "no" and "none required"
+      *) # anything else is a -lLIBRARY
+	# Now, check for -lreadline again, also using $LIBS.
+	# Note: this time we use a different function, so that
+	# we don't get a cached "no" result.
+	AC_CHECK_LIB([readline], [rl_initialize],
+		[lv_use_readline=yes
+		 VIRSH_LIBS="$VIRSH_LIBS -lreadline $LIBS"],,
+		[$LIBS])
+	;;
+    esac
+    test $lv_use_readline = no &&
+	AC_MSG_WARN([readline library not found])
+    LIBS=$lv_saved_libs
+fi
+
+if test $lv_use_readline = yes; then
+    AC_DEFINE_UNQUOTED([USE_READLINE], 1,
+		       [whether virsh can use readline])
+    READLINE_CFLAGS=-DUSE_READLINE
+else
+    READLINE_CFLAGS=
+fi
+AC_SUBST([READLINE_CFLAGS])
 AC_SUBST([VIRSH_LIBS])
 
 dnl check if the network driver should be compiled
@@ -1732,14 +1673,6 @@ AC_ARG_WITH([storage-sheepdog],
   [AS_HELP_STRING([--with-storage-sheepdog],
     [with Sheepdog backend for the storage driver @<:@default=check@:>@])],
   [],[with_storage_sheepdog=check])
-AC_ARG_WITH([storage-gluster],
-  [AS_HELP_STRING([--with-storage-gluster],
-    [with Gluster backend for the storage driver @<:@default=check@:>@])],
-  [],[with_storage_gluster=check])
-AC_ARG_WITH([storage-zfs],
-  [AS_HELP_STRING([--with-storage-zfs],
-    [with ZFS backend for the storage driver @<:@default=check@:>@])],
-  [],[with_storage_zfs=check])
 
 if test "$with_libvirtd" = "no"; then
   with_storage_dir=no
@@ -1751,8 +1684,6 @@ if test "$with_libvirtd" = "no"; then
   with_storage_disk=no
   with_storage_rbd=no
   with_storage_sheepdog=no
-  with_storage_gluster=no
-  with_storage_zfs=no
 fi
 if test "$with_storage_dir" = "yes" ; then
   AC_DEFINE_UNQUOTED([WITH_STORAGE_DIR], 1, [whether directory backend for storage driver is enabled])
@@ -1886,12 +1817,8 @@ if test "$with_storage_iscsi" = "yes" || test "$with_storage_iscsi" = "check"; t
 
   if test "$with_storage_iscsi" = "yes" ; then
     AC_DEFINE_UNQUOTED([WITH_STORAGE_ISCSI], 1, [whether iSCSI backend for storage driver is enabled])
-  fi
-fi
-if test -z "$ISCIADM" ; then
-    AC_DEFINE_UNQUOTED([ISCSIADM],["iscsiadm"],[Name of iscsiadm program])
-else
     AC_DEFINE_UNQUOTED([ISCSIADM],["$ISCSIADM"],[Location of iscsiadm program])
+  fi
 fi
 AM_CONDITIONAL([WITH_STORAGE_ISCSI], [test "$with_storage_iscsi" = "yes"])
 
@@ -1958,63 +1885,6 @@ fi
 AM_CONDITIONAL([WITH_STORAGE_SHEEPDOG],
   [test "$with_storage_sheepdog" = "yes"])
 
-if test "$with_storage_gluster" = "check"; then
-  with_storage_gluster=$with_glusterfs
-fi
-if test "$with_storage_gluster" = "yes"; then
-  if test "$with_glusterfs" = no; then
-    AC_MSG_ERROR([Need glusterfs (libgfapi) for gluster storage driver])
-  fi
-  AC_DEFINE_UNQUOTED([WITH_STORAGE_GLUSTER], [1],
-    [whether Gluster backend for storage driver is enabled])
-fi
-AM_CONDITIONAL([WITH_STORAGE_GLUSTER], [test "$with_storage_gluster" = "yes"])
-
-if test "$with_storage_zfs" = "check"; then
-    with_storage_zfs=$with_freebsd
-fi
-
-if test "$with_storage_zfs" = "yes" && test "$with_freebsd" = "no"; then
-    AC_MSG_ERROR([The ZFS storage driver can be enabled on FreeBSD only.])
-fi
-
-if test "$with_storage_zfs" = "yes" ||
-   test "$with_storage_zfs" = "check"; then
-  AC_PATH_PROG([ZFS], [zfs], [], [$PATH:/sbin:/usr/sbin])
-  AC_PATH_PROG([ZPOOL], [zpool], [], [$PATH:/sbin:/usr/sbin])
-
-  if test "$with_storage_zfs" = "yes"; then
-    if test -z "$ZFS" || test -z "$ZPOOL"; then
-      AC_MSG_ERROR([We need zfs and zpool for ZFS storage driver])
-    fi
-  else
-    if test -z "$ZFS" || test -z "$ZPOOL"; then
-      with_storage_zfs=no
-    fi
-
-    if test "$with_storage_zfs" = "check"; then
-      with_storage_zfs=yes
-    fi
-  fi
-
-  if test "$with_storage_zfs" = "yes"; then
-    AC_DEFINE_UNQUOTED([WITH_STORAGE_ZFS], 1,
-      [whether ZFS backend for storage driver is enabled])
-    AC_DEFINE_UNQUOTED([ZFS], ["$ZFS"], [Location of zfs program])
-    AC_DEFINE_UNQUOTED([ZPOOL], ["$ZPOOL"], [Location of zpool program])
-  fi
-fi
-AM_CONDITIONAL([WITH_STORAGE_ZFS],
-  [test "$with_storage_zfs" = "yes"])
-
-if test "$with_storage_fs" = "yes" ||
-   test "$with_storage_gluster" = "yes"; then
-  AC_PATH_PROG([GLUSTER_CLI], [gluster], [], [$PATH:/sbin:/usr/sbin])
-  if test "x$GLUSTER_CLI" != "x"; then
-      AC_DEFINE_UNQUOTED([GLUSTER_CLI], ["$GLUSTER_CLI"],
-        [Location or name of the gluster command line tool])
-  fi
-fi
 
 LIBPARTED_CFLAGS=
 LIBPARTED_LIBS=
@@ -2172,21 +2042,94 @@ fi
 AM_CONDITIONAL([WITH_HYPERV], [test "$with_hyperv" = "yes"])
 
 
-dnl Allow perl/python overrides
-AC_PATH_PROGS([PYTHON], [python2 python])
-AC_PATH_PROG([PERL], [perl])
-if test -z "$PERL"; then
-         AC_MSG_ERROR([Failed to find perl.])
+dnl
+dnl check for python
+dnl
+
+AC_ARG_WITH([python],
+  [AS_HELP_STRING([--with-python],
+    [Build python bindings @<:@default=yes@:>@])],
+  [],[with_python=yes])
+
+if test "$enable_shared:$with_python" = no:yes; then
+  AC_MSG_WARN([Disabling shared libraries is incompatible with building Python extensions.])
+  AC_MSG_WARN([Ignoring --with-python.])
+  with_python=no
 fi
 
-AC_ARG_WITH([test-suite],
-            [AS_HELP_STRING([--with-test-suite],
-               [build test suite by default @<:@default=check@:>@])],
-            [case "${withval}" in
-               yes|no|check) ;;
-               *)      AC_MSG_ERROR([bad value ${withval} for tests option]) ;;
-            esac],
-            [withval=check])
+PYTHON_VERSION=
+PYTHON_INCLUDES=
+if test "$with_python" != "no" ; then
+    if test -x "$with_python/bin/python"
+    then
+        AC_MSG_NOTICE(Found python in $with_python/bin/python)
+        PYTHON="$with_python/bin/python"
+        with_python=yes
+    else
+        if test -x "$with_python"
+        then
+            AC_MSG_NOTICE(Found python in $with_python)
+            PYTHON="$with_python"
+            with_python=yes
+        else
+            if test -x "$PYTHON"
+            then
+                AC_MSG_NOTICE(Found python in environment PYTHON=$PYTHON)
+                with_python=yes
+            fi
+        fi
+    fi
+
+    if test "$with_python" = "yes" ; then
+        AM_PATH_PYTHON(,, [:])
+
+        if test "$PYTHON" != : ; then
+            PYTHON_CONFIG="$PYTHON-config"
+
+            if test -x "$PYTHON_CONFIG"
+            then
+                PYTHON_INCLUDES=`$PYTHON_CONFIG --includes`
+            else
+                if test -r $PYTHON_EXEC_PREFIX/include/python$PYTHON_VERSION/Python.h
+                then
+                    PYTHON_INCLUDES=-I$PYTHON_EXEC_PREFIX/include/python$PYTHON_VERSION
+                else
+                    if test -r $prefix/include/python$PYTHON_VERSION/Python.h
+                    then
+                        PYTHON_INCLUDES=-I$prefix/include/python$PYTHON_VERSION
+                    else
+                        if test -r /usr/include/python$PYTHON_VERSION/Python.h
+                        then
+                            PYTHON_INCLUDES=-I/usr/include/python$PYTHON_VERSION
+                        else
+                            AC_MSG_ERROR([You must install python-devel to build Python bindings])
+                        fi
+                    fi
+                fi
+            fi
+        else
+            AC_MSG_ERROR([You must install python to build Python bindings])
+        fi
+    else
+        AC_MSG_NOTICE([Could not find python in $with_python, disabling bindings])
+        with_python=no
+    fi
+fi
+AM_CONDITIONAL([WITH_PYTHON], [test "$with_python" = "yes"])
+AC_SUBST([PYTHON_VERSION])
+AC_SUBST([PYTHON_INCLUDES])
+
+dnl Allow perl overrides
+AC_PATH_PROG([PERL], [perl])
+
+AC_ARG_ENABLE([with-test-suite],
+              [AS_HELP_STRING([--with-test-suite],
+                 [build test suite by default @<:@default=check@:>@])],
+              [case "${withval}" in
+                 yes|no|check) ;;
+                 *)      AC_MSG_ERROR([bad value ${withval} for tests option]) ;;
+              esac],
+              [withval=check])
 
 AC_MSG_CHECKING([Whether to build test suite by default])
 if test "$withval" = "check" ; then
@@ -2273,7 +2216,7 @@ AC_ARG_ENABLE([test-locking],
 enable_locking=$enableval
 
 if test "$enable_locking" = "yes"; then
-  LOCK_CHECKING_CFLAGS="-save-temps"
+  LOCK_CHECKING_CFLAGS="-Dbool=char -D_Bool=char -save-temps"
   AC_SUBST([LOCK_CHECKING_CFLAGS])
 fi
 AM_CONDITIONAL([WITH_CIL],[test "$enable_locking" = "yes"])
@@ -2314,6 +2257,7 @@ dnl Copied from libxml2 configure.in, but I removed mingw changes
 dnl for now since I'm not supporting mingw at present.  - RWMJ
 CYGWIN_EXTRA_LDFLAGS=
 CYGWIN_EXTRA_LIBADD=
+CYGWIN_EXTRA_PYTHON_LIBADD=
 MINGW_EXTRA_LDFLAGS=
 WIN32_EXTRA_CFLAGS=
 dnl libvirt.syms is generated in builddir, but libvirt_qemu.syms is in git;
@@ -2327,6 +2271,10 @@ case "$host" in
     CYGWIN_EXTRA_LDFLAGS="-no-undefined"
     CYGWIN_EXTRA_LIBADD="${INTLLIBS}"
     MSCOM_LIBS="-lole32 -loleaut32"
+
+    if test "x$PYTHON_VERSION" != "x"; then
+      CYGWIN_EXTRA_PYTHON_LIBADD="-L/usr/lib/python${PYTHON_VERSION}/config -lpython${PYTHON_VERSION}"
+    fi
     ;;
   *-*-mingw*)
     MINGW_EXTRA_LDFLAGS="-no-undefined"
@@ -2361,6 +2309,7 @@ case "$host" in
 esac
 AC_SUBST([CYGWIN_EXTRA_LDFLAGS])
 AC_SUBST([CYGWIN_EXTRA_LIBADD])
+AC_SUBST([CYGWIN_EXTRA_PYTHON_LIBADD])
 AC_SUBST([MINGW_EXTRA_LDFLAGS])
 AC_SUBST([WIN32_EXTRA_CFLAGS])
 AC_SUBST([LIBVIRT_SYMBOL_FILE])
@@ -2470,7 +2419,7 @@ fi
 AM_CONDITIONAL([WITH_INTERFACE], [test "$with_interface" = "yes"])
 
 
-if test $with_freebsd = yes || test $with_osx = yes; then
+if test $with_freebsd = yes; then
   default_qemu_user=root
   default_qemu_group=wheel
 else
@@ -2569,8 +2518,6 @@ if test "$with_virtualport" != "no"; then
 fi
 AM_CONDITIONAL([WITH_VIRTUALPORT], [test "$with_virtualport" = "yes"])
 
-dnl GET_VLAN_VID_CMD is required for virNetDevGetVLanID
-AC_CHECK_DECLS([GET_VLAN_VID_CMD], [], [], [[#include <linux/if_vlan.h>]])
 
 dnl netlink library
 
@@ -2623,70 +2570,6 @@ AM_CONDITIONAL([HAVE_LIBNL], [test "$have_libnl" = "yes"])
 AC_SUBST([LIBNL_CFLAGS])
 AC_SUBST([LIBNL_LIBS])
 
-dnl wireshark dissector
-
-AC_ARG_WITH([wireshark-dissector],
-  [AS_HELP_STRING([--with-wireshark-dissector],
-    [enable wireshark dissector plugin support @<:@default=check@:>@])],
-  [ with_wireshark_dissector=$withval ],
-  [ with_wireshark_dissector=check ])
-
-AC_DEFUN([LIBVIRT_WS_HANDLE_ERROR], [
-  if test "$with_wireshark_dissector" = "yes"; then
-    AC_MSG_ERROR([$1])
-  else
-    with_wireshark_dissector=no
-  fi
-])
-if test "$with_wireshark_dissector" != "no"; then
-    dnl Check for XDR headers existence
-    AC_CHECK_HEADERS([rpc/types.h])
-
-    dnl Check for glib-2.0 existence
-    PKG_CHECK_MODULES([GLIB], [glib-2.0], [
-      WS_DISSECTOR_CPPFLAGS="$WS_DISSECTOR_CPPFLAGS `$PKG_CONFIG --cflags glib-2.0`"
-    ], [
-      LIBVIRT_WS_HANDLE_ERROR([pkg-config 'glib-2.0' is required for wireshark-dissector support])
-    ])
-
-    dnl Search for wireshark(or tshark) command
-    AC_PATH_PROG([WIRESHARK], [wireshark])
-    AC_PATH_PROG([WIRESHARK], [tshark])
-    if test -z "$WIRESHARK"; then
-        LIBVIRT_WS_HANDLE_ERROR([command not found wireshark or tshark])
-    else
-        dnl Check for wireshark headers
-        save_CPPFLAGS="$CPPFLAGS"
-        WS_DISSECTOR_CPPFLAGS="$WS_DISSECTOR_CPPFLAGS -I`dirname $WIRESHARK`/../include/wireshark"
-        CPPFLAGS="$CPPFLAGS $WS_DISSECTOR_CPPFLAGS"
-        AC_CHECK_HEADERS([wireshark/config.h],, [
-            LIBVIRT_WS_HANDLE_ERROR([wireshark/config.h is required for wireshark-dissector support])
-        ])
-        AC_CHECK_HEADERS([wireshark/epan/packet.h wireshark/epan/dissectors/packet-tcp.h],, [
-            LIBVIRT_WS_HANDLE_ERROR([wireshark/epan/{packet,packet-tcp}.h are required for wireshark-dissector support])
-        ], [
-          #include <wireshark/config.h>
-        ])
-        CPPFLAGS="$save_CPPFLAGS"
-    fi
-    if test "$with_wireshark_dissector" != "no"; then
-        with_wireshark_dissector=yes
-    fi
-fi
-AC_SUBST([WS_DISSECTOR_CPPFLAGS])
-AM_CONDITIONAL([WITH_WIRESHARK_DISSECTOR], [test "$with_wireshark_dissector" = "yes"])
-
-AC_ARG_WITH([ws-plugindir],
-  [AS_HELP_STRING([--with-ws-plugindir],
-    [wireshark plugins directory for use when installing wireshark plugin])],
-  [ws_plugindir=$withval])
-
-if test "$with_wireshark_dissector" != "no" && test -z "$ws_plugindir"; then
-    ws_version=`$WIRESHARK -v | head -1 | cut -f 2 -d' '`
-    ws_plugindir="$libdir/wireshark/plugins/$ws_version"
-fi
-AC_SUBST([ws_plugindir])
-
 # Check for Linux vs. BSD ifreq members
 AC_CHECK_MEMBERS([struct ifreq.ifr_newname,
                   struct ifreq.ifr_ifindex,
@@ -2721,34 +2604,6 @@ AC_CHECK_DECLS([BRDGSFD, BRDGADD, BRDGDEL],
                 #include <net/if_bridgevar.h>
                ])
 
-# Check for BSD CPU affinity availability
-AC_CHECK_DECLS([cpuset_getaffinity],
-               [AC_DEFINE([HAVE_BSD_CPU_AFFINITY],
-                          [1],
-                          [whether BSD CPU affinity management is available])],
-               [],
-               [#include <sys/param.h>
-                #include <sys/cpuset.h>
-               ])
-
-# Check for BSD kvm (kernel memory interface)
-if test $with_freebsd = yes; then
-     AC_CHECK_LIB([kvm], [kvm_getprocs], [],
-                  [AC_MSG_ERROR([BSD kernel memory interface library is required to build on FreeBSD])]
-                 )
-fi
-
-# FreeBSD 10-STABLE requires _IFI_OQDROPS to be defined for if_data.ifi_oqdrops
-# field be available
-old_CFLAGS="$CFLAGS"
-CFLAGS="$CFLAGS -D_IFI_OQDROPS"
-
-AC_CHECK_MEMBERS([struct if_data.ifi_oqdrops],
-		 [],
-		 [CFLAGS="$old_CFLAGS"],
-		 [#include <net/if.h>
-		 ])
-
 # Check if we need to look for ifconfig
 if test "$want_ifconfig" = "yes"; then
      AC_PATH_PROG([IFCONFIG_PATH], [ifconfig])
@@ -2785,31 +2640,22 @@ AC_CONFIG_FILES([\
         docs/schemas/Makefile \
         gnulib/lib/Makefile \
         gnulib/tests/Makefile \
-        libvirt.pc \
-        libvirt-qemu.pc \
-        libvirt-lxc.pc \
-        src/libvirt.pc \
-        src/libvirt-qemu.pc \
-        src/libvirt-lxc.pc \
-        libvirt.spec mingw-libvirt.spec \
+        libvirt.pc libvirt.spec mingw-libvirt.spec \
         po/Makefile.in \
         include/libvirt/Makefile include/libvirt/libvirt.h \
+        python/Makefile \
         daemon/Makefile \
         tools/Makefile \
         tests/Makefile \
         examples/apparmor/Makefile \
-        examples/object-events/Makefile \
+        examples/domain-events/events-c/Makefile \
         examples/domsuspend/Makefile \
         examples/dominfo/Makefile \
-        examples/dommigrate/Makefile \
-        examples/domtop/Makefile \
         examples/openauth/Makefile \
+        examples/python/Makefile \
         examples/hellolibvirt/Makefile \
         examples/systemtap/Makefile \
-        examples/xml/nwfilter/Makefile \
-        examples/lxcconvert/Makefile \
-        tools/wireshark/Makefile \
-        tools/wireshark/src/Makefile])
+        examples/xml/nwfilter/Makefile])
 AC_OUTPUT
 
 AC_MSG_NOTICE([])
@@ -2831,7 +2677,6 @@ AC_MSG_NOTICE([     PHYP: $with_phyp])
 AC_MSG_NOTICE([      ESX: $with_esx])
 AC_MSG_NOTICE([  Hyper-V: $with_hyperv])
 AC_MSG_NOTICE([Parallels: $with_parallels])
-LIBVIRT_DRIVER_RESULT_BHYVE
 AC_MSG_NOTICE([     Test: $with_test])
 AC_MSG_NOTICE([   Remote: $with_remote])
 AC_MSG_NOTICE([  Network: $with_network])
@@ -2852,13 +2697,11 @@ AC_MSG_NOTICE([   mpath: $with_storage_mpath])
 AC_MSG_NOTICE([    Disk: $with_storage_disk])
 AC_MSG_NOTICE([     RBD: $with_storage_rbd])
 AC_MSG_NOTICE([Sheepdog: $with_storage_sheepdog])
-AC_MSG_NOTICE([ Gluster: $with_storage_gluster])
-AC_MSG_NOTICE([     ZFS: $with_storage_zfs])
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([Security Drivers])
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([ SELinux: $with_secdriver_selinux ($SELINUX_MOUNT)])
-AC_MSG_NOTICE([AppArmor: $with_secdriver_apparmor (install profiles: $with_apparmor_profiles)])
+AC_MSG_NOTICE([AppArmor: $with_secdriver_apparmor])
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([Driver Loadable Modules])
 AC_MSG_NOTICE([])
@@ -2879,18 +2722,15 @@ LIBVIRT_RESULT_CAPNG
 LIBVIRT_RESULT_CURL
 LIBVIRT_RESULT_DBUS
 LIBVIRT_RESULT_FUSE
-LIBVIRT_RESULT_GLUSTER
 LIBVIRT_RESULT_HAL
 LIBVIRT_RESULT_NETCF
 LIBVIRT_RESULT_NUMACTL
 LIBVIRT_RESULT_OPENWSMAN
 LIBVIRT_RESULT_PCIACCESS
-LIBVIRT_RESULT_READLINE
 LIBVIRT_RESULT_SANLOCK
 LIBVIRT_RESULT_SASL
 LIBVIRT_RESULT_SELINUX
 LIBVIRT_RESULT_SSH2
-LIBVIRT_RESULT_SYSTEMD_DAEMON
 LIBVIRT_RESULT_UDEV
 LIBVIRT_RESULT_YAJL
 AC_MSG_NOTICE([  libxml: $LIBXML_CFLAGS $LIBXML_LIBS])
@@ -2955,7 +2795,6 @@ AC_MSG_NOTICE([     rbd: $LIBRBD_LIBS])
 else
 AC_MSG_NOTICE([     rbd: no])
 fi
-AC_MSG_NOTICE([pm-utils: $with_pm_utils])
 
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([Test suite])
@@ -2968,16 +2807,14 @@ AC_MSG_NOTICE([])
 AC_MSG_NOTICE([            Debug: $enable_debug])
 AC_MSG_NOTICE([      Use -Werror: $set_werror])
 AC_MSG_NOTICE([    Warning Flags: $WARN_CFLAGS])
+AC_MSG_NOTICE([         Readline: $lv_use_readline])
+AC_MSG_NOTICE([           Python: $with_python])
 AC_MSG_NOTICE([           DTrace: $with_dtrace])
 AC_MSG_NOTICE([            numad: $with_numad])
 AC_MSG_NOTICE([      XML Catalog: $XML_CATALOG_FILE])
 AC_MSG_NOTICE([      Init script: $with_init_script])
 AC_MSG_NOTICE([Char device locks: $with_chrdev_lock_files])
 AC_MSG_NOTICE([])
-AC_MSG_NOTICE([Developer Tools])
-AC_MSG_NOTICE([])
-AC_MSG_NOTICE([Wireshark dissector: $with_wireshark_dissector])
-AC_MSG_NOTICE([])
 AC_MSG_NOTICE([Privileges])
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([      QEMU: $QEMU_USER:$QEMU_GROUP])

daemon/Makefile.am

@@ -1,6 +1,6 @@
 ## Process this file with automake to produce Makefile.in
 
-## Copyright (C) 2005-2014 Red Hat, Inc.
+## Copyright (C) 2005-2013 Red Hat, Inc.
 ##
 ## This library is free software; you can redistribute it and/or
 ## modify it under the terms of the GNU Lesser General Public
@@ -55,7 +55,6 @@ EXTRA_DIST =						\
 	libvirtd.policy.in				\
 	libvirtd.sasl					\
 	libvirtd.service.in				\
-	libvirtd.socket.in				\
 	libvirtd.sysconf				\
 	libvirtd.sysctl					\
 	libvirtd.aug                                    \
@@ -141,7 +140,7 @@ libvirtd_SOURCES = $(DAEMON_SOURCES)
 #-D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_POSIX_C_SOURCE=199506L
 libvirtd_CFLAGS = \
 	$(LIBXML_CFLAGS) $(GNUTLS_CFLAGS) $(SASL_CFLAGS) \
-	$(XDR_CFLAGS) $(DBUS_CFLAGS) $(LIBNL_CFLAGS) \
+	$(XDR_CFLAGS) $(POLKIT_CFLAGS) $(DBUS_CFLAGS) $(LIBNL_CFLAGS) \
 	$(WARN_CFLAGS) $(PIE_CFLAGS) \
 	$(COVERAGE_CFLAGS) \
 	-DQEMUD_PID_FILE="\"$(QEMUD_PID_FILE)\""
@@ -158,6 +157,7 @@ libvirtd_LDADD =					\
 	$(GNUTLS_LIBS)					\
 	$(SASL_LIBS)					\
 	$(DBUS_LIBS)					\
+	$(POLKIT_LIBS)					\
 	$(LIBNL_LIBS)
 
 if WITH_DTRACE_PROBES
@@ -387,19 +387,16 @@ endif ! LIBVIRT_INIT_SCRIPT_UPSTART
 
 if LIBVIRT_INIT_SCRIPT_SYSTEMD
 
-SYSTEMD_UNIT_DIR = $(prefix)/lib/systemd/system
-BUILT_SOURCES += libvirtd.service libvirtd.socket
+SYSTEMD_UNIT_DIR = /lib/systemd/system
+BUILT_SOURCES += libvirtd.service
 
-install-init-systemd: install-sysconfig libvirtd.service libvirtd.socket
+install-init-systemd: install-sysconfig libvirtd.service
 	$(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR)
 	$(INSTALL_DATA) libvirtd.service \
 	  $(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirtd.service
-	$(INSTALL_DATA) libvirtd.socket \
-	  $(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirtd.socket
 
 uninstall-init-systemd: uninstall-sysconfig
 	rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirtd.service
-	rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirtd.socket
 	rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) || :
 else ! LIBVIRT_INIT_SCRIPT_SYSTEMD
 install-init-systemd:
@@ -423,12 +420,6 @@ libvirtd.service: libvirtd.service.in $(top_builddir)/config.status
 	    < $< > $@-t &&					\
 	    mv $@-t $@
 
-libvirtd.socket: libvirtd.socket.in $(top_builddir)/config.status
-	$(AM_V_GEN)sed						\
-	    -e 's|[@]runstatedir[@]|$(runstatedir)|g'		\
-	    < $< > $@-t &&					\
-	    mv $@-t $@
-
 
 check-local: check-augeas
 

daemon/libvirtd-config.c

@@ -1,7 +1,7 @@
 /*
- * libvirtd-config.c: daemon start of day, guest process & i/o management
+ * libvirtd.c: daemon start of day, guest process & i/o management
  *
- * Copyright (C) 2006-2012, 2014 Red Hat, Inc.
+ * Copyright (C) 2006-2012 Red Hat, Inc.
  * Copyright (C) 2006 Daniel P. Berrange
  *
  * This library is free software; you can redistribute it and/or
@@ -37,8 +37,6 @@
 
 #define VIR_FROM_THIS VIR_FROM_CONF
 
-VIR_LOG_INIT("daemon.libvirtd-config");
-
 /* Allocate an array of malloc'd strings from the config file, filename
  * (used only in diagnostics), using handle "conf".  Upon error, return -1
  * and free any allocated memory.  Otherwise, save the array in *list_arg
@@ -158,12 +156,7 @@ checkType(virConfValuePtr p, const char *filename,
     } while (0)
 
 
-static int
-remoteConfigGetAuth(virConfPtr conf,
-                    const char *key,
-                    int *auth,
-                    const char *filename)
-{
+static int remoteConfigGetAuth(virConfPtr conf, const char *key, int *auth, const char *filename) {
     virConfValuePtr p;
 
     p = virConfGetValue(conf, key);
@@ -215,7 +208,7 @@ daemonConfigFilePath(bool privileged, char **configfile)
 
     return 0;
 
- error:
+error:
     return -1;
 }
 
@@ -265,14 +258,15 @@ daemonConfigNew(bool privileged ATTRIBUTE_UNUSED)
 
     data->min_workers = 5;
     data->max_workers = 20;
-    data->max_clients = 5000;
-    data->max_anonymous_clients = 20;
+    data->max_clients = 20;
 
     data->prio_workers = 5;
 
     data->max_requests = 20;
     data->max_client_requests = 5;
 
+    data->log_buffer_size = 64;
+
     data->audit_level = 1;
     data->audit_logging = 0;
 
@@ -301,7 +295,7 @@ daemonConfigNew(bool privileged ATTRIBUTE_UNUSED)
 
     return data;
 
- error:
+error:
     daemonConfigFree(data);
     return NULL;
 }
@@ -421,7 +415,6 @@ daemonConfigLoadOptions(struct daemonConfig *data,
     GET_CONF_INT(conf, filename, max_workers);
     GET_CONF_INT(conf, filename, max_clients);
     GET_CONF_INT(conf, filename, max_queued_clients);
-    GET_CONF_INT(conf, filename, max_anonymous_clients);
 
     GET_CONF_INT(conf, filename, prio_workers);
 
@@ -436,6 +429,7 @@ daemonConfigLoadOptions(struct daemonConfig *data,
     GET_CONF_INT(conf, filename, log_level);
     GET_CONF_STR(conf, filename, log_filters);
     GET_CONF_STR(conf, filename, log_outputs);
+    GET_CONF_INT(conf, filename, log_buffer_size);
 
     GET_CONF_INT(conf, filename, keepalive_interval);
     GET_CONF_INT(conf, filename, keepalive_count);
@@ -443,7 +437,7 @@ daemonConfigLoadOptions(struct daemonConfig *data,
 
     return 0;
 
- error:
+error:
     return -1;
 }
 

daemon/libvirtd-config.h

@@ -1,5 +1,5 @@
 /*
- * libvirtd-config.h: daemon start of day, guest process & i/o management
+ * libvirtd.c: daemon start of day, guest process & i/o management
  *
  * Copyright (C) 2006-2012 Red Hat, Inc.
  * Copyright (C) 2006 Daniel P. Berrange
@@ -64,7 +64,6 @@ struct daemonConfig {
     int max_workers;
     int max_clients;
     int max_queued_clients;
-    int max_anonymous_clients;
 
     int prio_workers;
 
@@ -74,6 +73,7 @@ struct daemonConfig {
     int log_level;
     char *log_filters;
     char *log_outputs;
+    int log_buffer_size;
 
     int audit_level;
     int audit_logging;

daemon/libvirtd.aug

@@ -57,7 +57,6 @@ module Libvirtd =
                         | int_entry "max_workers"
                         | int_entry "max_clients"
                         | int_entry "max_queued_clients"
-                        | int_entry "max_anonymous_clients"
                         | int_entry "max_requests"
                         | int_entry "max_client_requests"
                         | int_entry "prio_workers"

daemon/libvirtd.c

@@ -1,7 +1,7 @@
 /*
  * libvirtd.c: daemon start of day, guest process & i/o management
  *
- * Copyright (C) 2006-2014 Red Hat, Inc.
+ * Copyright (C) 2006-2012 Red Hat, Inc.
  * Copyright (C) 2006 Daniel P. Berrange
  *
  * This library is free software; you can redistribute it and/or
@@ -35,7 +35,6 @@
 #include "libvirt_internal.h"
 #include "virerror.h"
 #include "virfile.h"
-#include "virlog.h"
 #include "virpidfile.h"
 #include "virprocess.h"
 
@@ -56,7 +55,6 @@
 #include "virstring.h"
 #include "locking/lock_manager.h"
 #include "viraccessmanager.h"
-#include "virutil.h"
 
 #ifdef WITH_DRIVER_MODULES
 # include "driver.h"
@@ -79,9 +77,6 @@
 # ifdef WITH_VBOX
 #  include "vbox/vbox_driver.h"
 # endif
-# ifdef WITH_BHYVE
-#  include "bhyve/bhyve_driver.h"
-# endif
 # ifdef WITH_NETWORK
 #  include "network/bridge_driver.h"
 # endif
@@ -105,9 +100,6 @@
 #include "configmake.h"
 
 #include "virdbus.h"
-#include "cpu/cpu_map.h"
-
-VIR_LOG_INIT("daemon.libvirtd");
 
 #if WITH_SASL
 virNetSASLContextPtr saslCtxt = NULL;
@@ -116,8 +108,6 @@ virNetServerProgramPtr remoteProgram = NULL;
 virNetServerProgramPtr qemuProgram = NULL;
 virNetServerProgramPtr lxcProgram = NULL;
 
-volatile bool driversInitialized = false;
-
 enum {
     VIR_DAEMON_ERR_NONE = 0,
     VIR_DAEMON_ERR_PIDFILE,
@@ -163,9 +153,9 @@ static int daemonForkIntoBackground(const char *argv0)
 
             VIR_FORCE_CLOSE(statuspipe[0]);
 
-            if ((stdinfd = open("/dev/null", O_RDONLY)) <= STDERR_FILENO)
+            if ((stdinfd = open("/dev/null", O_RDONLY)) < 0)
                 goto cleanup;
-            if ((stdoutfd = open("/dev/null", O_WRONLY)) <= STDERR_FILENO)
+            if ((stdoutfd = open("/dev/null", O_WRONLY)) < 0)
                 goto cleanup;
             if (dup2(stdinfd, STDIN_FILENO) != STDIN_FILENO)
                 goto cleanup;
@@ -173,9 +163,9 @@ static int daemonForkIntoBackground(const char *argv0)
                 goto cleanup;
             if (dup2(stdoutfd, STDERR_FILENO) != STDERR_FILENO)
                 goto cleanup;
-            if (VIR_CLOSE(stdinfd) < 0)
+            if (stdinfd > STDERR_FILENO && VIR_CLOSE(stdinfd) < 0)
                 goto cleanup;
-            if (VIR_CLOSE(stdoutfd) < 0)
+            if (stdoutfd > STDERR_FILENO && VIR_CLOSE(stdoutfd) < 0)
                 goto cleanup;
 
             if (setsid() < 0)
@@ -211,7 +201,7 @@ static int daemonForkIntoBackground(const char *argv0)
             VIR_FORCE_CLOSE(statuspipe[1]);
 
             /* We wait to make sure the first child forked successfully */
-            if (virProcessWait(pid, NULL, false) < 0)
+            if (virProcessWait(pid, NULL) < 0)
                 goto error;
 
             /* If we get here, then the grandchild was spawned, so we
@@ -243,13 +233,48 @@ static int daemonForkIntoBackground(const char *argv0)
         }
     }
 
- error:
+error:
     VIR_FORCE_CLOSE(statuspipe[0]);
     VIR_FORCE_CLOSE(statuspipe[1]);
     return -1;
 }
 
 
+static int
+daemonPidFilePath(bool privileged,
+                  char **pidfile)
+{
+    if (privileged) {
+        if (VIR_STRDUP(*pidfile, LOCALSTATEDIR "/run/libvirtd.pid") < 0)
+            goto error;
+    } else {
+        char *rundir = NULL;
+        mode_t old_umask;
+
+        if (!(rundir = virGetUserRuntimeDirectory()))
+            goto error;
+
+        old_umask = umask(077);
+        if (virFileMakePath(rundir) < 0) {
+            umask(old_umask);
+            goto error;
+        }
+        umask(old_umask);
+
+        if (virAsprintf(pidfile, "%s/libvirtd.pid", rundir) < 0) {
+            VIR_FREE(rundir);
+            goto error;
+        }
+
+        VIR_FREE(rundir);
+    }
+
+    return 0;
+
+error:
+    return -1;
+}
+
 static int
 daemonUnixSocketPaths(struct daemonConfig *config,
                       bool privileged,
@@ -291,7 +316,7 @@ daemonUnixSocketPaths(struct daemonConfig *config,
     }
     return 0;
 
- error:
+error:
     return -1;
 }
 
@@ -331,15 +356,10 @@ static void daemonInitialize(void)
 {
     /*
      * Note that the order is important: the first ones have a higher
-     * priority when calling virStateInitialize. We must register the
-     * network, storage and nodedev drivers before any stateful domain
-     * driver, since their resources must be auto-started before any
-     * domains can be auto-started. Moreover, some stateless drivers
-     * implement their own subdrivers (e.g. the vbox driver has its
-     * own network and storage subdriers) which need to have higher
-     * priority. Otherwise, when connecting to such driver the generic
-     * subdriver may be opened instead of the one corresponding to the
-     * stateless driver.
+     * priority when calling virStateInitialize. We must register
+     * the network, storage and nodedev drivers before any domain
+     * drivers, since their resources must be auto-started before
+     * any domains can be auto-started.
      */
 #ifdef WITH_DRIVER_MODULES
     /* We don't care if any of these fail, because the whole point
@@ -347,18 +367,9 @@ static void daemonInitialize(void)
      * If they try to open a connection for a module that
      * is not loaded they'll get a suitable error at that point
      */
-# ifdef WITH_VBOX
-    virDriverLoadModule("vbox_network");
-# endif
 # ifdef WITH_NETWORK
     virDriverLoadModule("network");
 # endif
-# ifdef WITH_INTERFACE
-    virDriverLoadModule("interface");
-# endif
-# ifdef WITH_VBOX
-    virDriverLoadModule("vbox_storage");
-# endif
 # ifdef WITH_STORAGE
     virDriverLoadModule("storage");
 # endif
@@ -371,6 +382,9 @@ static void daemonInitialize(void)
 # ifdef WITH_NWFILTER
     virDriverLoadModule("nwfilter");
 # endif
+# ifdef WITH_INTERFACE
+    virDriverLoadModule("interface");
+# endif
 # ifdef WITH_XEN
     virDriverLoadModule("xen");
 # endif
@@ -389,22 +403,13 @@ static void daemonInitialize(void)
 # ifdef WITH_VBOX
     virDriverLoadModule("vbox");
 # endif
-# ifdef WITH_BHYVE
-    virDriverLoadModule("bhyve");
-# endif
 #else
-# ifdef WITH_VBOX
-    vboxNetworkRegister();
-# endif
 # ifdef WITH_NETWORK
     networkRegister();
 # endif
 # ifdef WITH_INTERFACE
     interfaceRegister();
 # endif
-# ifdef WITH_VBOX
-    vboxStorageRegister();
-# endif
 # ifdef WITH_STORAGE
     storageRegister();
 # endif
@@ -435,20 +440,16 @@ static void daemonInitialize(void)
 # ifdef WITH_VBOX
     vboxRegister();
 # endif
-# ifdef WITH_BHYVE
-    bhyveRegister();
-# endif
 #endif
 }
 
 
-static int ATTRIBUTE_NONNULL(3)
-daemonSetupNetworking(virNetServerPtr srv,
-                      struct daemonConfig *config,
-                      const char *sock_path,
-                      const char *sock_path_ro,
-                      bool ipsock,
-                      bool privileged)
+static int daemonSetupNetworking(virNetServerPtr srv,
+                                 struct daemonConfig *config,
+                                 const char *sock_path,
+                                 const char *sock_path_ro,
+                                 bool ipsock,
+                                 bool privileged)
 {
     virNetServerServicePtr svc = NULL;
     virNetServerServicePtr svcRO = NULL;
@@ -460,19 +461,11 @@ daemonSetupNetworking(virNetServerPtr srv,
     int unix_sock_ro_mask = 0;
     int unix_sock_rw_mask = 0;
 
-    unsigned int cur_fd = STDERR_FILENO + 1;
-    unsigned int nfds = virGetListenFDs();
-
     if (config->unix_sock_group) {
         if (virGetGroupID(config->unix_sock_group, &unix_sock_gid) < 0)
             return -1;
     }
 
-    if (nfds > (sock_path_ro ? 2 : 1)) {
-        VIR_ERROR(_("Too many (%u) FDs passed from caller"), nfds);
-        return -1;
-    }
-
     if (virStrToLong_i(config->unix_sock_ro_perms, NULL, 8, &unix_sock_ro_mask) != 0) {
         VIR_ERROR(_("Failed to parse mode '%s'"), config->unix_sock_ro_perms);
         goto error;
@@ -483,30 +476,30 @@ daemonSetupNetworking(virNetServerPtr srv,
         goto error;
     }
 
-    if (!(svc = virNetServerServiceNewFDOrUNIX(sock_path,
-                                               unix_sock_rw_mask,
-                                               unix_sock_gid,
-                                               config->auth_unix_rw,
+    VIR_DEBUG("Registering unix socket %s", sock_path);
+    if (!(svc = virNetServerServiceNewUNIX(sock_path,
+                                           unix_sock_rw_mask,
+                                           unix_sock_gid,
+                                           config->auth_unix_rw,
 #if WITH_GNUTLS
-                                               NULL,
+                                           NULL,
 #endif
-                                               false,
-                                               config->max_queued_clients,
-                                               config->max_client_requests,
-                                               nfds, &cur_fd)))
+                                           false,
+                                           config->max_queued_clients,
+                                           config->max_client_requests)))
         goto error;
     if (sock_path_ro) {
-        if (!(svcRO = virNetServerServiceNewFDOrUNIX(sock_path_ro,
-                                                     unix_sock_ro_mask,
-                                                     unix_sock_gid,
-                                                     config->auth_unix_ro,
+        VIR_DEBUG("Registering unix socket %s", sock_path_ro);
+        if (!(svcRO = virNetServerServiceNewUNIX(sock_path_ro,
+                                                 unix_sock_ro_mask,
+                                                 unix_sock_gid,
+                                                 config->auth_unix_ro,
 #if WITH_GNUTLS
-                                                     NULL,
+                                                 NULL,
 #endif
-                                                     true,
-                                                     config->max_queued_clients,
-                                                     config->max_client_requests,
-                                                     nfds, &cur_fd)))
+                                                 true,
+                                                 config->max_queued_clients,
+                                                 config->max_client_requests)))
             goto error;
     }
 
@@ -610,7 +603,7 @@ daemonSetupNetworking(virNetServerPtr srv,
 
     return 0;
 
- error:
+error:
 #if WITH_GNUTLS
     virObjectUnref(svcTLS);
 #endif
@@ -654,18 +647,14 @@ daemonSetupLogging(struct daemonConfig *config,
 
     virLogSetFromEnv();
 
+    virLogSetBufferSize(config->log_buffer_size);
+
     if (virLogGetNbFilters() == 0)
         virLogParseFilters(config->log_filters);
 
     if (virLogGetNbOutputs() == 0)
         virLogParseOutputs(config->log_outputs);
 
-    /*
-     * Command line override for --verbose
-     */
-    if ((verbose) && (virLogGetDefaultPriority() > VIR_LOG_INFO))
-        virLogSetDefaultPriority(VIR_LOG_INFO);
-
     /*
      * If no defined outputs, and either running
      * as daemon or not on a tty, then first try
@@ -676,14 +665,7 @@ daemonSetupLogging(struct daemonConfig *config,
         (godaemon || !isatty(STDIN_FILENO))) {
         char *tmp;
         if (access("/run/systemd/journal/socket", W_OK) >= 0) {
-            virLogPriority priority = virLogGetDefaultPriority();
-
-            /* By default we don't want to log too much stuff into journald as
-             * it may employ rate limiting and thus block libvirt execution. */
-            if (priority == VIR_LOG_DEBUG)
-                priority = VIR_LOG_INFO;
-
-            if (virAsprintf(&tmp, "%d:journald", priority) < 0)
+            if (virAsprintf(&tmp, "%d:journald", virLogGetDefaultPriority()) < 0)
                 goto error;
             virLogParseOutputs(tmp);
             VIR_FREE(tmp);
@@ -732,9 +714,15 @@ daemonSetupLogging(struct daemonConfig *config,
         VIR_FREE(tmp);
     }
 
+    /*
+     * Command line override for --verbose
+     */
+    if ((verbose) && (virLogGetDefaultPriority() > VIR_LOG_INFO))
+        virLogSetDefaultPriority(VIR_LOG_INFO);
+
     return 0;
 
- error:
+error:
     return -1;
 }
 
@@ -802,11 +790,11 @@ static void daemonReloadHandler(virNetServerPtr srv ATTRIBUTE_UNUSED,
                                 siginfo_t *sig ATTRIBUTE_UNUSED,
                                 void *opaque ATTRIBUTE_UNUSED)
 {
-    VIR_INFO("Reloading configuration on SIGHUP");
-    virHookCall(VIR_HOOK_DRIVER_DAEMON, "-",
-                VIR_HOOK_DAEMON_OP_RELOAD, SIGHUP, "SIGHUP", NULL, NULL);
-    if (virStateReload() < 0)
-        VIR_WARN("Error while reloading drivers");
+        VIR_INFO("Reloading configuration on SIGHUP");
+        virHookCall(VIR_HOOK_DRIVER_DAEMON, "-",
+                    VIR_HOOK_DAEMON_OP_RELOAD, SIGHUP, "SIGHUP", NULL, NULL);
+        if (virStateReload() < 0)
+            VIR_WARN("Error while reloading drivers");
 }
 
 static int daemonSetupSignals(virNetServerPtr srv)
@@ -924,8 +912,6 @@ static void daemonRunStateInit(void *opaque)
         goto cleanup;
     }
 
-    driversInitialized = true;
-
 #ifdef HAVE_DBUS
     /* Tie the non-priviledged libvirtd to the session/shutdown lifecycle */
     if (!virNetServerIsPrivileged(srv)) {
@@ -947,7 +933,7 @@ static void daemonRunStateInit(void *opaque)
 #endif
     /* Only now accept clients from network */
     virNetServerUpdateServices(srv, true);
- cleanup:
+cleanup:
     daemonInhibitCallback(false, srv);
     virObjectUnref(srv);
     virObjectUnref(sysident);
@@ -1153,9 +1139,31 @@ int main(int argc, char **argv) {
         exit(EXIT_FAILURE);
     }
 
-    virUpdateSelfLastChanged(argv[0]);
-
-    virFileActivateDirOverride(argv[0]);
+    if (strstr(argv[0], "lt-libvirtd") ||
+        strstr(argv[0], "/daemon/.libs/libvirtd")) {
+        char *tmp = strrchr(argv[0], '/');
+        if (!tmp) {
+            fprintf(stderr, _("%s: cannot identify driver directory\n"), argv[0]);
+            exit(EXIT_FAILURE);
+        }
+        *tmp = '\0';
+        char *driverdir;
+        if (virAsprintfQuiet(&driverdir, "%s/../../src/.libs", argv[0]) < 0) {
+            fprintf(stderr, _("%s: initialization failed\n"), argv[0]);
+            exit(EXIT_FAILURE);
+        }
+        if (access(driverdir, R_OK) < 0) {
+            fprintf(stderr, _("%s: expected driver directory '%s' is missing\n"),
+                    argv[0], driverdir);
+            exit(EXIT_FAILURE);
+        }
+        virLockManagerSetPluginDir(driverdir);
+#ifdef WITH_DRIVER_MODULES
+        virDriverModuleInitialize(driverdir);
+#endif
+        *tmp = '/';
+        /* Must not free 'driverdir' - it is still used */
+    }
 
     while (1) {
         int optidx = 0;
@@ -1279,10 +1287,8 @@ int main(int argc, char **argv) {
     }
 
     if (!pid_file &&
-        virPidFileConstructPath(privileged,
-                                LOCALSTATEDIR,
-                                "libvirtd",
-                                &pid_file) < 0) {
+        daemonPidFilePath(privileged,
+                          &pid_file) < 0) {
         VIR_ERROR(_("Can't determine pid file path."));
         exit(EXIT_FAILURE);
     }
@@ -1343,7 +1349,7 @@ int main(int argc, char **argv) {
     umask(old_umask);
 
     /* Try to claim the pidfile, exiting if we can't */
-    if ((pid_file_fd = virPidFileAcquirePath(pid_file, false, getpid())) < 0) {
+    if ((pid_file_fd = virPidFileAcquirePath(pid_file, getpid())) < 0) {
         ret = VIR_DAEMON_ERR_PIDFILE;
         goto cleanup;
     }
@@ -1357,7 +1363,6 @@ int main(int argc, char **argv) {
                                 config->max_workers,
                                 config->prio_workers,
                                 config->max_clients,
-                                config->max_anonymous_clients,
                                 config->keepalive_interval,
                                 config->keepalive_count,
                                 !!config->keepalive_required,
@@ -1512,7 +1517,7 @@ int main(int argc, char **argv) {
     virHookCall(VIR_HOOK_DRIVER_DAEMON, "-", VIR_HOOK_DAEMON_OP_SHUTDOWN,
                 0, "shutdown", NULL, NULL);
 
- cleanup:
+cleanup:
     virNetlinkEventServiceStopAll();
     virObjectUnref(remoteProgram);
     virObjectUnref(lxcProgram);
@@ -1541,8 +1546,7 @@ int main(int argc, char **argv) {
 
     daemonConfigFree(config);
 
-    if (driversInitialized)
-        virStateCleanup();
+    virStateCleanup();
 
     return ret;
 }

daemon/libvirtd.conf

@@ -48,10 +48,6 @@
 # Override the default configuration which binds to all network
 # interfaces. This can be a numeric IPv4/6 address, or hostname
 #
-# If the libvirtd service is started in parallel with network
-# startup (e.g. with systemd), binding to addresses other than
-# the wildcards (0.0.0.0/::) might not be available yet.
-#
 #listen_addr = "192.168.0.1"
 
 
@@ -67,7 +63,7 @@
 # unique on the immediate broadcast network.
 #
 # The default is "Virtualization Host HOSTNAME", where HOSTNAME
-# is substituted for the short hostname of the machine (without domain)
+# is subsituted for the short hostname of the machine (without domain)
 #
 #mdns_name = "Virtualization Host Joe Demo"
 
@@ -77,11 +73,6 @@
 # UNIX socket access controls
 #
 
-# Beware that if you are changing *any* of these options, and you use
-# socket activation with systemd, you need to adjust the settings in
-# the libvirtd.socket file as well since it could impose a security
-# risk if you rely on file permission checking only.
-
 # Set the UNIX domain socket group ownership. This can be used to
 # allow a 'trusted' set of users access to management capabilities
 # without becoming root.
@@ -92,8 +83,8 @@
 # Set the UNIX socket permissions for the R/O socket. This is used
 # for monitoring VM status only
 #
-# Default allows any user. If setting group ownership, you may want to
-# restrict this too.
+# Default allows any user. If setting group ownership may want to
+# restrict this to:
 #unix_sock_ro_perms = "0777"
 
 # Set the UNIX socket permissions for the R/W socket. This is used
@@ -103,7 +94,7 @@
 # the default will change to allow everyone (eg, 0777)
 #
 # If not using PolicyKit and setting group ownership for access
-# control, then you may want to relax this too.
+# control then you may want to relax this to:
 #unix_sock_rw_perms = "0770"
 
 # Set the name of the directory in which sockets will be found/created.
@@ -122,7 +113,7 @@
 #  - sasl: use SASL infrastructure. The actual auth scheme is then
 #          controlled from /etc/sasl2/libvirt.conf. For the TCP
 #          socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
-#          For non-TCP or TLS sockets, any scheme is allowed.
+#          For non-TCP or TLS sockets,  any scheme is allowed.
 #
 #  - polkit: use PolicyKit to authenticate. This is only suitable
 #            for use on the UNIX sockets. The default policy will
@@ -225,7 +216,7 @@
 #tls_no_verify_certificate = 1
 
 
-# A whitelist of allowed x509 Distinguished Names
+# A whitelist of allowed x509  Distinguished Names
 # This list may contain wildcards such as
 #
 #    "C=GB,ST=London,L=London,O=Red Hat,CN=*"
@@ -264,7 +255,7 @@
 
 # The maximum number of concurrent client connections to allow
 # over all sockets combined.
-#max_clients = 5000
+#max_clients = 20
 
 # The maximum length of queue of connections waiting to be
 # accepted by the daemon. Note, that some protocols supporting
@@ -272,10 +263,6 @@
 # connection succeeds.
 #max_queued_clients = 1000
 
-# The maximum length of queue of accepted but not yet not
-# authenticated clients. The default value is zero, meaning
-# the feature is disabled.
-#max_anonymous_clients = 20
 
 # The minimum limit sets the number of workers to start up
 # initially. If the number of active clients exceeds this,
@@ -287,13 +274,13 @@
 
 
 # The number of priority workers. If all workers from above
-# pool are stuck, some calls marked as high priority
+# pool will stuck, some calls marked as high priority
 # (notably domainDestroy) can be executed in this pool.
 #prio_workers = 5
 
 # Total global limit on concurrent RPC calls. Should be
 # at least as large as max_workers. Beyond this, RPC requests
-# will be read into memory and queued. This directly impacts
+# will be read into memory and queued. This directly impact
 # memory usage, currently each request requires 256 KB of
 # memory. So by default up to 5 MB of memory is used
 #
@@ -314,10 +301,6 @@
 
 # Logging level: 4 errors, 3 warnings, 2 information, 1 debug
 # basically 1 will log everything possible
-# Note: Journald may employ rate limiting of the messages logged
-# and thus lock up the libvirt daemon. To use the debug level with
-# journald you have to specify it explicitly in 'log_outputs', otherwise
-# only information level messages will be logged.
 #log_level = 3
 
 # Logging filters:
@@ -335,7 +318,7 @@
 #    3: WARNING
 #    4: ERROR
 #
-# Multiple filters can be defined in a single @filters, they just need to be
+# Multiple filter can be defined in a single @filters, they just need to be
 # separated by spaces.
 #
 # e.g. to only get warning or errors from the remote layer and only errors
@@ -351,24 +334,22 @@
 #      use syslog for the output and use the given name as the ident
 #    x:file:file_path
 #      output to a file, with the given filepath
-#    x:journald
-#      output to journald logging system
 # In all case the x prefix is the minimal level, acting as a filter
 #    1: DEBUG
 #    2: INFO
 #    3: WARNING
 #    4: ERROR
 #
-# Multiple outputs can be defined, they just need to be separated by spaces.
+# Multiple output can be defined, they just need to be separated by spaces.
 # e.g. to log all warnings and errors to syslog under the libvirtd ident:
 #log_outputs="3:syslog:libvirtd"
 #
 
-# Log debug buffer size:
-#
-# This configuration option is no longer used, since the global
-# log buffer functionality has been removed. Please configure
-# suitable log_outputs/log_filters settings to obtain logs.
+# Log debug buffer size: default 64
+# The daemon keeps an internal debug log buffer which will be dumped in case
+# of crash or upon receiving a SIGUSR2 signal. This setting allows to override
+# the default buffer size in kilobytes.
+# If value is 0 or less the debug log buffer is deactivated
 #log_buffer_size = 64
 
 
@@ -406,7 +387,7 @@
 ###################################################################
 # Keepalive protocol:
 # This allows libvirtd to detect broken client connections or even
-# dead clients.  A keepalive message is sent to a client after
+# dead client.  A keepalive message is sent to a client after
 # keepalive_interval seconds of inactivity to check if the client is
 # still responding; keepalive_count is a maximum number of keepalive
 # messages that are allowed to be sent to the client without getting
@@ -415,7 +396,7 @@
 # keepalive_interval * (keepalive_count + 1) seconds since the last
 # message received from the client.  If keepalive_interval is set to
 # -1, libvirtd will never send keepalive requests; however clients
-# can still send them and the daemon will send responses.  When
+# can still send them and the deamon will send responses.  When
 # keepalive_count is set to 0, connections will be automatically
 # closed after keepalive_interval seconds of inactivity without
 # sending any keepalive messages.

daemon/libvirtd.h

@@ -1,7 +1,7 @@
 /*
  * libvirtd.h: daemon data structure definitions
  *
- * Copyright (C) 2006-2014 Red Hat, Inc.
+ * Copyright (C) 2006-2013 Red Hat, Inc.
  * Copyright (C) 2006 Daniel P. Berrange
  *
  * This library is free software; you can redistribute it and/or
@@ -32,6 +32,7 @@
 # include "remote_protocol.h"
 # include "lxc_protocol.h"
 # include "qemu_protocol.h"
+# include "virlog.h"
 # include "virthread.h"
 # if WITH_SASL
 #  include "virnetsaslcontext.h"
@@ -42,20 +43,13 @@ typedef struct daemonClientStream daemonClientStream;
 typedef daemonClientStream *daemonClientStreamPtr;
 typedef struct daemonClientPrivate daemonClientPrivate;
 typedef daemonClientPrivate *daemonClientPrivatePtr;
-typedef struct daemonClientEventCallback daemonClientEventCallback;
-typedef daemonClientEventCallback *daemonClientEventCallbackPtr;
 
 /* Stores the per-client connection state */
 struct daemonClientPrivate {
     /* Hold while accessing any data except conn */
     virMutex lock;
 
-    daemonClientEventCallbackPtr *domainEventCallbacks;
-    size_t ndomainEventCallbacks;
-    daemonClientEventCallbackPtr *networkEventCallbacks;
-    size_t nnetworkEventCallbacks;
-    daemonClientEventCallbackPtr *qemuEventCallbacks;
-    size_t nqemuEventCallbacks;
+    int domainEventCallbackID[VIR_DOMAIN_EVENT_ID_LAST];
 
 # if WITH_SASL
     virNetSASLSessionPtr sasl;

daemon/libvirtd.init.in

@@ -9,11 +9,9 @@
 # Should-Start: $named
 # Should-Start: xend
 # Should-Start: avahi-daemon
-# Should-Start: virtlockd
 # Required-Stop: $network messagebus
 # Should-Stop: $named
 # Default-Start: 3 4 5
-# Default-Stop: 0 1 2 6
 # Short-Description: daemon for libvirt virtualization API
 # Description: This is a daemon for managing guest instances
 #              and libvirt virtual networks

daemon/libvirtd.service.in

@@ -1,15 +1,16 @@
+# NB we don't use socket activation. When libvirtd starts it will
+# spawn any virtual machines registered for autostart. We want this
+# to occur on every boot, regardless of whether any client connects
+# to a socket. Thus socket activation doesn't have any benefit
+
 [Unit]
 Description=Virtualization daemon
 Before=libvirt-guests.service
 After=network.target
 After=dbus.service
 After=iscsid.service
-After=apparmor.service
-Documentation=man:libvirtd(8)
-Documentation=http://libvirt.org
 
 [Service]
-Type=notify
 EnvironmentFile=-/etc/sysconfig/libvirtd
 ExecStart=@sbindir@/libvirtd $LIBVIRTD_ARGS
 ExecReload=/bin/kill -HUP $MAINPID

daemon/libvirtd.socket.in

@@ -1,11 +0,0 @@
-[Socket]
-ListenStream=@runstatedir@/libvirt/libvirt-sock
-ListenStream=@runstatedir@/libvirt/libvirt-sock-ro
-
-; The following settings must match libvirtd.conf file in order to
-; work as expected because libvirtd can't change them later.
-; SocketMode=0777 is safe only if authentication on the socket is set
-; up.  For further information, please see the libvirtd.conf file.
-SocketMode=0777
-SocketUser=root
-SocketGroup=root

daemon/libvirtd.sysconf

@@ -20,14 +20,5 @@
 #
 #SDL_AUDIODRIVER=pulse
 
-# Override the maximum number of opened files.
-# This only works with traditional init scripts.
-# In the systemd world, the limit can only be changed by overriding
-# LimitNOFILE for libvirtd.service. To do that, just create a *.conf
-# file in /etc/systemd/system/libvirtd.service.d/ (for example
-# /etc/systemd/system/libvirtd.service.d/openfiles.conf) and write
-# the following two lines in it:
-#   [Service]
-#   LimitNOFILE=2048
-#
+# Override the maximum number of opened files
 #LIBVIRTD_NOFILES_LIMIT=2048

daemon/stream.c

@@ -1,7 +1,7 @@
 /*
  * stream.c: APIs for managing client streams
  *
- * Copyright (C) 2009-2014 Red Hat, Inc.
+ * Copyright (C) 2009, 2011 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -32,8 +32,6 @@
 
 #define VIR_FROM_THIS VIR_FROM_STREAMS
 
-VIR_LOG_INIT("daemon.stream");
-
 struct daemonClientStream {
     daemonClientPrivatePtr priv;
     int refs;
@@ -260,7 +258,7 @@ daemonStreamEvent(virStreamPtr st, int events, void *opaque)
         daemonStreamUpdateEvents(stream);
     }
 
- cleanup:
+cleanup:
     virMutexUnlock(&priv->lock);
 }
 
@@ -301,7 +299,7 @@ daemonStreamFilter(virNetServerClientPtr client ATTRIBUTE_UNUSED,
     daemonStreamUpdateEvents(stream);
     ret = 1;
 
- cleanup:
+cleanup:
     virMutexUnlock(&stream->priv->lock);
     return ret;
 }
@@ -612,10 +610,10 @@ daemonStreamHandleAbort(virNetServerClientPtr client,
     virStreamEventRemoveCallback(stream->st);
     virStreamAbort(stream->st);
 
-    if (msg->header.status == VIR_NET_ERROR) {
+    if (msg->header.status == VIR_NET_ERROR)
         virReportError(VIR_ERR_RPC,
                        "%s", _("stream aborted at client request"));
-    } else {
+    else {
         VIR_WARN("unexpected stream status %d", msg->header.status);
         virReportError(VIR_ERR_RPC,
                        _("stream aborted with unexpected status %d"),

daemon/test_libvirtd.aug.in

@@ -34,9 +34,8 @@ module Test_libvirtd =
              { "1" = "joe@EXAMPLE.COM" }
              { "2" = "fred@EXAMPLE.COM" }
         }
-        { "max_clients" = "5000" }
+        { "max_clients" = "20" }
         { "max_queued_clients" = "1000" }
-        { "max_anonymous_clients" = "20" }
         { "min_workers" = "5" }
         { "max_workers" = "20" }
         { "prio_workers" = "5" }

docs/aclpolkit.html.in

@@ -303,7 +303,7 @@
     </p>
 
 
-    <h2><a name="checks">Writing access control policies</a></h2>
+    <h2><a name="checks">Writing acces control policies</a></h2>
 
     <p>
       If using versions of polkit prior to 0.106 then it is only

docs/api.html.in

@@ -159,10 +159,6 @@
         </ul>
       </li>
     </ul>
-    <p>Note: functions returning vir*Ptr (like the virDomainLookup functions)
-    allocate memory which needs to be freed by the caller by the corresponding
-    vir*Free function (e.g. virDomainFree for a virDomainPtr object).
-    </p>
     <p> For more in-depth details of the storage related APIs see
       <a href="storage.html">the storage management page</a>.
     </p>
@@ -211,7 +207,7 @@
     virtualization <a href="#Functions">functions</a>. Depending upon the
     driver being used, calls will be routed through the remote driver to
     the libvirtd daemon. The daemon will reference the connection specific
-    driver in order to retrieve the requested information and then pass
+    driver in order to retreive the requested information and then pass
     back status and/or data through the connection back to the application.
     The application can then decide what to do with that data, such as
     display, write log data, etc. <a href="migration.html">Migration</a>

docs/api_extension.html.in

@@ -180,13 +180,12 @@
         being called and its parameters;</li>
       <li>MUST call virResetLastError();</li>
       <li>SHOULD confirm that the connection is valid with
-        virCheckConnectReturn() or virCheckConnectGoto();</li>
+        VIR_IS_CONNECT(conn);</li>
       <li><strong>SECURITY: If the API requires a connection with write
           privileges, MUST confirm that the connection flags do not
-          indicate that the connection is read-only with
-          virCheckReadOnlyGoto();</strong></li>
+          indicate that the connection is read-only;</strong></li>
       <li>SHOULD do basic validation of the parameters that are being
-        passed in, using helpers like virCheckNonNullArgGoto();</li>
+        passed in;</li>
       <li>MUST confirm that the driver for this connection exists and that
         it implements this function;</li>
       <li>MUST call the internal API;</li>

docs/apibuild.py

@@ -926,7 +926,7 @@ class CParser:
                 if i < len(l) and l[i] == ' ':
                     i = i + 1
                 l = l[i:]
-            if len(l) >= 6 and l[0:7] == "Returns":
+            if len(l) >= 6 and  l[0:7] == "returns" or l[0:7] == "Returns":
                 try:
                     l = string.split(l, ' ', 1)[1]
                 except:
@@ -1312,7 +1312,7 @@ class CParser:
         name = None
         self.comment = None
         comment = ""
-        value = "-1"
+        value = "0"
         while token is not None:
             if token[0] == "sep" and token[1] == "{":
                 token = self.token()
@@ -1446,24 +1446,6 @@ class CParser:
 
         return token
 
-    def parseVirLogInit(self, token):
-        if token[0] != "string":
-            self.error("parsing VIR_LOG_INIT: expecting string", token)
-
-        token = self.token()
-
-        if token[0] != "sep":
-            self.error("parsing VIR_LOG_INIT: expecting ')'", token)
-
-        if token[1] != ')':
-            self.error("parsing VIR_LOG_INIT: expecting ')'", token)
-
-        token = self.token()
-        if token[0] == "sep" and token[1] == ';':
-            token = self.token()
-
-        return token
-
      #
      # Parse a C definition block, used for structs or unions it parse till
      # the balancing }
@@ -1635,18 +1617,6 @@ class CParser:
                 token = ("name", "virenumimpl")
             return token
 
-        elif token[0] == "name" and token[1] == "VIR_LOG_INIT":
-            token = self.token()
-            if token is not None and token[0] == "sep" and token[1] == "(":
-                token = self.token()
-                token = self.parseVirLogInit(token)
-            else:
-                self.error("parsing VIR_LOG_INIT: expecting '('", token)
-            if token is not None:
-                self.lexer.push(token)
-                token = ("name", "virloginit")
-            return token
-
         elif token[0] == "name":
             if self.type == "":
                 self.type = token[1]

docs/apps.html.in

@@ -103,19 +103,6 @@
         in a virtual machine.  It prints out a list of facts about the
         virtual machine, derived from heuristics.
       </dd>
-      <dt><a href="http://sourceware.org/systemtap/">stap</a></dt>
-      <dd>
-        SystemTap is a tool used to gather rich information about a running
-        system through the use of scripts. Starting from v2.4, the front-end
-        application stap can use libvirt to gather data within virtual
-        machines.
-      </dd>
-      <dt><a href="https://github.com/pradels/vagrant-libvirt/">vagrant-libvirt</a></dt>
-      <dd>
-        Vagrant-Libvirt is a Vagrant plugin that uses libvirt to manage virtual
-        machines. It is a command line tool for developers that makes it very
-        fast and easy to deploy and re-deploy an environment of vm's.
-      </dd>
     </dl>
 
     <h2><a name="configmgmt">Configuration Management</a></h2>
@@ -283,24 +270,19 @@
         host, and there is a subproject to allow merging changes into the
         Windows Registry in Windows guests.
       </dd>
-
-      <dt><a href="http://sandbox.libvirt.org">libvirt-sandbox</a></dt>
-      <dd>
-        A library and command line tools for simplifying the creation of
-        application sandboxes using virtualization technology. It currently
-        supports either KVM, QEMU or LXC as backends. Integration with
-        systemd facilitates sandboxing of system services like apache.
-      </dd>
-      <dt><a href="https://github.com/ohadlevy/virt#readme">Ruby
-          Libvirt Object bindings</a></dt>
-      <dd>
-        Allows using simple ruby objects to manipulate
-        hypervisors, guests, storage, network etc.  It is
-        based on top of
-        the <a href="http://libvirt.org/ruby">native ruby bindings</a>.
-      </dd>
     </dl>
 
+        <dl>
+            <dt><a href="https://github.com/ohadlevy/virt#readme">Ruby
+            Libvirt Object bindings</a></dt>
+            <dd>
+                Allows using simple ruby objects to manipulate
+                hypervisors, guests, storage, network etc.  It is
+                based on top of
+                the <a href="http://libvirt.org/ruby">native ruby
+                bindings</a>.
+            </dd>
+        </dl>
     <h2><a name="livecd">LiveCD / Appliances</a></h2>
 
     <dl>
@@ -399,15 +381,6 @@
         with FreeIPA for Kerberos authentication, and in the future,
         certificate management.
       </dd>
-      <dt><a href="http://ispsystem.com/en/software/vmmanager">VMmanager</a></dt>
-      <dd>
-        VMmanager is a software solution for virtualization management
-        that can be used both for hosting virtual machines and
-        building a cloud.  VMmanager can manage not only one server,
-        but a large cluster of hypervisors.  It delivers a number of
-        functions, such as live migration that allows for load
-        balancing between cluster nodes, monitoring CPU, memory.
-      </dd>
     </dl>
 
     <h2><a name="mobile">Mobile applications</a></h2>

docs/auditlog.html.in

@@ -1,356 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Audit log</h1>
-
-    <ul id="toc"></ul>
-
-    <h2><a name="intro">Introduction</a></h2>
-
-    <p>
-      A number of the libvirt virtualization drivers (QEMU/KVM and LXC) include
-      support for logging details of important operations to the host's audit
-      subsystem. This provides administrators / auditors with a canonical historical
-      record of changes to virtual machines' / containers' lifecycle states and
-      their configuration. On hosts which are running the Linux audit daemon,
-      the logs will usually end up in <code>/var/log/audit/audit.log</code>
-    </p>
-
-    <h2><a name="config">Configuration</a></h2>
-
-    <p>
-      The libvirt audit integration is enabled by default on any host which has
-      the Linux audit subsystem active, and disabled otherwise. It is possible
-      to alter this behaviour in the <code>/etc/libvirt/libvirtd.conf</code>
-      configuration file, via the <code>audit_level</code> parameter
-    </p>
-
-    <ul>
-      <li><code>audit_level=0</code> - libvirt auditing is disabled regardless
-        of host audit subsystem enablement.</li>
-      <li><code>audit_level=1</code> - libvirt auditing is enabled if the host
-        audit subsystem is enabled, otherwise it is disabled. This is the
-        default behaviour.</li>
-      <li><code>audit_level=2</code> - libvirt auditing is enabled regardless
-        of host audit subsystem enablement. If the host audit subsystem is
-        disabled, then libvirtd will refuse to complete startup and exit with
-        an error.</li>
-    </ul>
-
-    <p>
-      In addition to have formal messages sent to the audit subsystem it is
-      possible to tell libvirt to inject messages into its own logging
-      layer. This will result in messages ending up in the systemd journal
-      or <code>/var/log/libvirt/libivrtd.log</code> on non-systemd hosts.
-      This is disabled by default, but can be requested by setting the
-      <code>audit_logging=1</code> configuration parameter in the same file
-      mentioned above.
-    </p>
-
-    <h2><a name="types">Message types</a></h2>
-
-    <p>
-      Libvirt defines three core audit message types each of which will
-      be described below. There are a number of common fields that will
-      be reported for all message types.
-    </p>
-
-    <dl>
-      <dt>pid</dt>
-      <dd>Process ID of the libvirtd daemon generating the audit record.</dd>
-      <dt>uid</dt>
-      <dd>User ID of the libvirtd daemon process generating the audit record.</dd>
-      <dt>subj</dt>
-      <dd>Security context of the libvirtd daemon process generating the audit record.</dd>
-      <dt>msg</dt>
-      <dd>String containing a list of key=value pairs specific to the type of audit record being reported.</dd>
-    </dl>
-
-    <p>
-      Some fields in the <code>msg</code> string are common to audit records
-    </p>
-
-    <dl>
-      <dt>virt</dt>
-      <dd>Type of virtualization driver used. One of <code>qemu</code> or <code>lxc</code></dd>
-      <dt>vm</dt>
-      <dd>Host driver unique name of the guest</dd>
-      <dt>uuid</dt>
-      <dd>Globally unique identifier for the guest</dd>
-      <dt>exe</dt>
-      <dd>Path of the libvirtd daemon</dd>
-      <dt>hostname</dt>
-      <dd>Currently unused</dd>
-      <dt>addr</dt>
-      <dd>Currently unused</dd>
-      <dt>terminal</dt>
-      <dd>Currently unused</dd>
-      <dt>res</dt>
-      <dd>Result of the action, either <code>success</code> or <code>failed</code></dd>
-    </dl>
-
-    <h3><a name="typecontrol">VIRT_CONTROL</a></h3>
-
-    <p>
-      Reports change in the lifecycle state of a virtual machine. The <code>msg</code>
-      field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt>op</dt>
-      <dd>Type of operation performed. One of <code>start</code>, <code>stop</code> or <code>init</code></dd>
-      <dt>reason</dt>
-      <dd>The reason which caused the operation to happen</dd>
-      <dt>vm-pid</dt>
-      <dd>ID of the primary/leading process associated with the guest</dd>
-      <dt>init-pid</dt>
-      <dd>ID of the <code>init</code> process in a container. Only if <code>op=init</code> and <code>virt=lxc</code></dd>
-      <dt>pid-ns</dt>
-      <dd>Namespace ID of the <code>init</code> process in a container. Only if <code>op=init</code> and <code>virt=lxc</code></dd>
-    </dl>
-
-    <h3><a name="typemachine">VIRT_MACHINE_ID</a></h3>
-
-    <p>
-      Reports the association of a security context with a guest. The <code>msg</code>
-      field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt>model</dt>
-      <dd>The security driver type. One of <code>selinux</code> or <code>apparmor</code></dd>
-      <dt>vm-ctx</dt>
-      <dd>Security context for the guest process</dd>
-      <dt>img-ctx</dt>
-      <dd>Security context for the guest disk images and other assigned host resources</dd>
-    </dl>
-
-    <h3><a name="typeresource">VIRT_RESOURCE</a></h3>
-
-    <p>
-      Reports the usage of a host resource by a guest. The fields include will
-      vary according to the type of device being reported. When the guest is
-      initially booted records will be generated for all assigned resources.
-      If any changes are made to the running guest configuration, for example
-      hotplug devices, or adjust resources allocation, further records will
-      be generated.
-    </p>
-
-    <h4><a name="typeresourcevcpu">Virtual CPU</a></h4>
-
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt>reason</dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt>resrc</dt>
-      <dd>The type of resource assigned. Set to <code>vcpu</code></dd>
-      <dt>old-vcpu</dt>
-      <dd>Original vCPU count, or 0</dd>
-      <dt>new-vcpu</dt>
-      <dd>Updated vCPU count</dd>
-    </dl>
-
-
-    <h4><a name="typeresourcemem">Memory</a></h4>
-
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt>reason</dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt>resrc</dt>
-      <dd>The type of resource assigned. Set to <code>mem</code></dd>
-      <dt>old-mem</dt>
-      <dd>Original memory size in bytes, or 0</dd>
-      <dt>new-mem</dt>
-      <dd>Updated memory size in bytes</dd>
-    </dl>
-
-    <h4><a name="typeresourcedisk">Disk</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt>reason</dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt>resrc</dt>
-      <dd>The type of resource assigned. Set to <code>disk</code></dd>
-      <dt>old-disk</dt>
-      <dd>Original host file or device path acting as the disk backing file</dd>
-      <dt>new-disk</dt>
-      <dd>Updated host file or device path acting as the disk backing file</dd>
-    </dl>
-
-    <h4><a name="typeresourcenic">Network interface</a></h4>
-
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt>reason</dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt>resrc</dt>
-      <dd>The type of resource assigned. Set to <code>net</code></dd>
-      <dt>old-net</dt>
-      <dd>Original MAC address of the guest network interface</dd>
-      <dt>new-net</dt>
-      <dd>Updated MAC address of the guest network interface</dd>
-    </dl>
-
-    <p>
-      If there is a host network interface associated with the guest NIC then
-      further records may be generated
-    </p>
-
-    <dl>
-      <dt>reason</dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt>resrc</dt>
-      <dd>The type of resource assigned. Set to <code>net</code></dd>
-      <dt>net</dt>
-      <dd>MAC address of the host network interface</dd>
-      <dt>rdev</dt>
-      <dd>Name of the host network interface</dd>
-    </dl>
-
-    <h4><a name="typeresourcefs">Filesystem</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt>reason</dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt>resrc</dt>
-      <dd>The type of resource assigned. Set to <code>fs</code></dd>
-      <dt>old-fs</dt>
-      <dd>Original host directory, file or device path backing the filesystem </dd>
-      <dt>new-fs</dt>
-      <dd>Updated host directory, file or device path backing the filesystem</dd>
-    </dl>
-
-    <h4><a name="typeresourcehost">Host device</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt>reason</dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt>resrc</dt>
-      <dd>The type of resource assigned. Set to <code>hostdev</code> or <code>dev</code></dd>
-      <dt>dev</dt>
-      <dd>The unique bus identifier of the USB, PCI or SCSI device, if <code>resrc=dev</code></dd>
-      <dt>disk</dt>
-      <dd>The path of the block device assigned to the guest, if <code>resrc=hostdev</code></dd>
-      <dt>chardev</dt>
-      <dd>The path of the character device assigned to the guest, if <code>resrc=hostdev</code></dd>
-    </dl>
-
-    <h4><a name="typeresourcetpm">TPM</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt>reason</dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt>resrc</dt>
-      <dd>The type of resource assigned. Set to <code>tpm</code></dd>
-      <dt>device</dt>
-      <dd>The path of the host TPM device assigned to the guest</dd>
-    </dl>
-
-    <h4><a name="typeresourcerng">RNG</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt>reason</dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt>resrc</dt>
-      <dd>The type of resource assigned. Set to <code>rng</code></dd>
-      <dt>old-rng</dt>
-      <dd>Original path of the host entropy source for the RNG</dd>
-      <dt>new-rng</dt>
-      <dd>Updated path of the host entropy source for the RNG</dd>
-    </dl>
-
-    <h4><a name="typeresourcechardev">console/serial/parallel/channel</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt>reason</dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt>resrc</dt>
-      <dd>The type of resource assigned. Set to <code>chardev</code></dd>
-      <dt>old-chardev</dt>
-      <dd>Original path of the backing character device for given emulated device</dd>
-      <dt>new-chardev</dt>
-      <dd>Updated path of the backing character device for given emulated device</dd>
-    </dl>
-
-    <h4><a name="typeresourcesmartcard">smartcard</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt>reason</dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt>resrc</dt>
-      <dd>The type of resource assigned. Set to <code>smartcard</code></dd>
-      <dt>old-smartcard</dt>
-      <dd>Original path of the backing character device, certificate store or
-          "nss-smartcard-device" for host smartcard passthrough.
-      </dd>
-      <dt>new-smartcard</dt>
-      <dd>Updated path of the backing character device, certificate store or
-          "nss-smartcard-device" for host smartcard passthrough.
-      </dd>
-    </dl>
-
-    <h4><a name="typeresourceredir">Redirected device</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt>reason</dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt>resrc</dt>
-      <dd>The type of resource assigned. Set to <code>redir</code></dd>
-      <dt>bus</dt>
-      <dd>The bus type, only <code>usb</code> allowed</dd>
-      <dt>device</dt>
-      <dd>The device type, only <code>USB redir</code> allowed</dd>
-    </dl>
-
-    <h4><a name="typeresourcecgroup">Control group</a></h4>
-
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt>reason</dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt>resrc</dt>
-      <dd>The type of resource assigned. Set to <code>cgroup</code></dd>
-      <dt>cgroup</dt>
-      <dd>The name of the cgroup controller</dd>
-    </dl>
-
-  </body>
-</html>

docs/bugs.html.in

@@ -132,7 +132,7 @@
       crash, the simplest is to run the program under gdb, reproduce the
       steps leading to the crash and then issue a gdb "bt -a" command to
       get the stack trace, attach it to the bug. Note that for the
-      data to be really useful libvirt debug information must be present
+      data to be really useful libvirt debug informations must be present
       for example by installing libvirt debuginfo package on Fedora or
       Red Hat Enterprise Linux (with debuginfo-install libvirt) prior
       to running gdb.</p>
@@ -147,11 +147,11 @@
       <pre> #  ps -o etime,pid `pgrep libvirt`
 ... note the process id from the output
 # gdb /usr/sbin/libvirtd
-.... some information about gdb and loading debug data
-(gdb) attach $the_daemon_process_id
+.... some informations about gdb and loading debug data
+(gdb) attach $the_damon_process_id
 ....
 (gdb) thread apply all bt
-.... information to attach to the bug
+.... informations to attach to the bug
 (gdb)
 </pre>
 

docs/cgroups.html.in

@@ -33,9 +33,9 @@
 
     <p>
       The LXC driver is capable of using the <code>cpuset</code>,
-      <code>cpu</code>, <code>cpuacct</code>, <code>freezer</code>,
+      <code>cpu</code>, <code>cpuset</code>, <code>freezer</code>,
       <code>memory</code>, <code>blkio</code> and <code>devices</code>
-      controllers. The <code>cpuacct</code>, <code>devices</code>
+      controllers. The <code>cpuset</code>, <code>devices</code>
       and <code>memory</code> controllers are compulsory. Without
       them mounted, no containers can be started. If any of the
       other controllers are not mounted, the resource management APIs
@@ -47,121 +47,17 @@
     <p>
       As of libvirt 1.0.5 or later, the cgroups layout created by libvirt has been
       simplified, in order to facilitate the setup of resource control policies by
-      administrators / management applications. The new layout is based on the concepts
-      of "partitions" and "consumers". A "consumer" is a cgroup which holds the
-      processes for a single virtual machine or container. A "partition" is a cgroup
-      which does not contain any processes, but can have resource controls applied.
-      A "partition" will have zero or more child directories which may be either
-      "consumer" or "partition".
-    </p>
-
-    <p>
-      As of libvirt 1.1.1 or later, the cgroups layout will have some slight
-      differences when running on a host with systemd 205 or later. The overall
-      tree structure is the same, but there are some differences in the naming
-      conventions for the cgroup directories. Thus the following docs split
-      in two, one describing systemd hosts and the other non-systemd hosts.
-    </p>
-
-    <h3><a name="currentLayoutSystemd">Systemd cgroups integration</a></h3>
-
-    <p>
-      On hosts which use systemd, each consumer maps to a systemd scope unit,
-      while partitions map to a system slice unit.
-    </p>
-
-    <h4><a name="systemdScope">Systemd scope naming</a></h4>
-
-    <p>
-      The systemd convention is for the scope name of virtual machines / containers
-      to be of the general format <code>machine-$NAME.scope</code>. Libvirt forms the
-      <code>$NAME</code> part of this by concatenating the driver type with the name
-      of the guest, and then escaping any systemd reserved characters.
-      So for a guest <code>demo</code> running under the <code>lxc</code> driver,
-      we get a <code>$NAME</code> of <code>lxc-demo</code> which when escaped is
-      <code>lxc\x2ddemo</code>. So the complete scope name is <code>machine-lxc\x2ddemo.scope</code>.
-      The scope names map directly to the cgroup directory names.
-    </p>
-
-    <h4><a name="systemdSlice">Systemd slice naming</a></h4>
-
-    <p>
-      The systemd convention for slice naming is that a slice should include the
-      name of all of its parents prepended on its own name. So for a libvirt
-      partition <code>/machine/engineering/testing</code>, the slice name will
-      be <code>machine-engineering-testing.slice</code>. Again the slice names
-      map directly to the cgroup directory names. Systemd creates three top level
-      slices by default, <code>system.slice</code> <code>user.slice</code> and
-      <code>machine.slice</code>. All virtual machines or containers created
-      by libvirt will be associated with <code>machine.slice</code> by default.
-    </p>
-
-    <h4><a name="systemdLayout">Systemd cgroup layout</a></h4>
-
-    <p>
-      Given this, a possible systemd cgroups layout involving 3 qemu guests,
-      3 lxc containers and 3 custom child slices, would be:
-    </p>
-
-    <pre>
-$ROOT
-  |
-  +- system.slice
-  |   |
-  |   +- libvirtd.service
-  |
-  +- machine.slice
-      |
-      +- machine-qemu\x2dvm1.scope
-      |   |
-      |   +- emulator
-      |   +- vcpu0
-      |   +- vcpu1
-      |
-      +- machine-qemu\x2dvm2.scope
-      |   |
-      |   +- emulator
-      |   +- vcpu0
-      |   +- vcpu1
-      |
-      +- machine-qemu\x2dvm3.scope
-      |   |
-      |   +- emulator
-      |   +- vcpu0
-      |   +- vcpu1
-      |
-      +- machine-engineering.slice
-      |   |
-      |   +- machine-engineering-testing.slice
-      |   |   |
-      |   |   +- machine-lxc\x2dcontainer1.scope
-      |   |
-      |   +- machine-engineering-production.slice
-      |       |
-      |       +- machine-lxc\x2dcontainer2.scope
-      |
-      +- machine-marketing.slice
-          |
-          +- machine-lxc\x2dcontainer3.scope
-    </pre>
-
-    <h3><a name="currentLayoutGeneric">Non-systemd cgroups layout</a></h3>
-
-    <p>
-      On hosts which do not use systemd, each consumer has a corresponding cgroup
-      named <code>$VMNAME.libvirt-{qemu,lxc}</code>. Each consumer is associated
-      with exactly one partition, which also have a corresponding cgroup usually
-      named <code>$PARTNAME.partition</code>. The exceptions to this naming rule
-      are the three top level default partitions, named <code>/system</code> (for
-      system services), <code>/user</code> (for user login sessions) and
-      <code>/machine</code> (for virtual machines and containers). By default
-      every consumer will of course be associated with the <code>/machine</code>
-      partition.
-    </p>
-
-    <p>
-      Given this, a possible systemd cgroups layout involving 3 qemu guests,
-      3 lxc containers and 2 custom child slices, would be:
+      administrators / management applications. The layout is based on the concepts of
+      "partitions" and "consumers". Each virtual machine or container is a consumer,
+      and has a corresponding cgroup named <code>$VMNAME.libvirt-{qemu,lxc}</code>.
+      Each consumer is associated with exactly one partition, which also have a
+      corresponding cgroup usually named <code>$PARTNAME.partition</code>. The
+      exceptions to this naming rule are the three top level default partitions,
+      named <code>/system</code> (for system services), <code>/user</code> (for
+      user login sessions) and <code>/machine</code> (for virtual machines and
+      containers). By default every consumer will of course be associated with
+      the <code>/machine</code> partition. This leads to a hierarchy that looks
+      like
     </p>
 
     <pre>
@@ -191,21 +87,23 @@ $ROOT
       |   +- vcpu0
       |   +- vcpu1
       |
-      +- engineering.partition
-      |   |
-      |   +- testing.partition
-      |   |   |
-      |   |   +- container1.libvirt-lxc
-      |   |
-      |   +- production.partition
-      |       |
-      |       +- container2.libvirt-lxc
+      +- container1.libvirt-lxc
       |
-      +- marketing.partition
-          |
-          +- container3.libvirt-lxc
+      +- container2.libvirt-lxc
+      |
+      +- container3.libvirt-lxc
     </pre>
 
+    <p>
+      The default cgroups layout ensures that, when there is contention for
+      CPU time, it is shared equally between system services, user sessions
+      and virtual machines / containers. This prevents virtual machines from
+      locking the administrator out of the host, or impacting execution of
+      system services. Conversely, when there is no contention from
+      system services / user sessions, it is possible for virtual machines
+      to fully utilize the host CPUs.
+    </p>
+
     <h2><a name="customPartiton">Using custom partitions</a></h2>
 
     <p>
@@ -228,55 +126,13 @@ $ROOT
   ...
     </pre>
 
-    <p>
-      Note that the partition names in the guest XML are using a
-      generic naming format, not the low level naming convention
-      required by the underlying host OS. That is, you should not include
-      any of the <code>.partition</code> or <code>.slice</code>
-      suffixes in the XML config. Given a partition name
-      <code>/machine/production</code>, libvirt will automatically
-      apply the platform specific translation required to get
-      <code>/machine/production.partition</code> (non-systemd)
-      or <code>/machine.slice/machine-production.slice</code>
-      (systemd) as the underlying cgroup name
-    </p>
-
     <p>
       Libvirt will not auto-create the cgroups directory to back
       this partition. In the future, libvirt / virsh will provide
       APIs / commands to create custom partitions, but currently
-      this is left as an exercise for the administrator.
-    </p>
-
-    <p>
-      <strong>Note:</strong> the ability to place guests in custom
-      partitions is only available with libvirt &gt;= 1.0.5, using
-      the new cgroup layout. The legacy cgroups layout described
-      later in this document did not support customization per guest.
-    </p>
-
-    <h3><a name="createSystemd">Creating custom partitions (systemd)</a></h3>
-
-    <p>
-      Given the XML config above, the admin on a systemd based host would
-      need to create a unit file <code>/etc/systemd/system/machine-production.slice</code>
-    </p>
-
-    <pre>
-# cat &gt; /etc/systemd/system/machine-testing.slice &lt;&lt;EOF
-[Unit]
-Description=VM testing slice
-Before=slices.target
-Wants=machine.slice
-EOF
-# systemctl start machine-testing.slice
-    </pre>
-
-    <h3><a name="createNonSystemd">Creating custom partitions (non-systemd)</a></h3>
-
-    <p>
-      Given the XML config above, the admin on a non-systemd based host
-      would need to create a cgroup named '/machine/production.partition'
+      this is left as an exercise for the administrator. For
+      example, given the XML config above, the admin would need
+      to create a cgroup named '/machine/production.partition'
     </p>
 
     <pre>
@@ -291,6 +147,18 @@ EOF
   done
 </pre>
 
+    <p>
+      <strong>Note:</strong> the cgroups directory created as a ".partition"
+      suffix, but the XML config does not require this suffix.
+    </p>
+
+    <p>
+      <strong>Note:</strong> the ability to place guests in custom
+      partitions is only available with libvirt &gt;= 1.0.5, using
+      the new cgroup layout. The legacy cgroups layout described
+      later did not support customization per guest.
+    </p>
+
     <h2><a name="resourceAPIs">Resource management APIs/commands</a></h2>
 
     <p>

docs/downloads.html.in

@@ -22,9 +22,7 @@
     <p>
       Once an hour, an automated snapshot is made from the git server
       source tree. These snapshots should be usable, but we make no guarantees
-      about their stability; furthermore, they should NOT be
-      considered formal releases, and they may have transient security
-      problems that will not be assigned a CVE.
+      about their stability:
     </p>
 
     <ul>
@@ -32,28 +30,6 @@
       <li><a href="http://libvirt.org/sources/libvirt-git-snapshot.tar.gz">libvirt.org HTTP server</a></li>
     </ul>
 
-    <h2><a name="maintenance">Maintenance releases</a></h2>
-    <p>
-      In the git repository are several stable maintenance branches,
-      matching the
-      pattern <code>v<i>major</i>.<i>minor</i>.<i>micro</i>-maint</code>;
-      these branches are forked off the corresponding
-      <code>v<i>major</i>.<i>minor</i>.<i>micro</i></code> formal
-      release, and may have further releases of the
-      form <code>v<i>major</i>.<i>minor</i>.<i>micro</i>.<i>rel</i></code>.
-      These maintenance branches should only contain bug fixes, and no
-      new features, backported from the master branch, and are
-      supported as long as at least one downstream distribution
-      expresses interest in a given branch.  These maintenance
-      branches are considered during CVE analysis.
-    </p>
-
-    <p>
-      For more details about contents of maintenance releases, see
-      <a href="http://wiki.libvirt.org/page/Maintenance_Releases">the
-      wiki page</a>.
-    </p>
-
     <h2><a name="git">GIT source repository</a></h2>
 
     <p>

docs/drivers.html.in

@@ -33,7 +33,6 @@
       <li><strong><a href="drvhyperv.html">Microsoft Hyper-V</a></strong></li>
       <li><strong><a href="drvphyp.html">IBM PowerVM (phyp)</a></strong></li>
       <li><strong><a href="drvparallels.html">Parallels</a></strong></li>
-      <li><strong><a href="drvbhyve.html">Bhyve</a></strong> - The BSD Hypervisor</li>
     </ul>
 
     <h2><a name="storage">Storage drivers</a></h2>

docs/drvbhyve.html.in

@@ -1,161 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Bhyve driver</h1>
-
-    <ul id="toc"></ul>
-
-<p>
-Bhyve is a FreeBSD hypervisor. It first appeared in FreeBSD 10.0. However, it's
-recommended to keep tracking FreeBSD 10-STABLE to make sure all new features
-of bhyve are supported.
-
-In order to enable bhyve on your FreeBSD host, you'll need to load the <code>vmm</code>
-kernel module. Additionally, <code>if_tap</code> and <code>if_bridge</code> modules
-should be loaded for networking support.
-</p>
-
-<p>
-Additional information on bhyve could be obtained on <a href="http://bhyve.org/">bhyve.org</a>.
-</p>
-
-<h2><a name="uri">Connections to the Bhyve driver</a></h2>
-<p>
-The libvirt bhyve driver is a single-instance privileged driver. Some sample
-connection URIs are:
-</p>
-
-<pre>
-bhyve:///system                     (local access)
-bhyve+unix:///system                (local access)
-bhyve+ssh://root@example.com/system (remote access, SSH tunnelled)
-</pre>
-
-<h2><a name="exconfig">Example guest domain XML configurations</a></h2>
-
-<h3>Example config</h3>
-<p>
-The bhyve driver in libvirt is in its early stage and under active development. So it supports
-only limited number of features bhyve provides. All the supported features could be found
-in this sample domain XML.
-</p>
-
-<p>
-Note: in older libvirt versions, only a single network device and a single
-disk device were supported per-domain. However,
-<span class="since">since 1.2.6</span> the libvirt bhyve driver supports
-up to 31 PCI devices.
-</p>
-
-<pre>
-&lt;domain type='bhyve'&gt;
-  &lt;name&gt;bhyve&lt;/name&gt;
-  &lt;uuid&gt;df3be7e7-a104-11e3-aeb0-50e5492bd3dc&lt;/uuid&gt;
-    &lt;memory&gt;219136&lt;/memory&gt;
-    &lt;currentMemory&gt;219136&lt;/currentMemory&gt;
-    &lt;vcpu&gt;1&lt;/vcpu&gt;
-    &lt;os&gt;
-       &lt;type&gt;hvm&lt;/type&gt;
-    &lt;/os&gt;
-    &lt;features&gt;
-      &lt;apic/&gt;
-      &lt;acpi/&gt;
-    &lt;/features&gt;
-    &lt;clock offset='utc'/&gt;
-    &lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;
-    &lt;on_reboot&gt;restart&lt;/on_reboot&gt;
-    &lt;on_crash&gt;destroy&lt;/on_crash&gt;
-    &lt;devices&gt;
-      &lt;disk type='file'&gt;
-        &lt;driver name='file' type='raw'/&gt;
-        &lt;source file='/path/to/bhyve_freebsd.img'/&gt;
-        &lt;target dev='hda' bus='sata'/&gt;
-      &lt;/disk&gt;
-      &lt;disk type='file' device='cdrom'&gt;
-        &lt;driver name='file' type='raw'/&gt;
-        &lt;source file='/path/to/cdrom.iso'/&gt;
-        &lt;target dev='hdc' bus='sata'/&gt;
-      &lt;/disk&gt;
-      &lt;interface type='bridge'&gt;
-        &lt;model type='virtio'/&gt;
-        &lt;source bridge="virbr0"/&gt;
-      &lt;/interface&gt;
-    &lt;/devices&gt;
-&lt;/domain&gt;
-</pre>
-
-
-<h2><a name="usage">Guest usage / management</a></h2>
-
-<h3><a name="console">Connecting to a guest console</a></h3>
-
-<p>
-Guest console connection is supported through the <code>nmdm</code> device. It could be enabled by adding
-the following to the domain XML (<span class="since">Since 1.2.4</span>):
-</p>
-
-<pre>
-  ...
-  &lt;devices&gt;
-    &lt;serial type="nmdm"&gt;
-      &lt;source master="/dev/nmdm0A" slave="/dev/nmdm0B"/&gt;
-    &lt;/serial&gt;
-  &lt;/devices&gt;
-  ...</pre>
-
-
-<p>Make sure to load the <code>nmdm</code> kernel module if you plan to use that.</p>
-
-<p>
-Then <code>virsh console</code> command can be used to connect to the text console
-of a guest.</p>
-
-<p><b>NB:</b> Some versions of bhyve have a bug that prevents guests from booting
-until the console is opened by a client. This bug was fixed in FreeBSD
-<a href="http://svnweb.freebsd.org/changeset/base/262884">r262884</a>. If
-an older version is used, one either has to open a console manually with <code>virsh console</code>
-to let a guest boot or start a guest using:</p>
-
-<pre>start --console domname</pre>
-
-<h3><a name="xmltonative">Converting from domain XML to Bhyve args</a></h3>
-
-<p>
-The <code>virsh domxml-to-native</code> command can preview the actual
-<code>bhyve</code> commands that will be executed for a given domain.
-It outputs two lines, the first line is a <code>bhyveload</code> command and
-the second is a <code>bhyve</code> command.
-</p>
-
-<p>Please note that the <code>virsh domxml-to-native</code> doesn't do any
-real actions other than printing the command, for example, it doesn't try to
-find a proper TAP interface and create it, like what is done when starting
-a domain; and always returns <code>tap0</code> for the network interface. So
-if you're going to run these commands manually, most likely you might want to
-tweak them.</p>
-
-<pre>
-# virsh -c "bhyve:///system"  domxml-to-native --format bhyve-argv --xml /path/to/bhyve.xml
-/usr/sbin/bhyveload -m 214 -d /home/user/vm1.img vm1
-/usr/sbin/bhyve -c 2 -m 214 -A -I -H -P -s 0:0,hostbridge -s 3:0,virtio-net,tap0,mac=52:54:00:5d:74:e3 -s 2:0,virtio-blk,/home/user/vm1.img -s 1,lpc -l com1,/dev/nmdm0A vm1
-</pre>
-
-<h3><a name="zfsvolume">Using ZFS volumes</a></h3>
-
-<p>It's possible to use ZFS volumes as disk devices <span class="since">since 1.2.8</span>.
-An example of domain XML device entry for that will look like:</p>
-
-<pre>
-  ...
-  &lt;disk type='volume' device='disk'&gt;
-    &lt;source pool='zfspool' volume='vol1'/&gt;
-    &lt;target dev='vdb' bus='virtio'/&gt;
-  &lt;/disk&gt;
-  ...</pre>
-
-<p>Please refer to the <a href="storage.html">Storage documentation</a> for more details on storage
-management.</p>
-
-  </body>
-</html>

docs/drvesx.html.in

@@ -148,7 +148,7 @@ vpx://example-vcenter.com/folder1/dc1/folder2/example-esx.com
             </td>
             <td>
                 If set to 1, this disables libcurl client checks of the server's
-                SSL certificate. The default value is 0. See the
+                SSL certificate. The default value it 0. See the
                 <a href="#certificates">Certificates for HTTPS</a> section for
                 details.
             </td>
@@ -164,7 +164,7 @@ vpx://example-vcenter.com/folder1/dc1/folder2/example-esx.com
                 If set to 1, the driver answers all
                 <a href="#questions">questions</a> with the default answer.
                 If set to 0, questions are reported as errors. The default
-                value is 0. <span class="since">Since 0.7.5</span>.
+                value it 0. <span class="since">Since 0.7.5</span>.
             </td>
         </tr>
         <tr>

docs/drvlxc.html.in

@@ -88,8 +88,6 @@ to be provided by all container technologies on Linux.
 <dd>The fixed string <code>/bin:/usr/bin</code></dd>
 <dt>TERM</dt>
 <dd>The fixed string <code>linux</code></dd>
-<dt>HOME</dt>
-<dd>The fixed string <code>/</code></dd>
 </dl>
 
 <p>
@@ -165,14 +163,6 @@ first console will be <code>/dev/tty1</code>, with further consoles
 numbered incrementally from there.
 </p>
 
-<p>
-Since /dev/ttyN and /dev/console are linked to the pts devices. The
-tty device of login program is pts device. the pam module securetty
-may prevent root user from logging in container. If you want root
-user to log in container successfully, add the pts device to the file
-/etc/securetty of container.
-</p>
-
 <p>
 Further block or character devices will be made available to containers
 depending on their configuration.
@@ -542,53 +532,6 @@ debootstrap, whatever) under /opt/vm-1-root:
 &lt;/domain&gt;
 </pre>
 
-<h2><a name="capabilities">Altering the available capabilities</a></h2>
-
-<p>
-By default the libvirt LXC driver drops some capabilities among which CAP_MKNOD.
-However <span class="since">since 1.2.6</span> libvirt can be told to keep or
-drop some capabilities using a domain configuration like the following:
-</p>
-<pre>
-...
-&lt;features&gt;
-  &lt;capabilities policy='default'&gt;
-    &lt;mknod state='on'/&gt;
-    &lt;sys_chroot state='off'/&gt;
-  &lt;/capabilities&gt;
-&lt;/features&gt;
-...
-</pre>
-<p>
-The capabilities children elements are named after the capabilities as defined in
-<code>man 7 capabilities</code>. An <code>off</code> state tells libvirt to drop the
-capability, while an <code>on</code> state will force to keep the capability even though
-this one is dropped by default.
-</p>
-<p>
-The <code>policy</code> attribute can be one of <code>default</code>, <code>allow</code>
-or <code>deny</code>. It defines the default rules for capabilities: either keep the
-default behavior that is dropping a few selected capabilities, or keep all capabilities
-or drop all capabilities. The interest of <code>allow</code> and <code>deny</code> is that
-they guarantee that all capabilities will be kept (or removed) even if new ones are added
-later.
-</p>
-<p>
-The following example, drops all capabilities but CAP_MKNOD:
-</p>
-<pre>
-...
-&lt;features&gt;
-  &lt;capabilities policy='deny'&gt;
-    &lt;mknod state='on'/&gt;
-  &lt;/capabilities&gt;
-&lt;/features&gt;
-...
-</pre>
-<p>
-Note that allowing capabilities that are normally dropped by default can seriously
-affect the security of the container and the host.
-</p>
 
 <h2><a name="usage">Container usage / management</a></h2>
 
@@ -604,7 +547,7 @@ and LXC. For further details about usage of virsh consult its
 manual page.
 </p>
 
-<h3><a name="usageSave">Defining (saving) container configuration</a></h3>
+<h3><a name="usageSave">Defining (saving) container configuration></a></h3>
 
 <p>
 The <code>virsh define</code> command takes an XML configuration
@@ -669,7 +612,7 @@ to PID 1 inside the container.
 
 <p>
 If the container does not respond to the graceful shutdown
-request, it can be forcibly stopped using the <code>virsh destroy</code>
+request, it can be forceably stopped using the <code>virsh destroy</code>
 </p>
 
 <pre>
@@ -708,25 +651,16 @@ running, this will turn it into a "transient" guest.
 
 <p>
 The <code>virsh console</code> command can be used to connect
-to the text console associated with a container.
+to the text console associated with a container. If the container
+has been configured with multiple console devices, then the
+<code>--devname</code> argument can be used to choose the
+console to connect to
 </p>
 
 <pre>
 # virsh -c lxc:/// console myguest
 </pre>
 
-<p>
-If the container has been configured with multiple console devices,
-then the <code>--devname</code> argument can be used to choose the
-console to connect to.
-In LXC, multiple consoles will be named
-as 'console0', 'console1', 'console2', etc.
-</p>
-
-<pre>
-# virsh -c lxc:/// console myguest --devname console1
-</pre>
-
 <h3><a name="usageEnter">Running commands in a container</a></h3>
 
 <p>
@@ -751,37 +685,5 @@ host
 # virt-top -c lxc:///
 </pre>
 
-<h3><a name="usageConvert">Converting LXC container configuration</a></h3>
-
-<p>
-The <code>virsh domxml-from-native</code> command can be used to convert
-most of the LXC container configuration into a domain XML fragment
-</p>
-
-<pre>
-# virsh -c lxc:/// domxml-from-native lxc-tools /var/lib/lxc/myguest/config
-</pre>
-
-<p>
-This conversion has some limitations due to the fact that the
-domxml-from-native command output has to be independent of the host. Here
-are a few things to take care of before converting:
-</p>
-
-<ul>
-<li>
-Replace the fstab file referenced by <tt>lxc.mount</tt> by the corresponding
-lxc.mount.entry lines.
-</li>
-<li>
-Replace all relative sizes of tmpfs mount entries to absolute sizes. Also
-make sure that tmpfs entries all have a size option (default is 50%).
-</li>
-<li>
-Define <tt>lxc.cgroup.memory.limit_in_bytes</tt> to properly limit the memory
-available to the container. The conversion will use 64MiB as the default.
-</li>
-</ul>
-
   </body>
 </html>

docs/drvuml.html.in

@@ -65,7 +65,7 @@ uml+ssh://root@example.com/system    (remote access, SSH tunnelled)
     </p>
 
     <p>
-      Once booted the primary console is connected to a PTY, and
+      Once booted the primary console is connected toa PTY, and
       thus accessible with "virsh console" or equivalent tools
     </p>
 

docs/firewall.html.in

@@ -142,7 +142,7 @@ MASQUERADE all  --  *      *       192.168.122.0/24    !192.168.122.0/24</pre>
     <p><a href="http://www.dmtf.org/standards/cim/cim_schema_v2230/CIM_Network.pdf">http://www.dmtf.org/standards/cim/cim_schema_v2230/CIM_Network.pdf</a></p>
     <p>The filters are managed in libvirt as a top level, standalone object.
        This allows the filters to then be referenced by any libvirt object
-       that requires their functionality, instead tying them only to use
+       that requires their functionality, instead tieing them only to use
        by guest NICs. In the current implementation, filters can be associated
        with individual guest NICs via the libvirt domain XML format. In the
        future we might allow filters to be associated with the virtual network
@@ -272,7 +272,7 @@ f5c78134-9da4-0c60-a9f0-fb37bc21ac1f  no-other-rarp-traffic
        to update them. This ensures the guests have their iptables/ebtables
        rules recreated.
     </p>
-    <p>To associate the clean-traffic filter with a guest, edit the
+    <p>To associate the clean-trafffic filter with a guest, edit the
        guest XML config and change the <code>&lt;interface&gt;</code> element
        to include a <code>&lt;filterref&gt;</code> and also specify the
        whitelisted <code>&lt;ip address/&gt;</code> the guest is allowed to

docs/formatcaps.html.in

@@ -4,147 +4,19 @@
   <body>
     <h1>Driver capabilities XML format</h1>
 
-    <ul id="toc"></ul>
-
-    <h2><a name="elements">Element and attribute overview</a></h2>
-
-    <p>As new virtualization engine support gets added to libvirt, and to
-    handle cases like QEMU supporting a variety of emulations, a query
-    interface has been added in 0.2.1 allowing to list the set of supported
-    virtualization capabilities on the host:</p>
-
-    <pre>    char * virConnectGetCapabilities (virConnectPtr conn);</pre>
-
-    <p>The value returned is an XML document listing the virtualization
-    capabilities of the host and virtualization engine to which
-    <code>@conn</code> is connected. One can test it using <code>virsh</code>
-    command line tool command '<code>capabilities</code>', it dumps the XML
-    associated to the current connection. </p>
-
-    <p>As can be seen seen in the <a href="#elementExamples">example</a>, the
-    capabilities XML consists of the <code>capabilities</code> element which
-    have exactly one <code>host</code> child element to report information on
-    host capabilities, and zero or more <code>guest</code> element to express
-    the set of architectures the host can run at the moment.</p>
-
-
-    <h3><a name="elementHost">Host capabilities</a></h3>
-
-    <p>The <code>&lt;host/&gt;</code> element consists of the following child
-    elements:</p>
-    <dl>
-      <dt><code>uuid</code></dt>
-      <dd>The host UUID.</dd>
-
-      <dt><code>cpu</code></dt>
-      <dd>The host CPU architecture and features.</dd>
-
-      <dt><code>power_management</code></dt>
-      <dd>whether host is capable of memory suspend, disk hibernation, or
-      hybrid suspend.</dd>
-
-      <dt><code>migration</code></dt>
-      <dd>This element exposes information on the hypervisor's migration
-      capabilities, like live migration, supported URI transports, and so
-      on.</dd>
-
-      <dt><code>topology</code></dt>
-      <dd>This element embodies the host internal topology. Management
-      applications may want to learn this information when orchestrating new
-      guests - e.g. due to reduce inter-NUMA node transfers.</dd>
-
-      <dt><code>secmodel</code></dt>
-      <dd>To find out default security labels for different security models you
-      need to parse this element. In contrast with the former elements, this is
-      repeated for each security model the libvirt daemon currently supports.
-      </dd>
-    </dl>
-
-
-    <h3><a name="elementGuest">Guest capabilities</a></h3>
-
-    <p>While the <a href="#elementHost">previous section</a> aims at host
-    capabilities, this one focuses on capabilities available to a guest
-    using a given hypervisor. The <code>&lt;guest/&gt;</code> element will
-    typically wrap up the following elements:</p>
-
-    <dl>
-        <dt><code>os_type</code></dt>
-        <dd>This expresses what kind of operating system the hypervisor
-        is able to run. Possible values are:
-        <dl>
-          <dt>xen</dt>
-          <dd>for XEN</dd>
-
-          <dt>linux</dt>
-          <dd>legacy alias for <code>xen</code></dd>
-
-          <dt>hvm</dt>
-          <dd>Unmodified operating system</dd>
-
-          <dt>exe</dt>
-          <dd>Container based virtualization</dd>
-
-          <dt>uml</dt>
-          <dd>User Mode Linux</dd>
-        </dl>
-        </dd>
-
-        <dt><code>arch</code></dt>
-        <dd>This element brings some information on supported guest architecture.</dd>
-
-        <dt><code>features</code></dt>
-        <dd>This optional element encases possible features that can be used
-          with a guest of described type.  Possible subelements are:
-          <dl>
-            <dt>pae</dt><dd>If present, 32-bit guests can use PAE
-              address space extensions, <span class="since">since
-              0.4.1</span></dd>
-            <dt>nonpae</dt><dd>If present, 32-bit guests can be run
-              without requiring PAE, <span class="since">since
-              0.4.1</span></dd>
-            <dt>ia64_be</dt><dd>If present, IA64 guests can be run in
-              big-endian mode, <span class="since">since 0.4.1</span></dd>
-            <dt>acpi</dt><dd>If this element is present,
-              the <code>default</code> attribute describes whether the
-              hypervisor exposes ACPI to the guest by default, and
-              the <code>toggle</code> attribute describes whether the
-              user can override this
-              default. <span class="since">Since 0.4.1</span></dd>
-            <dt>apic</dt><dd>If this element is present,
-              the <code>default</code> attribute describes whether the
-              hypervisor exposes APIC to the guest by default, and
-              the <code>toggle</code> attribute describes whether the
-              user can override this
-              default. <span class="since">Since 0.4.1</span></dd>
-            <dt>cpuselection</dt><dd>If this element is present, the
-              hypervisor supports the <code>&lt;cpu&gt;</code> element
-              within a domain definition for fine-grained control over
-              the CPU presented to the
-              guest. <span class="since">Since 0.7.5</span></dd>
-            <dt>deviceboot</dt><dd>If this element is present,
-              the <code>&lt;boot order='...'/&gt;</code> element can
-              be used inside devices, rather than the older boot
-              specification by category. <span class="since">Since
-              0.8.8</span></dd>
-            <dt>disksnapshot</dt><dd>If this element is present,
-              the <code>default</code> attribute describes whether
-              external disk snapshots are supported.  If absent,
-              external snapshots may still be supported, but it
-              requires attempting the API and checking for an error to
-              find out for sure. <span class="since">Since
-              1.2.3</span></dd>
-          </dl>
-        </dd>
-    </dl>
-
-    <h3><a name="elementExamples">Examples</a></h3>
-
-    <p>For example, in the case of a 64-bit machine with hardware
-    virtualization capabilities enabled in the chip and
-    BIOS you will see:</p>
-
-    <pre>&lt;capabilities&gt;
+        <p>As new virtualization engine support gets added to libvirt, and to handle
+cases like QEmu supporting a variety of emulations, a query interface has
+been added in 0.2.1 allowing to list the set of supported virtualization
+capabilities on the host:</p>
+        <pre>    char * virConnectGetCapabilities (virConnectPtr conn);</pre>
+        <p>The value returned is an XML document listing the virtualization
+capabilities of the host and virtualization engine to which
+<code>@conn</code> is connected. One can test it using <code>virsh</code>
+command line tool command '<code>capabilities</code>', it dumps the XML
+associated to the current connection. For example in the case of a 64 bits
+machine with hardware virtualization capabilities enabled in the chip and
+BIOS you will see</p>
+        <pre>&lt;capabilities&gt;
   <span style="color: #E50000">&lt;host&gt;
     &lt;cpu&gt;
       &lt;arch&gt;x86_64&lt;/arch&gt;
@@ -195,5 +67,30 @@
   &lt;/guest&gt;</span>
   ...
 &lt;/capabilities&gt;</pre>
+        <p>The first block (in red) indicates the host hardware
+          capabilities, such as CPU properties and the power
+          management features of the host platform.  CPU models are
+          shown as additional features relative to the closest base
+          model, within a feature block (the block is similar to what
+          you will find in a Xen fully virtualized domain
+          description). Further, the power management features
+          supported by the host are shown, such as Suspend-to-RAM (S3),
+          Suspend-to-Disk (S4) and Hybrid-Suspend (a combination of S3
+          and S4). In case the host does not support
+          any such feature, then an empty &lt;power_management/&gt;
+          tag will be shown. </p>
+        <p>The second block (in blue) indicates the paravirtualization
+          support of the Xen support, you will see the os_type of xen
+          to indicate a paravirtual kernel, then architecture
+          information and potential features.</p>
+        <p>The third block (in green) gives similar information but
+          when running a 32 bit OS fully virtualized with Xen using
+          the hvm support.</p>
+        <p>This section is likely to be updated and augmented in the
+          future,
+          see <a href="https://www.redhat.com/archives/libvir-list/2007-March/msg00215.html">the
+          discussion</a> which led to the capabilities format in the
+          mailing-list archives.</p>
+
   </body>
 </html>

docs/formatdomaincaps.html.in

@@ -1,278 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Domain capabilities XML format</h1>
-
-    <ul id="toc"></ul>
-
-    <h2><a name="Overview">Overview</a></h2>
-
-    <p>Sometimes, when a new domain is to be created it may come handy to know
-    the capabilities of the hypervisor so the correct combination of devices and
-    drivers is used. For example, when management application is considering the
-    mode for a host device's passthrough there are several options depending not
-    only on host, but on hypervisor in question too. If the hypervisor is qemu
-    then it needs to be more recent to support VFIO, while legacy KVM is
-    achievable just fine with older qemus.</p>
-
-    <p>The main difference between <code
-        class="docref">virConnectGetCapabilities</code> and the emulator
-    capabilities API is, the former one aims more on the host capabilities
-    (e.g.  NUMA topology, security models in effect, etc.) while the latter one
-    specializes on the hypervisor capabilities.</p>
-
-    <p>While the <a href="formatcaps.html">Driver Capabilities</a> provides the
-    host capabilities (e.g NUMA topology, security models in effect, etc.), the
-    Domain Capabilities provides the hypervisor specific capabilities for
-    Management Applications to query and make decisions regarding what to
-    utilize.</p>
-
-    <p>The Domain Capabilities can provide information such as the correct
-    combination of devices and drivers that are supported. Knowing which host
-    and hypervisor specific options are available or supported would allow the
-    management application to choose an appropriate mode for a pass-through
-    host device as well as which adapter to utilize.</p>
-
-    <h2><a name="elements">Element and attribute overview</a></h2>
-
-    <p> A new query interface was added to the virConnect API's to retrieve the
-    XML listing of the set of domain capabilities (<span class="since">Since
-    1.2.7</span>):</p>
-
-<pre>
-    <code class="docref">virConnectGetDomainCapabilities</code>
-</pre>
-
-    <p>The root element that emulator capability XML document starts with has
-    name <code>domainCapabilities</code>. It contains at least four direct
-    child elements:</p>
-
-<pre>
-&lt;domainCapabilities&gt;
-  &lt;path&gt;/usr/bin/qemu-system-x86_64&lt;/path&gt;
-  &lt;domain&gt;kvm&lt;/domain&gt;
-  &lt;machine&gt;pc-i440fx-2.1&lt;/machine&gt;
-  &lt;arch&gt;x86_64&lt;/arch&gt;
-  ...
-&lt;/domainCapabilities&gt;
-</pre>
-    <dl>
-      <dt>path</dt>
-      <dd>The full path to the emulator binary.</dd>
-
-      <dt>domain</dt>
-      <dd>Describes the <a href="formatdomain.html#elements">virtualization
-          type</a> (or so called domain type).</dd>
-
-      <dt>machine</dt>
-      <dd>The domain's <a href="formatdomain.html#elementsOSBIOS">machine
-          type</a>.</dd>
-
-      <dt>arch</dt>
-      <dd>The domain's <a href="formatdomain.html#elementsOSBIOS">
-          architecture</a>.</dd>
-
-    </dl>
-
-    <h3><a name="elementsCPUAllocation">CPU Allocation</a></h3>
-
-    <p>Before any devices capability occurs, there might be a info on domain
-    wide capabilities, e.g. virtual CPUs:</p>
-
-<pre>
-&lt;domainCapabilities&gt;
-  ...
-  &lt;vcpu max='255'/&gt;
-  ...
-&lt;/domainCapabilities&gt;
-</pre>
-
-    <dl>
-      <dt>vcpu</dt>
-      <dd>The maximum number of supported virtual CPUs</dd>
-    </dl>
-
-    <h3><a name="elementsOSBIOS">BIOS bootloader</a></h3>
-
-    <p>Sometimes users might want to tweak some BIOS knobs or use
-    UEFI. For cases like that, <a
-    href="formatdomain.html#elementsOSBIOS"><code>os</code></a>
-    element exposes what values can be passed to its children.</p>
-
-<pre>
-&lt;domainCapabilities&gt;
-  ...
-  &lt;os supported='yes'&gt;
-    &lt;loader supported='yes'&gt;
-      &lt;value&gt;/usr/share/OVMF/OVMF_CODE.fd&lt;/value&gt;
-      &lt;enum name='type'&gt;
-        &lt;value&gt;rom&lt;/value&gt;
-        &lt;value&gt;pflash&lt;/value&gt;
-      &lt;/enum&gt;
-      &lt;enum name='readonly'&gt;
-        &lt;value&gt;yes&lt;/value&gt;
-        &lt;value&gt;no&lt;/value&gt;
-      &lt;/enum&gt;
-    &lt;/loader&gt;
-  &lt;/os&gt;
-  ...
-&lt;domainCapabilities&gt;
-</pre>
-
-    <p>For the <code>loader</code> element, the following can occur:</p>
-
-    <dl>
-      <dt>value</dt>
-      <dd>List of known loader paths. Currently this is only used
-      to advertise known locations of OVMF binaries for qemu. Binaries
-      will only be listed if they actually exist on disk.</dd>
-
-      <dt>type</dt>
-      <dd>Whether loader is a typical BIOS (<code>rom</code>) or
-      an UEFI binary (<code>pflash</code>). This refers to
-      <code>type</code> attribute of the &lt;loader/&gt;
-      element.</dd>
-
-      <dt>readonly</dt>
-      <dd>Options for the <code>readonly</code> attribute of the
-      &lt;loader/&gt; element.</dd>
-    </dl>
-
-    <h3><a name="elementsDevices">Devices</a></h3>
-
-    <p>
-      The final set of XML elements describe the supported devices and their
-      capabilities. All devices occur as children of the main
-      <code>devices</code> element.
-    </p>
-
-<pre>
-&lt;domainCapabilities&gt;
-  ...
-  &lt;devices&gt;
-    &lt;disk supported='yes'&gt;
-      &lt;enum name='diskDevice'&gt;
-        &lt;value&gt;disk&lt;/value&gt;
-        &lt;value&gt;cdrom&lt;/value&gt;
-        &lt;value&gt;floppy&lt;/value&gt;
-        &lt;value&gt;lun&lt;/value&gt;
-      &lt;/enum&gt;
-      ...
-    &lt;/disk&gt;
-    &lt;hostdev supported='no'/&gt;
-  &lt;/devices&gt;
-&lt;/domainCapabilities&gt;
-</pre>
-
-    <p>Reported capabilities are expressed as an enumerated list of available
-    options for each of the element or attribute.  For example, the
-    &lt;disk/&gt; element has an attribute <code>device</code> which can
-    support the values <code>disk</code>, <code>cdrom</code>,
-    <code>floppy</code>, or <code>lun</code>.</p>
-
-    <h4><a name="elementsDisks">Hard drives, floppy disks, CDROMs</a></h4>
-    <p>Disk capabilities are exposed under <code>disk</code> element. For
-    instance:</p>
-
-<pre>
-&lt;domainCapabilities&gt;
-  ...
-  &lt;devices&gt;
-    &lt;disk supported='yes'&gt;
-      &lt;enum name='diskDevice'&gt;
-        &lt;value&gt;disk&lt;/value&gt;
-        &lt;value&gt;cdrom&lt;/value&gt;
-        &lt;value&gt;floppy&lt;/value&gt;
-        &lt;value&gt;lun&lt;/value&gt;
-      &lt;/enum&gt;
-      &lt;enum name='bus'&gt;
-        &lt;value&gt;ide&lt;/value&gt;
-        &lt;value&gt;fdc&lt;/value&gt;
-        &lt;value&gt;scsi&lt;/value&gt;
-        &lt;value&gt;virtio&lt;/value&gt;
-        &lt;value&gt;xen&lt;/value&gt;
-        &lt;value&gt;usb&lt;/value&gt;
-        &lt;value&gt;uml&lt;/value&gt;
-        &lt;value&gt;sata&lt;/value&gt;
-        &lt;value&gt;sd&lt;/value&gt;
-      &lt;/enum&gt;
-    &lt;/disk&gt;
-    ...
-  &lt;/devices&gt;
-&lt;/domainCapabilities&gt;
-</pre>
-
-    <dl>
-      <dt>diskDevice</dt>
-      <dd>Options for the <code>device</code> attribute of the &lt;disk/&gt;
-      element.</dd>
-
-      <dt>bus</dt>
-      <dd>Options for the <code>bus</code> attribute of the &lt;target/&gt;
-      element for a &lt;disk/&gt;.</dd>
-    </dl>
-
-    <h4><a name="elementsHostDev">Host device assignment</a></h4>
-    <p>Some host devices can be passed through to a guest (e.g. USB, PCI and
-    SCSI). Well, only if the following is enabled:</p>
-
-<pre>
-&lt;domainCapabilities&gt;
-  ...
-  &lt;devices&gt;
-    &lt;hostdev supported='yes'&gt;
-      &lt;enum name='mode'&gt;
-        &lt;value&gt;subsystem&lt;/value&gt;
-        &lt;value&gt;capabilities&lt;/value&gt;
-      &lt;/enum&gt;
-      &lt;enum name='startupPolicy'&gt;
-        &lt;value&gt;default&lt;/value&gt;
-        &lt;value&gt;mandatory&lt;/value&gt;
-        &lt;value&gt;requisite&lt;/value&gt;
-        &lt;value&gt;optional&lt;/value&gt;
-      &lt;/enum&gt;
-      &lt;enum name='subsysType'&gt;
-        &lt;value&gt;usb&lt;/value&gt;
-        &lt;value&gt;pci&lt;/value&gt;
-        &lt;value&gt;scsi&lt;/value&gt;
-      &lt;/enum&gt;
-      &lt;enum name='capsType'&gt;
-        &lt;value&gt;storage&lt;/value&gt;
-        &lt;value&gt;misc&lt;/value&gt;
-        &lt;value&gt;net&lt;/value&gt;
-      &lt;/enum&gt;
-      &lt;enum name='pciBackend'&gt;
-        &lt;value&gt;default&lt;/value&gt;
-        &lt;value&gt;kvm&lt;/value&gt;
-        &lt;value&gt;vfio&lt;/value&gt;
-        &lt;value&gt;xen&lt;/value&gt;
-      &lt;/enum&gt;
-    &lt;/hostdev&gt;
-  &lt;/devices&gt;
-&lt;/domainCapabilities&gt;
-</pre>
-
-    <dl>
-      <dt>mode</dt>
-      <dd>Options for the <code>mode</code> attribute of the &lt;hostdev/&gt;
-      element.</dd>
-
-      <dt>startupPolicy</dt>
-      <dd>Options for the <code>startupPolicy</code> attribute of the
-      &lt;hostdev/&gt; element.</dd>
-
-      <dt>subsysType</dt>
-      <dd>Options for the <code>type</code> attribute of the &lt;hostdev/&gt;
-      element in case of <code>mode="subsystem"</code>.</dd>
-
-      <dt>capsType</dt>
-      <dd>Options for the <code>type</code> attribute of the &lt;hostdev/&gt;
-      element in case of <code>mode="capabilities"</code>.</dd>
-
-      <dt>pciBackend</dt>
-      <dd>Options for the <code>name</code> attribute of the &lt;driver/&gt;
-      element.</dd>
-    </dl>
-  </body>
-</html>

docs/formatnetwork.html.in

@@ -282,22 +282,17 @@
             definition. <span class="since"> Since 0.10.0</span>
 
             <p>
-              To force use of a particular type of device assignment,
-              a &lt;forward type='hostdev'&gt; interface can have an
-              optional <code>driver</code> sub-element with
-              a <code>name</code> attribute set to either "vfio" (VFIO
-              is a new method of device assignment that is compatible
-              with UEFI Secure Boot) or "kvm" (the legacy device
-              assignment handled directly by the KVM kernel module)
-              <span class="since">Since 1.0.5 (QEMU and KVM only,
-              requires kernel 3.6 or newer)</span>. When specified,
-              device assignment will fail if the requested method of
-              device assignment isn't available on the host. When not
-              specified, the default is "vfio" on systems where the
-              VFIO driver is available and loaded, and "kvm" on older
-              systems, or those where the VFIO driver hasn't been
-              loaded <span class="since">Since 1.1.3</span> (prior to
-              that the default was always "kvm").
+              To use VFIO device assignment rather than
+              traditional/legacy KVM device assignment (VFIO is a new
+              method of device assignment that is compatible with UEFI
+              Secure Boot), a &lt;forward type='hostdev'&gt; interface
+              can have an optional <code>driver</code> sub-element
+              with a <code>name</code> attribute set to "vfio". To use
+              legacy KVM device assignment you can
+              set <code>name</code> to "kvm" (or simply omit the
+              &lt;driver&gt; element, since "kvm" is currently the
+              default).
+              <span class="since">Since 1.0.5 (QEMU and KVM only, requires kernel 3.6 or newer)</span>
             </p>
 
             <p>Note that this "intelligent passthrough" of network
@@ -416,112 +411,24 @@
 ...</pre>
 
       <p>
-        The <code>&lt;bandwidth&gt;</code> element allows setting
-        quality of service for a particular network
-        (<span class="since">since 0.9.4</span>). Setting
-        <code>bandwidth</code> for a network is supported only
-        for networks with a <code>&lt;forward&gt;</code> mode
-        of <code>route</code>, <code>nat</code>, or no mode at all
-        (i.e. an "isolated" network). Setting <code>bandwidth</code>
-        is <b>not</b> supported for forward modes
-        of <code>bridge</code>, <code>passthrough</code>, <code>private</code>,
-        or <code>hostdev</code>. Attempts to do this will lead to
-        a failure to define the network or to create a transient network.
-      </p>
-      <p>
-        The <code>&lt;bandwidth&gt;</code> element can only be a
-        subelement of a domain's <code>&lt;interface&gt;</code>, a
-        subelement of a <code>&lt;network&gt;</code>, or a subelement of
-        a <code>&lt;portgroup&gt;</code> in a <code>&lt;network&gt;</code>.
-      </p>
-      <p>
-        As a subelement of a domain's <code>&lt;interface&gt;</code>,
-        the bandwidth only applies to that one interface of the domain.
-        As a subelement of a <code>&lt;network&gt;</code>, the bandwidth
-        is a total aggregate bandwidth to/from all guest interfaces attached
-        to that network, <b>not</b> to each guest interface individually.
-        If a domain's <code>&lt;interface&gt;</code> has
-        <code>&lt;bandwidth&gt;</code> element values higher
-        than the aggregate for the entire network, then the aggregate
-        bandwidth for the <code>&lt;network&gt;</code> takes precedence.
-        This is because the two choke points are independent of each other
-        where the domain's <code>&lt;interface&gt;</code> bandwidth control
-        is applied on the interface's tap device, while the
-        <code>&lt;network&gt;</code> bandwidth control is applied on the
-        interface part of the bridge device created for that network.
-      </p>
-      <p>
-        As a subelement of a
-        <code>&lt;portgroup&gt;</code> in a <code>&lt;network&gt;</code>,
-        if a domain's <code>&lt;interface&gt;</code> has a
-        <code>portgroup</code> attribute in its
-        <code>&lt;source&gt;</code> element <b>and</b> if the
-        <code>&lt;interface&gt;</code>
-        itself has no <code>&lt;bandwidth&gt;</code> element, then the
-        <code>&lt;bandwidth&gt;</code> element of the portgroup will be
-        applied individually to each guest interface defined to be a
-        member of that portgroup. Any <code>&lt;bandwidth&gt;</code>
-        element in the domain's <code>&lt;interface&gt;</code> definition
-        will override the setting in the portgroup
-        (<span class="since">since 1.0.1</span>).
-      </p>
-      <p>
-        Incoming and outgoing traffic can be shaped independently. The
-        <code>bandwidth</code> element can have at most one
-        <code>inbound</code> and at most one <code>outbound</code>
-        child element. Leaving either of these children elements out
-        results in no QoS applied for that traffic direction.  So,
-        when you want to shape only incoming traffic, use
-        <code>inbound</code> only, and vice versa. Each of these
-        elements have one mandatory attribute - <code>average</code> (or
-        <code>floor</code> as described below). The attributes are as follows,
-        where accepted values for each attribute is an integer number.
-      </p>
-        <dl>
-          <dt><code>average</code></dt>
-          <dd>
-          Specifies the desired average bit rate for the interface
-          being shaped (in kilobytes/second).
-          </dd>
-          <dt><code>peak</code></dt>
-          <dd>
-          Optional attribute which specifies the maximum rate at
-          which the bridge can send data (in kilobytes/second).
-          Note the limitation of implementation: this attribute in the
-          <code>outbound</code> element is ignored (as Linux ingress
-          filters don't know it yet).
-          </dd>
-          <dt><code>burst</code></dt>
-          <dd>
-          Optional attribute which specifies the amount of kilobytes that
-          can be transmitted in a single burst at <code>peak</code> speed.
-          </dd>
-          <dt><code>floor</code></dt>
-          <dd>
-          Optional attribute available only for the <code>inbound</code>
-          element. This attribute guarantees minimal throughput for
-          shaped interfaces. This, however, requires that all traffic
-          goes through one point where QoS decisions can take place, hence
-          why this attribute works only for virtual networks for now
-          (that is <code>&lt;interface type='network'/&gt;</code> with a
-          forward type of route, nat, or no forward at all). Moreover, the
-          virtual network the interface is connected to is required to have
-          at least inbound QoS set (<code>average</code> at least). If
-          using the <code>floor</code> attribute users don't need to specify
-          <code>average</code>. However, <code>peak</code> and
-          <code>burst</code> attributes still require <code>average</code>.
-          Currently, the Linux kernel doesn't allow ingress qdiscs to have
-          any classes therefore <code>floor</code> can be applied only
-          on <code>inbound</code> and not <code>outbound</code>.
-          </dd>
-        </dl>
-
-      <p>
-        Attributes <code>average</code>, <code>peak</code>, and
-        <code>burst</code> are available
-        <span class="since">since 0.9.4</span>, while the
-        <code>floor</code> attribute is available
-        <span class="since">since 1.0.1</span>.
+        This part of network XML provides setting quality of service. Incoming
+        and outgoing traffic can be shaped independently. The
+        <code>bandwidth</code> element can have at most one <code>inbound</code>
+        and at most one <code>outbound</code> child elements. Leaving any of these
+        children element out result in no QoS applied on that traffic direction.
+        So, when you want to shape only network's incoming traffic, use
+        <code>inbound</code> only, and vice versa. Each of these elements have one
+        mandatory attribute <code>average</code>. It specifies average bit rate on
+        interface being shaped. Then there are two optional attributes:
+        <code>peak</code>, which specifies maximum rate at which bridge can send
+        data, and <code>burst</code>, amount of bytes that can be burst at
+        <code>peak</code> speed. Accepted values for attributes are integer
+        numbers, The units for <code>average</code> and <code>peak</code> attributes
+        are kilobytes per second, and for the <code>burst</code> just kilobytes.
+        The rate is shared equally within domains connected to the network.
+        Moreover, <code>bandwidth</code> element can be included in
+        <code>portgroup</code> element.
+        <span class="since">Since 0.9.4</span>
       </p>
 
     <h5><a name="elementVlanTag">Setting VLAN tag (on supported network types only)</a></h5>
@@ -628,7 +535,7 @@
       network), and each portgroup has a name, as well as various
       subelements associated with it. The currently supported
       subelements are <code>&lt;bandwidth&gt;</code>
-      (described <a href="formatnetwork.html#elementQoS">here</a>)
+      (documented <a href="formatdomain.html#elementQoS">here</a>)
       and <code>&lt;virtualport&gt;</code>
       (documented <a href="formatdomain.html#elementsNICSDirect">here</a>).
       If a domain interface definition specifies a portgroup (by

docs/formatnode.html.in

@@ -110,28 +110,6 @@
                 have a list of <code>address</code> subelements, one
                 for each VF on this PF.
               </dd>
-              <dt><code>numa</code></dt>
-              <dd>
-                This optional element contains information on the PCI device
-                with respect to NUMA. For example, the optional
-                <code>node</code> attribute tells which NUMA node is the PCI
-                device associated with.
-              </dd>
-              <dt><code>pci-express</code></dt>
-              <dd>
-              This optional element contains information on PCI Express part of
-              the device. For example, it can contain a child element
-              <code>link</code> which addresses the PCI Express device's link.
-              While a device has it's own capabilities
-              (<code>validity='cap'</code>), the actual run time capabilities
-              are negotiated on the device initialization
-              (<code>validity='sta'</code>). The <code>link</code> element then
-              contains three attributes: <code>port</code> which says in which
-              port is the device plugged in, <code>speed</code> (in
-              GigaTransfers per second) and <code>width</code> for the number
-              of lanes used. Since the port can't be negotiated, it's not
-              exposed in <code>./pci-express/link/[@validity='sta']</code>.
-              </dd>
             </dl>
           </dd>
           <dt><code>usb_device</code></dt>
@@ -176,13 +154,6 @@
               <dd>The interface name tied to this device.</dd>
               <dt><code>address</code></dt>
               <dd>If present, the MAC address of the device.</dd>
-              <dt><code>link</code></dt>
-              <dd>Optional to reflect the status of the link. It has
-                two optional attributes: <code>speed</code> in Mbits per
-                second and <code>state</code> to tell the state of the
-                link. So far, the whole element is just for output,
-                not setting.
-              </dd>
               <dt><code>capability</code></dt>
               <dd>A network protocol exposed by the device, where the
                 attribute <code>type</code> can be "80203" for IEEE
@@ -195,17 +166,6 @@
             <dl>
               <dt><code>host</code></dt>
               <dd>The SCSI host number.</dd>
-              <dt><code>unique_id</code></dt>
-              <dd>On input, this optionally provides the value from the
-                'unique_id' file found in the scsi_host's directory. To
-                view the values of all 'unique_id' files, use <code>find -H
-                /sys/class/scsi_host/host{0..9}/unique_id |
-                xargs grep '[0-9]'</code>. On output, if the unique_id
-                file exists, the value from the file will be displayed.
-                This can be used in order to help uniquely identify the
-                scsi_host adapter in a <a href="formatstorage.html">
-                Storage Pool</a>. <span class="since">Since 1.2.7</span>
-              </dd>
               <dt><code>capability</code></dt>
               <dd>Current capabilities include "vports_ops" (indicates
                 vport operations are supported) and "fc_host". "vport_ops"
@@ -331,10 +291,6 @@
       &lt;address domain='0x0000' bus='0x02' slot='0x00' function='0x0'/&gt;
       &lt;address domain='0x0000' bus='0x02' slot='0x00' function='0x1'/&gt;
     &lt;/iommuGroup&gt;
-    &lt;pci-express&gt;
-      &lt;link validity='cap' port='1' speed='2.5' width='1'/&gt;
-      &lt;link validity='sta' speed='2.5' width='1'/&gt;
-    &lt;/pci-express&gt;
   &lt;/capability&gt;
 &lt;/device&gt;
     </pre>

docs/formatnwfilter.html.in

@@ -765,7 +765,7 @@
          <td>Mask applied to MAC address of destination</td>
        </tr>
        <tr>
-         <td>vlanid</td>
+         <td>vlan-id</td>
          <td>UINT16 (0x0-0xfff, 0 - 4095)</td>
          <td>VLAN ID</td>
        </tr>
@@ -989,21 +989,11 @@
          <td>IP_ADDR</td>
          <td>Source IP address in ARP/RARP packet</td>
        </tr>
-       <tr>
-         <td>arpsrcipmask <span class="since">(Since 1.2.3)</span></td>
-         <td>IP_MASK</td>
-         <td>Source IP mask</td>
-       </tr>
        <tr>
          <td>arpdstipaddr</td>
          <td>IP_ADDR</td>
          <td>Destination IP address in ARP/RARP packet</td>
        </tr>
-       <tr>
-         <td>arpdstipmask <span class="since">(Since 1.2.3)</span></td>
-         <td>IP_MASK</td>
-         <td>Destination IP mask</td>
-       </tr>
        <tr>
          <td>comment <span class="since">(Since 0.8.5)</span></td>
          <td>STRING</td>
@@ -1100,11 +1090,6 @@
          <td>UINT16</td>
          <td>End of range of valid destination ports; requires <code>protocol</code></td>
        </tr>
-       <tr>
-         <td>dscp</td>
-         <td>UINT8 (0x0-0x3f, 0 - 63)</td>
-         <td>Differentiated Services Code Point</td>
-       </tr>
        <tr>
          <td>comment <span class="since">(Since 0.8.5)</span></td>
          <td>STRING</td>
@@ -1288,11 +1273,6 @@
          <td>UINT16</td>
          <td>End of range of valid destination ports</td>
        </tr>
-       <tr>
-         <td>dscp</td>
-         <td>UINT8 (0x0-0x3f, 0 - 63)</td>
-         <td>Differentiated Services Code Point</td>
-       </tr>
        <tr>
          <td>comment <span class="since">(Since 0.8.5)</span></td>
          <td>STRING</td>
@@ -1408,11 +1388,6 @@
          <td>UINT16</td>
          <td>ICMP code</td>
        </tr>
-       <tr>
-         <td>dscp</td>
-         <td>UINT8 (0x0-0x3f, 0 - 63)</td>
-         <td>Differentiated Services Code Point</td>
-       </tr>
        <tr>
          <td>comment <span class="since">(Since 0.8.5)</span></td>
          <td>STRING</td>
@@ -1512,11 +1487,6 @@
          <td>IP_ADDR</td>
          <td>End of range of destination IP address</td>
        </tr>
-       <tr>
-         <td>dscp</td>
-         <td>UINT8 (0x0-0x3f, 0 - 63)</td>
-         <td>Differentiated Services Code Point</td>
-       </tr>
        <tr>
          <td>comment <span class="since">(Since 0.8.5)</span></td>
          <td>STRING</td>
@@ -1623,11 +1593,6 @@
          <td>UINT16</td>
          <td>End of range of valid destination ports</td>
        </tr>
-       <tr>
-         <td>dscp</td>
-         <td>UINT8 (0x0-0x3f, 0 - 63)</td>
-         <td>Differentiated Services Code Point</td>
-       </tr>
        <tr>
          <td>comment <span class="since">(Since 0.8.5)</span></td>
          <td>STRING</td>
@@ -1729,11 +1694,6 @@
          <td>UINT16</td>
          <td>ICMPv6 code</td>
        </tr>
-       <tr>
-         <td>dscp</td>
-         <td>UINT8 (0x0-0x3f, 0 - 63)</td>
-         <td>Differentiated Services Code Point</td>
-       </tr>
        <tr>
          <td>comment <span class="since">(Since 0.8.5)</span></td>
          <td>STRING</td>
@@ -1818,11 +1778,6 @@
          <td>IPV6_ADDR</td>
          <td>End of range of destination IP address</td>
        </tr>
-       <tr>
-         <td>dscp</td>
-         <td>UINT8 (0x0-0x3f, 0 - 63)</td>
-         <td>Differentiated Services Code Point</td>
-       </tr>
        <tr>
          <td>comment <span class="since">(Since 0.8.5)</span></td>
          <td>STRING</td>
@@ -1872,7 +1827,7 @@
      initiate a connection from TCP port 80 back towards the VM.
      By default the connection state match that enables connection tracking
      and then enforcement of directionality of traffic is turned on. <br/>
-     The following shows an example XML fragment where this feature has been
+     The following shows an example XML fragement where this feature has been
      turned off for incoming connections to TCP port 12345.
     </p>
 <pre>
@@ -2124,9 +2079,9 @@
      To enable traffic for TCP ports 22 and 80 we will add 2 rules to
      enable this type of traffic. To allow the VM to send ping traffic
      we will add a rule for ICMP traffic. For simplicity reasons
-     we allow general ICMP traffic to be initiated from the VM, not
+     we allow general ICMP traffic to be initated from the VM, not
      just ICMP echo request and response messages. To then
-     disallow all other traffic to reach or be initiated by the
+     disallow all other traffic to reach or be initated by the
      VM we will then need to add a rule that drops all other traffic.
      Assuming our VM is called <i>test</i> and
      the interface we want to associate our filter with is called <i>eth0</i>,
@@ -2400,7 +2355,7 @@
       on the source system are equivalent to those on the target system
       and vice versa.
       <br/><br/>
-      Migration must occur between libvirt installations of version
+      Migration must occur between libvirt insallations of version
       0.8.1 or later in order not to lose the network traffic filters
       associated with an interface.
      </p>

docs/formatsecret.html.in

@@ -106,6 +106,7 @@
     <pre>
       &lt;secret ephemeral='no' private='yes'&gt;
          &lt;description&gt;CEPH passphrase example&lt;/description&gt;
+         &lt;auth type='ceph' username='myname'/&gt;
          &lt;usage type='ceph'&gt;
             &lt;name&gt;ceph_example&lt;/name&gt;
          &lt;/usage&gt;
@@ -191,6 +192,7 @@
     <pre>
       &lt;secret ephemeral='no' private='yes'&gt;
          &lt;description&gt;Passphrase for the iSCSI example.com server&lt;/description&gt;
+         &lt;auth type='chap' username='myname'/&gt;
          &lt;usage type='iscsi'&gt;
             &lt;target&gt;libvirtiscsi&lt;/target&gt;
          &lt;/usage&gt;

docs/formatsnapshot.html.in

@@ -164,30 +164,12 @@
             attribute <code>type</code> giving the driver type (such
             as qcow2), of the new file created by the external
             snapshot of the new file.  If <code>source</code> is not
-            given and the disk is backed by a local image file (not
-            a block device or remote storage), a file name is
-            generated that consists of the existing file name
-            with anything after the trailing dot replaced by the
-            snapshot name.  Remember that with external
+            given, a file name is generated that consists of the
+            existing file name with anything after the trailing dot
+            replaced by the snapshot name.  Remember that with external
             snapshots, the original file name becomes the read-only
             snapshot, and the new file name contains the read-write
             delta of all disk changes since the snapshot.
-
-            <span class="since">Since 1.2.2</span> the <code>disk</code> element
-            supports an optional attribute <code>type</code> if the
-            <code>snapshot</code> attribute is set to <code>external</code>.
-            This attribute specifies the snapshot target storage type and allows
-            to overwrite the default <code>file</code> type. The <code>type</code>
-            attribute along with the format of the <code>source</code>
-            sub-element is identical to the <code>source</code> element used in
-            domain disk definitions. See the
-            <a href="formatdomain.html#elementsDisks">disk devices</a> section
-            documentation for further information.
-
-            Libvirt currently supports the <code>type</code> element in the qemu
-            driver and supported values are <code>file</code>, <code>block</code>
-            and <code>network</code> with a protocol of <code>gluster</code>
-            <span class="since">(since 1.2.2)</span>.
           </dd>
         </dl>
       </dd>

docs/formatstorage.html.in

@@ -18,15 +18,9 @@
       The top level tag for a storage pool document is 'pool'. It has
       a single attribute <code>type</code>, which is one of <code>dir</code>,
       <code>fs</code>, <code>netfs</code>, <code>disk</code>,
-      <code>iscsi</code>, <code>logical</code>, <code>scsi</code>
-      (all <span class="since">since 0.4.1</span>), <code>mpath</code>
-      (<span class="since">since 0.7.1</span>), <code>rbd</code>
-      (<span class="since">since 0.9.13</span>), <code>sheepdog</code>
-      (<span class="since">since 0.10.0</span>),
-      <code>gluster</code> (<span class="since">since
-      1.2.0</span>) or <code>zfs</code> (<span class="since">since
-      1.2.8</span>). This corresponds to the
+      <code>iscsi</code>, <code>logical</code>. This corresponds to the
       storage backend drivers listed further along in this document.
+      The storage pool XML format is available <span class="since">since 0.4.1</span>
     </p>
     <h3><a name="StoragePoolFirst">General metadata</a></h3>
 
@@ -70,8 +64,7 @@
     <p>
       A single <code>source</code> element is contained within the top level
       <code>pool</code> element. This tag is used to describe the source of
-      the storage pool. The set of child elements that it will contain
-      depend on the pool type, but come from the following child elements:
+      the storage pool. It can contain the following child elements:
     </p>
 
     <pre>
@@ -87,24 +80,6 @@
         &lt;/source&gt;
         ...</pre>
 
-    <pre>
-        ...
-        &lt;source&gt;
-          &lt;adapter type='scsi_host' name='scsi_host1'/&gt;
-        &lt;/source&gt;
-        ...</pre>
-
-    <pre>
-        ...
-        &lt;source&gt;
-          &lt;adapter type='scsi_host'&gt;
-            &lt;parentaddr unique_id='1'&gt;
-              &lt;address domain='0x0000' bus='0x00' slot='0x1f' addr='0x2'/&gt;
-            &lt;/parentaddr&gt;
-          &lt;/adapter&gt;
-        &lt;/source&gt;
-        ...</pre>
-
     <pre>
         ...
         &lt;source&gt;
@@ -114,133 +89,38 @@
 
     <dl>
       <dt><code>device</code></dt>
-      <dd>Provides the source for pools backed by physical devices
-        (pool types <code>fs</code>, <code>logical</code>, <code>disk</code>,
-        <code>iscsi</code>, <code>zfs</code>).
+      <dd>Provides the source for pools backed by physical devices.
         May be repeated multiple times depending on backend driver. Contains
         a single attribute <code>path</code> which is the fully qualified
         path to the block device node. <span class="since">Since 0.4.1</span></dd>
-      <dt><code>dir</code></dt>
-      <dd>Provides the source for pools backed by directories (pool
-        type <code>dir</code>), or optionally to select a subdirectory
-        within a pool that resembles a filesystem (pool
-        type <code>gluster</code>). May
+      <dt><code>directory</code></dt>
+      <dd>Provides the source for pools backed by directories. May
         only occur once. Contains a single attribute <code>path</code>
         which is the fully qualified path to the backing directory.
         <span class="since">Since 0.4.1</span></dd>
       <dt><code>adapter</code></dt>
-      <dd>Provides the source for pools backed by SCSI adapters (pool
-        type <code>scsi</code>). May only occur once.
-        <dl>
-          <dt><code>name</code></dt>
-          <dd>The SCSI adapter name (e.g. "scsi_host1", although a name
-            such as "host1" is still supported for backwards compatibility,
-            it is not recommended). The scsi_host name to be used can be
-            determined from the output of a <code>virsh nodedev-list
-            scsi_host</code> command followed by a combination of
-            <code>lspci</code> and <code>virsh nodedev-dumpxml
-            scsi_hostN</code> commands to find the <code>scsi_hostN</code>
-            to be used. <span class="since">Since 0.6.2</span>
-            <p>
-            It is further recommended to utilize the
-            <code>parentaddr</code> element since it's possible to have
-            the path to which the scsi_hostN uses change between system
-            reboots. <span class="since">Since 1.2.7</span>
-            </p>
-          </dd>
-        </dl>
-        <dl>
-          <dt><code>type</code></dt>
-          <dd>Specifies the adapter type. Valid values are "scsi_host" or
-            "fc_host". If omitted and the <code>name</code> attribute is
-            specified, then it defaults to "scsi_host". To keep backwards
-            compatibility, this attribute is optional <b>only</b> for the
-            "scsi_host" adapter, but is mandatory for the "fc_host" adapter.
-            <span class="since">Since 1.0.5</span>
-            </dd>
-        </dl>
-        <dl>
-          <dt><code>wwwn</code> and <code>wwpn</code></dt>
-          <dd>The "World Wide Node Name" (<code>wwnn</code>) and "World Wide
-            Port Name" (<code>wwpn</code>) are used by the "fc_host" adapter
-            to uniquely identify the device in the Fibre Channel storage fabric
-            (the device can be either a HBA or vHBA). Both wwnn and wwpn should
-            be specified. Use the command 'virsh nodedev-dumpxml' to determine
-            how to set the values for the wwnn/wwpn of a (v)HBA.
-            <span class="since">Since 1.0.4</span>
-          </dd>
-        </dl>
-        <dl>
-          <dt><code>parent</code></dt>
-          <dd>Used by the "fc_host" adapter type to optionally specify the
-            parent scsi_host device defined in the
-            <a href="formatnode.html">Node Device</a> database as the
-            <a href="http://wiki.libvirt.org/page/NPIV_in_libvirt">NPIV</a>
-            virtual Host Bus Adapter (vHBA).
-            <span class="since">Since 1.0.4</span>
-          </dd>
-        </dl>
-        <dl>
-          <dt><code>parentaddr</code></dt>
-          <dd>Used by the "scsi_host" adapter type instead of the
-            <code>name</code> attribute to more uniquely identify the
-            SCSI host. Using a combination of the <code>unique_id</code>
-            attribute and the <code>address</code> element to formulate
-            a PCI address, a search will be performed of the
-            <code>/sys/class/scsi_host/hostNN</code> links for a
-            matching PCI address with a matching <code>unique_id</code>
-            value in the <code>/sys/class/scsi_host/hostNN/unique_id</code>
-            file. The value in the "unique_id" file will be unique enough
-            for the specific PCI address. The <code>hostNN</code> will be
-            used by libvirt as the basis to define which SCSI host is to
-            be used for the currently booted system.
-            <span class="since">Since 1.2.7</span>
-            <dl>
-              <dt><code>address</code></dt>
-              <dd>The PCI address of the scsi_host device to be used. Using
-                a PCI address provides consistent naming across system reboots
-                and kernel reloads. The address will have four attributes:
-                <code>domain</code> (a 2-byte hex integer, not currently used
-                by qemu), <code>bus</code> (a hex value between 0 and 0xff,
-                inclusive), <code>slot</code> (a hex value between 0x0 and
-                0x1f, inclusive), and <code>function</code> (a value between
-                0 and 7, inclusive). The PCI address can be determined by
-                listing the <code>/sys/bus/pci/devices</code> and the
-                <code>/sys/class/scsi_host</code> directories in order to
-                find the expected scsi_host device. The address will be
-                provided in a format such as "0000:00:1f:2" which can be
-                used to generate the expected PCI address
-                "domain='0x0000' bus='0x00' slot='0x1f' function='0x0'".
-                Optionally, using the combination of the commands 'virsh
-                nodedev-list scsi_host' and 'virsh nodedev-dumpxml' for a
-                specific list entry and converting the resulting
-                <code>path</code> element as the basis to formulate the
-                correctly formatted PCI address.
-              </dd>
-            </dl>
-            <dl>
-              <dt><code>unique_id</code></dt>
-              <dd>Required <code>parentaddr</code> attribute used to determine
-                which of the scsi_host adapters for the provided PCI address
-                should be used. The value is determine by contents of the
-                <code>unique_id</code> file for the specific scsi_host adapter.
-                For a PCI address of "0000:00:1f:2", the unique identifer files
-                can be found using the command
-                <code>find -H /sys/class/scsi_host/host*/unique_id |
-                xargs grep '[0-9]'</code>. Optionally, the
-                <code>virsh nodedev-dumpxml scsi_hostN</code>' of a
-                specific scsi_hostN list entry will list the
-                <code>unique_id</code> value.
-              </dd>
-            </dl>
-          </dd>
-        </dl>
-      </dd>
+      <dd>Provides the source for pools backed by SCSI adapters. May
+        only occur once. Attribute <code>name</code> is the SCSI adapter
+        name (ex. "scsi_host1".  NB, although a name such as "host1" is
+        still supported for backwards compatibility, it is not recommended).
+        Attribute <code>type</code> (<span class="since">1.0.5</span>)
+        specifies the adapter type.  Valid values are "fc_host" and "scsi_host".
+        If omitted and the <code>name</code> attribute is specified, then it
+        defaults to "scsi_host". To keep backwards compatibility, the attribute
+        <code>type</code> is optional for the "scsi_host" adapter, but
+        mandatory for the "fc_host" adapter.  Attributes <code>wwnn</code>
+        (Word Wide Node Name) and <code>wwpn</code> (Word Wide Port Name)
+        (<span class="since">1.0.4</span>) are used by the "fc_host" adapter
+        to uniquely identify the device in the Fibre Channel storage fabric
+        (the device can be either a HBA or vHBA). Both wwnn and wwpn should
+        be specified (See command 'virsh nodedev-dumpxml' to known how to get
+        wwnn/wwpn of a (v)HBA). The optional attribute <code>parent</code>
+        (<span class="since">1.0.4</span>) specifies the parent device for
+        the "fc_host" adapter.
+        <span class="since">Since 0.6.2</span></dd>
       <dt><code>host</code></dt>
       <dd>Provides the source for pools backed by storage from a
-        remote server (pool types <code>netfs</code>, <code>iscsi</code>,
-        <code>rbd</code>, <code>sheepdog</code>, <code>gluster</code>). Will be
-        used in combination with a <code>directory</code>
+        remote server. Will be used in combination with a <code>directory</code>
         or <code>device</code> element. Contains an attribute <code>name</code>
         which is the hostname or IP address of the server. May optionally
         contain a <code>port</code> attribute for the protocol specific
@@ -248,19 +128,18 @@
       <dt><code>auth</code></dt>
       <dd>If present, the <code>auth</code> element provides the
         authentication credentials needed to access the source by the
-        setting of the <code>type</code> attribute (pool
-        types <code>iscsi</code>, <code>rbd</code>). The <code>type</code>
-        must be either "chap" or "ceph". Use "ceph" for
-        Ceph RBD (Rados Block Device) network sources and use "iscsi" for CHAP
-        (Challenge-Handshake Authentication Protocol) iSCSI
-        targets. Additionally a mandatory attribute
+        setting of the <code>type</code> attribute. The <code>type</code>
+        must be either "chap" or "ceph". Additionally a mandatory attribute
         <code>username</code> identifies the username to use during
         authentication as well as a sub-element <code>secret</code> with
         a mandatory attribute <code>type</code>, to tie back to a
         <a href="formatsecret.html">libvirt secret object</a> that
         holds the actual password or other credentials. The domain XML
         intentionally does not expose the password, only the reference
-        to the object that manages the password.
+        to the object that manages the password. The secret element
+        <code>type</code> must be either "ceph" or "iscsi". Use "ceph" for
+        Ceph RBD (Rados Block Device) network sources and use "iscsi" for CHAP
+        (Challenge-Handshake Authentication Protocol) iSCSI targets.
         The <code>secret</code> element requires either a <code>uuid</code>
         attribute with the UUID of the secret object or a <code>usage</code>
         attribute matching the key that was specified in the
@@ -269,14 +148,11 @@
       </dd>
       <dt><code>name</code></dt>
       <dd>Provides the source for pools backed by storage from a
-        named element (pool types <code>logical</code>, <code>rbd</code>,
-        <code>sheepdog</code>, <code>gluster</code>).  Contains a
-        string identifier.
+        named element (e.g., a logical volume group name).
+        Contains a string identifier.
         <span class="since">Since 0.4.5</span></dd>
       <dt><code>format</code></dt>
-      <dd>Provides information about the format of the pool (pool
-        types <code>fs</code>, <code>netfs</code>, <code>disk</code>,
-        <code>logical</code>). This
+      <dd>Provides information about the format of the pool. This
         contains a single attribute <code>type</code> whose value is
         backend specific. This is typically used to indicate filesystem
         type, or network filesystem type, or partition table type, or
@@ -298,11 +174,7 @@
 
     <p>
       A single <code>target</code> element is contained within the top level
-      <code>pool</code> element for some types of pools (pool
-      types <code>dir</code>, <code>fs</code>, <code>netfs</code>,
-      <code>logical</code>, <code>disk</code>, <code>iscsi</code>,
-      <code>scsi</code>, <code>mpath</code>). This tag is used to
-      describe the mapping of
+      <code>pool</code> element. This tag is used to describe the mapping of
       the storage pool into the host filesystem. It can contain the following
       child elements:
     </p>
@@ -394,18 +266,14 @@
 
     <h2><a name="StorageVol">Storage volume XML</a></h2>
     <p>
-      A storage volume will generally be either a file or a device
-      node; <span class="since">since 1.2.0</span>, an optional
-      output-only attribute <code>type</code> lists the actual type
-      (file, block, dir, network, or netdir), which is also available
-      from <code>virStorageVolGetInfo()</code>.  The storage volume
-      XML format is available <span class="since">since 0.4.1</span>
+      A storage volume will be either a file or a device node.
+      The storage volume XML format is available <span class="since">since 0.4.1</span>
     </p>
 
     <h3><a name="StorageVolFirst">General metadata</a></h3>
 
     <pre>
-      &lt;volume type='file'&gt;
+      &lt;volume&gt;
         &lt;name&gt;sparse.img&lt;/name&gt;
         &lt;key&gt;/var/lib/xen/images/sparse.img&lt;/key&gt;
         &lt;allocation&gt;0&lt;/allocation&gt;
@@ -417,10 +285,8 @@
       <dd>Providing a name for the volume which is unique to the pool.
         This is mandatory when defining a volume.  <span class="since">Since 0.4.1</span></dd>
       <dt><code>key</code></dt>
-      <dd>Providing an identifier for the volume which identifies a
-          single volume. In some cases it's possible to have two distinct keys
-          identifying a single volume. This field cannot be set when creating
-          a volume: it is always generated.
+      <dd>Providing an identifier for the volume which is globally unique.
+          This cannot be set when creating a volume: it is always generated.
         <span class="since">Since 0.4.1</span></dd>
       <dt><code>allocation</code></dt>
       <dd>Providing the total storage allocation for the volume. This
@@ -491,7 +357,6 @@
             &lt;label&gt;virt_image_t&lt;/label&gt;
           &lt;/permissions&gt;
           &lt;compat&gt;1.1&lt;/compat&gt;
-          &lt;nocow/&gt;
           &lt;features&gt;
             &lt;lazy_refcounts/&gt;
           &lt;/features&gt;
@@ -509,12 +374,8 @@
         or directory pools it will provide the file format type, eg cow,
         qcow, vmdk, raw. If omitted when creating a volume, the pool's
         default format will be used. The actual format is specified via
-        the <code>type</code> attribute. Consult the
-        <a href="storage.html">storage driver page</a> for the list of valid
-        volume format type values for each specific pool. The
-        <code>format</code> will be ignored on input for pools without a
-        volume format type value and the default pool format will be used.
-        <span class="since">Since 0.4.1</span></dd>
+        the <code>type</code> attribute. Consult the pool-specific docs for
+        the list of valid values. <span class="since">Since 0.4.1</span></dd>
       <dt><code>permissions</code></dt>
       <dd>Provides information about the default permissions to use
         when creating volumes. This is currently only useful for directory
@@ -535,12 +396,6 @@
         1.1 is used. If omitted, qemu-img default is used.
         <span class="since">Since 1.1.0</span>
       </dd>
-      <dt><code>nocow</code></dt>
-      <dd>Turn off COW of the newly created volume. So far, this is only valid
-        for a file image in btrfs file system. It will improve performance when
-        the file image is used in VM. To create non-raw file images, it
-        requires QEMU version since 2.1. <span class="since">Since 1.2.7</span>
-      </dd>
       <dt><code>features</code></dt>
       <dd>Format-specific features. Only used for <code>qcow2</code> now.
         Valid sub-elements are:

docs/formatstorageencryption.html.in

@@ -35,7 +35,7 @@
     </p>
     <h3><a name="StorageEncryptionDefault">"default" format</a></h3>
     <p>
-      <code>&lt;encryption format="default"/&gt;</code> can be specified only
+      <code>&lt;encryption type="default"/&gt;</code> can be specified only
       when creating a volume.  If the volume is successfully created, the
       encryption formats, parameters and secrets will be auto-generated by
       libvirt and the attached <code>encryption</code> tag will be updated.

docs/generic.css

@@ -1,3 +1,4 @@
+
 body {
   margin: 0em;
   padding: 0px;

docs/governance.html.in

@@ -1,294 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Project governance</h1>
-
-    <ul id="toc"></ul>
-
-    <p>
-      The libvirt project operates as a meritocratic, consensus-based community.
-      Anyone with an interest in the project can join the community, contributing
-      to the ongoing development of the project's work. This pages describes how
-      that participation takes place and how contributors earn merit, and thus
-      influence, within the community.
-    </p>
-
-    <h2><a name="codeofconduct">Code of conduct</a></h2>
-
-    <p>
-      The libvirt project community covers people from a wide variety of
-      countries, backgrounds and positions. This global diversity is a great
-      strength of the project, but can also lead to communication issues,
-      which may in turn cause unhappiness. To maximise happiness of the
-      project community taken as a whole, all members (whether users,
-      contributors or committers) are expected to abide by the project's
-      code of conduct. At a high level the code can be summarized as
-      <em>"be excellent to each other"</em>. Expanding on this:
-    </p>
-
-    <ul>
-      <li><strong>Be respectful:</strong> disagreements between people are to
-        be expected and are usually the sign of healthy debate and engagement.
-        Disagreements can lead to frustration and even anger for some members.
-        Turning to personal insults, intimidation or threatening behaviour does
-        not improve the situation though. Participants should thus take care to
-        ensure all communications / interactions stay professional at all times.</li>
-
-      <li><strong>Be considerate:</strong> remember that the community has members
-        with a diverse background many of whom have English as a second language.
-        What might appear impolite, may simply be a result of a lack of knowledge
-        of the English language. Bear in mind that actions will have an impact
-        on other community members and the project as a whole, so take potential
-        consequences into account before pursuing a course of action.</li>
-
-      <li><strong>Be forgiving:</strong> humans are fallible and as such prone
-        to make mistakes and inexplicably change their positions at times. Don't
-        assume that other members are acting with malicious intent. Be prepared
-        to forgive people who make mistakes and assist each other in learning
-        from them. Playing a blame game doesn't help anyone.</li>
-    </ul>
-
-    <h2><a name="roles">Roles and responsibilities</a></h2>
-
-    <h3><a href="users">Users</a></h3>
-
-    <p>
-      The users are anyone who has a need for the output of the project.
-      There are no rules or requirements to become a user of libvirt. Even
-      if the software does not yet work on their OS platform, a person can
-      be considered a potential future user and welcomed to participate.
-    </p>
-
-    <p>
-      Participation by users is key to ensuring the project moves in the
-      right direction, satisfying their real world needs. Users are
-      encouraged to participate in the broader libvirt community in any
-      number of ways:
-    </p>
-
-    <ul>
-      <li>Evangelism: spread the word about what libvirt is doing, how it
-        helps solve your problems. This can be via blog articles, social
-        media postings, video blogs, user group / conference presentations
-        and any other method of disseminating information</li>
-      <li>Feedback: let the developers know about what does and does not
-        work with the project. Talk to developers on the project's
-        IRC channel and mailing list, or find them at conferences. Tell
-        them what gaps the project has or where they should look for
-        future development</li>
-      <li>Moral support: developers live for recognition of the positive
-        impact their work has on users' lives. Give thanks to the developers
-        when evangelising the project, or when meeting them at user groups,
-        conferences, etc.</li>
-    </ul>
-
-    <p>
-      The above is not an exhaustive list of things users can do to
-      participate in the project. Further ideas and suggestions are
-      welcome. Users are encouraged to take their participation
-      further and become contributors to the project in any of the
-      ways listed in the next section.
-    </p>
-
-    <h3><a name="contributors">Contributors</a></h3>
-
-    <p>
-      The contributors are community members who have some concrete impact
-      to the ongoing development of the project. There are many ways in which
-      members can contribute, with no requirement to be a software engineer.
-      Many users can in fact consider themselves contributors merely by
-      engaging in evangelism for the project.
-    </p>
-
-    <ul>
-      <li>Bug reporting: improve the quality of the project by reporting
-        any problems found either to the project's own bug tracker, or to
-        that of the OS vendor shipping the libvirt code.</li>
-      <li>User help: join the <a href="contact.html">IRC channel or mailing list</a>
-        to assist or advice other users in troubleshooting the problems they face.</li>
-      <li>Feature requests: help set the direction for future work by
-        reporting details of features which are missing to the project's
-        own bug tracker or mailing lists.</li>
-      <li>Graphical design: contribute to the development of the project's
-        websites / wiki brand with improved graphics, styling or layout.</li>
-      <li>Code development: write and submit patches to address bugs or implement
-        new features</li>
-      <li>Architectural design: improve the usefulness of the project
-        by providing feedback on the design of proposed features, to
-        ensure they satisfy the broadest applicable needs and survive
-        the long term</li>
-      <li>Code review: look at patches which are submitted and critique
-        the code to identify bugs, potential design problems or other
-        issues which should be addressed before the code is accepted</li>
-      <li>Documentation: contribute to content on personal blogs, the
-        website, wiki, code comments, or any of the formal documentation
-        efforts.</li>
-      <li>Translation: join the Fedora transifex community to improve the
-        quality of translations needed by the libvirt project.</li>
-      <li>Testing: try proposed patches or release candidates and report
-        whether the build passes and the changes work as expected.</li>
-    </ul>
-
-    <p>
-      The above is not an exhaustive list of things members can do to
-      contribute to the project. Further ideas and suggestions are
-      welcome.
-    </p>
-
-    <p>
-      There are no special requirements to becoming a contributor other
-      than having the interest and ability to provide a contribution. The
-      libvirt project <strong>does not require</strong> any
-      <em>"Contributor License Agreement"</em>
-      to be signed prior to engagement with the community.
-    </p>
-
-    <p>
-      In making a contribution to the project, the community member is
-      implicitly stating that they accept the terms of the license under
-      which the work they are contributing to is distributed. They are
-      also implicitly stating that they have the legal right to make the
-      contribution, if doing so on behalf of a broader organization /
-      company. Most of the project's code is distributed under the GNU
-      Lesser General Public License, version 2 or later. Details of the
-      exact license under which contributions will be presumed to be
-      covered are found in the source repositories, or website in question.
-    </p>
-
-    <h3><a name="committers">Committers</a></h3>
-
-    <p>
-      The committers are the subset of contributors who have direct access
-      to commit code to the project's primary source code repositories, which
-      are currently using the GIT software. The committers are chosen based
-      on the quality of their contributions over a period of time. This includes
-      both the quality of code they submit, as well as the quality of reviews
-      they provide on other contributors' submissions and a demonstration that
-      they understand day-to-day operation of the project and its goals. There
-      is no minimum level of contribution required in order to become a committer,
-      though 2-3 months worth of quality contribution would be a rough guide.
-    </p>
-
-    <p>
-      There are no special requirements to becoming a committer other than to
-      have shown a willingness and ability to contribute to the project over
-      an extended period of time. Proposals for elevating contributors to
-      committers are typically made by existing committers, though contributors
-      are also welcome to make proposals. The decision to approve the elevation
-      of a contributor to a committer is made through "rough consensus" between
-      the existing committers.
-    </p>
-
-    <p>
-      The aim in elevating contributors to committers is to ensure that there
-      is a broad base of experience and expertize across all areas of the
-      project's work. Committers are not required to have knowledge across
-      all areas of the project's work. While an approved committer has the
-      technical ability to commit code to any area of the project, by convention
-      they will only commit to areas they feel themselves to be qualified to
-      evaluate the contribution. If in doubt, committers will defer to the
-      opinion of other committers with greater expertize in an area.
-    </p>
-
-    <p>
-      The committers hold the ultimate control over what contributions are
-      accepted by the project, however, this does not mean they have the
-      right to do whatever they want. Where there is debate and disagreement
-      between contributors, committers are expected to look at the issues with
-      an unbiased point of view and help achieve a "rough consensus". If the
-      committer has a conflict of interest in the discussion, for example due
-      to their position of employment, they are expected to put the needs of
-      the community project first. If they cannot put the community project
-      first, they must declare their conflict of interest, and allow other
-      non-conflicted committers to make any final decision.
-    </p>
-
-    <p>
-      The committers are expected to monitor contributions to areas of the
-      project where they have expertize and ensure that either some form of
-      feedback is provided to the contributor, or to accept their contribution.
-      There is no formal minimum level of approval required to accept a
-      contribution. Positive review by any committer experienced in the area
-      of work is considered to be enough to justify acceptance in normal
-      circumstances. Where one committer explicitly rejects a contribution,
-      however, other committers should not override that rejection without
-      first establishing a "rough consensus" amongst the broader group of
-      committers.
-    </p>
-
-    <p>
-      Being a committer is a privilege, not a right. In exceptional
-      circumstances, the privilege may be removed from an active
-      contributor. Such decisions will be taken based on "rough
-      consensus" amongst other committers. In the event that a committer
-      is no longer able to participate in the project, after some period
-      of inactivity passes, they may be asked to confirm that they wish
-      to retain their role as a committer.
-    </p>
-
-    <h3><a name="secteam">Security team</a></h3>
-
-    <p>
-      The security team consists of a subset of the project committers
-      along with representatives from vendors shipping the project's
-      software. The subset of project committers is chosen to be the
-      minimal size necessary to provide expertise spanning most of
-      the project's work. Further project committers may be requested
-      to engage in resolving specific security issues on a case by
-      case basis. Any vendor who is shipping the project's software
-      may submit a request for one or more of their representatives
-      to join the security team. Such requests must by approved by
-      existing members of the team vouching for the integrity of
-      the nominated person or organization.
-    </p>
-
-    <p>
-      Members of the security team are responsible for triaging and
-      resolving any security issues that are reported to the project.
-      They are expected to abide by the project's documented
-      <a href="securityprocess.html">security process</a>. In particular
-      they must respect any embargo period agreed amongst the team
-      before disclosing a private issue.
-    </p>
-
-    <h2><a name="roughconsensus">Rough consensus</a></h2>
-
-    <p>
-      A core concept for governance of the project described above is
-      that of "rough consensus". To expand on this, it is a process
-      of decision making that involves the following steps
-    </p>
-
-    <ul>
-      <li>Proposal</li>
-      <li>Discussion</li>
-      <li>Vote (exceptional circumstances only)</li>
-      <li>Decision</li>
-    </ul>
-
-    <p>
-      To put this into words, any contributor is welcome to make a proposal
-      for consideration. Any contributor may participate in the discussions
-      around the proposal. The discussion will usually result in agreement
-      between the interested parties, or at least agreement between the
-      committers. Only in the very exceptional circumstance where there
-      is disagreement between committers, would a vote be considered.
-      Even in these exceptional circumstances, it is usually found to be
-      obvious what the majority opinion of the committers is. In the event
-      that even a formal vote is tied, the committers will have to hold
-      ongoing discussions until the stalemate is resolved or the proposal
-      withdrawn.
-    </p>
-
-    <p>
-      The overall goal of the "rough consensus" process is to ensure that
-      decisions can be made within the project, with a minimum level of
-      bureaucracy and process. Implicit in this is that any person who does
-      not explicitly reject to a proposal is assumed to be supportive, or
-      at least agnostic.
-    </p>
-
-
-  </body>
-</html>

docs/hacking.html.in

@@ -45,7 +45,7 @@
                  --to=libvir-list@redhat.com master
 </pre>
         <p>(Note that the "git send-email" subcommand may not be in
-        the main git package and using it may require installation of a
+        the main git package and using it may require installion of a
         separate package, for example the "git-email" package in
         Fedora.)  For a single patch you can omit
         <code>--cover-letter</code>, but a series of two or more
@@ -122,7 +122,7 @@
           Some tests are skipped by default in a development environment,
           based on the time they take in comparison to the likelihood
           that those tests will turn up problems during incremental builds.
-          These tests default to being run when building from a
+          These tests default to being run when when building from a
           tarball or with the configure option --enable-expensive-tests;
           you can also force a one-time toggle of these tests by
           setting VIR_TEST_EXPENSIVE to 0 or 1 at make time, as in:
@@ -260,7 +260,7 @@
     <p>
       There is more on this subject, including lots of links to background
       reading on the subject, on
-      <a href="http://people.redhat.com/rjones/how-to-supply-code-to-open-source-projects/">
+      <a href="http://et.redhat.com/~rjones/how-to-supply-code-to-open-source-projects/">
         Richard Jones' guide to working with open source projects</a>.
     </p>
 
@@ -273,11 +273,26 @@
       In short, use spaces-not-TABs for indentation, use 4 spaces for each
       indentation level, and other than that, follow the K&amp;R style.
     </p>
+    <p>
+      If you use Emacs, add the following to one of one of your start-up files
+      (e.g., ~/.emacs), to help ensure that you get indentation right:
+    </p>
+<pre>
+  ;;; When editing C sources in libvirt, use this style.
+  (defun libvirt-c-mode ()
+    "C mode with adjusted defaults for use with libvirt."
+    (interactive)
+    (c-set-style "K&amp;R")
+    (setq indent-tabs-mode nil) ; indent using spaces, not TABs
+    (setq c-indent-level 4)
+    (setq c-basic-offset 4))
+  (add-hook 'c-mode-hook
+            '(lambda () (if (string-match "/libvirt" (buffer-file-name))
+                            (libvirt-c-mode))))
+</pre>
 
     <p>
-      If you use Emacs, the project includes a file .dir-locals.el
-      that sets up the preferred indentation. If you use vim,
-      append the following to your ~/.vimrc file:
+      If you use vim, append the following to your ~/.vimrc file:
     </p>
 <pre>
   set nocompatible
@@ -288,7 +303,7 @@
   set tabstop=8
   set shiftwidth=4
   set expandtab
-  set cinoptions=(0,:0,l1,t0,L3
+  set cinoptions=(0,:0,l1,t0
   filetype plugin indent on
   au FileType make setlocal noexpandtab
   au BufRead,BufNewFile *.am setlocal noexpandtab
@@ -387,43 +402,6 @@
       int foo(int wizz);    // Good
 </pre>
 
-    <h2><a name="comma">Commas</a></h2>
-
-    <p>
-      Commas should always be followed by a space or end of line, and
-      never have leading space; this is enforced during 'make
-      syntax-check'.
-    </p>
-    <pre>
-      call(a,b ,c);// Bad
-      call(a, b, c); // Good
-</pre>
-
-    <p>
-      When declaring an enum or using a struct initializer that
-      occupies more than one line, use a trailing comma.  That way,
-      future edits to extend the list only have to add a line, rather
-      than modify an existing line to add the intermediate comma.  Any
-      sentinel enumerator value with a name ending in _LAST is exempt,
-      since you would extend such an enum before the _LAST element.
-      Another reason to favor trailing commas is that it requires less
-      effort to produce via code generators.  Note that the syntax
-      checker is unable to enforce a style of trailing commas, so
-      there are counterexamples in existing code which do not use it;
-      also, while C99 allows trailing commas, remember that JSON and
-      XDR do not.
-    </p>
-    <pre>
-      enum {
-          VALUE_ONE,
-          VALUE_TWO // Bad
-      };
-      enum {
-          VALUE_THREE,
-          VALUE_FOUR, // Good
-      };
-</pre>
-
     <h2><a name="semicolon">Semicolons</a></h2>
 
     <p>
@@ -593,37 +571,6 @@
   }
 </pre>
 
-    <p>Use hanging braces for compound statements: the opening brace
-      of a compound statement should be on the same line as the
-      condition being tested.  Only top-level function bodies, nested
-      scopes, and compound structure declarations should ever have {
-      on a line by itself.
-    </p>
-
-<pre>
-  void
-  foo(int a, int b)
-  {                          // correct - function body
-      int 2d[][] = {
-        {                    // correct - complex initialization
-          1, 2,
-        },
-      };
-      if (a)
-      {                      // BAD: compound brace on its own line
-          do_stuff();
-      }
-      {                      // correct - nested scope
-          int tmp;
-          if (a &lt; b) {       // correct - hanging brace
-              tmp = b;
-              b = a;
-              a = tmp;
-          }
-      }
-  }
-</pre>
-
     <h2><a name="preprocessor">Preprocessor</a></h2>
 
     <p>Macros defined with an ALL_CAPS name should generally be
@@ -645,7 +592,7 @@
     </p>
 <pre>
   #if defined(HAVE_POSIX_FALLOCATE) &amp;&amp; !defined(HAVE_FALLOCATE)
-  # define fallocate(a, ignored, b, c) posix_fallocate(a, b, c)
+  # define fallocate(a,ignored,b,c) posix_fallocate(a,b,c)
   #endif
 </pre>
 
@@ -979,7 +926,7 @@
     <p>
       If there is a need for complex string concatenations, avoid using
       the usual sequence of malloc/strcpy/strcat/snprintf functions and
-      make use of the virBuffer API described in virbuffer.h
+      make use of the virBuffer API described in buf.h
     </p>
 
     <p>Typical usage is as follows:</p>
@@ -999,8 +946,11 @@
 
      ...
 
-     if (virBufferCheckError(&amp;buf) &lt; 0)
+     if (virBufferError(&amp;buf)) {
+         virBufferFreeAndReset(&amp;buf);
+         virReportOOMError();
          return NULL;
+     }
 
      return virBufferContentAndReset(&amp;buf);
   }
@@ -1152,20 +1102,6 @@
       retry: If needing to jump upwards (e.g., retry on EINTR)
 </pre>
 
-    <p>
-    Top-level labels should be indented by one space (putting them on
-    the beginning of the line confuses function context detection in git):
-    </p>
-
-<pre>
-int foo()
-{
-    /* ... do stuff ... */
- cleanup:
-    /* ... do other stuff ... */
-}
-</pre>
-
 
 
     <h2><a name="committers">Libvirt committer guidelines</a></h2>

docs/hooks.html.in

@@ -13,15 +13,9 @@
        actions occur:</p>
     <ul>
       <li>The libvirt daemon starts, stops, or reloads its
-          configuration
-          (<span class="since">since 0.8.0</span>)<br/><br/></li>
-      <li>A QEMU guest is started or stopped
-         (<span class="since">since 0.8.0</span>)<br/><br/></li>
-         <li>An LXC guest is started or stopped
-         (<span class="since">since 0.8.0</span>)<br/><br/></li>
-      <li>A network is started or stopped or an interface is
-          plugged/unplugged to/from the network
-          (<span class="since">since 1.2.2</span>)<br/><br/></li>
+          configuration<br/><br/></li>
+      <li>A QEMU guest is started or stopped<br/><br/></li>
+      <li>An LXC guest is started or stopped<br/><br/></li>
     </ul>
 
     <h2><a name="location">Script location</a></h2>
@@ -50,9 +44,6 @@
           Executed when a QEMU guest is started, stopped, or migrated<br/><br/></li>
       <li><code>/etc/libvirt/hooks/lxc</code><br /><br/>
           Executed when an LXC guest is started or stopped</li>
-      <li><code>/etc/libvirt/hooks/network</code><br/><br/>
-          Executed when a network is started or stopped or an
-          interface is plugged/unplugged to/from the network</li>
     </ul>
     <br/>
 
@@ -75,39 +66,6 @@
        XML description for the domain on their stdin. This includes items
        such the UUID of the domain and its storage information, and is
        intended to provide all the libvirt information the script needs.</p>
-    <p>For all cases, stdin of the network hook script is provided with the
-       full XML description of the network status in the following form:</p>
-
-<pre>&lt;hookData&gt;
-  &lt;network&gt;
-     &lt;name&gt;$network_name&lt;/name&gt;
-     &lt;uuid&gt;afca425a-2c3a-420c-b2fb-dd7b4950d722&lt;/uuid&gt;
-     ...
-  &lt;/network&gt;
-&lt;/hookData&gt;</pre>
-
-    <p>In the case of an interface
-       being plugged/unplugged to/from the network, the network XML will be
-       followed with the full XML description of the domain containing the
-       interface that is being plugged/unplugged:</p>
-
-<pre>&lt;hookData&gt;
-  &lt;network&gt;
-     &lt;name&gt;$network_name&lt;/name&gt;
-     &lt;uuid&gt;afca425a-2c3a-420c-b2fb-dd7b4950d722&lt;/uuid&gt;
-     ...
-  &lt;/network&gt;
-  &lt;domain type='$domain_type' id='$domain_id'&gt;
-     &lt;name&gt;$domain_name&lt;/name&gt;
-     &lt;uuid&gt;afca425a-2c3a-420c-b2fb-dd7b4950d722&lt;/uuid&gt;
-     ...
-  &lt;/domain&gt;
-&lt;/hookData&gt;</pre>
-
-    <p>Please note that this approach is different from other cases such as
-       <code>daemon</code>, <code>qemu</code> or <code>lxc</code> hook scripts,
-       because two XMLs may be passed here, while in the other cases only a single
-       XML is passed.</p>
 
     <p>The command line arguments take this approach:</p>
     <ol>
@@ -177,17 +135,6 @@
         script returns failure or the output XML is not valid, incoming
         migration will be canceled. This hook may be used, e.g., to change
         location of disk images for incoming domains.</li>
-      <li><span class="since">Since 1.2.9</span>, the qemu hook script is
-        also called when restoring a saved image either via the API or
-        automatically when restoring a managed save machine. It is called
-        as: <pre>/etc/libvirt/hooks/qemu guest_name restore begin -</pre>
-        with domain XML sent to standard input of the script. In this case,
-        the script acts as a filter and is supposed to modify the domain
-        XML and print it out on its standard output. Empty output is
-        identical to copying the input XML without changing it. In case the
-        script returns failure or the output XML is not valid, restore of the
-        image will be aborted. This hook may be used, e.g., to change
-        location of disk images for restored domains.</li>
       <li><span class="since">Since 0.9.13</span>, the qemu hook script
         is also called when the libvirtd daemon restarts and reconnects
         to previously running QEMU processes. If the script fails, the
@@ -234,49 +181,25 @@
         <pre>/etc/libvirt/hooks/lxc guest_name reconnect begin -</pre>
       </li>
     </ul>
-
-    <h5><a name="network">/etc/libvirt/hooks/network</a></h5>
-    <ul>
-      <li><span class="since">Since 1.2.2</span>, before a network is started,
-        this script is called as:<br/>
-          <pre>/etc/libvirt/hooks/network network_name start begin -</pre></li>
-      <li>After the network is started, up &and; running, the script is
-        called as:<br/>
-          <pre>/etc/libvirt/hooks/network network_name started begin -</pre></li>
-      <li>When a network is shut down, this script is called as:<br/>
-          <pre>/etc/libvirt/hooks/network network_name stopped end -</pre></li>
-      <li>Later, when network is started and there's an interface from a
-        domain to be plugged into the network, the hook script is called as:<br/>
-          <pre>/etc/libvirt/hooks/network network_name plugged begin -</pre>
-        Please note, that in this case, the script is passed both network and
-        domain XMLs on its stdin.</li>
-      <li>When the domain from previous case is shutting down, the interface
-        is unplugged. This leads to another script invocation:<br/>
-          <pre>/etc/libvirt/hooks/network network_name unplugged begin -</pre>
-        And again, as in previous case, both network and domain XMLs are passed
-        onto script's stdin.</li>
-    </ul>
-
     <br/>
 
     <h2><a name="execution">Script execution</a></h2>
     <ul>
-      <li>The "start" operation for the guest and network hook scripts,
-          executes <b>prior</b> to the object (guest or network) being created.
-          This allows the object start operation to be aborted if the script
-          returns indicating failure.<br/><br/></li>
-      <li>The "shutdown" operation for the guest and network hook scripts,
-          executes <b>after</b> the object (guest or network) has stopped. If
-          the hook script indicates failure in its return, the shut down of the
-          object cannot be aborted because it has already been performed.
-          <br/><br/></li>
+      <li>The "start" operation for the guest hook scripts, qemu and lxc,
+          executes <b>prior</b> to the guest being created.  This allows the
+          guest start operation to be aborted if the script returns indicating
+          failure.<br/><br/></li>
+      <li>The "shutdown" operation for the guest hook scripts, qemu and lxc,
+          executes <b>after</b> the guest has stopped.  If the hook script
+          indicates failure in its return, the shut down of the guest cannot
+          be aborted because it has already been performed.<br/><br/></li>
       <li>Hook scripts execute in a synchronous fashion.  Libvirt waits
           for them to return before continuing the given operation.<br/><br/>
-          This is most noticeable with the guest or network start operation,
-          as a lengthy operation in the hook script can mean an extended wait
-          for the guest or network to be available to end users.<br/><br/></li>
+          This is most noticeable with the guest start operation, as a lengthy
+          operation in the hook script can mean an extended wait for the guest
+          to be available to end users.<br/><br/></li>
       <li>For a hook script to be utilised, it must have its execute bit set
-          (e.g. chmod o+rx <i>qemu</i>), and must be present when the libvirt
+          (ie. chmod o+rx <i>qemu</i>), and must be present when the libvirt
           daemon is started.<br/><br/></li>
       <li>If a hook script is added to a host after the libvirt daemon is
           already running, it won't be used until the libvirt daemon

docs/hvsupport.pl

@@ -28,7 +28,7 @@ my %groupheaders = (
 my @srcs;
 find({
     wanted => sub {
-        if (m!$srcdir/.*/\w+_(driver|common|tmpl|monitor|hal|udev)\.c$!) {
+        if (m!$srcdir/.*/\w+_(driver|tmpl|monitor|hal|udev)\.c$!) {
             push @srcs, $_ if $_ !~ /vbox_driver\.c/;
         }
     }, no_chdir => 1}, $srcdir);

docs/index.html.in

@@ -30,11 +30,6 @@
       <li>
         A <a href="/qpid/">QMF agent</a> for the AMQP/QPid messaging system
       </li>
-      <li>
-        A <a href="governance.html">technical meritocracy</a>, in which
-        participants gain influence over a project through recognition
-        of their contributions.
-      </li>
     </ul>
 
     <h2>libvirt supports:</h2>
@@ -74,9 +69,6 @@
       <li>
         The <a href="http://libvirt.org/drvparallels.html">Parallels</a> hypervisor
       </li>
-      <li>
-        The <a href="http://libvirt.org/drvbhyve.html">Bhyve</a> hypervisor
-      </li>
       <li>
         Virtual networks using bridging, NAT, VEPA and VN-LINK.
       </li>

docs/internals/command.html.in

@@ -430,7 +430,7 @@
   if (string)
       VIR_DEBUG("about to run %s", string);
   VIR_FREE(string);
-  if (virCommandRun(cmd, NULL) < 0)
+  if (virCommandRun(cmd) < 0)
       return -1;
 </pre>
 
@@ -458,24 +458,15 @@
       non-zero exit status can represent a success condition,
       it is possible to request the exit status and perform
       that check manually instead of letting <code>virCommandRun</code>
-      raise the error.  By default, the captured status is only
-      for a normal exit (death from a signal is treated as an error),
-      but a caller can use <code>virCommandRawStatus</code> to get
-      encoded status that includes any terminating signals.
+      raise the error
     </p>
 
 <pre>
   int status;
   if (virCommandRun(cmd, &amp;status) &lt; 0)
-      return -1;
-  if (status == 1) {
-    ...do stuff...
-  }
+     return -1;
 
-  virCommandRawStatus(cmd2);
-  if (virCommandRun(cmd2, &amp;status) &lt; 0)
-      return -1;
-  if (WIFEXITED(status) &amp;&amp; WEXITSTATUS(status) == 1) {
+  if (WEXITSTATUS(status) ...) {
     ...do stuff...
   }
 </pre>
@@ -547,7 +538,7 @@
       There is no need to check if <code>cmd</code> is NULL
       before calling <code>virCommandFree</code>. This scenario
       is handled automatically. If the command is still running,
-      it will be forcibly killed and cleaned up (via waitpid).
+      it will be forcably killed and cleaned up (via waitpid).
     </p>
 
     <h2><a name="example">Complete examples</a></h2>
@@ -560,8 +551,7 @@
 <pre>
 int runhook(const char *drvstr, const char *id,
             const char *opstr, const char *subopstr,
-            const char *extra)
-{
+            const char *extra) {
   int ret;
   char *path;
   virCommandPtr cmd;

docs/internals/oomtesting.html.in

@@ -1,213 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Out of memory testing</h1>
-
-    <ul id="toc"></ul>
-
-
-    <p>
-      This page describes how to use the test suite todo out of memory
-      testing.
-    </p>
-
-    <h2>Building with OOM testing</h2>
-
-    <p>
-      Since OOM testing requires hooking into the malloc APIs, it is
-      not enabled by default. The flag <code>--enable-test-oom</code>
-      must be given to <code>configure</code>. When this is done the
-      libvirt allocation APIs will have some hooks enabled.
-    </p>
-
-    <pre>
-$ ./configure --enable-test-oom
-</pre>
-
-
-    <h2><a name="basicoom">Basic OOM testing support</a></h2>
-
-    <p>
-      The first step in validating OOM usage is to run a test suite
-      with full OOM testing enabled. This is done by setting the
-      <code>VIR_TEST_OOM=1</code> environment variable. The way this
-      works is that it runs the test once normally to "prime" any
-      static memory allocations. Then it runs it once more counting
-      the total number of memory allocations. Then it runs it in a
-      loop failing a different memory allocation each time. For every
-      memory allocation failure triggered, it expects the test case
-      to return an error. OOM testing is quite slow requiring each
-      test case to be executed O(n) times, where 'n' is the total
-      number of memory allocations. This results in a total number
-      of memory allocations of '(n * (n + 1) ) / 2'
-    </p>
-
-    <pre>
-$ VIR_TEST_OOM=1 ./qemuxml2argvtest
- 1) QEMU XML-2-ARGV minimal                                           ... OK
-    Test OOM for nalloc=42 .......................................... OK
- 2) QEMU XML-2-ARGV minimal-s390                                      ... OK
-    Test OOM for nalloc=28 ............................ OK
- 3) QEMU XML-2-ARGV machine-aliases1                                  ... OK
-    Test OOM for nalloc=38 ...................................... OK
- 4) QEMU XML-2-ARGV machine-aliases2                                  ... OK
-    Test OOM for nalloc=38 ...................................... OK
- 5) QEMU XML-2-ARGV machine-core-on                                   ... OK
-    Test OOM for nalloc=37 ..................................... OK
-...snip...
-</pre>
-
-    <p>
-      In this output, the first line shows the normal execution and
-      the test number, and the second line shows the total number
-      of memory allocations from that test case.
-    </p>
-
-    <h3><a name="valgrind">Tracking failures with valgrind</a></h3>
-
-    <p>
-      The test suite should obviously *not* crash during OOM testing.
-      If it does crash, then to assist in tracking down the problem
-      it is worth using valgrind and only running a single test case.
-      For example, supposing test case 5 crashed. Then re-run the
-      test with
-    </p>
-
-    <pre>
-$ VIR_TEST_OOM=1 VIR_TEST_RANGE=5 ../run valgrind ./qemuxml2argvtest
-...snip...
- 5) QEMU XML-2-ARGV machine-core-on                                   ... OK
-    Test OOM for nalloc=37 ..................................... OK
-...snip...
-    </pre>
-
-    <p>
-      Valgrind should report the cause of the crash - for example a
-      double free or use of uninitialized memory or NULL pointer
-      access.
-    </p>
-
-    <h3><a name="stacktraces">Tracking failures with stack traces</a></h3>
-
-    <p>
-      With some really difficult bugs valgrind is not sufficient to
-      identify the cause. In this case, it is useful to identify the
-      precise allocation which was failed, to allow the code path
-      to the error to be traced. The <code>VIR_TEST_OOM</code>
-      env variable can be given a range of memory allocations to
-      test. So if a test case has 150 allocations, it can be told
-      to only test allocation numbers 7-10. The <code>VIR_TEST_OOM_TRACE</code>
-      variable can be used to print out stack traces.
-    </p>
-
-    <pre>
-$ VIR_TEST_OOM_TRACE=2 VIR_TEST_OOM=1:7-10 VIR_TEST_RANGE=5 \
-    ../run valgrind ./qemuxml2argvtest
- 5) QEMU XML-2-ARGV machine-core-on                                   ... OK
-    Test OOM for nalloc=37 !virAllocN
-/home/berrange/src/virt/libvirt/src/util/viralloc.c:180
-virDomainDefParseXML
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:11786 (discriminator 1)
-virDomainDefParseNode
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12677
-virDomainDefParse
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12621
-testCompareXMLToArgvFiles
-/home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:107
-virtTestRun
-/home/berrange/src/virt/libvirt/tests/testutils.c:266
-mymain
-/home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:388 (discriminator 2)
-virtTestMain
-/home/berrange/src/virt/libvirt/tests/testutils.c:791
-__libc_start_main
-??:?
-_start
-??:?
-!virAlloc
-/home/berrange/src/virt/libvirt/src/util/viralloc.c:133
-virDomainDiskDefParseXML
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:4790
-virDomainDefParseXML
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:11797
-virDomainDefParseNode
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12677
-virDomainDefParse
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12621
-testCompareXMLToArgvFiles
-/home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:107
-virtTestRun
-/home/berrange/src/virt/libvirt/tests/testutils.c:266
-mymain
-/home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:388 (discriminator 2)
-virtTestMain
-/home/berrange/src/virt/libvirt/tests/testutils.c:791
-__libc_start_main
-??:?
-_start
-??:?
-!virAllocN
-/home/berrange/src/virt/libvirt/src/util/viralloc.c:180
-virXPathNodeSet
-/home/berrange/src/virt/libvirt/src/util/virxml.c:609
-virDomainDefParseXML
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:11805
-virDomainDefParseNode
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12677
-virDomainDefParse
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12621
-testCompareXMLToArgvFiles
-/home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:107
-virtTestRun
-/home/berrange/src/virt/libvirt/tests/testutils.c:266
-mymain
-/home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:388 (discriminator 2)
-virtTestMain
-/home/berrange/src/virt/libvirt/tests/testutils.c:791
-__libc_start_main
-??:?
-_start
-??:?
-!virAllocN
-/home/berrange/src/virt/libvirt/src/util/viralloc.c:180
-virDomainDefParseXML
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:11808 (discriminator 1)
-virDomainDefParseNode
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12677
-virDomainDefParse
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12621
-testCompareXMLToArgvFiles
-/home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:107
-virtTestRun
-/home/berrange/src/virt/libvirt/tests/testutils.c:266
-mymain
-/home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:388 (discriminator 2)
-virtTestMain
-/home/berrange/src/virt/libvirt/tests/testutils.c:791
-__libc_start_main
-??:?
-_start
-??:?
-    </pre>
-
-    <h3><a name="noncrash">Non-crash related problems</a></h3>
-
-    <p>
-      Not all memory allocation bugs result in code crashing. Sometimes
-      the code will be silently ignoring the allocation failure, resulting
-      in incorrect data being produced. For example the XML parser may
-      mistakenly treat an allocation failure as indicating that an XML
-      attribute was not set in the input document. It is hard to identify
-      these problems from the test suite automatically. For this, the
-      test suites should be run with <code>VIR_TEST_DEBUG=1</code> set
-      and then stderr analysed for any unexpected data. For example,
-      the XML conversion may show an embedded "(null)" literal, or the
-      test suite might complain about missing elements / attributes
-      in the actual vs expected data. These are all signs of bugs in
-      OOM handling. In the future the OOM tests will be enhanced to
-      validate that an error VIR_ERR_NO_MEMORY is returned for each
-      allocation failed, rather than some other error.
-    </p>
-  </body>
-</html>

docs/internals/rpc.html.in

@@ -743,7 +743,7 @@
 
     <p>
       The main libvirt event loop thread is responsible for performing all
-      socket I/O. It will read incoming packets from clients and will
+      socket I/O. It will read incoming packets from clients and willl
       transmit outgoing packets to clients. It will handle the I/O to/from
       streams associated with client API calls. When doing client I/O it
       will also pass the data through any applicable encryption layer

docs/java.html.in

@@ -130,7 +130,7 @@ public class minitest {
         Connect conn=null;
         try{
             conn = new <span style="color: #0071FF; background-color: #FFFFFF">Connect</span>("test:///default", true);
-        } catch (<span style="color: #0071FF; background-color: #FFFFFF">LibvirtException</span> e) {
+        } catch (<span style="color: #0071FF; background-color: #FFFFFF">LibvirtException</span> e){
             System.out.println("exception caught:"+e);
             System.out.println(e.getError());
         }
@@ -139,7 +139,7 @@ public class minitest {
             System.out.println("Domain:" + testDomain.<span style="color: #E50073; background-color: #FFFFFF">getName</span>() + " id " +
                                testDomain.<span style="color: #E50073; background-color: #FFFFFF">getID</span>() + " running " +
                                testDomain.<span style="color: #E50073; background-color: #FFFFFF">getOSType</span>());
-        } catch (<span style="color: #0071FF; background-color: #FFFFFF">LibvirtException</span> e) {
+        } catch (<span style="color: #0071FF; background-color: #FFFFFF">LibvirtException</span> e){
             System.out.println("exception caught:"+e);
             System.out.println(e.getError());
         }

docs/libvirt.css

@@ -1,3 +1,5 @@
+
+
 h1 {
     font-weight: normal;
     color: #3c857c;
@@ -489,23 +491,3 @@ table.acl tr, table.acl td {
 table.acl thead {
     background: #ddd;
 }
-
-div.description pre.code {
-    border: 1px dashed grey;
-    background-color: inherit;
-    padding: 5px 10px 5px 10px;
-    margin-left: 2.5em;
-}
-
-a.headerlink {
-    text-decoration: none!important;
-    visibility: hidden;
-}
-
-h2:hover > a.headerlink,
-h3:hover > a.headerlink,
-h4:hover > a.headerlink,
-h5:hover > a.headerlink,
-h6:hover > a.headerlink {
-    visibility: visible;
-}

docs/logging.html.in

@@ -3,17 +3,30 @@
 <html xmlns="http://www.w3.org/1999/xhtml">
   <body>
     <h1 >Logging in the library and the daemon</h1>
-
     <p>Libvirt includes logging facilities starting from version 0.6.0,
        this complements the <a href="errors.html">error handling</a>
        mechanism and APIs to allow tracing through the execution of the
        library as well as in the libvirtd daemon.</p>
-
-    <ul id="toc"/>
-
-    <h2>
+    <ul>
+      <li>
+        <a href="#log_library">Logging in the library</a>
+      </li>
+      <li>
+        <a href="#log_config">Configuring logging in the library</a>
+      </li>
+      <li>
+        <a href="#log_daemon">Logging in the daemon</a>
+      </li>
+      <li>
+        <a href="#log_syntax">Syntax for filters and output values</a>
+      </li>
+      <li>
+        <a href="#log_examples">Examples</a>
+      </li>
+    </ul>
+    <h3>
       <a name="log_library">Logging in the library</a>
-    </h2>
+    </h3>
     <p>The logging functionalities in libvirt are based on 3 key concepts,
        similar to the one present in other generic logging facilities like
        log4j:</p>
@@ -38,10 +51,16 @@
           all messages to a debugging file but only allow errors to be
           logged through syslog.</li>
     </ul>
+    <p>Note that the logging module saves all logs to a <b>debug buffer</b>
+       filled in a round-robin fashion as to keep a full log of the
+       recent logs including all debug. The debug buffer can be resized
+       or deactivated in the daemon using the log_buffer_size variable,
+       default is 64 kB. This can be used when debugging the library
+       (see the virLogBuffer variable content).</p>
 
-    <h2>
+    <h3>
       <a name="log_config">Configuring logging in the library</a>
-    </h2>
+    </h3>
     <p>The library configuration of logging is through 3 environment variables
     allowing to control the logging behaviour:</p>
     <ul>
@@ -49,7 +68,7 @@
       <ul>
         <li>1 or "debug": asking the library to log every message emitted,
             though the filters can be used to avoid filling up the output</li>
-        <li>2 or "info": log all non-debugging information</li>
+        <li>2 or "info": log all non-debugging informations</li>
         <li>3 or "warn": log warnings and errors, that's the default value</li>
         <li>4 or "error": log only error messages</li>
       </ul></li>
@@ -60,9 +79,9 @@
        you specify an invalid value, it will be ignored with a warning. If you
        have an error in a filter or output string, some of the settings may be
        applied up to the point at which libvirt encountered the error.</p>
-    <h2>
+    <h3>
       <a name="log_daemon">Logging in the daemon</a>
-    </h2>
+    </h3>
     <p>Similarly the daemon logging behaviour can be tuned using 3 config
     variables, stored in the configuration file:</p>
     <ul>
@@ -70,7 +89,7 @@
       <ul>
         <li>4: only errors</li>
         <li>3: warnings and errors</li>
-        <li>2: information, warnings and errors</li>
+        <li>2: informations, warnings and errors</li>
         <li>1: debug and everything</li>
       </ul></li>
       <li>log_filters: defines logging filters</li>
@@ -79,13 +98,9 @@
     <p>When starting the libvirt daemon, any logging environment variable
        settings will override settings in the config file. Command line options
        take precedence over all. If no outputs are defined for libvirtd, it
-       will try to use</p>
-    <ul>
-      <li>0.10.0 or later: systemd journal, if <code>/run/systemd/journal/socket</code> exists</li>
-      <li>0.9.0 or later: file <code>/var/log/libvirt/libvirtd.log</code> if running as a daemon</li>
-      <li>before 0.9.0: syslog if running as a daemon</li>
-      <li>all versions: to stderr stream if running in the foreground</li>
-    </ul>
+       defaults to logging to /var/log/libvirt/libvirtd.log (before 0.9.0
+       it was using syslog) when it is running as a daemon, or to
+       stderr when it is running in the foreground.</p>
     <p>Libvirtd does not reload its logging configuration when issued a SIGHUP.
        If you want to reload the configuration, you must do a <code>service
        libvirtd restart</code> or manually stop and restart the daemon
@@ -95,9 +110,9 @@
        by default) in case of crash, this can also be activated explicitly
        for debugging purposes by sending the daemon a USR2 signal:</p>
        <pre>killall -USR2 libvirtd</pre>
-    <h2>
+    <h3>
       <a name="log_syntax">Syntax for filters and output values</a>
-    </h2>
+    </h3>
     <p>The syntax for filters and outputs is the same for both types of
        variables.</p>
     <p>The format for a filter is one of:</p>
@@ -131,7 +146,6 @@
       given <code>name</code> as the ident</li>
       <li><code>x:file:file_path</code> output to a file, with the given
       filepath</li>
-      <li><code>x:journald</code> output goes to systemd journal</li>
     </ul>
     <p>In all cases the x prefix is the minimal level, acting as a filter:</p>
     <ul>
@@ -145,81 +159,9 @@
        will log all warnings and errors to syslog under the libvirtd ident
        but also log all debug and information included in the
        file <code>/tmp/libvirt.log</code></p>
-
-    <h2><a name="journald">Systemd journal fields</a></h2>
-
-    <p>
-      When logging to the systemd journal, the following fields
-      are defined, in addition to any automatically recorded
-      <a href="http://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html">standard fields</a>:
-    </p>
-
-    <dl>
-      <dt><code>MESSAGE</code></dt>
-      <dd>The log message string</dd>
-      <dt><code>PRIORITY</code></dt>
-      <dd>The log priority value</dd>
-      <dt><code>LIBVIRT_SOURCE</code></dt>
-      <dd>The source type, one of "file", "error", "audit", "trace", "library"</dd>
-      <dt><code>CODE_FILE</code></dt>
-      <dd>The name of the file emitting the log record</dd>
-      <dt><code>CODE_LINE</code></dt>
-      <dd>The line number of the file emitting the log record</dd>
-      <dt><code>CODE_FUNC</code></dt>
-      <dd>The name of the function emitting the log record</dd>
-      <dt><code>LIBVIRT_DOMAIN</code></dt>
-      <dd>The libvirt error domain (values from virErrorDomain enum), if LIBVIRT_SOURCE="error"</dd>
-      <dt><code>LIBVIRT_CODE</code></dt>
-      <dd>The libvirt error code (values from virErrorCode enum), if LIBVIRT_SOURCE="error"</dd>
-    </dl>
-
-    <h3><a name="journaldids">Well known message ID values</a></h3>
-
-    <p>
-      Certain areas of the code will emit log records tagged with well known
-      unique id values, which are guaranteed never to change in the future.
-      This allows applications to identify critical log events without doing
-      string matching on the <code>MESSAGE</code> field.
-    </p>
-
-    <dl>
-      <dt><code>MESSAGE_ID=8ae2f3fb-2dbe-498e-8fbd-012d40afa361</code></dt>
-      <dd>Generated by the QEMU driver when it identifies a QEMU system
-        emulator binary, but is unable to extract information about its
-        capabilities. This is usually an indicator of a broken QEMU
-        build or installation. When this is emitted, the <code>LIBVIRT_QEMU_BINARY</code>
-        message field will provide the full path of the QEMU binary that failed.
-      </dd>
-    </dl>
-
-    <p>
-      The <code>journalctl</code> command can be used to search the journal
-      matching on specific message ID values
-    </p>
-
-    <pre>
- $ journalctl MESSAGE_ID=8ae2f3fb-2dbe-498e-8fbd-012d40afa361 --output=json
- { ...snip...
-   "LIBVIRT_SOURCE" : "file",
-   "PRIORITY" : "3",
-   "CODE_FILE" : "qemu/qemu_capabilities.c",
-   "CODE_LINE" : "2770",
-   "CODE_FUNC" : "virQEMUCapsLogProbeFailure",
-   "MESSAGE_ID" : "8ae2f3fb-2dbe-498e-8fbd-012d40afa361",
-   "LIBVIRT_QEMU_BINARY" : "/bin/qemu-system-xtensa",
-   "MESSAGE" : "Failed to probe capabilities for /bin/qemu-system-xtensa:" \
-               "internal error: Child process (LC_ALL=C LD_LIBRARY_PATH=/home/berrange" \
-               "/src/virt/libvirt/src/.libs PATH=/usr/lib64/ccache:/usr/local/sbin:" \
-               "/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin HOME=/root " \
-               "USER=root LOGNAME=root /bin/qemu-system-xtensa -help) unexpected " \
-               "exit status 127: /bin/qemu-system-xtensa: error while loading shared " \
-               "libraries: libglapi.so.0: cannot open shared object file: No such " \
-               "file or directory\n" }
-    </pre>
-
-    <h2>
+    <h3>
       <a name="log_examples">Examples</a>
-    </h2>
+    </h3>
     <p>For example setting up the following:</p>
     <pre>export LIBVIRT_DEBUG=1
 export LIBVIRT_LOG_OUTPUTS="1:file:virsh.log"</pre>
@@ -239,5 +181,9 @@ log_outputs="1:file:/var/log/libvirt/libvirtd.log"</pre>
     <p>in libvirtd.conf and restart the daemon will allow to
     gather a copious amount of debugging traces for the operations done
     in those areas.</p>
+    <p>On the other hand to deactivate the logbuffer in the daemon
+    for stable high load servers, set</p>
+    <pre>log_buffer_size=0</pre>
+    <p>in the libvirtd.conf.</p>
   </body>
 </html>

docs/newapi.xsl

@@ -129,19 +129,6 @@
         <a href="libvirt-{$ref/@file}.html#{$ref/@name}"><xsl:value-of select="$stem"/></a>
         <xsl:value-of select="substring-after($token, $stem)"/>
       </xsl:when>
-      <xsl:when test="starts-with($token, 'http://')">
-        <a href="{$token}">
-          <xsl:value-of select="$token"/>
-        </a>
-      </xsl:when>
-      <xsl:when test="starts-with($token, '&lt;http://') and contains($token, '&gt;')">
-        <xsl:variable name="link"
-                      select="substring(substring-before($token, '&gt;'), 2)"/>
-        <a href="{$link}">
-          <xsl:value-of select="$link"/>
-        </a>
-        <xsl:value-of select="substring-after($token, '&gt;')"/>
-      </xsl:when>
       <xsl:otherwise>
         <xsl:value-of select="$token"/>
       </xsl:otherwise>
@@ -163,67 +150,6 @@
     </xsl:for-each>
   </xsl:template>
 
-
-  <!-- process blocks of text. blocks are separated by two consecutive line -->
-  <!-- breaks.                                                              -->
-  <!--                                                                      -->
-  <!-- blocks indented with at least 2 spaces are considered code blocks.   -->
-  <!--                                                                      -->
-  <!-- consecutive code blocks are collapsed into a single code block.      -->
-  <xsl:template name="formatblock">
-    <xsl:param name="block"/>
-    <xsl:param name="rest"/>
-
-    <xsl:variable name="multipleCodeBlocks"
-                  select="starts-with($block, '  ') and starts-with($rest, '  ')"/>
-
-    <xsl:choose>
-      <xsl:when test="$multipleCodeBlocks">
-        <xsl:call-template name="formatblock">
-          <xsl:with-param name="block">
-            <xsl:choose>
-              <xsl:when test="contains($rest, '&#xA;&#xA;')">
-                <xsl:value-of select="concat($block, '&#xA;  &#xA;',
-                                        substring-before($rest, '&#xA;&#xA;'))" />
-              </xsl:when>
-              <xsl:otherwise>
-                <xsl:value-of select="concat($block, '&#xA;  &#xA;', $rest)" />
-              </xsl:otherwise>
-            </xsl:choose>
-          </xsl:with-param>
-          <xsl:with-param name="rest" select="substring-after($rest, '&#xA;&#xA;')"/>
-        </xsl:call-template>
-      </xsl:when>
-      <xsl:when test="starts-with($block, '  ')">
-        <pre class="code"><xsl:for-each select="str:tokenize($block, '&#xA;')">
-          <xsl:choose>
-            <xsl:when test="starts-with(., '  ')">
-              <xsl:value-of select="substring(., 3)"/>
-            </xsl:when>
-            <xsl:otherwise>
-              <xsl:value-of select="."/>
-            </xsl:otherwise>
-          </xsl:choose>
-          <xsl:if test="position() != last()">
-            <xsl:text>&#xA;</xsl:text>
-          </xsl:if>
-        </xsl:for-each></pre>
-      </xsl:when>
-      <xsl:otherwise>
-        <p>
-          <xsl:call-template name="dumptext">
-            <xsl:with-param name="text" select="$block"/>
-          </xsl:call-template>
-        </p>
-      </xsl:otherwise>
-    </xsl:choose>
-    <xsl:if test="not($multipleCodeBlocks)">
-      <xsl:call-template name="formattext">
-        <xsl:with-param name="text" select="$rest"/>
-      </xsl:call-template>
-    </xsl:if>
-  </xsl:template>
-
   <xsl:template name="formattext">
     <xsl:param name="text" />
 
@@ -231,19 +157,28 @@
       <xsl:variable name="head" select="substring-before($text, '&#xA;&#xA;')"/>
       <xsl:variable name="rest" select="substring-after($text, '&#xA;&#xA;')"/>
 
-      <xsl:call-template name="formatblock">
-        <xsl:with-param name="block">
-          <xsl:choose>
-            <xsl:when test="contains($text, '&#xA;&#xA;')">
-              <xsl:value-of select="$head"/>
-            </xsl:when>
-            <xsl:otherwise>
-              <xsl:value-of select="$text"/>
-            </xsl:otherwise>
-          </xsl:choose>
-        </xsl:with-param>
-        <xsl:with-param name="rest" select="$rest"/>
-      </xsl:call-template>
+      <xsl:choose>
+        <xsl:when test="$head">
+          <p>
+            <xsl:call-template name="dumptext">
+              <xsl:with-param name="text" select="$head"/>
+            </xsl:call-template>
+          </p>
+        </xsl:when>
+        <xsl:when test="not($rest)">
+          <p>
+            <xsl:call-template name="dumptext">
+              <xsl:with-param name="text" select="$text"/>
+            </xsl:call-template>
+          </p>
+        </xsl:when>
+      </xsl:choose>
+
+      <xsl:if test="$rest">
+        <xsl:call-template name="formattext">
+          <xsl:with-param name="text" select="$rest"/>
+        </xsl:call-template>
+      </xsl:if>
     </xsl:if>
   </xsl:template>
 
@@ -429,7 +364,7 @@
     <xsl:variable name="name" select="string(@name)"/>
     <h3><a name="{$name}"><code><xsl:value-of select="$name"/></code></a></h3>
     <pre class="api"><span class="directive">#define</span><xsl:text> </xsl:text><xsl:value-of select="$name"/></pre>
-    <div class="description">
+    <div>
     <xsl:call-template name="formattext">
       <xsl:with-param name="text" select="info"/>
     </xsl:call-template>
@@ -581,7 +516,7 @@
     <xsl:text>)
 </xsl:text>
     </pre>
-    <div class="description">
+    <div>
     <xsl:call-template name="formattext">
       <xsl:with-param name="text" select="info"/>
     </xsl:call-template>
@@ -657,7 +592,7 @@
     </xsl:for-each>
     <xsl:text>)</xsl:text>
     </pre>
-    <div class="description">
+    <div>
     <xsl:call-template name="formattext">
       <xsl:with-param name="text" select="info"/>
     </xsl:call-template>
@@ -703,11 +638,7 @@
       <h2 style="font-weight:bold;color:red;text-align:center">This module is deprecated</h2>
     </xsl:if>
     <xsl:if test="description">
-      <p>
-        <xsl:call-template name="dumptext">
-          <xsl:with-param name="text" select="description"/>
-        </xsl:call-template>
-      </p>
+      <p><xsl:value-of select="description"/></p>
     </xsl:if>
   </xsl:template>
 

docs/page.xsl

@@ -185,24 +185,4 @@
 
     <xsl:apply-templates select="exsl:node-set($inchtml)/html:html/html:body/*" mode="content"/>
   </xsl:template>
-
-  <xsl:template match="html:h2 | html:h3 | html:h4 | html:h5 | html:h6" mode="content">
-    <xsl:element name="{name()}">
-      <xsl:apply-templates mode="copy" />
-      <xsl:if test="./html:a/@name">
-        <a class="headerlink" href="#{html:a/@name}" title="Permalink to this headline">&#xb6;</a>
-      </xsl:if>
-    </xsl:element>
-  </xsl:template>
-
-  <xsl:template match="text()" mode="copy">
-    <xsl:value-of select="."/>
-  </xsl:template>
-
-  <xsl:template match="node()" mode="copy">
-    <xsl:element name="{name()}">
-      <xsl:copy-of select="./@*"/>
-      <xsl:apply-templates mode="copy" />
-    </xsl:element>
-  </xsl:template>
 </xsl:stylesheet>

docs/remote.html.in

@@ -376,7 +376,7 @@ Note that parameter values must be
         <td> libssh2 </td>
         <td>
   A comma separated list of authentication methods to use. Default (is
-  "agent,privkey,keyboard-interactive". The order of the methods is preserved.
+  "agent,privkey,keyboard-interactive". The order of the methods is perserved.
   Some methods may require additional parameters.
 </td>
       </tr>

docs/schemas/Makefile.am

@@ -1,4 +1,4 @@
-## Copyright (C) 2005-2011, 2013-2014 Red Hat, Inc.
+## Copyright (C) 2005-2011, 2013 Red Hat, Inc.
 ##
 ## This library is free software; you can redistribute it and/or
 ## modify it under the terms of the GNU Lesser General Public
@@ -19,7 +19,6 @@ schema_DATA = \
 	basictypes.rng \
 	capability.rng \
 	domain.rng \
-	domaincaps.rng \
 	domaincommon.rng \
 	domainsnapshot.rng \
 	interface.rng \
@@ -28,7 +27,8 @@ schema_DATA = \
 	nodedev.rng \
 	nwfilter.rng \
 	secret.rng \
-	storagecommon.rng \
+	storageencryption.rng \
+	storagefilefeatures.rng \
 	storagepool.rng \
 	storagevol.rng
 

docs/schemas/basictypes.rng

@@ -77,7 +77,10 @@
     </attribute>
     <optional>
       <attribute name="multifunction">
-        <ref name="virOnOff"/>
+        <choice>
+          <value>on</value>
+          <value>off</value>
+        </choice>
       </attribute>
     </optional>
   </define>
@@ -228,12 +231,6 @@
     </data>
   </define>
 
-  <define name="dirPath">
-    <data type="string">
-      <param name="pattern">[a-zA-Z0-9_\.\+\-\\&amp;&quot;&apos;&lt;&gt;/%]+</param>
-    </data>
-  </define>
-
   <define name="absFilePath">
     <data type="string">
       <param name="pattern">/[a-zA-Z0-9_\.\+\-\\&amp;&quot;&apos;&lt;&gt;/%,]+</param>
@@ -294,21 +291,13 @@
   </define>
 
   <define name='volName'>
-    <!-- directory pools allow almost any file name as a volume name -->
     <data type='string'>
-      <param name="pattern">[^/]+</param>
-      <except>
-        <choice>
-          <value>.</value>
-          <value>..</value>
-        </choice>
-      </except>
+      <param name="pattern">[a-zA-Z0-9_\+\-\.]+</param>
     </data>
   </define>
 
   <define name='archnames'>
     <choice>
-      <value>aarch64</value>
       <value>alpha</value>
       <value>armv7l</value>
       <value>cris</value>
@@ -358,27 +347,9 @@
               <value>scsi_host</value>
             </attribute>
           </optional>
-          <choice>
-            <group>
-              <attribute name='name'>
-                <text/>
-              </attribute>
-            </group>
-            <group>
-              <interleave>
-                <element name="parentaddr">
-                  <optional>
-                    <attribute name='unique_id'>
-                      <ref name='positiveInteger'/>
-                    </attribute>
-                  </optional>
-                  <element name="address">
-                    <ref name="pciaddress"/>
-                  </element>
-                </element>
-              </interleave>
-            </group>
-          </choice>
+          <attribute name='name'>
+            <text/>
+          </attribute>
         </group>
         <group>
           <attribute name='type'>
@@ -401,60 +372,4 @@
     </element>
   </define>
 
-  <define name="isaaddress">
-    <optional>
-      <attribute name="iobase">
-        <data type="string">
-          <param name="pattern">0x[a-fA-F0-9]{1,4}</param>
-        </data>
-      </attribute>
-    </optional>
-    <optional>
-      <attribute name="irq">
-        <data type="string">
-          <param name="pattern">0x[a-fA-F0-9]</param>
-        </data>
-      </attribute>
-    </optional>
-  </define>
-
-  <define name="link-speed-state">
-    <optional>
-      <element name="link">
-        <optional>
-          <attribute name="speed">
-            <ref name="unsignedInt"/>
-          </attribute>
-        </optional>
-        <optional>
-          <attribute name="state">
-            <choice>
-              <value>unknown</value>
-              <value>notpresent</value>
-              <value>down</value>
-              <value>lowerlayerdown</value>
-              <value>testing</value>
-              <value>dormant</value>
-              <value>up</value>
-            </choice>
-          </attribute>
-        </optional>
-      </element>
-    </optional>
-  </define>
-
-  <define name="virYesNo">
-    <choice>
-      <value>yes</value>
-      <value>no</value>
-    </choice>
-  </define>
-
-  <define name="virOnOff">
-    <choice>
-      <value>on</value>
-      <value>off</value>
-    </choice>
-  </define>
-
 </grammar>

docs/schemas/capability.rng

@@ -60,14 +60,6 @@
           <element name='doi'>
             <text/>
           </element>
-          <zeroOrMore>
-            <element name='baselabel'>
-              <attribute name='type'>
-                <text/>
-              </attribute>
-              <text/>
-            </element>
-          </zeroOrMore>
        </interleave>
     </element>
   </define>
@@ -118,9 +110,6 @@
         <empty/>
       </element>
     </zeroOrMore>
-    <zeroOrMore>
-      <ref name='pagesElem'/>
-    </zeroOrMore>
   </define>
 
   <define name='power_management'>
@@ -191,25 +180,6 @@
         <ref name='memory'/>
       </optional>
 
-      <zeroOrMore>
-        <ref name='pagesElem'/>
-      </zeroOrMore>
-
-      <optional>
-        <element name='distances'>
-          <zeroOrMore>
-            <element name='sibling'>
-              <attribute name='id'>
-                <ref name='unsignedInt'/>
-              </attribute>
-              <attribute name='value'>
-                <ref name='unsignedInt'/>
-              </attribute>
-            </element>
-          </zeroOrMore>
-        </element>
-      </optional>
-
       <optional>
         <element name='cpus'>
           <attribute name='num'>
@@ -393,22 +363,22 @@
             <empty/>
           </element>
         </optional>
-        <optional>
-          <element name='disksnapshot'>
-            <ref name='featuretoggle'/>
-            <empty/>
-          </element>
-        </optional>
       </interleave>
     </element>
   </define>
 
   <define name='featuretoggle'>
     <attribute name='toggle'>
-      <ref name="virYesNo"/>
+      <choice>
+        <value>yes</value>
+        <value>no</value>
+      </choice>
     </attribute>
     <attribute name='default'>
-      <ref name="virOnOff"/>
+      <choice>
+        <value>on</value>
+        <value>off</value>
+      </choice>
     </attribute>
   </define>
 
@@ -417,18 +387,4 @@
       <param name='pattern'>[a-zA-Z0-9\-_]+</param>
     </data>
   </define>
-
-  <define name='pagesElem'>
-    <element name='pages'>
-      <optional>
-        <attribute name='unit'>
-          <ref name='unit'/>
-        </attribute>
-      </optional>
-      <attribute name='size'>
-        <ref name='unsignedInt'/>
-      </attribute>
-      <ref name='unsignedInt'/>
-    </element>
-  </define>
 </grammar>

docs/schemas/domain.rng

@@ -1,21 +1,9 @@
 <?xml version="1.0"?>
 <grammar xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
-  <!-- Grammar for accepting a domain element, both as top level, and
-       also suitable for inclusion in domainsnapshot.rng -->
+  <!-- We handle only document defining a domain -->
   <start>
     <ref name="domain"/>
   </start>
 
   <include href='domaincommon.rng'/>
-
-  <define name='storageStartupPolicy' combine='choice'>
-    <!-- overrides the no-op version in storagecommon.rng -->
-    <ref name='startupPolicy'/>
-  </define>
-
-  <define name='storageSourceExtra' combine='choice'>
-    <!-- overrides the no-op version in storagecommon.rng -->
-    <ref name='diskspec'/>
-  </define>
-
 </grammar>

docs/schemas/domaincaps.rng

@@ -1,115 +0,0 @@
-<?xml version="1.0"?>
-<!-- A Relax NG schema for the libvirt domain capabilities XML format -->
-<grammar xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
-  <include href='basictypes.rng'/>
-  <start>
-    <ref name='domainCapabilities'/>
-  </start>
-
-
-  <define name='domainCapabilities'>
-    <element name='domainCapabilities'>
-      <interleave>
-        <element name='path'>
-          <ref name="absFilePath"/>
-        </element>
-        <element name='domain'>
-          <text/>
-        </element>
-        <element name='machine'>
-          <text/>
-        </element>
-        <element name='arch'>
-          <text/>
-        </element>
-        <optional>
-          <ref name='vcpu'/>
-        </optional>
-        <optional>
-          <ref name='os'/>
-        </optional>
-        <optional>
-          <ref name='devices'/>
-        </optional>
-      </interleave>
-    </element>
-  </define>
-
-  <define name='vcpu'>
-    <element name='vcpu'>
-      <attribute name='max'>
-        <ref name='unsignedInt'/>
-      </attribute>
-      <empty/>
-    </element>
-  </define>
-
-  <define name='loader'>
-    <element name='loader'>
-      <ref name='supported'/>
-      <optional>
-        <ref name='value'/>
-      </optional>
-      <ref name='enum'/>
-    </element>
-  </define>
-
-  <define name='os'>
-    <element name='os'>
-      <interleave>
-        <ref name='supported'/>
-        <optional>
-          <ref name='loader'/>
-        </optional>
-      </interleave>
-    </element>
-  </define>
-
-  <define name='devices'>
-    <element name='devices'>
-      <interleave>
-        <ref name='disk'/>
-        <ref name='hostdev'/>
-      </interleave>
-    </element>
-  </define>
-
-  <define name='disk'>
-    <element name='disk'>
-      <ref name='supported'/>
-      <ref name='enum'/>
-    </element>
-  </define>
-
-  <define name='hostdev'>
-    <element name='hostdev'>
-      <ref name='supported'/>
-      <ref name='enum'/>
-    </element>
-  </define>
-
-  <define name='value'>
-    <zeroOrMore>
-      <element name='value'>
-        <text/>
-      </element>
-    </zeroOrMore>
-  </define>
-
-  <define name='supported'>
-    <attribute name='supported'>
-      <ref name="virYesNo"/>
-    </attribute>
-  </define>
-
-  <define name='enum'>
-    <zeroOrMore>
-      <element name='enum'>
-        <attribute name='name'>
-          <text/>
-        </attribute>
-        <ref name='value'/>
-      </element>
-    </zeroOrMore>
-  </define>
-</grammar>

docs/schemas/domainsnapshot.rng

@@ -75,12 +75,7 @@
                 <ref name="UUID"/>
               </element>
             </element>
-            <!-- Nested grammar ensures that any of our overrides of
-                 storagecommon/domaincommon defines do not conflict
-                 with any domain.rng overrides.  -->
-            <grammar>
-              <include href='domain.rng'/>
-            </grammar>
+            <ref name='domain'/>
           </choice>
         </optional>
         <optional>
@@ -107,11 +102,6 @@
     </choice>
   </define>
 
-  <define name='storageSourceExtra' combine='choice'>
-    <!-- overrides the no-op version in storagecommon.rng -->
-    <ref name='disksnapshotdriver'/>
-  </define>
-
   <define name='disksnapshot'>
     <element name='disk'>
       <attribute name='name'>
@@ -133,64 +123,31 @@
               <value>external</value>
             </attribute>
           </optional>
-          <choice>
-            <group>
-              <optional>
-                <attribute name='type'>
-                  <value>file</value>
-                </attribute>
-              </optional>
-              <interleave>
+          <interleave>
+            <optional>
+              <element name='driver'>
                 <optional>
-                  <element name='source'>
-                    <optional>
-                      <attribute name='file'>
-                        <ref name='absFilePath'/>
-                      </attribute>
-                    </optional>
-                    <optional>
-                      <ref name='storageStartupPolicy'/>
-                    </optional>
-                    <empty/>
-                  </element>
+                  <attribute name='type'>
+                    <ref name='storageFormat'/>
+                  </attribute>
                 </optional>
-                <ref name='storageSourceExtra'/>
-              </interleave>
-            </group>
-            <group>
-              <attribute name='type'>
-                <value>block</value>
-              </attribute>
-              <interleave>
+                <empty/>
+              </element>
+            </optional>
+            <optional>
+              <element name='source'>
                 <optional>
-                  <element name="source">
-                    <attribute name="dev">
-                      <ref name="absFilePath"/>
-                    </attribute>
-                    <empty/>
-                  </element>
+                  <attribute name='file'>
+                    <ref name='absFilePath'/>
+                  </attribute>
                 </optional>
-                <ref name='storageSourceExtra'/>
-              </interleave>
-            </group>
-            <ref name='diskSourceNetwork'/>
-          </choice>
+                <empty/>
+              </element>
+            </optional>
+          </interleave>
         </group>
       </choice>
     </element>
   </define>
 
-  <define name='disksnapshotdriver'>
-    <optional>
-      <element name='driver'>
-        <optional>
-          <attribute name='type'>
-            <ref name='storageFormatBacking'/>
-          </attribute>
-        </optional>
-        <empty/>
-      </element>
-    </optional>
-  </define>
-
 </grammar>

docs/schemas/interface.rng

@@ -29,41 +29,34 @@
        Ethernet adapter
   -->
   <define name="basic-ethernet-content">
-    <interleave>
-      <attribute name="type">
-        <value>ethernet</value>
-      </attribute>
-      <ref name="name-attr"/>
-      <!-- If no MAC is given when the interface is defined, it is determined
-           by using the device name.
-           FIXME: What if device name and MAC don't specify the same NIC ? -->
-      <optional>
-        <element name="mac">
-          <attribute name="address"><ref name="macAddr"/></attribute>
-        </element>
-      </optional>
-      <ref name="link-speed-state"/>
-      <!-- FIXME: Allow (some) ethtool options -->
-    </interleave>
+    <attribute name="type">
+      <value>ethernet</value>
+    </attribute>
+    <ref name="name-attr"/>
+    <!-- If no MAC is given when the interface is defined, it is determined
+         by using the device name.
+         FIXME: What if device name and MAC don't specify the same NIC ? -->
+    <optional>
+      <element name="mac">
+        <attribute name="address"><ref name="macAddr"/></attribute>
+      </element>
+    </optional>
+    <!-- FIXME: Allow (some) ethtool options -->
   </define>
 
   <!-- Ethernet adapter without IP addressing, e.g. for a bridge -->
   <define name="bare-ethernet-interface">
     <element name="interface">
-      <interleave>
-        <ref name="basic-ethernet-content"/>
-      </interleave>
+      <ref name="basic-ethernet-content"/>
     </element>
   </define>
 
   <define name="ethernet-interface">
     <element name="interface">
-      <interleave>
-        <ref name="startmode"/>
-        <ref name="basic-ethernet-content"/>
-        <ref name="mtu"/>
-        <ref name="interface-addressing"/>
-      </interleave>
+      <ref name="startmode"/>
+      <ref name="basic-ethernet-content"/>
+      <ref name="mtu"/>
+      <ref name="interface-addressing"/>
     </element>
   </define>
 
@@ -78,7 +71,6 @@
          of the form DEVICE.VLAN
     -->
     <optional><ref name="name-attr"/></optional>
-    <ref name="link-speed-state"/>
   </define>
 
   <define name="vlan-device">
@@ -92,22 +84,18 @@
 
   <define name="bare-vlan-interface">
     <element name="interface">
-      <interleave>
-        <ref name="vlan-interface-common"/>
-        <ref name="vlan-device"/>
-      </interleave>
+      <ref name="vlan-interface-common"/>
+      <ref name="vlan-device"/>
     </element>
   </define>
 
   <define name="vlan-interface">
     <element name="interface">
-      <interleave>
-        <ref name="vlan-interface-common"/>
-        <ref name="startmode"/>
-        <ref name="mtu"/>
-        <ref name="interface-addressing"/>
-        <ref name="vlan-device"/>
-      </interleave>
+      <ref name="vlan-interface-common"/>
+      <ref name="startmode"/>
+      <ref name="mtu"/>
+      <ref name="interface-addressing"/>
+      <ref name="vlan-device"/>
     </element>
   </define>
 
@@ -116,33 +104,31 @@
   -->
   <define name="bridge-interface">
     <element name="interface">
-      <interleave>
-        <attribute name="type">
-          <value>bridge</value>
-        </attribute>
-        <ref name="name-attr"/>
-        <ref name="startmode"/>
-        <ref name="mtu"/>
-        <ref name="interface-addressing"/>
-        <element name="bridge">
-          <optional>
-            <attribute name="stp">
-              <ref name="virOnOff"/>
-            </attribute>
-          </optional>
-          <!-- Bridge forward delay (see 'brctl setfd') -->
-          <optional v:since="2">
-            <attribute name="delay"><ref name="timeval"/></attribute>
-          </optional>
-          <zeroOrMore>
-            <choice>
-              <ref name="bare-ethernet-interface"/>
-              <ref name="bare-vlan-interface"/>
-              <ref v:since="2" name="bare-bond-interface"/>
-            </choice>
-          </zeroOrMore>
-        </element>
-      </interleave>
+      <attribute name="type">
+        <value>bridge</value>
+      </attribute>
+      <ref name="name-attr"/>
+      <ref name="startmode"/>
+      <ref name="mtu"/>
+      <ref name="interface-addressing"/>
+      <element name="bridge">
+        <optional>
+          <attribute name="stp">
+            <ref name="on-or-off"/>
+          </attribute>
+        </optional>
+        <!-- Bridge forward delay (see 'brctl setfd') -->
+        <optional v:since="2">
+          <attribute name="delay"><ref name="timeval"/></attribute>
+        </optional>
+        <zeroOrMore>
+          <choice>
+            <ref name="bare-ethernet-interface"/>
+            <ref name="bare-vlan-interface"/>
+            <ref v:since="2" name="bare-bond-interface"/>
+          </choice>
+        </zeroOrMore>
+      </element>
     </element>
   </define>
   <!-- Jim Fehlig would like support for other bridge attributes, in
@@ -157,7 +143,6 @@
       <value>bond</value>
     </attribute>
     <ref name="name-attr"/>
-    <ref name="link-speed-state"/>
   </define>
 
   <define name="bond-element">
@@ -194,73 +179,67 @@
              xmit_hash_policy       (since 2.6.3/3.2.2)
       -->
 
-      <interleave>
-        <optional>
-          <choice>
-            <element name="miimon">
-              <!-- miimon frequency in ms -->
-              <attribute name="freq"><ref name="unsignedInt"/></attribute>
-              <optional>
-                <attribute name="downdelay"><ref name="unsignedInt"/></attribute>
-              </optional>
-              <optional>
-                <attribute name="updelay"><ref name="unsignedInt"/></attribute>
-              </optional>
-              <optional>
-                <!-- use_carrier -->
-                <attribute name="carrier">
-                  <choice>
-                    <!-- use MII/ETHTOOL ioctl -->
-                    <value>ioctl</value>
-                    <!-- use netif_carrier_ok() -->
-                    <value>netif</value>
-                  </choice>
-                </attribute>
-              </optional>
-            </element>
-            <element name="arpmon">
-              <attribute name="interval"><ref name="unsignedInt"/></attribute>
-              <attribute name="target"><ref name="ipv4Addr"/></attribute>
-              <optional>
-                <attribute name="validate">
-                  <choice>
-                    <value>none</value>
-                    <value>active</value>
-                    <value>backup</value>
-                    <value>all</value>
-                  </choice>
-                </attribute>
-              </optional>
-            </element>
-          </choice>
-        </optional>
+      <optional>
+        <choice>
+          <element name="miimon">
+            <!-- miimon frequency in ms -->
+            <attribute name="freq"><ref name="unsignedInt"/></attribute>
+            <optional>
+              <attribute name="downdelay"><ref name="unsignedInt"/></attribute>
+            </optional>
+            <optional>
+              <attribute name="updelay"><ref name="unsignedInt"/></attribute>
+            </optional>
+            <optional>
+              <!-- use_carrier -->
+              <attribute name="carrier">
+                <choice>
+                  <!-- use MII/ETHTOOL ioctl -->
+                  <value>ioctl</value>
+                  <!-- use netif_carrier_ok() -->
+                  <value>netif</value>
+                </choice>
+              </attribute>
+            </optional>
+          </element>
+          <element name="arpmon">
+            <attribute name="interval"><ref name="unsignedInt"/></attribute>
+            <attribute name="target"><ref name="ipv4Addr"/></attribute>
+            <optional>
+              <attribute name="validate">
+                <choice>
+                  <value>none</value>
+                  <value>active</value>
+                  <value>backup</value>
+                  <value>all</value>
+                </choice>
+              </attribute>
+            </optional>
+          </element>
+        </choice>
+      </optional>
 
-        <oneOrMore>
-          <!-- The slave interfaces -->
-          <ref name="bare-ethernet-interface"/>
-        </oneOrMore>
-      </interleave>
+      <oneOrMore>
+        <!-- The slave interfaces -->
+        <ref name="bare-ethernet-interface"/>
+      </oneOrMore>
     </element>
   </define>
 
   <define name="bare-bond-interface">
     <element name="interface">
-      <interleave>
-        <ref name="bond-interface-common"/>
-        <ref name="bond-element"/>
-      </interleave>
+      <ref name="bond-interface-common"/>
+      <ref name="bond-element"/>
     </element>
   </define>
 
   <define name="bond-interface">
     <element name="interface">
-      <interleave>
-        <ref name="bond-interface-common"/>
-        <ref name="startmode"/>
-        <ref name="mtu"/>
-        <ref name="interface-addressing"/>
-        <ref name="bond-element"/>
-      </interleave>
+      <ref name="bond-interface-common"/>
+      <ref name="startmode"/>
+      <ref name="mtu"/>
+      <ref name="interface-addressing"/>
+      <ref name="bond-element"/>
     </element>
   </define>
 
@@ -322,24 +301,22 @@
       <attribute name="family">
         <value>ipv4</value>
       </attribute>
-      <interleave>
-        <choice>
-          <ref name="dhcp-element"/>
-          <group>
-            <element name="ip">
-              <attribute name="address"><ref name="ipv4Addr"/></attribute>
-              <optional>
-                <attribute name="prefix"><ref name="ipv4Prefix"/></attribute>
-              </optional>
-            </element>
+      <choice>
+        <ref name="dhcp-element"/>
+        <group>
+          <element name="ip">
+            <attribute name="address"><ref name="ipv4Addr"/></attribute>
             <optional>
-              <element name="route">
-                <attribute name="gateway"><ref name="ipv4Addr"/></attribute>
-              </element>
+              <attribute name="prefix"><ref name="ipv4Prefix"/></attribute>
             </optional>
-          </group>
-        </choice>
-      </interleave>
+          </element>
+          <optional>
+            <element name="route">
+              <attribute name="gateway"><ref name="ipv4Addr"/></attribute>
+            </element>
+          </optional>
+        </group>
+      </choice>
     </element>
   </define>
 
@@ -348,27 +325,25 @@
       <attribute name="family">
         <value>ipv6</value>
       </attribute>
-      <interleave>
-        <optional>
-          <element name="autoconf"><empty/></element>
-        </optional>
-        <optional>
-          <ref name="dhcp-element"/>
-        </optional>
-        <zeroOrMore>
-          <element name="ip">
-            <attribute name="address"><ref name="ipv6Addr"/></attribute>
-            <optional>
-              <attribute name="prefix"><ref name="ipv6Prefix"/></attribute>
-            </optional>
-          </element>
-        </zeroOrMore>
-        <optional>
-          <element name="route">
-            <attribute name="gateway"><ref name="ipv6Addr"/></attribute>
-          </element>
-        </optional>
-      </interleave>
+      <optional>
+        <element name="autoconf"><empty/></element>
+      </optional>
+      <optional>
+        <ref name="dhcp-element"/>
+      </optional>
+      <zeroOrMore>
+        <element name="ip">
+          <attribute name="address"><ref name="ipv6Addr"/></attribute>
+          <optional>
+            <attribute name="prefix"><ref name="ipv6Prefix"/></attribute>
+          </optional>
+        </element>
+      </zeroOrMore>
+      <optional>
+        <element name="route">
+          <attribute name="gateway"><ref name="ipv6Addr"/></attribute>
+        </element>
+      </optional>
     </element>
   </define>
 
@@ -376,7 +351,7 @@
     <element name="dhcp">
       <optional>
         <attribute name="peerdns">
-          <ref name="virYesNo"/>
+          <ref name="yes-or-no"/>
         </attribute>
       </optional>
     </element>
@@ -415,6 +390,21 @@
        instead of destination and nexthop instead of gateway.
   -->
 
+  <!-- Auxiliary definitions -->
+  <define name="on-or-off">
+    <choice>
+      <value>on</value>
+      <value>off</value>
+    </choice>
+  </define>
+
+  <define name="yes-or-no">
+    <choice>
+      <value>yes</value>
+      <value>no</value>
+    </choice>
+  </define>
+
   <!-- Type library -->
 
   <define name="timeval">
@@ -425,7 +415,7 @@
 
   <define name='vlan-id'>
     <data type="unsignedInt">
-      <param name="maxInclusive">4095</param>
+      <param name="maxInclusive">4096</param>
     </data>
   </define>
 </grammar>

docs/schemas/network.rng

@@ -21,9 +21,12 @@
            with no gateways addresses specified -->
       <optional>
         <attribute name="ipv6">
-          <ref name="virYesNo"/>
-        </attribute>
-      </optional>
+         <choice>
+          <value>yes</value>
+          <value>no</value>
+          </choice>
+         </attribute>
+       </optional>
       <interleave>
 
         <!-- The name of the network, used to refer to it through the API
@@ -50,13 +53,16 @@
 
             <optional>
               <attribute name="stp">
-                <ref name="virOnOff"/>
+                <choice>
+                  <value>on</value>
+                  <value>off</value>
+                </choice>
               </attribute>
             </optional>
 
             <optional>
               <attribute name="delay">
-                <data type="unsignedLong"/>
+                <data type="integer"/>
               </attribute>
             </optional>
 
@@ -98,7 +104,10 @@
 
             <optional>
               <attribute name="managed">
-                <ref name="virYesNo"/>
+                <choice>
+                  <value>yes</value>
+                  <value>no</value>
+                </choice>
               </attribute>
             </optional>
             <interleave>
@@ -194,7 +203,10 @@
             </attribute>
             <optional>
               <attribute name="default">
-                <ref name="virYesNo"/>
+                <choice>
+                  <value>yes</value>
+                  <value>no</value>
+                </choice>
               </attribute>
             </optional>
             <interleave>
@@ -224,7 +236,10 @@
           <element name="dns">
             <optional>
               <attribute name="forwardPlainNames">
-                <ref name="virYesNo"/>
+                <choice>
+                  <value>yes</value>
+                  <value>no</value>
+                </choice>
               </attribute>
             </optional>
             <interleave>

docs/schemas/nodedev.rng

@@ -12,9 +12,6 @@
       <!-- The name of the network, used to refer to it through the API
          and in virsh -->
       <element name="name"><text/></element>
-      <optional>
-        <element name="path"><text/></element>
-      </optional>
       <optional>
         <element name="parent"><text/></element>
       </optional>
@@ -158,45 +155,6 @@
       </element>
     </optional>
 
-    <optional>
-      <element name='numa'>
-        <optional>
-          <attribute name='node'>
-            <data type='int'/>
-          </attribute>
-        </optional>
-      </element>
-    </optional>
-
-    <optional>
-      <element name='pci-express'>
-        <zeroOrMore>
-          <element name='link'>
-            <attribute name='validity'>
-              <choice>
-                <value>cap</value>
-                <value>sta</value>
-              </choice>
-            </attribute>
-            <optional>
-              <attribute name='port'>
-                <ref name='unsignedInt'/>
-              </attribute>
-            </optional>
-            <optional>
-              <attribute name='speed'>
-                <data type="string">
-                  <param name="pattern">[0-9]+(.[0-9]+)?</param>
-                </data>
-              </attribute>
-            </optional>
-            <attribute name='width'>
-              <ref name='unsignedInt'/>
-            </attribute>
-          </element>
-        </zeroOrMore>
-      </element>
-    </optional>
   </define>
 
   <define name='capusbdev'>
@@ -272,7 +230,6 @@
         <ref name='mac'/>
       </element>
     </optional>
-    <ref name="link-speed-state"/>
 
     <zeroOrMore>
       <ref name='subcapnet'/>
@@ -339,12 +296,6 @@
       <ref name='unsignedLong'/>
     </element>
 
-    <optional>
-      <element name='unique_id'>
-        <ref name='positiveInteger'/>
-      </element>
-    </optional>
-
     <optional>
       <zeroOrMore>
         <element name='capability'>

docs/schemas/nwfilter.rng

@@ -377,7 +377,10 @@
     <interleave>
       <optional>
          <attribute name="match">
-           <ref name="virYesNo"/>
+           <choice>
+             <value>yes</value>
+             <value>no</value>
+           </choice>
          </attribute>
       </optional>
     </interleave>

docs/schemas/secret.rng

@@ -11,12 +11,18 @@
     <element name='secret'>
       <optional>
         <attribute name='ephemeral'>
-          <ref name="virYesNo"/>
+          <choice>
+            <value>yes</value>
+            <value>no</value>
+          </choice>
         </attribute>
       </optional>
       <optional>
         <attribute name='private'>
-          <ref name="virYesNo"/>
+          <choice>
+            <value>yes</value>
+            <value>no</value>
+          </choice>
         </attribute>
       </optional>
       <interleave>

docs/schemas/storagecommon.rng

@@ -1,96 +0,0 @@
-<?xml version="1.0"?>
-<!-- A Relax NG schema for common libvirt XML storage elements -->
-<grammar xmlns="http://relaxng.org/ns/structure/1.0"
-    datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
-
-  <!-- This schema is not designed for standalone use; another file
-       must include both this file and basictypes.rng -->
-
-  <define name='encryption'>
-    <element name='encryption'>
-      <attribute name='format'>
-        <choice>
-          <value>default</value>
-          <value>qcow</value>
-        </choice>
-      </attribute>
-      <zeroOrMore>
-        <ref name='secret'/>
-      </zeroOrMore>
-    </element>
-  </define>
-
-  <define name='secret'>
-    <element name='secret'>
-      <attribute name='type'>
-        <choice>
-          <value>passphrase</value>
-        </choice>
-      </attribute>
-      <attribute name='uuid'>
-        <ref name="UUID"/>
-      </attribute>
-    </element>
-  </define>
-
-  <define name='compat'>
-    <element name='compat'>
-      <data type='string'>
-        <param name='pattern'>[0-9]+\.[0-9]+</param>
-      </data>
-    </element>
-  </define>
-  <define name='fileFormatFeatures'>
-    <element name='features'>
-      <interleave>
-        <optional>
-          <element name='lazy_refcounts'>
-            <empty/>
-          </element>
-        </optional>
-      </interleave>
-    </element>
-  </define>
-
-  <!-- split the list of known storage formats into two, those where
-       we know how to follow backing chains, and all others -->
-  <define name='storageFormatBacking'>
-    <choice>
-      <value>cow</value>
-      <value>qcow</value>
-      <value>qcow2</value>
-      <value>qed</value>
-      <value>vmdk</value>
-    </choice>
-  </define>
-  <define name='storageFormat'>
-    <choice>
-      <value>raw</value>
-      <value>dir</value>
-      <value>bochs</value>
-      <value>cloop</value>
-      <value>dmg</value>
-      <value>iso</value>
-      <value>vpc</value>
-      <value>vdi</value>
-      <value>fat</value>
-      <value>vhd</value>
-      <ref name='storageFormatBacking'/>
-    </choice>
-  </define>
-
-  <define name='storageStartupPolicy'>
-    <!-- Use a combine='choice' override in client files that want to
-         add additional attributes to a <source> sub-element
-         associated with a storage source -->
-    <notAllowed/>
-  </define>
-
-  <define name='storageSourceExtra'>
-    <!-- Use a combine='choice' override in client files that want to
-         add additional elements as siblings of a <source> sub-element
-         associated with a storage source -->
-    <notAllowed/>
-  </define>
-
-</grammar>

docs/schemas/storageencryption.rng

@@ -0,0 +1,33 @@
+<?xml version="1.0"?>
+<!-- A Relax NG schema for the libvirt volume encryption XML format -->
+<grammar xmlns="http://relaxng.org/ns/structure/1.0"
+    datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
+
+  <define name='encryption'>
+    <element name='encryption'>
+      <attribute name='format'>
+        <choice>
+          <value>default</value>
+          <value>qcow</value>
+        </choice>
+      </attribute>
+      <zeroOrMore>
+        <ref name='secret'/>
+      </zeroOrMore>
+    </element>
+  </define>
+
+  <define name='secret'>
+    <element name='secret'>
+      <attribute name='type'>
+        <choice>
+          <value>passphrase</value>
+        </choice>
+      </attribute>
+      <attribute name='uuid'>
+          <ref name="UUID"/>
+      </attribute>
+    </element>
+  </define>
+
+</grammar>

docs/schemas/storagefilefeatures.rng

@@ -0,0 +1,24 @@
+<?xml version="1.0"?>
+<!-- A Relax NG schema for the libvirt volume features XML format -->
+<grammar xmlns="http://relaxng.org/ns/structure/1.0"
+    datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
+
+  <define name='compat'>
+    <element name='compat'>
+      <data type='string'>
+        <param name='pattern'>[0-9]+\.[0-9]+</param>
+      </data>
+    </element>
+  </define>
+  <define name='fileFormatFeatures'>
+    <element name='features'>
+      <interleave>
+        <optional>
+          <element name='lazy_refcounts'>
+            <empty/>
+          </element>
+        </optional>
+      </interleave>
+    </element>
+  </define>
+</grammar>

docs/schemas/storagepool.rng

@@ -21,8 +21,6 @@
         <ref name='poolmpath'/>
         <ref name='poolrbd'/>
         <ref name='poolsheepdog'/>
-        <ref name='poolgluster'/>
-        <ref name='poolzfs'/>
       </choice>
     </element>
   </define>
@@ -31,249 +29,192 @@
     <attribute name='type'>
       <value>dir</value>
     </attribute>
-    <interleave>
-      <ref name='commonmetadata'/>
-      <ref name='sizing'/>
-      <ref name='sourcedir'/>
-      <ref name='target'/>
-    </interleave>
+    <ref name='commonmetadata'/>
+    <ref name='sizing'/>
+    <ref name='sourcedir'/>
+    <ref name='target'/>
   </define>
 
   <define name='poolfs'>
     <attribute name='type'>
       <value>fs</value>
     </attribute>
-    <interleave>
-      <ref name='commonmetadata'/>
-      <ref name='sizing'/>
-      <ref name='sourcefs'/>
-      <ref name='target'/>
-    </interleave>
+    <ref name='commonmetadata'/>
+    <ref name='sizing'/>
+    <ref name='sourcefs'/>
+    <ref name='target'/>
   </define>
 
   <define name='poolnetfs'>
     <attribute name='type'>
       <value>netfs</value>
     </attribute>
-    <interleave>
-      <ref name='commonmetadata'/>
-      <ref name='sizing'/>
-      <ref name='sourcenetfs'/>
-      <ref name='target'/>
-    </interleave>
+    <ref name='commonmetadata'/>
+    <ref name='sizing'/>
+    <ref name='sourcenetfs'/>
+    <ref name='target'/>
   </define>
 
   <define name='poollogical'>
     <attribute name='type'>
       <value>logical</value>
     </attribute>
-    <interleave>
-      <ref name='commonmetadata'/>
-      <ref name='sizing'/>
-      <ref name='sourcelogical'/>
-      <ref name='targetlogical'/>
-    </interleave>
+    <ref name='commonmetadata'/>
+    <ref name='sizing'/>
+    <ref name='sourcelogical'/>
+    <ref name='targetlogical'/>
   </define>
 
   <define name='pooldisk'>
     <attribute name='type'>
       <value>disk</value>
     </attribute>
-    <interleave>
-      <ref name='commonmetadata'/>
-      <ref name='sizing'/>
-      <ref name='sourcedisk'/>
-      <ref name='target'/>
-    </interleave>
+    <ref name='commonmetadata'/>
+    <ref name='sizing'/>
+    <ref name='sourcedisk'/>
+    <ref name='target'/>
   </define>
 
   <define name='pooliscsi'>
     <attribute name='type'>
       <value>iscsi</value>
     </attribute>
-    <interleave>
-      <ref name='commonmetadata'/>
-      <ref name='sizing'/>
-      <ref name='sourceiscsi'/>
-      <ref name='target'/>
-    </interleave>
+    <ref name='commonmetadata'/>
+    <ref name='sizing'/>
+    <ref name='sourceiscsi'/>
+    <ref name='target'/>
   </define>
 
   <define name='poolscsi'>
     <attribute name='type'>
       <value>scsi</value>
     </attribute>
-    <interleave>
-      <ref name='commonmetadata'/>
-      <ref name='sizing'/>
-      <ref name='sourcescsi'/>
-      <ref name='target'/>
-    </interleave>
+    <ref name='commonmetadata'/>
+    <ref name='sizing'/>
+    <ref name='sourcescsi'/>
+    <ref name='target'/>
   </define>
 
   <define name='poolmpath'>
     <attribute name='type'>
       <value>mpath</value>
     </attribute>
-    <interleave>
-      <ref name='commonmetadata'/>
-      <ref name='sizing'/>
-      <optional>
-        <ref name='sourcempath'/>
-      </optional>
-      <ref name='target'/>
-    </interleave>
+    <ref name='commonmetadata'/>
+    <ref name='sizing'/>
+    <optional>
+      <ref name='sourcempath'/>
+    </optional>
+    <ref name='target'/>
   </define>
 
   <define name='poolrbd'>
     <attribute name='type'>
       <value>rbd</value>
     </attribute>
-    <interleave>
-      <ref name='commonmetadata'/>
-      <ref name='sizing'/>
-      <ref name='sourcerbd'/>
-    </interleave>
+    <ref name='commonmetadata'/>
+    <ref name='sizing'/>
+    <ref name='sourcerbd'/>
   </define>
 
   <define name='poolsheepdog'>
     <attribute name='type'>
       <value>sheepdog</value>
     </attribute>
-    <interleave>
-      <ref name='commonmetadata'/>
-      <ref name='sizing'/>
-      <ref name='sourcesheepdog'/>
-    </interleave>
-  </define>
-
-  <define name='poolgluster'>
-    <attribute name='type'>
-      <value>gluster</value>
-    </attribute>
-    <interleave>
-      <ref name='commonmetadata'/>
-      <ref name='sizing'/>
-      <ref name='sourcegluster'/>
-    </interleave>
-  </define>
-
-  <define name='poolzfs'>
-    <attribute name='type'>
-      <value>zfs</value>
-    </attribute>
-    <interleave>
-      <ref name='commonmetadata'/>
-      <ref name='sizing'/>
-      <ref name='sourcezfs'/>
-      <optional>
-        <ref name='target'/>
-      </optional>
-    </interleave>
+    <ref name='commonmetadata'/>
+    <ref name='sizing'/>
+    <ref name='sourcesheepdog'/>
   </define>
 
   <define name='sourceinfovendor'>
-    <interleave>
-      <optional>
-        <element name='vendor'>
-          <attribute name='name'>
-            <text/>
-          </attribute>
-        </element>
-      </optional>
-      <optional>
-        <element name='product'>
-          <attribute name='name'>
-            <text/>
-          </attribute>
-        </element>
-      </optional>
-    </interleave>
+    <optional>
+      <element name='vendor'>
+        <attribute name='name'>
+          <text/>
+        </attribute>
+      </element>
+    </optional>
+    <optional>
+      <element name='product'>
+        <attribute name='name'>
+          <text/>
+        </attribute>
+      </element>
+    </optional>
   </define>
 
   <define name='commonmetadata'>
-    <interleave>
-      <element name='name'>
-        <ref name='genericName'/>
+    <element name='name'>
+      <ref name='genericName'/>
+    </element>
+    <optional>
+      <element name='uuid'>
+        <ref name='UUID'/>
       </element>
-      <optional>
-        <element name='uuid'>
-          <ref name='UUID'/>
-        </element>
-      </optional>
-    </interleave>
+    </optional>
   </define>
 
   <define name='sizing'>
-    <interleave>
-      <optional>
-        <element name='capacity'>
-          <ref name='scaledInteger'/>
-        </element>
-      </optional>
-      <optional>
-        <element name='allocation'>
-          <ref name='scaledInteger'/>
-        </element>
-      </optional>
-      <optional>
-        <element name='available'>
-          <ref name='scaledInteger'/>
-        </element>
-      </optional>
-    </interleave>
+    <optional>
+      <element name='capacity'>
+        <ref name='scaledInteger'/>
+      </element>
+    </optional>
+    <optional>
+      <element name='allocation'>
+        <ref name='scaledInteger'/>
+      </element>
+    </optional>
+    <optional>
+      <element name='available'>
+        <ref name='scaledInteger'/>
+      </element>
+    </optional>
   </define>
 
   <define name='permissions'>
     <optional>
       <element name='permissions'>
-        <interleave>
-          <element name='mode'>
-            <ref name='octalMode'/>
-          </element>
-          <element name='owner'>
-            <choice>
-              <ref name='unsignedInt'/>
-              <value>-1</value>
-            </choice>
-          </element>
-          <element name='group'>
-            <choice>
-              <ref name='unsignedInt'/>
-              <value>-1</value>
-            </choice>
-          </element>
-          <optional>
-            <element name='label'>
-              <text/>
-            </element>
-          </optional>
-        </interleave>
+        <element name='mode'>
+          <ref name='octalMode'/>
+        </element>
+        <element name='owner'>
+          <choice>
+            <ref name='unsignedInt'/>
+            <value>-1</value>
+          </choice>
+        </element>
+        <element name='group'>
+          <choice>
+            <ref name='unsignedInt'/>
+            <value>-1</value>
+          </choice>
+        </element>
+        <optional>
+          <element name='label'>
+            <text/>
+        </element>
+        </optional>
       </element>
     </optional>
   </define>
 
   <define name='target'>
     <element name='target'>
-      <interleave>
-        <element name='path'>
-          <ref name='absFilePath'/>
-        </element>
-        <ref name='permissions'/>
-      </interleave>
+      <element name='path'>
+        <ref name='absFilePath'/>
+      </element>
+      <ref name='permissions'/>
     </element>
   </define>
 
   <define name='targetlogical'>
     <element name='target'>
-      <interleave>
-        <optional>
-          <element name='path'>
-            <ref name='absFilePath'/>
-          </element>
-        </optional>
-        <ref name='permissions'/>
-      </interleave>
+      <optional>
+        <element name='path'>
+          <ref name='absFilePath'/>
+        </element>
+      </optional>
+      <ref name='permissions'/>
     </element>
   </define>
 
@@ -336,16 +277,7 @@
   <define name='sourceinfodir'>
     <element name='dir'>
       <attribute name='path'>
-        <ref name='absDirPath'/>
-      </attribute>
-      <empty/>
-    </element>
-  </define>
-
-  <define name='sourceinfonetfsgluster'>
-    <element name='dir'>
-      <attribute name='path'>
-        <ref name='dirPath'/>
+        <ref name='absFilePath'/>
       </attribute>
       <empty/>
     </element>
@@ -385,17 +317,6 @@
     </element>
   </define>
 
-  <define name='sourcezfs'>
-    <element name='source'>
-      <interleave>
-        <ref name='sourceinfoname'/>
-        <optional>
-          <ref name='sourceinfodev'/>
-        </optional>
-      </interleave>
-    </element>
-  </define>
-
   <define name='sourcefmtfs'>
     <optional>
       <element name='format'>
@@ -428,9 +349,11 @@
           <choice>
             <value>auto</value>
             <value>nfs</value>
-            <value>cifs</value>
           </choice>
         </attribute>
+        <optional>
+          <ref name='sourceinfovendor'/>
+        </optional>
       </element>
     </optional>
   </define>
@@ -465,7 +388,7 @@
       <element name='format'>
         <attribute name='type'>
           <choice>
-            <value>unknown</value> <!-- back-compat requires keeping 'unknown' not 'auto' -->
+            <value>auto</value>
             <value>lvm2</value>
           </choice>
         </attribute>
@@ -490,104 +413,74 @@
 
   <define name='sourcefs'>
     <element name='source'>
-      <interleave>
-        <ref name='sourceinfodev'/>
-        <ref name='sourcefmtfs'/>
-        <optional>
-          <ref name='sourceinfovendor'/>
-        </optional>
-      </interleave>
+      <ref name='sourceinfodev'/>
+      <ref name='sourcefmtfs'/>
+      <optional>
+        <ref name='sourceinfovendor'/>
+      </optional>
     </element>
   </define>
 
   <define name='sourcenetfs'>
     <element name='source'>
-      <choice>
-        <group>
-          <interleave>
-            <ref name='sourceinfohost'/>
-            <ref name='sourceinfodir'/>
-            <ref name='sourcefmtnetfs'/>
-            <optional>
-                <ref name='sourceinfovendor'/>
-            </optional>
-          </interleave>
-        </group>
-        <group>
-          <interleave>
-            <ref name='sourceinfohost'/>
-            <ref name='sourceinfonetfsgluster'/>
-            <element name='format'>
-              <attribute name='type'>
-                <value>glusterfs</value>
-              </attribute>
-            </element>
-            <optional>
-                <ref name='sourceinfovendor'/>
-            </optional>
-          </interleave>
-        </group>
-      </choice>
+      <ref name='sourceinfohost'/>
+      <ref name='sourceinfodir'/>
+      <ref name='sourcefmtnetfs'/>
+      <optional>
+        <ref name='sourceinfovendor'/>
+      </optional>
     </element>
   </define>
 
   <define name='sourcelogical'>
     <element name='source'>
-      <interleave>
-        <oneOrMore>
-          <optional>
-            <ref name='sourceinfoname'/>
-          </optional>
-          <optional>
-            <ref name='sourceinfodev'/>
-          </optional>
-        </oneOrMore>
-        <ref name='sourcefmtlogical'/>
+      <oneOrMore>
         <optional>
-          <ref name='sourceinfovendor'/>
+          <ref name='sourceinfoname'/>
         </optional>
-      </interleave>
+        <optional>
+          <ref name='sourceinfodev'/>
+        </optional>
+      </oneOrMore>
+      <ref name='sourcefmtlogical'/>
+      <optional>
+        <ref name='sourceinfovendor'/>
+      </optional>
     </element>
   </define>
 
   <define name='sourcedisk'>
     <element name='source'>
-      <interleave>
-        <ref name='sourceinfodev'/>
-        <ref name='sourcefmtdisk'/>
-        <optional>
-          <ref name='sourceinfovendor'/>
-        </optional>
-      </interleave>
+      <ref name='sourceinfodev'/>
+      <ref name='sourcefmtdisk'/>
+      <optional>
+        <ref name='sourceinfovendor'/>
+      </optional>
     </element>
   </define>
 
   <define name='sourceiscsi'>
     <element name='source'>
-      <interleave>
-        <ref name='sourceinfohost'/>
-        <ref name='sourceinfodev'/>
-        <optional>
-          <ref name='initiatorinfo'/>
-        </optional>
-        <optional>
-          <ref name='sourceinfoauth'/>
-        </optional>
-        <optional>
-          <ref name='sourceinfovendor'/>
-        </optional>
-      </interleave>
+      <ref name='sourceinfohost'/>
+      <ref name='sourceinfodev'/>
+      <optional>
+        <ref name='initiatorinfo'/>
+      </optional>
+      <optional>
+        <ref name='sourceinfoauth'/>
+      </optional>
+      <optional>
+        <ref name='sourceinfovendor'/>
+      </optional>
     </element>
   </define>
 
   <define name='sourcescsi'>
     <element name='source'>
-      <interleave>
-        <ref name='sourceinfoadapter'/>
-        <optional>
-          <ref name='sourceinfovendor'/>
-        </optional>
-      </interleave>
+      <ref name='sourceinfoadapter'/>
+      <optional>
+        <ref name='sourceinfovendor'/>
+      </optional>
     </element>
   </define>
 
@@ -599,34 +492,18 @@
 
   <define name='sourcerbd'>
     <element name='source'>
-      <interleave>
-        <ref name='sourceinfoname'/>
-        <ref name='sourceinfohost'/>
-        <optional>
-          <ref name='sourceinfoauth'/>
-        </optional>
-      </interleave>
+      <ref name='sourceinfoname'/>
+      <ref name='sourceinfohost'/>
+      <optional>
+        <ref name='sourceinfoauth'/>
+      </optional>
     </element>
   </define>
 
   <define name='sourcesheepdog'>
     <element name='source'>
-      <interleave>
-        <ref name='sourceinfohost'/>
-        <ref name='sourceinfoname'/>
-      </interleave>
-    </element>
-  </define>
-
-  <define name='sourcegluster'>
-    <element name='source'>
-      <interleave>
-        <ref name='sourceinfohost'/>
-        <ref name='sourceinfoname'/>
-        <optional>
-          <ref name='sourceinfodir'/>
-        </optional>
-      </interleave>
+      <ref name='sourceinfohost'/>
+      <ref name='sourceinfoname'/>
     </element>
   </define>
 

docs/schemas/storagevol.rng

@@ -7,77 +7,61 @@
     <ref name='vol'/>
   </start>
 
-  <include href='storagecommon.rng'/>
+  <include href='storageencryption.rng'/>
+  <include href='storagefilefeatures.rng'/>
 
 
   <define name='vol'>
     <element name='volume'>
+      <element name='name'>
+        <ref name='volName'/>
+      </element>
       <optional>
-        <attribute name='type'>
-          <choice>
-            <value>file</value>
-            <value>block</value>
-            <value>dir</value>
-            <value>network</value>
-            <value>netdir</value>
-          </choice>
-        </attribute>
-      </optional>
-      <interleave>
-        <element name='name'>
-          <ref name='volName'/>
+        <element name='key'>
+          <text/>
         </element>
-        <optional>
-          <element name='key'>
-            <text/>
-          </element>
-        </optional>
-        <optional>
-          <ref name='source'/>
-        </optional>
-        <ref name='sizing'/>
-        <ref name='target'/>
-        <optional>
-          <ref name='backingStore'/>
-        </optional>
-      </interleave>
+      </optional>
+      <optional>
+        <ref name='source'/>
+      </optional>
+      <ref name='sizing'/>
+      <ref name='target'/>
+      <optional>
+        <ref name='backingStore'/>
+      </optional>
     </element>
   </define>
 
   <define name='sizing'>
-    <interleave>
-      <optional>
-        <element name='capacity'>
-          <ref name='scaledInteger'/>
-        </element>
-      </optional>
-      <optional>
-        <element name='allocation'>
-          <ref name='scaledInteger'/>
-        </element>
-      </optional>
-    </interleave>
+    <optional>
+      <element name='capacity'>
+        <ref name='scaledInteger'/>
+      </element>
+    </optional>
+    <optional>
+      <element name='allocation'>
+        <ref name='scaledInteger'/>
+      </element>
+    </optional>
   </define>
 
   <define name='permissions'>
     <optional>
       <element name='permissions'>
-        <interleave>
-          <element name='mode'>
-            <ref name='octalMode'/>
-          </element>
-          <element name='owner'>
-            <ref name='unsignedInt'/>
-          </element>
-          <element name='group'>
-            <ref name='unsignedInt'/>
-          </element>
-          <optional>
-            <element name='label'>
-              <text/>
-            </element>
-          </optional>
-        </interleave>
+        <element name='mode'>
+          <ref name='octalMode'/>
+        </element>
+        <element name='owner'>
+          <ref name='unsignedInt'/>
+        </element>
+        <element name='group'>
+          <ref name='unsignedInt'/>
+        </element>
+        <optional>
+          <element name='label'>
+            <text/>
+        </element>
+        </optional>
       </element>
     </optional>
   </define>
@@ -119,45 +103,33 @@
 
   <define name='target'>
     <element name='target'>
-      <interleave>
-        <optional>
-          <element name='path'>
-            <choice>
-              <data type='anyURI'/>
-              <ref name='absFilePath'/>
-            </choice>
-          </element>
-        </optional>
-        <ref name='format'/>
-        <ref name='permissions'/>
-        <ref name='timestamps'/>
-        <optional>
-          <ref name='encryption'/>
-        </optional>
-        <optional>
-          <ref name='compat'/>
-        </optional>
-        <optional>
-          <element name='nocow'>
-            <empty/>
-          </element>
-        </optional>
-        <optional>
-          <ref name='fileFormatFeatures'/>
-        </optional>
-      </interleave>
+      <optional>
+        <element name='path'>
+          <data type='anyURI'/>
+        </element>
+      </optional>
+      <ref name='format'/>
+      <ref name='permissions'/>
+      <ref name='timestamps'/>
+      <optional>
+        <ref name='encryption'/>
+      </optional>
+      <optional>
+        <ref name='compat'/>
+      </optional>
+      <optional>
+        <ref name='fileFormatFeatures'/>
+      </optional>
     </element>
   </define>
 
   <define name='backingStore'>
     <element name='backingStore'>
-      <interleave>
-        <element name='path'>
-          <ref name='absFilePath'/>
-        </element>
-        <ref name='format'/>
-        <ref name='permissions'/>
-      </interleave>
+      <element name='path'>
+        <ref name='absFilePath'/>
+      </element>
+      <ref name='format'/>
+      <ref name='permissions'/>
     </element>
   </define>
 
@@ -217,7 +189,18 @@
   <define name='formatfile'>
     <choice>
       <value>unknown</value>
-      <ref name='storageFormat'/>
+      <value>raw</value>
+      <value>dir</value>
+      <value>bochs</value>
+      <value>cloop</value>
+      <value>cow</value>
+      <value>dmg</value>
+      <value>iso</value>
+      <value>qcow</value>
+      <value>qcow2</value>
+      <value>qed</value>
+      <value>vmdk</value>
+      <value>vpc</value>
     </choice>
   </define>
 

docs/secureusage.html.in

@@ -1,171 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-
-    <h1>Secure Usage of Libvirt</h1>
-
-    <ul id="toc"></ul>
-
-    <p>
-      This page details information that application developers and
-      administrators of libvirt should be aware of when working with
-      libvirt, that may have a bearing on security of the system.
-    </p>
-
-
-    <h2><a name="diskimage">Disk image handling</a></h2>
-
-    <h3><a name="diskimageformat">Disk image format probing</a></h3>
-
-    <p>
-      Historically there have been multiple flaws in QEMU and most
-      projects using QEMU, related to handling of disk formats.
-      The problems occur when a guest is given a virtual disk backed
-      by raw disk format on the host. If the management application
-      on the host tries to auto-detect / probe the disk format, it
-      is vulnerable to a malicious guest which can write a qcow2
-      file header into its raw disk. If the management application
-      subsequently probes the disk, it will see it as a 'qcow2' disk
-      instead of a 'raw' disk. Since 'qcow2' disks can have a copy
-      on write backing file, such flaw can be leveraged to read
-      arbitrary files on the host. The same type of flaw may occur
-      if the management application allows users to upload pre-created
-      raw images.
-    </p>
-
-    <p>
-      <strong>Recommendation:</strong> never attempt to automatically
-      detect the format of a disk image based on file contents which
-      are accessible to / originate from an untrusted source.
-    </p>
-
-    <h3><a name="diskimagebacking">Disk image backing files</a></h3>
-
-    <p>
-      If a management application allows users to upload pre-created
-      disk images in non-raw formats, it can be tricked into giving
-      the user access to arbitrary host files via the copy-on-write
-      backing file feature. This is because the qcow2 disk format
-      header contains a filename field which can point to any location.
-      It can also point to network protocols such as NBD, HTTP, GlusterFS,
-      RBD and more. This could allow for compromise of almost arbitrary
-      data accessible on the LAN/WAN.
-    </p>
-
-    <p>
-      <strong>Recommendation:</strong> always validate that a disk
-      image originating from an untrusted source has no backing
-      file set. If a backing file is seen, reject the image.
-    </p>
-
-    <h3><a name="diskimagesize">Disk image size validation</a></h3>
-
-    <p>
-      If an application allows users to upload pre-created disk
-      images in non-raw formats, it is essential to validate the
-      logical disk image size, rather than the physical disk
-      image size. Non-raw disk images have a grow-on-demand
-      capability, so a user can provide a qcow2 image that may
-      be only 1 MB in size, but is configured to grow to many
-      TB in size.
-    </p>
-
-    <p>
-      <strong>Recommendation:</strong> if receiving a non-raw disk
-      image from an untrusted source, validate the logical image
-      size stored in the disk image metadata against some finite
-      limit.
-    </p>
-
-    <h3><a name="diskimageaccess">Disk image data access</a></h3>
-
-    <p>
-      If an untrusted disk image is ever mounted on the host OS by
-      a management application or administrator, this opens an
-      avenue of attack with which to potentially compromise the
-      host kernel. Filesystem drivers in OS kernels are often very
-      complex code and thus may have bugs lurking in them. With
-      Linux, there are a large number of filesystem drivers, many
-      of which attract little security analysis attention. Linux
-      will helpfully probe filesystem formats if not told to use an
-      explicit format, allowing an attacker the ability to target
-      specific weak filesystem drivers. Even commonly used and
-      widely audited filesystems such as <code>ext4</code> have had
-      <a href="https://lwn.net/Articles/538898/">bugs lurking in them</a>
-      undetected for years at a time.
-    </p>
-
-    <p>
-      <strong>Recommendation:</strong> if there is a need to access
-      the content of a disk image, use a single-use throwaway virtual
-      machine to access the data. Never mount disk images on the host
-      OS. Ideally make use of the <a href="http://libguestfs.org">libguestfs</a>
-      tools and APIs for accessing disks
-    </p>
-
-    <h2><a name="migration">Guest migration network</a></h2>
-
-    <p>
-      Most hypervisors with support for guest migration between hosts
-      make use of one (or more) network connections. Typically the source
-      host will connect to some port on the target host to initiate the
-      migration. There may be separate connections for co-ordinating the
-      migration, transferring memory state and transferring storage.
-      If the network over which migration takes place is accessible the
-      guest, or client applications, there is potential for data leakage
-      via packet snooping/capture. It is also possible for a malicious
-      guest or client to make attempts to connect to the target host
-      to trigger bogus migration operations, or at least inflict a denial
-      of service attack.
-    </p>
-
-    <p>
-      <strong>Recommendations:</strong> there are several things to consider
-      when performing migration
-    </p>
-
-    <ul>
-      <li>Use a specific address for establishing the migration
-        connection which is accessible only to the virtualization
-        hosts themselves, not libvirt clients or virtual guests.
-        Most hypervisors allow the management application to provide
-        the IP address of the target host as a way to
-        determine which network migration takes place on. This is
-        effectively the connect() socket address for the source host.</li>
-      <li>Use a specific address for listening for incoming migration
-        connections which is accessible only to the virtualization
-        hosts themselves, not libvirt clients or virtual guests.
-        Most hypervisors allow the management application to configure
-        the IP address on which the target host listens. This is
-        the bind() socket address for the target host.</li>
-      <li>Use an encrypted migration protocol. Some hypervisors
-        have support for encrypting the migration memory/storage
-        data. In other cases it can be tunnelled over the libvirtd
-        RPC protocol connections.</li>
-    </ul>
-
-    <h2><a name="storage">Storage encryption</a></h2>
-
-    <p>
-      Virtual disk images will typically contain confidential data
-      belonging to the owner of the virtual machine. It is desirable
-      to protect this against data center administrators as much as
-      possible. For example, a rogue storage administrator may attempt
-      to access disk contents directly from a storage host, or a network
-      administrator/attack may attempt to snoop on data packets relating
-      to storage access. Use of disk encryption on the virtualization
-      host can ensure that only the virtualization host administrator
-      can see the plain text contents of disk images.
-    </p>
-
-    <p>
-      <strong>Recommendation:</strong> make use of storage encryption
-      to protect non-local storage from attack by rogue network /
-      storage administrators or external attackers. This is particularly
-      important if the storage protocol itself does not offer any kind
-      of encryption capabilities.
-    </p>
-
-  </body>
-</html>

docs/securityprocess.html.in

@@ -67,7 +67,7 @@
       The libvirt security team operates a policy of
       <a href="http://en.wikipedia.org/wiki/Responsible_disclosure">responsible disclosure</a>.
       As such any security issue reported, that is not already publically disclosed
-      elsewhere, will have an embargo date assigned. Members of the security team agree
+      elswhere, will have an embargo date assigned. Members of the security team agree
       not to publically disclose any details of the security issue until the embargo
       date expires.
     </p>

docs/sitemap.html.in

@@ -90,10 +90,6 @@
                 <a href="logging.html">Logging</a>
                 <span>The library and the daemon logging support</span>
               </li>
-              <li>
-                <a href="auditlog.html">Audit log</a>
-                <span>Audit trail logs for host operations</span>
-              </li>
               <li>
                 <a href="firewall.html">Firewall</a>
                 <span>Firewall and network filter configuration</span>
@@ -140,10 +136,6 @@
                 <a href="archnode.html">Node Devices</a>
                 <span>Enumerating host node devices</span>
               </li>
-              <li>
-                <a href="secureusage.html">Secure usage</a>
-                <span>Secure usage of the libvirt APIs</span>
-              </li>
             </ul>
           </li>
           <li>
@@ -174,10 +166,6 @@
                 <a href="formatcaps.html">Capabilities</a>
                 <span>The driver capabilities XML format</span>
               </li>
-              <li>
-                <a href="formatdomaincaps.html">Domain capabilities</a>
-                <span>The domain capabilities XML format</span>
-              </li>
               <li>
                 <a href="formatnode.html">Node Devices</a>
                 <span>The host device XML format</span>
@@ -252,10 +240,6 @@
                 <a href="drvparallels.html">Parallels</a>
                 <span>Driver for Parallels Cloud Server</span>
               </li>
-              <li>
-                <a href="drvbhyve.html">Bhyve</a>
-                <span>Driver for bhyve</span>
-              </li>
             </ul>
           </li>
           <li>
@@ -350,10 +334,6 @@
                 <a href="internals/locking.html">Lock managers</a>
                 <span>Use lock managers to protect disk content</span>
               </li>
-              <li>
-                <a href="internals/oomtesting.html">Out of memory testing</a>
-                <span>Simulating OOM conditions in the test suite</span>
-              </li>
             </ul>
           </li>
           <li>
@@ -364,10 +344,6 @@
             <a href="virshcmdref.html">Virsh Commands</a>
             <span>Command reference for virsh</span>
           </li>
-          <li>
-            <a href="governance.html">Governance</a>
-            <span>Project governance and code of conduct</span>
-          </li>
         </ul>
       </li>
       <li>

docs/storage.html.in

@@ -114,12 +114,6 @@
       <li>
         <a href="#StorageBackendSheepdog">Sheepdog backend</a>
       </li>
-      <li>
-        <a href="#StorageBackendGluster">Gluster backend</a>
-      </li>
-      <li>
-        <a href="#StorageBackendZFS">ZFS backend</a>
-      </li>
     </ul>
 
     <h2><a name="StorageBackendDir">Directory pool</a></h2>
@@ -255,8 +249,7 @@
       a local block device as the source, it requires the name of a
       host and path of an exported directory. It will mount this network
       filesystem and manage files within the directory of its mount
-      point. It will default to using <code>auto</code> as the
-      protocol, which generally tries a mount via NFS first.
+      point. It will default to using NFS as the protocol.
     </p>
 
     <h3>Example pool input</h3>
@@ -266,7 +259,6 @@
         &lt;source&gt;
           &lt;host name="nfs.example.com"/&gt;
           &lt;dir path="/var/lib/virt/images"/&gt;
-          &lt;format type='nfs'/&gt;
         &lt;/source&gt;
         &lt;target&gt;
           &lt;path&gt;/var/lib/virt/images&lt;/path&gt;
@@ -283,15 +275,10 @@
         <code>nfs</code>
       </li>
       <li>
-        <code>glusterfs</code> - use the glusterfs FUSE file system.
-        For now, the <code>dir</code> specified as the source can only
-        be a gluster volume name, as gluster does not provide a way to
-        directly mount subdirectories within a volume.  (To bypass the
-        file system completely, see
-        the <a href="#StorageBackendGluster">gluster</a> pool.)
+        <code>glusterfs</code>
       </li>
       <li>
-        <code>cifs</code> - use the SMB (samba) or CIFS file system
+        <code>cifs</code>
       </li>
     </ul>
 
@@ -328,10 +315,14 @@
 
     <h3>Valid pool format types</h3>
     <p>
-      The logical volume pool supports only the <code>lvm2</code> format,
-      although not supplying a format value will result in automatic
-      selection of the<code>lvm2</code> format.
+      The logical volume pool supports the following formats:
     </p>
+    <ul>
+      <li><code>auto</code> - automatically determine format</li>
+      <li>
+        <code>lvm2</code>
+      </li>
+    </ul>
 
     <h3>Valid volume format types</h3>
     <p>
@@ -580,7 +571,7 @@
          &lt;/target&gt;
        &lt;/volume&gt;</pre>
 
-    <h3>Example disk attachment</h3>
+    <h3>Example disk attachement</h3>
     <p>RBD images can be attached to Qemu guests when Qemu is built
     with RBD support. Information about attaching a RBD image to a
     guest can be found
@@ -656,128 +647,5 @@
       The Sheepdog pool does not use the volume format type element.
     </p>
 
-    <h2><a name="StorageBackendGluster">Gluster pools</a></h2>
-    <p>
-      This provides a pool based on native Gluster access.  Gluster is
-      a distributed file system that can be exposed to the user via
-      FUSE, NFS or SMB (see the <a href="#StorageBackendNetfs">netfs</a>
-      pool for that usage); but for minimal overhead, the ideal access
-      is via native access (only possible for QEMU/KVM compiled with
-      libgfapi support).
-
-      The cluster and storage volume must already be running, and it
-      is recommended that the volume be configured with <code>gluster
-      volume set $volname storage.owner-uid=$uid</code>
-      and <code>gluster volume set $volname
-      storage.owner-gid=$gid</code> for the uid and gid that qemu will
-      be run as.  It may also be necessary to
-      set <code>rpc-auth-allow-insecure on</code> for the glusterd
-      service, as well as <code>gluster set $volname
-      server.allow-insecure on</code>, to allow access to the gluster
-      volume.
-
-      <span class="since">Since 1.2.0</span>
-    </p>
-
-    <h3>Example pool input</h3>
-    <p>A gluster volume corresponds to a libvirt storage pool.  If a
-      gluster volume could be mounted as <code>mount -t glusterfs
-      localhost:/volname /some/path</code>, then the following example
-      will describe the same pool without having to create a local
-      mount point.  Remember that with gluster, the mount point can be
-      through any machine in the cluster, and gluster will
-      automatically pick the ideal transport to the actual bricks
-      backing the gluster volume, even if on a different host than the
-      one named in the <code>host</code> designation.
-      The <code>&lt;name&gt;</code> element is always the volume name
-      (no slash).  The pool source also supports an
-      optional <code>&lt;dir&gt;</code> element with
-      a <code>path</code> attribute that lists the absolute name of a
-      subdirectory relative to the gluster volume to use instead of
-      the top-level directory of the volume.</p>
-    <pre>
-      &lt;pool type="gluster"&gt;
-        &lt;name&gt;myglusterpool&lt;/name&gt;
-        &lt;source&gt;
-          &lt;name&gt;volname&lt;/name&gt;
-          &lt;host name='localhost'/&gt;
-          &lt;dir path='/'/&gt;
-        &lt;/source&gt;
-      &lt;/pool&gt;</pre>
-
-    <h3>Example volume output</h3>
-    <p>Libvirt storage volumes associated with a gluster pool
-      correspond to the files that can be found when mounting the
-      gluster volume.  The <code>name</code> is the path relative to
-      the effective mount specified for the pool; and
-      the <code>key</code> is a string that identifies a single volume
-      uniquely. Currently the <code>key</code> attribute consists of the
-      URI of the volume but it may be changed to a UUID of the volume
-      in the future.</p>
-    <pre>
-       &lt;volume&gt;
-         &lt;name&gt;myfile&lt;/name&gt;
-         &lt;key&gt;gluster://localhost/volname/myfile&lt;/key&gt;
-         &lt;source&gt;
-         &lt;/source&gt;
-         &lt;capacity unit='bytes'&gt;53687091200&lt;/capacity&gt;
-         &lt;allocation unit='bytes'&gt;53687091200&lt;/allocation&gt;
-       &lt;/volume&gt;</pre>
-
-    <h3>Example disk attachment</h3>
-    <p>Files within a gluster volume can be attached to Qemu guests.
-    Information about attaching a Gluster image to a
-    guest can be found
-    at the <a href="formatdomain.html#elementsDisks">format domain</a>
-    page.</p>
-
-    <h3>Valid pool format types</h3>
-    <p>
-      The Gluster pool does not use the pool format type element.
-    </p>
-
-    <h3>Valid volume format types</h3>
-    <p>
-      The valid volume types are the same as for the <code>directory</code>
-      pool type.
-    </p>
-
-    <h2><a name="StorageBackendZFS">ZFS pools</a></h2>
-    <p>
-      This provides a pool based on the ZFS filesystem. It is currently
-      supported on FreeBSD only.
-    </p>
-
-    <p>A pool could either be created manually using the <code>zpool create</code>
-      command and its name specified in the source section or <span class="since">
-      since 1.2.9</span> source devices could be specified to create a pool using
-      libvirt.
-    </p>
-
-    <p>Please refer to the ZFS documentation for details on a pool creation.</p>
-
-    <p><span class="since">Since 1.2.8</span></p>.
-
-    <h3>Example pool input</h3>
-    <pre>
-      &lt;pool type="zfs"&gt;
-        &lt;name&gt;myzfspool&lt;/name&gt;
-        &lt;source&gt;
-          &lt;name&gt;zpoolname&lt;/name&gt;
-          &lt;device path="/dev/ada1"/&gt;
-          &lt;device path="/dev/ada2"/&gt;
-        &lt;/source&gt;
-      &lt;/pool&gt;</pre>
-
-    <h3>Valid pool format types</h3>
-    <p>
-      The ZFS volume pool does not use the pool format type element.
-    </p>
-
-    <h3>Valid pool format types</h3>
-    <p>
-      The ZFS volume pool does not use the volume format type element.
-    </p>
-
   </body>
 </html>

examples/apparmor/Makefile.am

@@ -15,29 +15,7 @@
 ## <http://www.gnu.org/licenses/>.
 
 EXTRA_DIST=				\
-	TEMPLATE.qemu			\
-	TEMPLATE.lxc			\
+	TEMPLATE			\
 	libvirt-qemu			\
-	libvirt-lxc 			\
 	usr.lib.libvirt.virt-aa-helper	\
 	usr.sbin.libvirtd
-
-if WITH_APPARMOR_PROFILES
-apparmordir = $(sysconfdir)/apparmor.d/
-apparmor_DATA = \
-	usr.lib.libvirt.virt-aa-helper \
-	usr.sbin.libvirtd \
-	$(NULL)
-
-abstractionsdir = $(apparmordir)/abstractions
-abstractions_DATA = \
-	libvirt-qemu \
-	libvirt-lxc \
-	$(NULL)
-
-templatesdir = $(apparmordir)/libvirt
-templates_DATA = \
-	TEMPLATE.qemu \
-	TEMPLATE.lxc \
-	$(NULL)
-endif WITH_APPARMOR_PROFILES

examples/apparmor/TEMPLATE.lxc

@@ -1,15 +0,0 @@
-#
-# This profile is for the domain whose UUID matches this file.
-#
-
-#include <tunables/global>
-
-profile LIBVIRT_TEMPLATE {
-  #include <abstractions/libvirt-lxc>
-
-  # Globally allows everything to run under this profile
-  # These can be narrowed depending on the container's use.
-  file,
-  capability,
-  network,
-}

examples/apparmor/libvirt-lxc

@@ -1,116 +0,0 @@
-# Last Modified: Fri Feb  7 13:01:36 2014
-
-  #include <abstractions/base>
-
-  umount,
-
-  # ignore DENIED message on / remount
-  deny mount options=(ro, remount) -> /,
-
-  # allow tmpfs mounts everywhere
-  mount fstype=tmpfs,
-
-  # allow mqueue mounts everywhere
-  mount fstype=mqueue,
-
-  # allow fuse mounts everywhere
-  mount fstype=fuse.*,
-
-  # deny writes in /proc/sys/fs but allow binfmt_misc to be mounted
-  mount fstype=binfmt_misc -> /proc/sys/fs/binfmt_misc/,
-  deny @{PROC}/sys/fs/** wklx,
-
-  # allow efivars to be mounted, writing to it will be blocked though
-  mount fstype=efivarfs -> /sys/firmware/efi/efivars/,
-
-  # block some other dangerous paths
-  deny @{PROC}/sysrq-trigger rwklx,
-  deny @{PROC}/mem rwklx,
-  deny @{PROC}/kmem rwklx,
-
-  # deny writes in /sys except for /sys/fs/cgroup, also allow
-  # fusectl, securityfs and debugfs to be mounted there (read-only)
-  mount fstype=fusectl -> /sys/fs/fuse/connections/,
-  mount fstype=securityfs -> /sys/kernel/security/,
-  mount fstype=debugfs -> /sys/kernel/debug/,
-  mount fstype=proc -> /proc/,
-  mount fstype=sysfs -> /sys/,
-  deny /sys/firmware/efi/efivars/** rwklx,
-  deny /sys/kernel/security/** rwklx,
-
-  # generated by: lxc-generate-aa-rules.py container-rules.base
-  deny /proc/sys/[^kn]*{,/**} wklx,
-  deny /proc/sys/k[^e]*{,/**} wklx,
-  deny /proc/sys/ke[^r]*{,/**} wklx,
-  deny /proc/sys/ker[^n]*{,/**} wklx,
-  deny /proc/sys/kern[^e]*{,/**} wklx,
-  deny /proc/sys/kerne[^l]*{,/**} wklx,
-  deny /proc/sys/kernel/[^smhd]*{,/**} wklx,
-  deny /proc/sys/kernel/d[^o]*{,/**} wklx,
-  deny /proc/sys/kernel/do[^m]*{,/**} wklx,
-  deny /proc/sys/kernel/dom[^a]*{,/**} wklx,
-  deny /proc/sys/kernel/doma[^i]*{,/**} wklx,
-  deny /proc/sys/kernel/domai[^n]*{,/**} wklx,
-  deny /proc/sys/kernel/domain[^n]*{,/**} wklx,
-  deny /proc/sys/kernel/domainn[^a]*{,/**} wklx,
-  deny /proc/sys/kernel/domainna[^m]*{,/**} wklx,
-  deny /proc/sys/kernel/domainnam[^e]*{,/**} wklx,
-  deny /proc/sys/kernel/domainname?*{,/**} wklx,
-  deny /proc/sys/kernel/h[^o]*{,/**} wklx,
-  deny /proc/sys/kernel/ho[^s]*{,/**} wklx,
-  deny /proc/sys/kernel/hos[^t]*{,/**} wklx,
-  deny /proc/sys/kernel/host[^n]*{,/**} wklx,
-  deny /proc/sys/kernel/hostn[^a]*{,/**} wklx,
-  deny /proc/sys/kernel/hostna[^m]*{,/**} wklx,
-  deny /proc/sys/kernel/hostnam[^e]*{,/**} wklx,
-  deny /proc/sys/kernel/hostname?*{,/**} wklx,
-  deny /proc/sys/kernel/m[^s]*{,/**} wklx,
-  deny /proc/sys/kernel/ms[^g]*{,/**} wklx,
-  deny /proc/sys/kernel/msg*/** wklx,
-  deny /proc/sys/kernel/s[^he]*{,/**} wklx,
-  deny /proc/sys/kernel/se[^m]*{,/**} wklx,
-  deny /proc/sys/kernel/sem*/** wklx,
-  deny /proc/sys/kernel/sh[^m]*{,/**} wklx,
-  deny /proc/sys/kernel/shm*/** wklx,
-  deny /proc/sys/kernel?*{,/**} wklx,
-  deny /proc/sys/n[^e]*{,/**} wklx,
-  deny /proc/sys/ne[^t]*{,/**} wklx,
-  deny /proc/sys/net?*{,/**} wklx,
-  deny /sys/[^fdc]*{,/**} wklx,
-  deny /sys/c[^l]*{,/**} wklx,
-  deny /sys/cl[^a]*{,/**} wklx,
-  deny /sys/cla[^s]*{,/**} wklx,
-  deny /sys/clas[^s]*{,/**} wklx,
-  deny /sys/class/[^n]*{,/**} wklx,
-  deny /sys/class/n[^e]*{,/**} wklx,
-  deny /sys/class/ne[^t]*{,/**} wklx,
-  deny /sys/class/net?*{,/**} wklx,
-  deny /sys/class?*{,/**} wklx,
-  deny /sys/d[^e]*{,/**} wklx,
-  deny /sys/de[^v]*{,/**} wklx,
-  deny /sys/dev[^i]*{,/**} wklx,
-  deny /sys/devi[^c]*{,/**} wklx,
-  deny /sys/devic[^e]*{,/**} wklx,
-  deny /sys/device[^s]*{,/**} wklx,
-  deny /sys/devices/[^v]*{,/**} wklx,
-  deny /sys/devices/v[^i]*{,/**} wklx,
-  deny /sys/devices/vi[^r]*{,/**} wklx,
-  deny /sys/devices/vir[^t]*{,/**} wklx,
-  deny /sys/devices/virt[^u]*{,/**} wklx,
-  deny /sys/devices/virtu[^a]*{,/**} wklx,
-  deny /sys/devices/virtua[^l]*{,/**} wklx,
-  deny /sys/devices/virtual/[^n]*{,/**} wklx,
-  deny /sys/devices/virtual/n[^e]*{,/**} wklx,
-  deny /sys/devices/virtual/ne[^t]*{,/**} wklx,
-  deny /sys/devices/virtual/net?*{,/**} wklx,
-  deny /sys/devices/virtual?*{,/**} wklx,
-  deny /sys/devices?*{,/**} wklx,
-  deny /sys/f[^s]*{,/**} wklx,
-  deny /sys/fs/[^c]*{,/**} wklx,
-  deny /sys/fs/c[^g]*{,/**} wklx,
-  deny /sys/fs/cg[^r]*{,/**} wklx,
-  deny /sys/fs/cgr[^o]*{,/**} wklx,
-  deny /sys/fs/cgro[^u]*{,/**} wklx,
-  deny /sys/fs/cgrou[^p]*{,/**} wklx,
-  deny /sys/fs/cgroup?*{,/**} wklx,
-  deny /sys/fs?*{,/**} wklx,

examples/apparmor/libvirt-qemu

@@ -1,4 +1,4 @@
-# Last Modified: Wed Sep 3 21:52:03 2014
+# Last Modified: Fri Mar 9 14:43:22 2012
 
   #include <abstractions/base>
   #include <abstractions/consoles>
@@ -9,10 +9,6 @@
   capability dac_read_search,
   capability chown,
 
-  # needed to drop privileges
-  capability setgid,
-  capability setuid,
-
   network inet stream,
   network inet6 stream,
 
@@ -21,11 +17,10 @@
   /dev/ptmx rw,
   /dev/kqemu rw,
   @{PROC}/*/status r,
-  @{PROC}/sys/kernel/cap_last_cap r,
 
   # For hostdev access. The actual devices will be added dynamically
   /sys/bus/usb/devices/ r,
-  /sys/devices/**/usb[0-9]*/** r,
+  /sys/devices/*/*/usb[0-9]*/** r,
 
   # WARNING: this gives the guest direct access to host hardware and specific
   # portions of shared memory. This is required for sound using ALSA with kvm,
@@ -37,8 +32,6 @@
   /{dev,run}/shmpulse-shm* rwk,
   /dev/snd/* rw,
   capability ipc_lock,
-  # spice
-  owner /{dev,run}/shm/spice.* rw,
   # 'kill' is not required for sound and is a security risk. Do not enable
   # unless you absolutely need it.
   deny capability kill,
@@ -65,7 +58,6 @@
   /usr/share/proll/** r,
   /usr/share/vgabios/** r,
   /usr/share/seabios/** r,
-  /usr/share/ovmf/** r,
 
   # access PKI infrastructure
   /etc/pki/libvirt-vnc/** r,
@@ -111,22 +103,15 @@
   /usr/bin/qemu-sparc32plus rmix,
   /usr/bin/qemu-sparc64 rmix,
   /usr/bin/qemu-x86_64 rmix,
-  /usr/lib/qemu/block-curl.so mr,
 
   # for save and resume
   /bin/dash rmix,
   /bin/dd rmix,
   /bin/cat rmix,
 
-  # for usb access
-  /dev/bus/usb/ r,
-  /etc/udev/udev.conf r,
-  /sys/bus/ r,
-  /sys/class/ r,
-
-  /usr/{lib,libexec}/qemu-bridge-helper Cx -> qemu_bridge_helper,
+  /usr/libexec/qemu-bridge-helper Cx,
   # child profile for bridge helper process
-  profile qemu_bridge_helper {
+  profile /usr/libexec/qemu-bridge-helper {
    #include <abstractions/base>
 
    capability setuid,
@@ -140,5 +125,5 @@
    /etc/qemu/** r,
    owner @{PROC}/*/status r,
 
-   /usr/{lib,libexec}/qemu-bridge-helper rmix,
+   /usr/libexec/qemu-bridge-helper rmix,
   }

examples/apparmor/usr.lib.libvirt.virt-aa-helper

@@ -12,8 +12,6 @@
   network inet,
 
   deny @{PROC}/[0-9]*/mounts r,
-  @{PROC}/[0-9]*/net/psched r,
-  owner @{PROC}/[0-9]*/status r,
   @{PROC}/filesystems r,
 
   # for hostdev
@@ -37,12 +35,4 @@
   @{HOME}/** r,
   /var/lib/libvirt/images/ r,
   /var/lib/libvirt/images/** r,
-  /{media,mnt,opt,srv}/** r,
-
-  /**.img r,
-  /**.qcow{,2} r,
-  /**.qed r,
-  /**.vmdk r,
-  /**.[iI][sS][oO] r,
-  /**/disk{,.*} r,
 }

examples/apparmor/usr.sbin.libvirtd

@@ -4,7 +4,6 @@
 
 /usr/sbin/libvirtd {
   #include <abstractions/base>
-  #include <abstractions/dbus>
 
   capability kill,
   capability net_admin,
@@ -23,28 +22,20 @@
   capability setpcap,
   capability mknod,
   capability fsetid,
-  capability audit_write,
-
-  # Needed for vfio
-  capability sys_resource,
 
   network inet stream,
   network inet dgram,
   network inet6 stream,
   network inet6 dgram,
-  network packet dgram,
 
   # Very lenient profile for libvirtd since we want to first focus on confining
   # the guests. Guests will have a very restricted profile.
-  / r,
   /** rwmkl,
 
-  /bin/* PUx,
-  /sbin/* PUx,
-  /usr/bin/* PUx,
-  /usr/sbin/* PUx,
-  /lib/udev/scsi_id PUx,
-  /usr/lib/xen-common/bin/xen-toolstack PUx,
+  /bin/* Ux,
+  /sbin/* Ux,
+  /usr/bin/* Ux,
+  /usr/sbin/* Ux,
 
   # force the use of virt-aa-helper
   audit deny /sbin/apparmor_parser rwxl,
@@ -54,8 +45,6 @@
   audit deny /sys/kernel/security/apparmor/.* rwxl,
   /sys/kernel/security/apparmor/profiles r,
   /usr/lib/libvirt/* PUxr,
-  /etc/libvirt/hooks/** rmix,
-  /etc/xen/scripts/** rmix,
 
   # allow changing to our UUID-based named profiles
   change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,

examples/domain-events/events-c/event-test.c

@@ -10,7 +10,7 @@
 #include <libvirt/virterror.h>
 
 #define VIR_DEBUG(fmt) printf("%s:%d: " fmt "\n", __func__, __LINE__)
-#define STREQ(a, b) (strcmp(a, b) == 0)
+#define STREQ(a,b) (strcmp(a,b) == 0)
 
 #ifndef ATTRIBUTE_UNUSED
 # define ATTRIBUTE_UNUSED __attribute__((__unused__))
@@ -70,22 +70,22 @@ const char *eventToString(int event) {
     const char *ret = "";
     switch ((virDomainEventType) event) {
         case VIR_DOMAIN_EVENT_DEFINED:
-            ret = "Defined";
+            ret ="Defined";
             break;
         case VIR_DOMAIN_EVENT_UNDEFINED:
-            ret = "Undefined";
+            ret ="Undefined";
             break;
         case VIR_DOMAIN_EVENT_STARTED:
-            ret = "Started";
+            ret ="Started";
             break;
         case VIR_DOMAIN_EVENT_SUSPENDED:
-            ret = "Suspended";
+            ret ="Suspended";
             break;
         case VIR_DOMAIN_EVENT_RESUMED:
-            ret = "Resumed";
+            ret ="Resumed";
             break;
         case VIR_DOMAIN_EVENT_STOPPED:
-            ret = "Stopped";
+            ret ="Stopped";
             break;
         case VIR_DOMAIN_EVENT_SHUTDOWN:
             ret = "Shutdown";
@@ -223,27 +223,6 @@ static const char *eventDetailToString(int event, int detail) {
     return ret;
 }
 
-static const char *
-networkEventToString(int event)
-{
-    const char *ret = "";
-    switch ((virNetworkEventLifecycleType) event) {
-        case VIR_NETWORK_EVENT_DEFINED:
-            ret = "Defined";
-            break;
-        case VIR_NETWORK_EVENT_UNDEFINED:
-            ret = "Undefined";
-            break;
-        case VIR_NETWORK_EVENT_STARTED:
-            ret = "Started";
-            break;
-        case VIR_NETWORK_EVENT_STOPPED:
-            ret = "Stopped";
-            break;
-    }
-    return ret;
-}
-
 static int myDomainEventCallback1(virConnectPtr conn ATTRIBUTE_UNUSED,
                                   virDomainPtr dom,
                                   int event,
@@ -453,62 +432,6 @@ myDomainEventDeviceRemovedCallback(virConnectPtr conn ATTRIBUTE_UNUSED,
     return 0;
 }
 
-static int myNetworkEventCallback(virConnectPtr conn ATTRIBUTE_UNUSED,
-                                  virNetworkPtr dom,
-                                  int event,
-                                  int detail,
-                                  void *opaque ATTRIBUTE_UNUSED)
-{
-    printf("%s EVENT: Network %s %s %d\n", __func__, virNetworkGetName(dom),
-           networkEventToString(event), detail);
-    return 0;
-}
-
-static int
-myDomainEventTunableCallback(virConnectPtr conn ATTRIBUTE_UNUSED,
-                             virDomainPtr dom,
-                             virTypedParameterPtr params,
-                             int nparams,
-                             void *opaque ATTRIBUTE_UNUSED)
-{
-    size_t i;
-
-    printf("%s EVENT: Domain %s(%d) tunable updated:\n",
-           __func__, virDomainGetName(dom), virDomainGetID(dom));
-
-    for (i = 0; i < nparams; i++) {
-        switch (params[i].type) {
-        case VIR_TYPED_PARAM_INT:
-            printf("\t%s: %d\n", params[i].field, params[i].value.i);
-            break;
-        case VIR_TYPED_PARAM_UINT:
-            printf("\t%s: %u\n", params[i].field, params[i].value.ui);
-            break;
-        case VIR_TYPED_PARAM_LLONG:
-            printf("\t%s: %" PRId64 "\n", params[i].field,
-                   (int64_t) params[i].value.l);
-            break;
-        case VIR_TYPED_PARAM_ULLONG:
-            printf("\t%s: %" PRIu64 "\n", params[i].field,
-                   (uint64_t) params[i].value.ul);
-            break;
-        case VIR_TYPED_PARAM_DOUBLE:
-            printf("\t%s: %g\n", params[i].field, params[i].value.d);
-            break;
-        case VIR_TYPED_PARAM_BOOLEAN:
-            printf("\t%s: %d\n", params[i].field, params[i].value.b);
-            break;
-        case VIR_TYPED_PARAM_STRING:
-            printf("\t%s: %s\n", params[i].field, params[i].value.s);
-            break;
-        default:
-            printf("\t%s: unknown type\n", params[i].field);
-        }
-    }
-
-    return 0;
-}
-
 static void myFreeFunc(void *opaque)
 {
     char *str = opaque;
@@ -549,8 +472,6 @@ int main(int argc, char **argv)
     int callback13ret = -1;
     int callback14ret = -1;
     int callback15ret = -1;
-    int callback16ret = -1;
-    int callback17ret = -1;
     struct sigaction action_stop;
 
     memset(&action_stop, 0, sizeof(action_stop));
@@ -589,7 +510,7 @@ int main(int argc, char **argv)
     sigaction(SIGTERM, &action_stop, NULL);
     sigaction(SIGINT, &action_stop, NULL);
 
-    VIR_DEBUG("Registering event cbs");
+    VIR_DEBUG("Registering domain event cbs");
 
     /* Add 2 callbacks to prove this works with more than just one */
     callback1ret = virConnectDomainEventRegister(dconn, myDomainEventCallback1,
@@ -664,16 +585,6 @@ int main(int argc, char **argv)
                                                      VIR_DOMAIN_EVENT_ID_DEVICE_REMOVED,
                                                      VIR_DOMAIN_EVENT_CALLBACK(myDomainEventDeviceRemovedCallback),
                                                      strdup("device removed"), myFreeFunc);
-    callback16ret = virConnectNetworkEventRegisterAny(dconn,
-                                                      NULL,
-                                                      VIR_NETWORK_EVENT_ID_LIFECYCLE,
-                                                      VIR_NETWORK_EVENT_CALLBACK(myNetworkEventCallback),
-                                                      strdup("net callback"), myFreeFunc);
-    callback17ret = virConnectDomainEventRegisterAny(dconn,
-                                                     NULL,
-                                                     VIR_DOMAIN_EVENT_ID_TUNABLE,
-                                                     VIR_DOMAIN_EVENT_CALLBACK(myDomainEventTunableCallback),
-                                                     strdup("tunable"), myFreeFunc);
 
     if ((callback1ret != -1) &&
         (callback2ret != -1) &&
@@ -688,9 +599,7 @@ int main(int argc, char **argv)
         (callback12ret != -1) &&
         (callback13ret != -1) &&
         (callback14ret != -1) &&
-        (callback15ret != -1) &&
-        (callback16ret != -1) &&
-        (callback17ret != -1)) {
+        (callback15ret != -1)) {
         if (virConnectSetKeepAlive(dconn, 5, 3) < 0) {
             virErrorPtr err = virGetLastError();
             fprintf(stderr, "Failed to start keepalive protocol: %s\n",
@@ -721,14 +630,10 @@ int main(int argc, char **argv)
         virConnectDomainEventDeregisterAny(dconn, callback13ret);
         virConnectDomainEventDeregisterAny(dconn, callback14ret);
         virConnectDomainEventDeregisterAny(dconn, callback15ret);
-        virConnectNetworkEventDeregisterAny(dconn, callback16ret);
-        virConnectDomainEventDeregisterAny(dconn, callback17ret);
         if (callback8ret != -1)
             virConnectDomainEventDeregisterAny(dconn, callback8ret);
     }
 
-    virConnectUnregisterCloseCallback(dconn, connectClose);
-
     VIR_DEBUG("Closing connection");
     if (dconn && virConnectClose(dconn) < 0) {
         printf("error closing\n");

examples/domain-events/events-python/event-test.py

@@ -0,0 +1,591 @@
+#!/usr/bin/python -u
+#
+#
+#
+#################################################################################
+# Start off by implementing a general purpose event loop for anyones use
+#################################################################################
+
+import sys
+import getopt
+import os
+import libvirt
+import select
+import errno
+import time
+import threading
+
+# For the sake of demonstration, this example program includes
+# an implementation of a pure python event loop. Most applications
+# would be better off just using the default libvirt event loop
+# APIs, instead of implementing this in python. The exception is
+# where an application wants to integrate with an existing 3rd
+# party event loop impl
+#
+# Change this to 'False' to make the demo use the native
+# libvirt event loop impl
+use_pure_python_event_loop = True
+
+do_debug = False
+def debug(msg):
+    global do_debug
+    if do_debug:
+        print msg
+
+#
+# This general purpose event loop will support waiting for file handle
+# I/O and errors events, as well as scheduling repeatable timers with
+# a fixed interval.
+#
+# It is a pure python implementation based around the poll() API
+#
+class virEventLoopPure:
+    # This class contains the data we need to track for a
+    # single file handle
+    class virEventLoopPureHandle:
+        def __init__(self, handle, fd, events, cb, opaque):
+            self.handle = handle
+            self.fd = fd
+            self.events = events
+            self.cb = cb
+            self.opaque = opaque
+
+        def get_id(self):
+            return self.handle
+
+        def get_fd(self):
+            return self.fd
+
+        def get_events(self):
+            return self.events
+
+        def set_events(self, events):
+            self.events = events
+
+        def dispatch(self, events):
+            self.cb(self.handle,
+                    self.fd,
+                    events,
+                    self.opaque)
+
+    # This class contains the data we need to track for a
+    # single periodic timer
+    class virEventLoopPureTimer:
+        def __init__(self, timer, interval, cb, opaque):
+            self.timer = timer
+            self.interval = interval
+            self.cb = cb
+            self.opaque = opaque
+            self.lastfired = 0
+
+        def get_id(self):
+            return self.timer
+
+        def get_interval(self):
+            return self.interval
+
+        def set_interval(self, interval):
+            self.interval = interval
+
+        def get_last_fired(self):
+            return self.lastfired
+
+        def set_last_fired(self, now):
+            self.lastfired = now
+
+        def dispatch(self):
+            self.cb(self.timer,
+                    self.opaque)
+
+
+    def __init__(self):
+        self.poll = select.poll()
+        self.pipetrick = os.pipe()
+        self.pendingWakeup = False
+        self.runningPoll = False
+        self.nextHandleID = 1
+        self.nextTimerID = 1
+        self.handles = []
+        self.timers = []
+        self.quit = False
+
+        # The event loop can be used from multiple threads at once.
+        # Specifically while the main thread is sleeping in poll()
+        # waiting for events to occur, another thread may come along
+        # and add/update/remove a file handle, or timer. When this
+        # happens we need to interrupt the poll() sleep in the other
+        # thread, so that it'll see the file handle / timer changes.
+        #
+        # Using OS level signals for this is very unreliable and
+        # hard to implement correctly. Thus we use the real classic
+        # "self pipe" trick. A anonymous pipe, with one end registered
+        # with the event loop for input events. When we need to force
+        # the main thread out of a poll() sleep, we simple write a
+        # single byte of data to the other end of the pipe.
+        debug("Self pipe watch %d write %d" %(self.pipetrick[0], self.pipetrick[1]))
+        self.poll.register(self.pipetrick[0], select.POLLIN)
+
+
+    # Calculate when the next timeout is due to occur, returning
+    # the absolute timestamp for the next timeout, or 0 if there is
+    # no timeout due
+    def next_timeout(self):
+        next = 0
+        for t in self.timers:
+            last = t.get_last_fired()
+            interval = t.get_interval()
+            if interval < 0:
+                continue
+            if next == 0 or (last + interval) < next:
+                next = last + interval
+
+        return next
+
+    # Lookup a virEventLoopPureHandle object based on file descriptor
+    def get_handle_by_fd(self, fd):
+        for h in self.handles:
+            if h.get_fd() == fd:
+                return h
+        return None
+
+    # Lookup a virEventLoopPureHandle object based on its event loop ID
+    def get_handle_by_id(self, handleID):
+        for h in self.handles:
+            if h.get_id() == handleID:
+                return h
+        return None
+
+
+    # This is the heart of the event loop, performing one single
+    # iteration. It asks when the next timeout is due, and then
+    # calcuates the maximum amount of time it is able to sleep
+    # for in poll() pending file handle events.
+    #
+    # It then goes into the poll() sleep.
+    #
+    # When poll() returns, there will zero or more file handle
+    # events which need to be dispatched to registered callbacks
+    # It may also be time to fire some periodic timers.
+    #
+    # Due to the coarse granularity of schedular timeslices, if
+    # we ask for a sleep of 500ms in order to satisfy a timer, we
+    # may return up to 1 schedular timeslice early. So even though
+    # our sleep timeout was reached, the registered timer may not
+    # technically be at its expiry point. This leads to us going
+    # back around the loop with a crazy 5ms sleep. So when checking
+    # if timeouts are due, we allow a margin of 20ms, to avoid
+    # these pointless repeated tiny sleeps.
+    def run_once(self):
+        sleep = -1
+        self.runningPoll = True
+        try:
+            next = self.next_timeout()
+            debug("Next timeout due at %d" % next)
+            if next > 0:
+                now = int(time.time() * 1000)
+                if now >= next:
+                    sleep = 0
+                else:
+                    sleep = (next - now) / 1000.0
+
+            debug("Poll with a sleep of %d" % sleep)
+            events = self.poll.poll(sleep)
+
+            # Dispatch any file handle events that occurred
+            for (fd, revents) in events:
+                # See if the events was from the self-pipe
+                # telling us to wakup. if so, then discard
+                # the data just continue
+                if fd == self.pipetrick[0]:
+                    self.pendingWakeup = False
+                    data = os.read(fd, 1)
+                    continue
+
+                h = self.get_handle_by_fd(fd)
+                if h:
+                    debug("Dispatch fd %d handle %d events %d" % (fd, h.get_id(), revents))
+                    h.dispatch(self.events_from_poll(revents))
+
+            now = int(time.time() * 1000)
+            for t in self.timers:
+                interval = t.get_interval()
+                if interval < 0:
+                    continue
+
+                want = t.get_last_fired() + interval
+                # Deduct 20ms, since scheduler timeslice
+                # means we could be ever so slightly early
+                if now >= (want-20):
+                    debug("Dispatch timer %d now %s want %s" % (t.get_id(), str(now), str(want)))
+                    t.set_last_fired(now)
+                    t.dispatch()
+
+        except (os.error, select.error), e:
+            if e.args[0] != errno.EINTR:
+                raise
+        finally:
+            self.runningPoll = False
+
+
+    # Actually the event loop forever
+    def run_loop(self):
+        self.quit = False
+        while not self.quit:
+            self.run_once()
+
+    def interrupt(self):
+        if self.runningPoll and not self.pendingWakeup:
+            self.pendingWakeup = True
+            os.write(self.pipetrick[1], 'c')
+
+
+    # Registers a new file handle 'fd', monitoring  for 'events' (libvirt
+    # event constants), firing the callback  cb() when an event occurs.
+    # Returns a unique integer identier for this handle, that should be
+    # used to later update/remove it
+    def add_handle(self, fd, events, cb, opaque):
+        handleID = self.nextHandleID + 1
+        self.nextHandleID = self.nextHandleID + 1
+
+        h = self.virEventLoopPureHandle(handleID, fd, events, cb, opaque)
+        self.handles.append(h)
+
+        self.poll.register(fd, self.events_to_poll(events))
+        self.interrupt()
+
+        debug("Add handle %d fd %d events %d" % (handleID, fd, events))
+
+        return handleID
+
+    # Registers a new timer with periodic expiry at 'interval' ms,
+    # firing cb() each time the timer expires. If 'interval' is -1,
+    # then the timer is registered, but not enabled
+    # Returns a unique integer identier for this handle, that should be
+    # used to later update/remove it
+    def add_timer(self, interval, cb, opaque):
+        timerID = self.nextTimerID + 1
+        self.nextTimerID = self.nextTimerID + 1
+
+        h = self.virEventLoopPureTimer(timerID, interval, cb, opaque)
+        self.timers.append(h)
+        self.interrupt()
+
+        debug("Add timer %d interval %d" % (timerID, interval))
+
+        return timerID
+
+    # Change the set of events to be monitored on the file handle
+    def update_handle(self, handleID, events):
+        h = self.get_handle_by_id(handleID)
+        if h:
+            h.set_events(events)
+            self.poll.unregister(h.get_fd())
+            self.poll.register(h.get_fd(), self.events_to_poll(events))
+            self.interrupt()
+
+            debug("Update handle %d fd %d events %d" % (handleID, h.get_fd(), events))
+
+    # Change the periodic frequency of the timer
+    def update_timer(self, timerID, interval):
+        for h in self.timers:
+            if h.get_id() == timerID:
+                h.set_interval(interval)
+                self.interrupt()
+
+                debug("Update timer %d interval %d"  % (timerID, interval))
+                break
+
+    # Stop monitoring for events on the file handle
+    def remove_handle(self, handleID):
+        handles = []
+        for h in self.handles:
+            if h.get_id() == handleID:
+                self.poll.unregister(h.get_fd())
+                debug("Remove handle %d fd %d" % (handleID, h.get_fd()))
+            else:
+                handles.append(h)
+        self.handles = handles
+        self.interrupt()
+
+    # Stop firing the periodic timer
+    def remove_timer(self, timerID):
+        timers = []
+        for h in self.timers:
+            if h.get_id() != timerID:
+                timers.append(h)
+                debug("Remove timer %d" % timerID)
+        self.timers = timers
+        self.interrupt()
+
+    # Convert from libvirt event constants, to poll() events constants
+    def events_to_poll(self, events):
+        ret = 0
+        if events & libvirt.VIR_EVENT_HANDLE_READABLE:
+            ret |= select.POLLIN
+        if events & libvirt.VIR_EVENT_HANDLE_WRITABLE:
+            ret |= select.POLLOUT
+        if events & libvirt.VIR_EVENT_HANDLE_ERROR:
+            ret |= select.POLLERR
+        if events & libvirt.VIR_EVENT_HANDLE_HANGUP:
+            ret |= select.POLLHUP
+        return ret
+
+    # Convert from poll() event constants, to libvirt events constants
+    def events_from_poll(self, events):
+        ret = 0
+        if events & select.POLLIN:
+            ret |= libvirt.VIR_EVENT_HANDLE_READABLE
+        if events & select.POLLOUT:
+            ret |= libvirt.VIR_EVENT_HANDLE_WRITABLE
+        if events & select.POLLNVAL:
+            ret |= libvirt.VIR_EVENT_HANDLE_ERROR
+        if events & select.POLLERR:
+            ret |= libvirt.VIR_EVENT_HANDLE_ERROR
+        if events & select.POLLHUP:
+            ret |= libvirt.VIR_EVENT_HANDLE_HANGUP
+        return ret
+
+
+###########################################################################
+# Now glue an instance of the general event loop into libvirt's event loop
+###########################################################################
+
+# This single global instance of the event loop wil be used for
+# monitoring libvirt events
+eventLoop = virEventLoopPure()
+
+# This keeps track of what thread is running the event loop,
+# (if it is run in a background thread)
+eventLoopThread = None
+
+
+# These next set of 6 methods are the glue between the official
+# libvirt events API, and our particular impl of the event loop
+#
+# There is no reason why the 'virEventLoopPure' has to be used.
+# An application could easily may these 6 glue methods hook into
+# another event loop such as GLib's, or something like the python
+# Twisted event framework.
+
+def virEventAddHandleImpl(fd, events, cb, opaque):
+    global eventLoop
+    return eventLoop.add_handle(fd, events, cb, opaque)
+
+def virEventUpdateHandleImpl(handleID, events):
+    global eventLoop
+    return eventLoop.update_handle(handleID, events)
+
+def virEventRemoveHandleImpl(handleID):
+    global eventLoop
+    return eventLoop.remove_handle(handleID)
+
+def virEventAddTimerImpl(interval, cb, opaque):
+    global eventLoop
+    return eventLoop.add_timer(interval, cb, opaque)
+
+def virEventUpdateTimerImpl(timerID, interval):
+    global eventLoop
+    return eventLoop.update_timer(timerID, interval)
+
+def virEventRemoveTimerImpl(timerID):
+    global eventLoop
+    return eventLoop.remove_timer(timerID)
+
+# This tells libvirt what event loop implementation it
+# should use
+def virEventLoopPureRegister():
+    libvirt.virEventRegisterImpl(virEventAddHandleImpl,
+                                 virEventUpdateHandleImpl,
+                                 virEventRemoveHandleImpl,
+                                 virEventAddTimerImpl,
+                                 virEventUpdateTimerImpl,
+                                 virEventRemoveTimerImpl)
+
+# Directly run the event loop in the current thread
+def virEventLoopPureRun():
+    global eventLoop
+    eventLoop.run_loop()
+
+def virEventLoopNativeRun():
+    while True:
+        libvirt.virEventRunDefaultImpl()
+
+# Spawn a background thread to run the event loop
+def virEventLoopPureStart():
+    global eventLoopThread
+    virEventLoopPureRegister()
+    eventLoopThread = threading.Thread(target=virEventLoopPureRun, name="libvirtEventLoop")
+    eventLoopThread.setDaemon(True)
+    eventLoopThread.start()
+
+def virEventLoopNativeStart():
+    global eventLoopThread
+    libvirt.virEventRegisterDefaultImpl()
+    eventLoopThread = threading.Thread(target=virEventLoopNativeRun, name="libvirtEventLoop")
+    eventLoopThread.setDaemon(True)
+    eventLoopThread.start()
+
+
+##########################################################################
+# Everything that now follows is a simple demo of domain lifecycle events
+##########################################################################
+def eventToString(event):
+    eventStrings = ( "Defined",
+                     "Undefined",
+                     "Started",
+                     "Suspended",
+                     "Resumed",
+                     "Stopped",
+                     "Shutdown",
+                     "PMSuspended",
+                     "Crashed" )
+    return eventStrings[event]
+
+def detailToString(event, detail):
+    eventStrings = (
+        ( "Added", "Updated" ),
+        ( "Removed", ),
+        ( "Booted", "Migrated", "Restored", "Snapshot", "Wakeup" ),
+        ( "Paused", "Migrated", "IOError", "Watchdog", "Restored", "Snapshot", "API error" ),
+        ( "Unpaused", "Migrated", "Snapshot" ),
+        ( "Shutdown", "Destroyed", "Crashed", "Migrated", "Saved", "Failed", "Snapshot"),
+        ( "Finished", ),
+        ( "Memory", "Disk" ),
+        ( "Panicked", )
+        )
+    return eventStrings[event][detail]
+
+def myDomainEventCallback1 (conn, dom, event, detail, opaque):
+    print "myDomainEventCallback1 EVENT: Domain %s(%s) %s %s" % (dom.name(), dom.ID(),
+                                                                 eventToString(event),
+                                                                 detailToString(event, detail))
+
+def myDomainEventCallback2 (conn, dom, event, detail, opaque):
+    print "myDomainEventCallback2 EVENT: Domain %s(%s) %s %s" % (dom.name(), dom.ID(),
+                                                                 eventToString(event),
+                                                                 detailToString(event, detail))
+
+def myDomainEventRebootCallback(conn, dom, opaque):
+    print "myDomainEventRebootCallback: Domain %s(%s)" % (dom.name(), dom.ID())
+
+def myDomainEventRTCChangeCallback(conn, dom, utcoffset, opaque):
+    print "myDomainEventRTCChangeCallback: Domain %s(%s) %d" % (dom.name(), dom.ID(), utcoffset)
+
+def myDomainEventWatchdogCallback(conn, dom, action, opaque):
+    print "myDomainEventWatchdogCallback: Domain %s(%s) %d" % (dom.name(), dom.ID(), action)
+
+def myDomainEventIOErrorCallback(conn, dom, srcpath, devalias, action, opaque):
+    print "myDomainEventIOErrorCallback: Domain %s(%s) %s %s %d" % (dom.name(), dom.ID(), srcpath, devalias, action)
+
+def myDomainEventGraphicsCallback(conn, dom, phase, localAddr, remoteAddr, authScheme, subject, opaque):
+    print "myDomainEventGraphicsCallback: Domain %s(%s) %d %s" % (dom.name(), dom.ID(), phase, authScheme)
+
+def myDomainEventDiskChangeCallback(conn, dom, oldSrcPath, newSrcPath, devAlias, reason, opaque):
+    print "myDomainEventDiskChangeCallback: Domain %s(%s) disk change oldSrcPath: %s newSrcPath: %s devAlias: %s reason: %s" % (
+            dom.name(), dom.ID(), oldSrcPath, newSrcPath, devAlias, reason)
+def myDomainEventTrayChangeCallback(conn, dom, devAlias, reason, opaque):
+    print "myDomainEventTrayChangeCallback: Domain %s(%s) tray change devAlias: %s reason: %s" % (
+            dom.name(), dom.ID(), devAlias, reason)
+def myDomainEventPMWakeupCallback(conn, dom, reason, opaque):
+    print "myDomainEventPMWakeupCallback: Domain %s(%s) system pmwakeup" % (
+            dom.name(), dom.ID())
+def myDomainEventPMSuspendCallback(conn, dom, reason, opaque):
+    print "myDomainEventPMSuspendCallback: Domain %s(%s) system pmsuspend" % (
+            dom.name(), dom.ID())
+def myDomainEventBalloonChangeCallback(conn, dom, actual, opaque):
+    print "myDomainEventBalloonChangeCallback: Domain %s(%s) %d" % (dom.name(), dom.ID(), actual)
+def myDomainEventPMSuspendDiskCallback(conn, dom, reason, opaque):
+    print "myDomainEventPMSuspendDiskCallback: Domain %s(%s) system pmsuspend_disk" % (
+            dom.name(), dom.ID())
+def myDomainEventDeviceRemovedCallback(conn, dom, dev, opaque):
+    print "myDomainEventDeviceRemovedCallback: Domain %s(%s) device removed: %s" % (
+            dom.name(), dom.ID(), dev)
+
+run = True
+
+def myConnectionCloseCallback(conn, reason, opaque):
+    reasonStrings = (
+        "Error", "End-of-file", "Keepalive", "Client",
+        )
+    print "myConnectionCloseCallback: %s: %s" % (conn.getURI(), reasonStrings[reason])
+    run = False
+
+def usage(out=sys.stderr):
+    print >>out, "usage: "+os.path.basename(sys.argv[0])+" [-hdl] [uri]"
+    print >>out, "   uri will default to qemu:///system"
+    print >>out, "   --help, -h   Print this help message"
+    print >>out, "   --debug, -d  Print debug output"
+    print >>out, "   --loop, -l   Toggle event-loop-implementation"
+
+def main():
+    try:
+        opts, args = getopt.getopt(sys.argv[1:], "hdl", ["help", "debug", "loop"])
+    except getopt.GetoptError, err:
+        # print help information and exit:
+        print str(err) # will print something like "option -a not recognized"
+        usage()
+        sys.exit(2)
+    for o, a in opts:
+        if o in ("-h", "--help"):
+            usage(sys.stdout)
+            sys.exit()
+        if o in ("-d", "--debug"):
+            global do_debug
+            do_debug = True
+        if o in ("-l", "--loop"):
+            global use_pure_python_event_loop
+            use_pure_python_event_loop ^= True
+
+    if len(args) >= 1:
+        uri = args[0]
+    else:
+        uri = "qemu:///system"
+
+    print "Using uri:" + uri
+
+    # Run a background thread with the event loop
+    if use_pure_python_event_loop:
+        virEventLoopPureStart()
+    else:
+        virEventLoopNativeStart()
+
+    vc = libvirt.openReadOnly(uri)
+
+    # Close connection on exit (to test cleanup paths)
+    old_exitfunc = getattr(sys, 'exitfunc', None)
+    def exit():
+        print "Closing " + str(vc)
+        vc.close()
+        if (old_exitfunc): old_exitfunc()
+    sys.exitfunc = exit
+
+    vc.registerCloseCallback(myConnectionCloseCallback, None)
+
+    #Add 2 callbacks to prove this works with more than just one
+    vc.domainEventRegister(myDomainEventCallback1,None)
+    vc.domainEventRegisterAny(None, libvirt.VIR_DOMAIN_EVENT_ID_LIFECYCLE, myDomainEventCallback2, None)
+    vc.domainEventRegisterAny(None, libvirt.VIR_DOMAIN_EVENT_ID_REBOOT, myDomainEventRebootCallback, None)
+    vc.domainEventRegisterAny(None, libvirt.VIR_DOMAIN_EVENT_ID_RTC_CHANGE, myDomainEventRTCChangeCallback, None)
+    vc.domainEventRegisterAny(None, libvirt.VIR_DOMAIN_EVENT_ID_IO_ERROR, myDomainEventIOErrorCallback, None)
+    vc.domainEventRegisterAny(None, libvirt.VIR_DOMAIN_EVENT_ID_WATCHDOG, myDomainEventWatchdogCallback, None)
+    vc.domainEventRegisterAny(None, libvirt.VIR_DOMAIN_EVENT_ID_GRAPHICS, myDomainEventGraphicsCallback, None)
+    vc.domainEventRegisterAny(None, libvirt.VIR_DOMAIN_EVENT_ID_DISK_CHANGE, myDomainEventDiskChangeCallback, None)
+    vc.domainEventRegisterAny(None, libvirt.VIR_DOMAIN_EVENT_ID_TRAY_CHANGE, myDomainEventTrayChangeCallback, None)
+    vc.domainEventRegisterAny(None, libvirt.VIR_DOMAIN_EVENT_ID_PMWAKEUP, myDomainEventPMWakeupCallback, None)
+    vc.domainEventRegisterAny(None, libvirt.VIR_DOMAIN_EVENT_ID_PMSUSPEND, myDomainEventPMSuspendCallback, None)
+    vc.domainEventRegisterAny(None, libvirt.VIR_DOMAIN_EVENT_ID_BALLOON_CHANGE, myDomainEventBalloonChangeCallback, None)
+    vc.domainEventRegisterAny(None, libvirt.VIR_DOMAIN_EVENT_ID_PMSUSPEND_DISK, myDomainEventPMSuspendDiskCallback, None)
+    vc.domainEventRegisterAny(None, libvirt.VIR_DOMAIN_EVENT_ID_DEVICE_REMOVED, myDomainEventDeviceRemovedCallback, None)
+
+    vc.setKeepAlive(5, 3)
+
+    # The rest of your app would go here normally, but for sake
+    # of demo we'll just go to sleep. The other option is to
+    # run the event loop in your main thread if your app is
+    # totally event based.
+    while run:
+        time.sleep(1)
+
+
+if __name__ == "__main__":
+    main()