api: disallow virConnectGetDomainCapabilities on read-only connections

This API can be used to execute arbitrary emulators. Forbid it on read-only connections. Fixes: CVE-2019-10167 Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> (cherry picked from commit 8afa68bac0) Signed-off-by: Ján Tomko <jtomko@redhat.com>
api: disallow virDomainSaveImageGetXMLDesc on read-only connections
2025-09-20 05:44:53 +03:00 · 2019-06-24 10:26:30 +02:00 · 2019-06-24 10:26:29 +02:00 · 2016-06-30 12:50:38 +01:00 · 2015-12-12 20:53:43 -07:00
5997 changed files with 1024557 additions and 2676328 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,7 +1,5 @@
 *#*#
 *.#*#
-*.[18]
-*.[18].in
 *.a
 *.cov
 *.exe
@@ -11,7 +9,6 @@
 *.gcov
 *.html
 *.i
-*.init
 *.la
 *.lo
 *.loT
@@ -21,8 +18,6 @@
 *.pyc
 *.rej
 *.s
-*.service
-*.socket
 *.swp
 *~
 .#*
@@ -43,6 +38,7 @@
 /NEWS
 /aclocal.m4
 /autom4te.cache
+/build-aux
 /build-aux/
 /build/
 /confdefs.h
@@ -61,7 +57,13 @@
 /daemon/libvirt_qemud
 /daemon/libvirtd
 /daemon/libvirtd*.logrotate
+/daemon/libvirtd.8
+/daemon/libvirtd.8.in
+/daemon/libvirtd.init
+/daemon/libvirtd.pod
 /daemon/libvirtd.policy
+/daemon/libvirtd.service
+/daemon/libvirtd.socket
 /daemon/test_libvirtd.aug
 /docs/aclperms.htmlinc
 /docs/apibuild.py.stamp
@@ -74,12 +76,6 @@
 /docs/libvirt-refs.xml
 /docs/search.php
 /docs/todo.html.in
-/examples/admin/client_close
-/examples/admin/client_info
-/examples/admin/client_limits
-/examples/admin/list_clients
-/examples/admin/list_servers
-/examples/admin/threadpool_params
 /examples/object-events/event-test
 /examples/dominfo/info1
 /examples/domsuspend/suspend
@@ -91,9 +87,9 @@
 /gnulib/lib/*
 /gnulib/m4/*
 /gnulib/tests/*
-/include/libvirt/libvirt-common.h
+/include/libvirt/libvirt.h
 /libtool
-/libvirt-*.tar.xz
+/libvirt-*.tar.gz
 /libvirt-[0-9]*
 /libvirt*.pc
 /libvirt.spec
@@ -141,8 +137,6 @@
 /src/locking/qemu-lockd.conf
 /src/locking/qemu-sanlock.conf
 /src/locking/test_libvirt_sanlock.aug
-/src/logging/log_daemon_dispatch_stubs.h
-/src/logging/log_protocol.[ch]
 /src/lxc/lxc_controller_dispatch.h
 /src/lxc/lxc_monitor_dispatch.h
 /src/lxc/lxc_monitor_protocol.c
@@ -156,32 +150,32 @@
 /src/rpc/virnetprotocol.[ch]
 /src/test_libvirt*.aug
 /src/test_virtlockd.aug
-/src/test_virtlogd.aug
 /src/util/virkeymaps.h
 /src/virt-aa-helper
 /src/virtlockd
-/src/virtlogd
+/src/virtlockd.8
+/src/virtlockd.8.in
+/src/virtlockd.init
 /tests/*.log
 /tests/*.pid
 /tests/*.trs
-/tests/*test
 /tests/commandhelper
-/tests/qemucapsprobe
-!/tests/virsh-self-test
+/tests/*test
+!/tests/*schematest
 !/tests/virt-aa-helper-test
-!/tests/virt-admin-self-test
 /tests/objectlocking
 /tests/objectlocking-files.txt
 /tests/objectlocking.cm[ix]
 /tests/reconnect
 /tests/ssh
-/tests/test_file_access.txt
 /tests/test_conf
+/tools/*.[18]
+/tools/libvirt-guests.init
+/tools/libvirt-guests.service
 /tools/libvirt-guests.sh
 /tools/virt-login-shell
 /tools/virsh
 /tools/virsh-*-edit.c
-/tools/virt-admin
 /tools/virt-*-validate
 /tools/virt-sanlock-cleanup
 /tools/wireshark/src/plugin.c
@@ -203,7 +197,6 @@ stamp-h
 stamp-h.in
 stamp-h1
 tags
-!/build-aux/*.pl
 !/gnulib/lib/Makefile.am
 !/gnulib/tests/Makefile.am
 !/m4/virt-*.m4
--- a/.gnulib
+++ b/.gnulib
--- a/AUTHORS.in
+++ b/AUTHORS.in
@@ -8,13 +8,13 @@ Daniel Veillard <veillard@redhat.com> or <daniel@veillard.com>
 The primary maintainers and people with commit access rights:

 Alex Jia <ajia@redhat.com>
-Andrea Bolognani <abologna@redhat.com>
 Cédric Bosdonnat <cbosdonnat@suse.com>
 Christophe Fergeau <cfergeau@redhat.com>
 Claudio Bley <claudio.bley@gmail.com>
 Cole Robinson <crobinso@redhat.com>
 Daniel Berrange <berrange@redhat.com>
 Daniel Veillard <veillard@redhat.com>
+Dmitry Guryanov <dguryanov@parallels.com>
 Doug Goldstein <cardoe@gentoo.org>
 Eric Blake <eblake@redhat.com>
 Erik Skultety <eskultet@redhat.com>
@@ -28,7 +28,6 @@ Laine Stump <laine@redhat.com>
 Mark McLoughlin <markmc@redhat.com>
 Martin Kletzander <mkletzan@redhat.com>
 Matthias Bolte <matthias.bolte@googlemail.com>
-Maxim Nestratov <mnestratov@virtuozzo.com>
 Michal Prívozník <mprivozn@redhat.com>
 Pavel Hrdina <phrdina@redhat.com>
 Peter Krempa <pkrempa@redhat.com>
@@ -45,7 +44,6 @@ Chris Lalancette <clalance@redhat.com>
 Dan Smith <danms@us.ibm.com>
 Dave Allan <dallan@redhat.com>
 Dave Leskovec <dlesko@linux.vnet.ibm.com>
-Dmitry Guryanov <dguryanov@parallels.com>
 Guannan Ren <gren@redhat.com>
 Jim Meyering <meyering@redhat.com>
 John Levon <john.levon@sun.com>
--- a/21
+++ b/21
@@ -23,11 +23,19 @@ libvirt-python) online <http://libvirt.org/git/>.
 join the appropriate language team. The libvirt release process automatically
 pulls the latest version of each translation file from zanata.

-(4) Post patches using "git send-email", with git rename detection enabled. You
+(4) Post patches in unified diff format, with git rename detection enabled. You
 need a one-time setup of:

  git config diff.renames true

+After that, a command similar to this should work:
+
+  diff -urp libvirt.orig/ libvirt.modified/ > libvirt-myfeature.patch
+
+or:
+
+  git diff > libvirt-myfeature.patch
+
 Also, for code motion patches, you may find that "git diff --patience"
 provides an easier-to-read patch. However, the usual workflow of libvirt
 developer is:
@@ -144,17 +152,6 @@ There is also a "./run" script at the top level, to make it easier to run
 programs that have not yet been installed, as well as to wrap invocations of
 various tests under gdb or Valgrind.

-When running our test suite it may happen that the test result is
-nondeterministic because of the test suite relying on a particular file in the
-system being accessible or having some specific value. To catch this kind of
-errors, the test suite has a module for that prints any path touched that
-fulfils constraints described above into a file. To enable it just set
-"VIR_TEST_FILE_ACCESS" environment variable. Then
-"VIR_TEST_FILE_ACCESS_OUTPUT" environment variable can alter location where
-the file is stored.
-
-  VIR_TEST_FILE_ACCESS=1 VIR_TEST_FILE_ACCESS_OUTPUT="/tmp/file_access.txt" ./qemuxml2argvtest
-


 (9) The Valgrind test should produce similar output to "make check". If the output
--- a/Makefile.am
+++ b/Makefile.am
@@ -19,14 +19,19 @@
 LCOV = lcov
 GENHTML = genhtml

-SUBDIRS = . gnulib/lib include/libvirt src daemon tools docs gnulib/tests \
-  tests po examples
-
-XZ_OPT ?= -v -T0
-export XZ_OPT
+SUBDIRS = . gnulib/lib include src daemon tools docs gnulib/tests \
+  tests po examples/object-events examples/hellolibvirt \
+  examples/dominfo examples/domsuspend examples/apparmor \
+  examples/xml/nwfilter examples/openauth examples/systemtap \
+  tools/wireshark examples/dommigrate examples/polkit \
+  examples/lxcconvert examples/domtop examples/rename

 ACLOCAL_AMFLAGS = -I m4

+XML_EXAMPLES = \
+  $(patsubst $(srcdir)/%,%,$(wildcard $(addprefix $(srcdir)/examples/xml/, \
+					test/*.xml storage/*.xml)))
+
 EXTRA_DIST = \
  config-post.h \
  ChangeLog-old \
@@ -41,10 +46,11 @@ EXTRA_DIST = \
  autogen.sh \
  cfg.mk \
  run.in \
-  AUTHORS.in
+  AUTHORS.in \
+  $(XML_EXAMPLES)

 pkgconfigdir = $(libdir)/pkgconfig
-pkgconfig_DATA = libvirt.pc libvirt-qemu.pc libvirt-lxc.pc libvirt-admin.pc
+pkgconfig_DATA = libvirt.pc libvirt-qemu.pc libvirt-lxc.pc

 NEWS: $(top_srcdir)/docs/news.xsl $(top_srcdir)/docs/news.html.in
 	$(AM_V_GEN)if [ -x $(XSLTPROC) ] ; then			\
@@ -66,15 +72,12 @@ $(top_srcdir)/HACKING: $(top_srcdir)/docs/hacking1.xsl \
 	   > $@-t && mv $@-t $@ ; fi;

 rpm: clean
-	@(unset CDPATH ; $(MAKE) dist && rpmbuild -ta $(distdir).tar.xz)
+	@(unset CDPATH ; $(MAKE) dist && rpmbuild -ta $(distdir).tar.gz)

 check-local: all tests

-check-access:
-	@($(MAKE) $(AM_MAKEFLAGS) -C tests check-access)
-
 cov: clean-cov
-	$(MKDIR_P) $(top_builddir)/coverage
+	mkdir $(top_builddir)/coverage
 	$(LCOV) -c -o $(top_builddir)/coverage/libvirt.info.tmp \
 	  -d $(top_builddir)/src  -d $(top_builddir)/daemon \
 	  -d $(top_builddir)/tests
@@ -89,6 +92,9 @@ clean-cov:

 MAINTAINERCLEANFILES = .git-module-status

+# disable this check
+distuninstallcheck:
+
 dist-hook: gen-ChangeLog gen-AUTHORS

 # Generate the ChangeLog file (with all entries since the switch to git)
--- a/Makefile.nonreentrant
+++ b/Makefile.nonreentrant
@@ -113,11 +113,3 @@ NON_REENTRANT += inet_nsap_ntoa
 NON_REENTRANT += inet_ntoa
 NON_REENTRANT += inet_ntop
 NON_REENTRANT += inet_pton
-
-# Separate two nothings by space to get one space in a variable
-space =
-space +=
-# The space needs to be in a variable otherwise it would be ignored.
-# And there must be no spaces around the commas because they would
-# not be ignored, logically.
-NON_REENTRANT_RE=$(subst $(space),|,$(NON_REENTRANT))
--- a/autobuild.sh
+++ b/autobuild.sh
@@ -56,7 +56,7 @@ exec 3>&-
 test "$st" = 0
 test -x /usr/bin/lcov && make cov

-rm -f *.tar.xz
+rm -f *.tar.gz
 make dist

 if test -n "$AUTOBUILD_COUNTER" ; then
--- a/8
+++ b/8
@@ -1,10 +1,10 @@
 #! /bin/sh
 # Print a version string.
-scriptversion=2016-01-24.06; # UTC
+scriptversion=2014-12-08.12; # UTC

 # Bootstrap this package from checked-out sources.

-# Copyright (C) 2003-2016 Free Software Foundation, Inc.
+# Copyright (C) 2003-2015 Free Software Foundation, Inc.

 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -42,7 +42,7 @@ export LC_ALL

 local_gl_dir=gl

-# Honor $PERL, but work even if there is none.
+# Honour $PERL, but work even if there is none
 PERL="${PERL-perl}"

 me=$0
@@ -1021,6 +1021,6 @@ echo "$0: done.  Now you can run './configure'."
 # eval: (add-hook 'write-file-hooks 'time-stamp)
 # time-stamp-start: "scriptversion="
 # time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC0"
+# time-stamp-time-zone: "UTC"
 # time-stamp-end: "; # UTC"
 # End:
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -54,7 +54,6 @@ func
 getaddrinfo
 getcwd-lgpl
 gethostname
-getopt-posix
 getpass
 getpeername
 getsockname
@@ -121,7 +120,6 @@ time_r
 timegm
 ttyname_r
 uname
-unsetenv
 useless-if-before-free
 usleep
 vasprintf
@@ -209,6 +207,7 @@ gzip       -
 libtool    -
 patch      -
 perl       5.5
+perl::XML::XPath -
 pkg-config -
 rpcgen     -
 tar        -
--- a/build-aux/bracket-spacing.pl
+++ b/build-aux/bracket-spacing.pl
@@ -1,6 +1,6 @@
 #!/usr/bin/perl
 #
-# check-spacing.pl: Report any usage of 'function (..args..)'
+# bracket-spacing.pl: Report any usage of 'function (..args..)'
 # Also check for other syntax issues, such as correct use of ';'
 #
 # This library is free software; you can redistribute it and/or
@@ -43,7 +43,7 @@ foreach my $file (@ARGV) {
        $data =~ s/'[";,=]'/'X'/g;

        # Kill any quoted strings
-        $data =~ s,"(?:[^\\\"]|\\.)*","XXX",g;
+        $data =~ s,"([^\\\"]|\\.)*","XXX",g;

        # Kill any C++ style comments
        $data =~ s,//.*$,//,;
@@ -91,8 +91,8 @@ foreach my $file (@ARGV) {
            my $kw = $1;

            # Allow space after keywords only
-            if ($kw =~ /^(?:if|for|while|switch|return)$/) {
-                $tmpdata =~ s/(?:$kw\s\()/XXX(/;
+            if ($kw =~ /^(if|for|while|switch|return)$/) {
+                $tmpdata =~ s/($kw\s\()/XXX(/;
            } else {
                print "Whitespace after non-keyword:\n";
                print "$file:$.: $line";
@@ -101,8 +101,10 @@ foreach my $file (@ARGV) {
            }
        }

-        # Require whitespace immediately after keywords
-        if ($data =~ /\b(?:if|for|while|switch|return)\(/) {
+        # Require whitespace immediately after keywords,
+        # but none after the opening bracket
+        if ($data =~ /\b(if|for|while|switch|return)\(/ ||
+            $data =~ /\b(if|for|while|switch|return)\s+\(\s/) {
            print "No whitespace after keyword:\n";
            print "$file:$.: $line";
            $ret = 1;
@@ -116,10 +118,8 @@ foreach my $file (@ARGV) {
        }

        # Forbid whitespace following ( or prior to )
-        # but allow whitespace before ) on a single line
-        # (optionally followed by a semicolon)
-        if (($data =~ /\s\)/ && not $data =~ /^\s+\);?$/) ||
-            $data =~ /\((?!$)\s/) {
+        if ($data =~ /\S\s+\)/ ||
+            $data =~ /\(\s+\S/) {
            print "Whitespace after '(' or before ')':\n";
            print "$file:$.: $line";
            $ret = 1;
@@ -135,13 +135,10 @@ foreach my $file (@ARGV) {
        #          errno == EINTR)
        #       ;
        #
-        if ($data =~ /\s[;,]/) {
-            unless ($data =~ /\S; ; / ||
-                    $data =~ /^\s+;/) {
-                print "Whitespace before semicolon or comma:\n";
-                print "$file:$.: $line";
-                $ret = 1;
-            }
+        if ($data =~ /[^;\s]\s+[;,]/) {
+            print "Whitespace before (semi)colon:\n";
+            print "$file:$.: $line";
+            $ret = 1;
        }

        # Require EOL, macro line continuation, or whitespace after ";".
@@ -160,8 +157,11 @@ foreach my $file (@ARGV) {
        }

        # Require spaces around assignment '=', compounds and '=='
-        if ($data =~ /[^ ]\b[!<>&|\-+*\/%\^=]?=/ ||
-            $data =~ /=[^= \\\n]/) {
+        # with the exception of virAssertCmpInt()
+        $tmpdata = $data;
+        $tmpdata =~ s/(virAssertCmpInt\(.* ).?=,/$1op,/;
+        if ($tmpdata =~ /[^ ]\b[!<>&|\-+*\/%\^=]?=[^=]/ ||
+            $tmpdata =~ /=[^= \\\n]/) {
            print "Spacing around '=' or '==':\n";
            print "$file:$.: $line";
            $ret = 1;
--- a/build-aux/prohibit-duplicate-header.pl
+++ b/build-aux/prohibit-duplicate-header.pl
@@ -1,26 +0,0 @@
-#!/usr/bin/perl
-
-use strict;
-
-my $file = " ";
-my $ret = 0;
-my %includes = ( );
-my $lineno = 0;
-
-while (<>) {
-    if (not $file eq $ARGV) {
-        %includes = ( );
-        $file = $ARGV;
-        $lineno = 0;
-    }
-    $lineno++;
-    if (/^# *include *[<"]([^>"]*\.h)[">]/) {
-        $includes{$1}++;
-        if ($includes{$1} == 2) {
-            $ret = 1;
-            print STDERR "$ARGV:$lineno: $_";
-            print STDERR "Do not include a header more than once per file\n";
-        }
-    }
-}
-exit $ret;
--- a/cfg.mk
+++ b/cfg.mk
@@ -64,7 +64,6 @@ local-checks-to-skip =			\
  sc_prohibit_quote_without_use		\
  sc_prohibit_quotearg_without_use	\
  sc_prohibit_stat_st_blocks		\
-  sc_prohibit_undesirable_word_seq	\
  sc_root_tests				\
  sc_space_tab				\
  sc_sun_os_names			\
@@ -91,7 +90,7 @@ endif

 # Files that should never cause syntax check failures.
 VC_LIST_ALWAYS_EXCLUDE_REGEX = \
-  (^(HACKING|docs/(news(-[0-9]*)?\.html\.in|.*\.patch))|\.(po|fig|gif|ico|png))$$
+  (^(HACKING|docs/(news\.html\.in|.*\.patch))|\.(po|fig|gif|ico|png))$$

 # Functions like free() that are no-ops on NULL arguments.
 useless_free_options =				\
@@ -309,7 +308,7 @@ sc_flags_usage:
 	  | grep -c '\(long\|unsigned\) flags')" != 4 &&		\
 	  { echo '$(ME): new API should use "unsigned int flags"' 1>&2;	\
 	    exit 1; } || :
-	@prohibit=' flags ATTRIBUTE_UNUSED'				\
+	@prohibit=' flags ''ATTRIBUTE_UNUSED'				\
 	halt='flags should be checked with virCheckFlags'		\
 	  $(_sc_search_regexp)
 	@prohibit='^[^@]*([^d] (int|long long)|[^dg] long) flags[;,)]'	\
@@ -352,8 +351,8 @@ sc_prohibit_mkstemp:
 # access with X_OK accepts directories, but we can't exec() those.
 # access with F_OK or R_OK is okay, though.
 sc_prohibit_access_xok:
-	@prohibit='access(at)? *\(.*X_OK'				\
-	halt='use virFileIsExecutable instead of access(,X_OK)'		\
+	@prohibit='access''(at)? *\(.*X_OK'				\
+	halt='use virFileIsExecutable instead of access''(,X_OK)'	\
 	  $(_sc_search_regexp)

 # Similar to the gnulib maint.mk rule for sc_prohibit_strcmp
@@ -362,7 +361,7 @@ snp_ = strncmp *\(.+\)
 sc_prohibit_strncmp:
 	@prohibit='! *strncmp *\(|\<$(snp_) *[!=]=|[!=]= *$(snp_)'	\
 	exclude=':# *define STR(N?EQLEN|PREFIX)\('			\
-	halt='use STREQLEN or STRPREFIX instead of strncmp'		\
+	halt='use STREQLEN or STRPREFIX instead of str''ncmp'		\
 	  $(_sc_search_regexp)

 # strtol and friends are too easy to misuse
@@ -380,7 +379,7 @@ sc_prohibit_strtol:
 # But for plain %s, virAsprintf is overkill compared to strdup.
 sc_prohibit_asprintf:
 	@prohibit='\<v?a[s]printf\>'					\
-	halt='use virAsprintf, not asprintf'				\
+	halt='use virAsprintf, not as'printf				\
 	  $(_sc_search_regexp)
 	@prohibit='virAsprintf.*, *"%s",'				\
 	halt='use VIR_STRDUP instead of virAsprintf with "%s"'		\
@@ -407,7 +406,7 @@ sc_prohibit_risky_id_promotion:
 # since gnulib has more guarantees for snprintf portability
 sc_prohibit_sprintf:
 	@prohibit='\<[s]printf\>'					\
-	halt='use snprintf, not sprintf'				\
+	halt='use snprintf, not s'printf				\
 	  $(_sc_search_regexp)

 sc_prohibit_readlink:
@@ -421,9 +420,9 @@ sc_prohibit_gethostname:
 	  $(_sc_search_regexp)

 sc_prohibit_readdir:
-	@prohibit='\b(read|close|open)dir *\('				\
+	@prohibit='\breaddir *\('					\
 	exclude='exempt from syntax-check'				\
-	halt='use virDirOpen, virDirRead and VIR_DIR_CLOSE'		\
+	halt='use virDirRead, not readdir'				\
 	  $(_sc_search_regexp)

 sc_prohibit_gettext_noop:
@@ -432,36 +431,43 @@ sc_prohibit_gettext_noop:
 	  $(_sc_search_regexp)

 sc_prohibit_VIR_ERR_NO_MEMORY:
-	@prohibit='\<VIR_ERR_NO_MEMORY\>'				\
-	halt='use virReportOOMError, not VIR_ERR_NO_MEMORY'		\
+	@prohibit='\<V''IR_ERR_NO_MEMORY\>'				\
+	halt='use virReportOOMError, not V'IR_ERR_NO_MEMORY		\
 	  $(_sc_search_regexp)

 sc_prohibit_PATH_MAX:
-	@prohibit='\<PATH_MAX\>'				\
-	halt='dynamically allocate paths, do not use PATH_MAX'	\
+	@prohibit='\<P''ATH_MAX\>'				\
+	halt='dynamically allocate paths, do not use P'ATH_MAX	\
 	  $(_sc_search_regexp)

+# Use a subshell for each function, to give the optimal warning message.
 include $(srcdir)/Makefile.nonreentrant
 sc_prohibit_nonreentrant:
-	@prohibit="\\<(${NON_REENTRANT_RE}) *\\("			\
-	halt="use re-entrant functions (usually ending with _r)"	\
-	  $(_sc_search_regexp)
+	@fail=0 ; \
+	for i in $(NON_REENTRANT) ; \
+	do \
+	    (prohibit="\\<$$i *\\("					\
+	     halt="use $${i}_r, not $$i"				\
+	     $(_sc_search_regexp)					\
+	    ) || fail=1;						\
+	done ; \
+	exit $$fail

 sc_prohibit_select:
-	@prohibit='\<select *\('					\
-	halt='use poll(), not select()'					\
+	@prohibit="\\<select *\\("					\
+	halt="use poll(), not se""lect()"				\
 	  $(_sc_search_regexp)

 # Prohibit the inclusion of <ctype.h>.
 sc_prohibit_ctype_h:
 	@prohibit='^# *include  *<ctype\.h>'				\
-	halt='use c-ctype.h instead of ctype.h'				\
+	halt="don't use ctype.h; instead, use c-ctype.h"		\
 	  $(_sc_search_regexp)

 # Insist on correct types for [pug]id.
 sc_correct_id_types:
 	@prohibit='\<(int|long) *[pug]id\>'				\
-	halt='use pid_t for pid, uid_t for uid, gid_t for gid'		\
+	halt="use pid_t for pid, uid_t for uid, gid_t for gid"		\
 	  $(_sc_search_regexp)

 # "const fooPtr a" is the same as "foo * const a", even though it is
@@ -497,12 +503,12 @@ ctype_re = isalnum|isalpha|isascii|isblank|iscntrl|isdigit|isgraph|islower\

 sc_avoid_ctype_macros:
 	@prohibit='\b($(ctype_re)) *\('					\
-	halt='use c-ctype.h instead of ctype macros'			\
+	halt="don't use ctype macros (use c-ctype.h)"			\
 	  $(_sc_search_regexp)

 sc_avoid_strcase:
 	@prohibit='\bstrn?case(cmp|str) *\('				\
-	halt='use c-strcase.h instead of raw strcase functions'		\
+	halt="don't use raw strcase functions (use c-strcase instead)"	\
 	  $(_sc_search_regexp)

 sc_prohibit_virBufferAdd_with_string_literal:
@@ -520,6 +526,13 @@ sc_forbid_manual_xml_indent:
 	halt='use virBufferAdjustIndent instead of spaces when indenting xml' \
 	  $(_sc_search_regexp)

+# Not only do they fail to deal well with ipv6, but the gethostby*
+# functions are also not thread-safe.
+sc_prohibit_gethostby:
+	@prohibit='\<gethostby(addr|name2?) *\('			\
+	halt='use getaddrinfo, not gethostby*'				\
+	  $(_sc_search_regexp)
+
 # dirname and basename from <libgen.h> are not required to be thread-safe
 sc_prohibit_libgen:
 	@prohibit='( (base|dir)name *\(|include .libgen\.h)'		\
@@ -559,13 +572,12 @@ sc_prohibit_int_index:

 sc_prohibit_int_ijk:
 	@prohibit='\<(int|unsigned) ([^(=]* )*(i|j|k)\>(\s|,|;)'	\
-	exclude='exempt from syntax-check'				\
 	halt='use size_t, not int/unsigned int for loop vars i, j, k'	\
 	  $(_sc_search_regexp)

 sc_prohibit_loop_iijjkk:
 	@prohibit='\<(int|unsigned) ([^=]+ )*(ii|jj|kk)\>(\s|,|;)'	\
-	halt='use i, j, k for loop iterators, not ii, jj, kk'		\
+	halt='use i, j, k for loop iterators, not ii, jj, kk' 		\
 	  $(_sc_search_regexp)

 # RHEL 5 gcc can't grok "for (int i..."
@@ -607,9 +619,8 @@ msg_gen_function += xenapiSessionErrorHandler
 # msg_gen_function += vshPrint
 # msg_gen_function += vshError

-space =
-space +=
-func_re= ($(subst $(space),|,$(msg_gen_function)))
+func_or := $(shell echo $(msg_gen_function)|tr -s ' ' '|')
+func_re := ($(func_or))

 # Look for diagnostics that aren't marked for translation.
 # This won't find any for which error's format string is on a separate line.
@@ -731,7 +742,7 @@ sc_copyright_format:
 	@prohibit='Copyright [^(].*Red 'Hat				\
 	halt='consistently use (C) in Red Hat copyright'		\
 	  $(_sc_search_regexp)
-	@prohibit='\<RedHat\>'						\
+	@prohibit='\<Red''Hat\>'					\
 	halt='spell Red Hat as two words'				\
 	  $(_sc_search_regexp)

@@ -764,7 +775,7 @@ sc_prohibit_gettext_markup:
 # lower-level code must not include higher-level headers.
 cross_dirs=$(patsubst $(srcdir)/src/%.,%,$(wildcard $(srcdir)/src/*/.))
 cross_dirs_re=($(subst / ,/|,$(cross_dirs)))
-mid_dirs=access|conf|cpu|locking|logging|network|node_device|rpc|security|storage
+mid_dirs=access|conf|cpu|locking|network|node_device|rpc|security|storage
 sc_prohibit_cross_inclusion:
 	@for dir in $(cross_dirs); do					\
 	  case $$dir in							\
@@ -798,7 +809,7 @@ sc_require_enum_last_marker:
 sc_prohibit_semicolon_at_eol_in_python:
 	@prohibit='^[^#].*\;$$'			                        \
 	in_vc_files='\.py$$'						\
-	halt='python does not require to end lines with a semicolon'	\
+	halt="Don't use semicolon at eol in python files"		\
 	  $(_sc_search_regexp)

 # mymain() in test files should use return, not exit, for nicer output
@@ -808,6 +819,30 @@ sc_prohibit_exit_in_tests:
 	halt='use return, not exit(), in tests'				\
 	  $(_sc_search_regexp)

+# Don't include duplicate header in the source (either *.c or *.h)
+sc_prohibit_duplicate_header:
+	@fail=0; for i in $$($(VC_LIST_EXCEPT) | grep '\.[chx]$$'); do	\
+	  awk '/# *include.*\.h/ {					\
+	    match($$0, /[<"][^>"]*[">]/);				\
+	    arr[substr($$0, RSTART + 1, RLENGTH - 2)]++;		\
+	  }								\
+	  END {								\
+	    for (key in arr) {						\
+	      if (arr[key] > 1)	{					\
+		fail=1;							\
+		printf("%d %s are included\n", arr[key], key);		\
+	      }								\
+	    }								\
+	    if (fail == 1) {						\
+	      printf("duplicate header(s) in " FILENAME "\n");		\
+	      exit 1;							\
+	    }								\
+	  }' $$i || fail=1;						\
+	done;								\
+	if test $$fail -eq 1; then					\
+	  { echo '$(ME): avoid duplicate headers' 1>&2; exit 1; }	\
+	fi;
+
 # Don't include "libvirt/*.h" in "" form.
 sc_prohibit_include_public_headers_quote:
 	@prohibit='# *include *"libvirt/.*\.h"'				\
@@ -881,23 +916,14 @@ sc_prohibit_virConnectOpen_in_virsh:
 sc_require_space_before_label:
 	@prohibit='^(   ?)?[_a-zA-Z0-9]+:$$'                           \
 	in_vc_files='\.[ch]$$'                                         \
-	halt='Top-level labels should be indented by one space'        \
-	  $(_sc_search_regexp)
-
-# Allow for up to three spaces before the label: this is to avoid running
-# into situations where neither this rule nor require_space_before_label
-# would apply, eg. a line matching ^[a-zA-Z0-9]+ :$
-sc_prohibit_space_in_label:
-	@prohibit='^ {0,3}[_a-zA-Z0-9]+ +:$$'                          \
-	in_vc_files='\.[ch]$$'                                         \
-	halt='There should be no space between label name and colon'   \
+	halt="Top-level labels should be indented by one space"        \
 	  $(_sc_search_regexp)

 # Doesn't catch all cases of mismatched braces across if-else, but it helps
 sc_require_if_else_matching_braces:
 	@prohibit='(  else( if .*\))? {|} else( if .*\))?$$)'		\
 	in_vc_files='\.[chx]$$'						\
-	halt='if one side of if-else uses {}, both sides must use it'	\
+	halt="if one side of if-else uses {}, both sides must use it"	\
 	  $(_sc_search_regexp)

 sc_curly_braces_style:
@@ -957,7 +983,7 @@ sc_prohibit_static_zero_init:
 sc_prohibit_devname:
 	@prohibit='\bdevname\b'	\
 	exclude='sc_prohibit_devname' \
-	halt='avoid using devname as FreeBSD exports the symbol' \
+	halt='avoid using 'devname' as FreeBSD exports the symbol' \
 	  $(_sc_search_regexp)

 sc_prohibit_system_error_with_vir_err:
@@ -971,7 +997,7 @@ sc_prohibit_system_error_with_vir_err:
 sc_prohibit_virXXXFree:
 	@prohibit='\bvir(Domain|Network|NodeDevice|StorageVol|StoragePool|Stream|Secret|NWFilter|Interface|DomainSnapshot)Free\b'	\
 	exclude='sc_prohibit_virXXXFree' \
-	halt='avoid using virXXXFree, use virObjectUnref instead' \
+	halt='avoid using 'virXXXFree', use 'virObjectUnref' instead' \
 	  $(_sc_search_regexp)

 sc_prohibit_sysconf_pagesize:
@@ -982,38 +1008,7 @@ sc_prohibit_sysconf_pagesize:
 sc_prohibit_pthread_create:
 	@prohibit='\bpthread_create\b' \
 	exclude='sc_prohibit_pthread_create' \
-	halt='avoid using pthread_create, use virThreadCreate instead' \
-	  $(_sc_search_regexp)
-
-sc_prohibit_not_streq:
-	@prohibit='! *STRN?EQ *\(.*\)'		\
-	halt='Use STRNEQ instead of !STREQ and STREQ instead of !STRNEQ'	\
-	  $(_sc_search_regexp)
-
-sc_prohibit_verbose_strcat:
-	@prohibit='strncat\([^,]*,\s+([^,]*),\s+strlen\(\1\)\)'     \
-	in_vc_files='\.[ch]$$'                                      \
-	halt='Use strcat(a, b) instead of strncat(a, b, strlen(b))' \
-	  $(_sc_search_regexp)
-
-# Ensure that each .c file containing a "main" function also
-# calls virGettextInitialize
-sc_gettext_init:
-	@require='virGettextInitialize *\('					\
-	in_vc_files='\.c$$'						\
-	containing='\<main *('						\
-	halt='the above files do not call virGettextInitialize'		\
-	  $(_sc_search_regexp)
-
-# <dt> is mostly used to document symbols, in which case it should contain
-# a <code> element. The regular expression below trades speed and readability
-# for accuracy, and won't catch someone trying to stick a <canvas> inside a
-# <dt>, but that's what code reviews are for :)
-sc_prohibit_dt_without_code:
-	@prohibit='<dt>([^<]|<[^c])' \
-	exclude='exempt from syntax-check' \
-	in_vc_files='docs/.*$$' \
-	halt='Use <code> inside <dt> when documenting symbols' \
+	halt="avoid using 'pthread_create', use 'virThreadCreate' instead" \
 	  $(_sc_search_regexp)

 # We don't use this feature of maint.mk.
@@ -1063,25 +1058,15 @@ _autogen:

 # regenerate HACKING as part of the syntax-check
 ifneq ($(_gl-Makefile),)
-syntax-check: $(top_srcdir)/HACKING spacing-check test-wrap-argv \
-	prohibit-duplicate-header
+syntax-check: $(top_srcdir)/HACKING bracket-spacing-check
 endif

-# Don't include duplicate header in the source (either *.c or *.h)
-prohibit-duplicate-header:
-	$(AM_V_GEN)files=$$($(VC_LIST_EXCEPT) | grep '\.[chx]$$'); \
-	$(PERL) -W $(top_srcdir)/build-aux/prohibit-duplicate-header.pl $$files
-
-spacing-check:
+bracket-spacing-check:
 	$(AM_V_GEN)files=`$(VC_LIST) | grep '\.c$$'`; \
-	$(PERL) $(top_srcdir)/build-aux/check-spacing.pl $$files || \
+	$(PERL) $(top_srcdir)/build-aux/bracket-spacing.pl $$files || \
 	  { echo '$(ME): incorrect formatting, see HACKING for rules' 1>&2; \
 	    exit 1; }

-test-wrap-argv:
-	$(AM_V_GEN)files=`$(VC_LIST) | grep -E '\.(ldargs|args)'`; \
-	$(PERL) $(top_srcdir)/tests/test-wrap-argv.pl --check $$files
-
 # sc_po_check can fail if generated files are not built first
 sc_po_check: \
 		$(srcdir)/daemon/remote_dispatch.h \
@@ -1103,23 +1088,18 @@ $(srcdir)/src/admin/admin_client.h: $(srcdir)/src/admin/admin_protocol.x
 # List all syntax-check exemptions:
 exclude_file_name_regexp--sc_avoid_strcase = ^tools/vsh\.h$$

-_src1=libvirt-stream|fdstream|qemu/qemu_monitor|util/(vircommand|virfile)|xen/xend_internal|rpc/virnetsocket|lxc/lxc_controller|locking/lock_daemon|logging/log_daemon
+_src1=libvirt-stream|fdstream|qemu/qemu_monitor|util/(vircommand|virfile)|xen/xend_internal|rpc/virnetsocket|lxc/lxc_controller|locking/lock_daemon
 _test1=shunloadtest|virnettlscontexttest|virnettlssessiontest|vircgroupmock
 exclude_file_name_regexp--sc_avoid_write = \
  ^(src/($(_src1))|daemon/libvirtd|tools/virsh-console|tests/($(_test1)))\.c$$

-exclude_file_name_regexp--sc_bindtextdomain = .*
-
-exclude_file_name_regexp--sc_gettext_init = ^(tests|examples)/
-
-exclude_file_name_regexp--sc_copyright_format = \
-	^cfg\.mk$$
+exclude_file_name_regexp--sc_bindtextdomain = ^(tests|examples)/

 exclude_file_name_regexp--sc_copyright_usage = \
  ^COPYING(|\.LESSER)$$

 exclude_file_name_regexp--sc_flags_usage = \
-  ^(cfg\.mk|docs/|src/util/virnetdevtap\.c$$|tests/(vir(cgroup|pci|test|usb)|nss|qemuxml2argv)mock\.c$$)
+  ^(docs/|src/util/virnetdevtap\.c$$|tests/vir(cgroup|pci|usb)mock\.c$$)

 exclude_file_name_regexp--sc_libvirt_unmarked_diagnostics = \
  ^(src/rpc/gendispatch\.pl$$|tests/)
@@ -1127,27 +1107,23 @@ exclude_file_name_regexp--sc_libvirt_unmarked_diagnostics = \
 exclude_file_name_regexp--sc_po_check = ^(docs/|src/rpc/gendispatch\.pl$$)

 exclude_file_name_regexp--sc_prohibit_VIR_ERR_NO_MEMORY = \
-  ^(cfg\.mk|include/libvirt/virterror\.h|daemon/dispatch\.c|src/util/virerror\.c|docs/internals/oomtesting\.html\.in)$$
+  ^(include/libvirt/virterror\.h|daemon/dispatch\.c|src/util/virerror\.c|docs/internals/oomtesting\.html\.in)$$

-exclude_file_name_regexp--sc_prohibit_PATH_MAX = \
-	^cfg\.mk$$
-
-exclude_file_name_regexp--sc_prohibit_access_xok = \
-	^(cfg\.mk|src/util/virutil\.c)$$
+exclude_file_name_regexp--sc_prohibit_access_xok = ^src/util/virutil\.c$$

 exclude_file_name_regexp--sc_prohibit_asprintf = \
-  ^(cfg\.mk|bootstrap.conf$$|examples/|src/util/virstring\.[ch]$$|tests/vircgroupmock\.c$$)
+  ^(bootstrap.conf$$|src/util/virstring\.[ch]$$|tests/vircgroupmock\.c$$)

 exclude_file_name_regexp--sc_prohibit_strdup = \
  ^(docs/|examples/|src/util/virstring\.c|tests/vir(netserverclient|cgroup)mock.c$$)

 exclude_file_name_regexp--sc_prohibit_close = \
-  (\.p[yl]$$|\.spec\.in$$|^docs/|^(src/util/virfile\.c|src/libvirt-stream\.c|tests/vir.+mock\.c)$$)
+  (\.p[yl]$$|\.spec\.in$$|^docs/|^(src/util/virfile\.c|src/libvirt-stream\.c|tests/vir(cgroup|pci)mock\.c)$$)

 exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF = \
-  (^tests/(qemuhelp|virhostcpu|virpcitest)data/|\.diff|tests/virconfdata/no-newline\.conf$$)
+  (^tests/(qemuhelp|nodeinfo|virpcitest)data/|\.diff$$)

-_src2=src/(util/vircommand|libvirt|lxc/lxc_controller|locking/lock_daemon|logging/log_daemon)
+_src2=src/(util/vircommand|libvirt|lxc/lxc_controller|locking/lock_daemon)
 exclude_file_name_regexp--sc_prohibit_fork_wrappers = \
  (^($(_src2)|tests/testutils|daemon/libvirtd)\.c$$)

@@ -1162,9 +1138,6 @@ exclude_file_name_regexp--sc_prohibit_newline_at_end_of_diagnostic = \
 exclude_file_name_regexp--sc_prohibit_nonreentrant = \
  ^((po|tests)/|docs/.*(py|html\.in)|run.in$$|tools/wireshark/util/genxdrstub\.pl$$)

-exclude_file_name_regexp--sc_prohibit_select = \
-	^cfg\.mk$$
-
 exclude_file_name_regexp--sc_prohibit_raw_allocation = \
  ^(docs/hacking\.html\.in|src/util/viralloc\.[ch]|examples/.*|tests/(securityselinuxhelper|vircgroupmock)\.c|tools/wireshark/src/packet-libvirt\.c)$$

@@ -1174,11 +1147,11 @@ exclude_file_name_regexp--sc_prohibit_readlink = \
 exclude_file_name_regexp--sc_prohibit_setuid = ^src/util/virutil\.c$$

 exclude_file_name_regexp--sc_prohibit_sprintf = \
-  ^(cfg\.mk|docs/hacking\.html\.in|.*\.stp|.*\.pl)$$
+  (^docs/hacking\.html\.in|\.stp|\.pl)$$

 exclude_file_name_regexp--sc_prohibit_strncpy = ^src/util/virstring\.c$$

-exclude_file_name_regexp--sc_prohibit_strtol = ^examples/.*$$
+exclude_file_name_regexp--sc_prohibit_strtol = ^examples/dom.*/.*\.c$$

 exclude_file_name_regexp--sc_prohibit_xmlGetProp = ^src/util/virxml\.c$$

@@ -1193,7 +1166,7 @@ exclude_file_name_regexp--sc_require_config_h_first = \
 	^(examples/|tools/virsh-edit\.c$$)

 exclude_file_name_regexp--sc_trailing_blank = \
-  /qemuhelpdata/|/sysinfodata/.*\.data|/virhostcpudata/.*\.cpuinfo$$
+  /qemuhelpdata/|/sysinfodata/.*\.data|/nodeinfodata/.*\.cpuinfo$$

 exclude_file_name_regexp--sc_unmarked_diagnostics = \
  ^(docs/apibuild.py|tests/virt-aa-helper-test)$$
@@ -1209,10 +1182,10 @@ exclude_file_name_regexp--sc_prohibit_include_public_headers_quote = \
  ^(src/internal\.h$$|tools/wireshark/src/packet-libvirt.h$$)

 exclude_file_name_regexp--sc_prohibit_include_public_headers_brackets = \
-  ^(tools/|examples/|include/libvirt/(virterror|libvirt(-(admin|qemu|lxc))?)\.h$$)
+  ^(tools/|examples/|include/libvirt/(virterror|libvirt-(qemu|lxc))\.h$$)

 exclude_file_name_regexp--sc_prohibit_int_ijk = \
-  ^(src/remote_protocol-structs|src/remote/remote_protocol\.x|cfg\.mk|include/libvirt/libvirt.+|src/admin_protocol-structs|src/admin/admin_protocol\.x)$$
+  ^(src/remote_protocol-structs|src/remote/remote_protocol.x|cfg.mk|include/)$

 exclude_file_name_regexp--sc_prohibit_getenv = \
  ^tests/.*\.[ch]$$
@@ -1224,7 +1197,7 @@ exclude_file_name_regexp--sc_prohibit_mixed_case_abbreviations = \
  ^src/(vbox/vbox_CAPI.*.h|esx/esx_vi.(c|h)|esx/esx_storage_backend_iscsi.c)$$

 exclude_file_name_regexp--sc_prohibit_empty_first_line = \
-  ^(README|daemon/THREADS\.txt|src/esx/README|docs/library.xen|tests/(vmwarever|virhostcpu)data/.*)$$
+  ^(README|daemon/THREADS\.txt|src/esx/README|docs/library.xen|tests/(vmwarever|nodeinfo)data/.*)$$

 exclude_file_name_regexp--sc_prohibit_useless_translation = \
  ^tests/virpolkittest.c
@@ -1240,12 +1213,3 @@ exclude_file_name_regexp--sc_prohibit_sysconf_pagesize = \

 exclude_file_name_regexp--sc_prohibit_pthread_create = \
  ^(cfg\.mk|src/util/virthread\.c|tests/.*)$$
-
-exclude_file_name_regexp--sc_prohibit_dt_without_code = \
-  ^docs/(newapi\.xsl|(apps|contact)\.html\.in)$$
-
-exclude_file_name_regexp--sc_prohibit_always-defined_macros = \
-  ^tests/virtestmock.c$$
-
-exclude_file_name_regexp--sc_prohibit_readdir = \
-  ^tests/.*mock\.c$$
--- a/config-post.h
+++ b/config-post.h
@@ -20,7 +20,7 @@
 * Since virt-login-shell will be setuid, we must do everything
 * we can to avoid linking to other libraries. Many of them do
 * unsafe things in functions marked __atttribute__((constructor)).
- * The only way to avoid such deps is to re-compile the
+ * The only way avoid to avoid such deps is to re-compile the
 * functions with the code in question disabled, and for that we
 * must override the main config.h rules. Hence this file :-(
 */
@@ -32,7 +32,6 @@
 # undef HAVE_LIBSASL2
 # undef WITH_CAPNG
 # undef WITH_CURL
-# undef WITH_DBUS
 # undef WITH_DTRACE_PROBES
 # undef WITH_GNUTLS
 # undef WITH_GNUTLS_GCRYPT
@@ -40,50 +39,7 @@
 # undef WITH_NUMACTL
 # undef WITH_SASL
 # undef WITH_SSH2
-# undef WITH_SYSTEMD_DAEMON
 # undef WITH_VIRTUALPORT
 # undef WITH_YAJL
 # undef WITH_YAJL2
 #endif
-
-/*
- * With the NSS module it's the same story as virt-login-shell. See the
- * explanation above.
- */
-#ifdef LIBVIRT_NSS
-# undef HAVE_LIBDEVMAPPER_H
-# undef HAVE_LIBNL
-# undef HAVE_LIBNL3
-# undef HAVE_LIBSASL2
-# undef WITH_CAPNG
-# undef WITH_CURL
-# undef WITH_DTRACE_PROBES
-# undef WITH_GNUTLS
-# undef WITH_GNUTLS_GCRYPT
-# undef WITH_MACVTAP
-# undef WITH_NUMACTL
-# undef WITH_SASL
-# undef WITH_SSH2
-# undef WITH_VIRTUALPORT
-# undef WITH_SECDRIVER_SELINUX
-# undef WITH_SECDRIVER_APPARMOR
-# undef WITH_CAPNG
-#endif /* LIBVIRT_NSS */
-
-/*
- * Define __GNUC__ to a sane default if it isn't yet defined.
- * This is done here so that it's included as early as possible; gnulib relies
- * on this to be defined in features.h, which should be included from ctype.h.
- * This doesn't happen on many non-glibc systems.
- * When __GNUC__ is not defined, gnulib defines it to 0, which breaks things.
- */
-#ifdef __GNUC__
-# ifndef __GNUC_PREREQ
-#  if defined __GNUC__ && defined __GNUC_MINOR__
-#   define __GNUC_PREREQ(maj, min)                                        \
-   ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
-#  else
-#   define __GNUC_PREREQ(maj, min) 0
-#  endif
-# endif
-#endif
--- a/configure.ac
+++ b/configure.ac
@@ -16,7 +16,7 @@ dnl You should have received a copy of the GNU Lesser General Public
 dnl License along with this library.  If not, see
 dnl <http://www.gnu.org/licenses/>.

-AC_INIT([libvirt], [2.3.0], [libvir-list@redhat.com], [], [http://libvirt.org])
+AC_INIT([libvirt], [1.2.20], [libvir-list@redhat.com], [], [http://libvirt.org])
 AC_CONFIG_SRCDIR([src/libvirt.c])
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_HEADERS([config.h])
@@ -24,7 +24,7 @@ AH_BOTTOM([#include <config-post.h>])
 AC_CONFIG_MACRO_DIR([m4])
 dnl Make automake keep quiet about wildcards & other GNUmake-isms; also keep
 dnl quiet about the fact that we intentionally cater to automake 1.9
-AM_INIT_AUTOMAKE([-Wno-portability -Wno-obsolete tar-pax no-dist-gzip dist-xz subdir-objects])
+AM_INIT_AUTOMAKE([-Wno-portability -Wno-obsolete tar-ustar subdir-objects])
 dnl older automake's default of ARFLAGS=cru is noisy on newer binutils;
 dnl we don't really need the 'u' even in older toolchains.  Then there is
 dnl older libtool, which spelled it AR_FLAGS
@@ -117,7 +117,7 @@ fi

 dnl Required minimum versions of all libs we depend on
 LIBXML_REQUIRED="2.6.0"
-GNUTLS_REQUIRED="2.2.0"
+GNUTLS_REQUIRED="1.0.25"
 POLKIT_REQUIRED="0.6"
 PARTED_REQUIRED="1.8.0"
 DEVMAPPER_REQUIRED=1.0.0
@@ -144,8 +144,6 @@ AC_TYPE_UID_T
 dnl Support building Win32 DLLs (must appear *before* AM_PROG_LIBTOOL)
 AC_LIBTOOL_WIN32_DLL

-AC_HEADER_MAJOR
-
 m4_ifndef([LT_INIT], [
  AM_PROG_LIBTOOL
 ], [
@@ -177,13 +175,12 @@ dnl are also linux specific.  The "network" and storage_fs drivers are known
 dnl to not work on MacOS X presently, so we also make a note if compiling
 dnl for that

-with_linux=no with_osx=no with_freebsd=no with_win=no with_cygwin=no
+with_linux=no with_osx=no with_freebsd=no
 case $host in
  *-*-linux*) with_linux=yes ;;
  *-*-darwin*) with_osx=yes ;;
  *-*-freebsd*) with_freebsd=yes ;;
  *-*-mingw* | *-*-msvc* ) with_win=yes ;;
-  *-*-cygwin*) with_cygwin=yes ;;
 esac

 if test $with_linux = no; then
@@ -195,12 +192,9 @@ if test $with_linux = no; then
 fi

 if test $with_freebsd = yes; then
-    want_ifconfig=yes
-    with_firewalld=no
-fi
+   want_ifconfig=yes

-if test $with_cygwin = yes; then
-    with_vbox=no
+   with_firewalld=no
 fi

 AM_CONDITIONAL([WITH_LINUX], [test "$with_linux" = "yes"])
@@ -256,9 +250,9 @@ LIBVIRT_CHECK_SANLOCK
 LIBVIRT_CHECK_SASL
 LIBVIRT_CHECK_SELINUX
 LIBVIRT_CHECK_SSH2
+LIBVIRT_CHECK_SYSTEMD_DAEMON
 LIBVIRT_CHECK_UDEV
 LIBVIRT_CHECK_WIRESHARK
-LIBVIRT_CHECK_NSS
 LIBVIRT_CHECK_YAJL

 AC_MSG_CHECKING([for CPUID instruction])
@@ -285,7 +279,7 @@ AC_CHECK_SIZEOF([long])
 dnl Availability of various common functions (non-fatal if missing),
 dnl and various less common threadsafe functions
 AC_CHECK_FUNCS_ONCE([cfmakeraw fallocate geteuid getgid getgrnam_r \
-  getmntent_r getpwuid_r getrlimit getuid kill mmap newlocale posix_fallocate \
+  getmntent_r getpwuid_r getuid kill mmap newlocale posix_fallocate \
  posix_memalign prlimit regexec sched_getaffinity setgroups setns \
  setrlimit symlink sysctlbyname getifaddrs sched_setscheduler])

@@ -322,16 +316,15 @@ if test "x$lv_cv_pthread_sigmask_works" != xyes; then
  AC_DEFINE([FUNC_PTHREAD_SIGMASK_BROKEN], [1],
    [Define to 1 if pthread_sigmask is not a real function])
 fi
-LIBS=$old_LIBS
+LIBS=$old_libs

 dnl Availability of various common headers (non-fatal if missing).
-AC_CHECK_HEADERS([pwd.h regex.h sys/un.h \
+AC_CHECK_HEADERS([pwd.h paths.h regex.h sys/un.h \
  sys/poll.h syslog.h mntent.h net/ethernet.h linux/magic.h \
  sys/un.h sys/syscall.h sys/sysctl.h netinet/tcp.h ifaddrs.h \
  libtasn1.h sys/ucred.h sys/mount.h])
 dnl Check whether endian provides handy macros.
 AC_CHECK_DECLS([htole64], [], [], [[#include <endian.h>]])
-AC_CHECK_FUNCS([stat stat64 __xstat __xstat64 lstat lstat64 __lxstat __lxstat64])

 dnl We need to decide at configure time if libvirt will use real atomic
 dnl operations ("lock free") or emulated ones with a mutex.
@@ -396,12 +389,6 @@ AC_CHECK_TYPE([struct ifreq],
        #include <net/if.h>
  ]])

-AC_CHECK_TYPE([struct sockpeercred],
-  [AC_DEFINE([HAVE_STRUCT_SOCKPEERCRED], [1],
-    [Defined if struct sockpeercred is available])],
-  [], [[#include <sys/socket.h>
-  ]])
-
 AC_CHECK_DECLS([ETH_FLAG_TXVLAN, ETH_FLAG_NTUPLE, ETH_FLAG_RXHASH, ETH_FLAG_LRO,
                ETHTOOL_GGSO, ETHTOOL_GGRO, ETHTOOL_GFLAGS, ETHTOOL_GFEATURES],
  [], [], [[#include <linux/ethtool.h>
@@ -417,6 +404,10 @@ AC_CHECK_LIB([intl],[gettext],[])
 dnl Do we have rpcgen?
 AC_PATH_PROGS([RPCGEN], [rpcgen portable-rpcgen], [no])
 AM_CONDITIONAL([HAVE_RPCGEN], [test "x$ac_cv_path_RPCGEN" != "xno"])
+dnl Is this GLIBC's buggy rpcgen?
+AM_CONDITIONAL([HAVE_GLIBC_RPCGEN],
+	       [test "x$ac_cv_path_RPCGEN" != "xno" &&
+	        $ac_cv_path_RPCGEN -t </dev/null >/dev/null 2>&1])

 dnl Miscellaneous external programs.
 AC_PATH_PROG([XMLLINT], [xmllint], [/usr/bin/xmllint])
@@ -424,7 +415,6 @@ AC_PATH_PROG([XMLCATALOG], [xmlcatalog], [/usr/bin/xmlcatalog])
 AC_PATH_PROG([XSLTPROC], [xsltproc], [/usr/bin/xsltproc])
 AC_PATH_PROG([AUGPARSE], [augparse], [/usr/bin/augparse])
 AC_PROG_MKDIR_P
-AC_PROG_LN_S

 dnl External programs that we can use if they are available.
 dnl We will hard-code paths to these programs unless we cannot
@@ -533,6 +523,10 @@ AC_ARG_WITH([qemu],
  [AS_HELP_STRING([--with-qemu],
    [add QEMU/KVM support @<:@default=yes@:>@])])
 m4_divert_text([DEFAULTS], [with_qemu=yes])
+AC_ARG_WITH([uml],
+  [AS_HELP_STRING([--with-uml],
+    [add UML support @<:@default=check@:>@])])
+m4_divert_text([DEFAULTS], [with_uml=check])
 AC_ARG_WITH([openvz],
  [AS_HELP_STRING([--with-openvz],
    [add OpenVZ support @<:@default=check@:>@])])
@@ -608,7 +602,51 @@ if test x"$enable_debug" = x"yes"; then
   AC_DEFINE([ENABLE_DEBUG], [], [whether debugging is enabled])
 fi

-LIBVIRT_CHECK_INIT_SCRIPT
+
+
+dnl
+dnl init script flavor
+dnl
+AC_MSG_CHECKING([for init script flavor])
+AC_ARG_WITH([init-script],
+  [AS_HELP_STRING([--with-init-script@<:@=STYLE@:>@],
+    [Style of init script to install: redhat, systemd, systemd+redhat,
+     upstart, check, none @<:@default=check@:>@])],
+  [],[with_init_script=check])
+init_redhat=no
+init_systemd=no
+init_upstart=no
+case "$with_init_script" in
+    systemd+redhat)
+       init_redhat=yes
+       init_systemd=yes
+       ;;
+    systemd)
+       init_systemd=yes
+       ;;
+    upstart)
+       init_upstart=yes
+       ;;
+    redhat)
+       init_redhat=yes
+       ;;
+    none)
+       ;;
+    check)
+       if test "$cross_compiling" != yes && test -f /etc/redhat-release; then
+          init_redhat=yes
+          with_init_script=redhat
+       fi
+       ;;
+    *)
+       AC_MSG_ERROR([Unknown initscript flavour $with_init_script])
+    ;;
+esac
+AM_CONDITIONAL([LIBVIRT_INIT_SCRIPT_RED_HAT], test "$init_redhat" = "yes")
+AM_CONDITIONAL([LIBVIRT_INIT_SCRIPT_UPSTART], test "$init_upstart" = "yes")
+AM_CONDITIONAL([LIBVIRT_INIT_SCRIPT_SYSTEMD], test "$init_systemd" = "yes")
+AC_MSG_RESULT($with_init_script)
+

 AC_MSG_CHECKING([for whether to install sysctl config])
 AC_ARG_WITH([sysctl],
@@ -845,6 +883,7 @@ if test "$with_libxl" != "no" ; then
    PKG_CHECK_MODULES([LIBXL], [xenlight], [
     LIBXL_FIRMWARE_DIR=`$PKG_CONFIG --variable xenfirmwaredir xenlight`
     LIBXL_EXECBIN_DIR=`$PKG_CONFIG --variable libexec_bin xenlight`
+     LIBXL_LIBS="$LIBXL_LIBS -lxenctrl"
     with_libxl=yes
    ], [LIBXL_FOUND=no])
    if test "$LIBXL_FOUND" = "no"; then
@@ -857,7 +896,7 @@ if test "$with_libxl" != "no" ; then
        LIBS="$LIBS $LIBXL_LIBS"
        AC_CHECK_LIB([xenlight], [libxl_ctx_alloc], [
            with_libxl=yes
-            LIBXL_LIBS="$LIBXL_LIBS -lxenlight"
+            LIBXL_LIBS="$LIBXL_LIBS -lxenlight -lxenctrl"
        ],[
            if test "$with_libxl" = "yes"; then
                fail=1
@@ -867,11 +906,6 @@ if test "$with_libxl" != "no" ; then
    fi
 fi

-# LIBXL_API_VERSION 4.4.0 introduced a new parameter to
-# libxl_domain_create_restore for specifying restore parameters.
-# The libxl driver will make use of this new parameter for specifying
-# the Xen migration stream version.
-LIBXL_CFLAGS="$LIBXL_CFLAGS -DLIBXL_API_VERSION=0x040400"
 LIBS="$old_LIBS"
 CFLAGS="$old_CFLAGS"

@@ -890,14 +924,6 @@ if test "$with_libxl" = "yes"; then
    if test "x$LIBXL_EXECBIN_DIR" != "x"; then
        AC_DEFINE_UNQUOTED([LIBXL_EXECBIN_DIR], ["$LIBXL_EXECBIN_DIR"], [directory containing Xen libexec binaries])
    fi
-    dnl Check if the xtl_* infrastructure is in libxentoollog
-    dnl (since Xen 4.7) if not then assume it is in libxenctrl
-    dnl (as it was for 4.6 and earler)
-    AC_CHECK_LIB([xentoollog], [xtl_createlogger_stdiostream], [
-        LIBXL_LIBS="$LIBXL_LIBS -lxentoollog"
-    ],[
-        LIBXL_LIBS="$LIBXL_LIBS -lxenctrl"
-    ])
 fi
 AM_CONDITIONAL([WITH_LIBXL], [test "$with_libxl" = "yes"])

@@ -1048,20 +1074,6 @@ if test "$with_lxc" = "yes" ; then
 fi
 AM_CONDITIONAL([WITH_LXC], [test "$with_lxc" = "yes"])

-dnl
-dnl Check for virt-login-shell
-dnl
-
-LIBVIRT_CHECK_LOGIN_SHELL
-
-dnl
-dnl Check for virt-host-validate
-dnl
-
-LIBVIRT_CHECK_HOST_VALIDATE
-
-AM_CONDITIONAL([WITH_SETUID_RPC_CLIENT], [test "$with_lxc$with_login_shell" != "nono"])
-
 dnl
 dnl Checks for the Parallels driver
 dnl
@@ -1074,6 +1086,56 @@ dnl

 LIBVIRT_DRIVER_CHECK_BHYVE

+dnl
+dnl check for shell that understands <> redirection without truncation,
+dnl needed by src/qemu/qemu_monitor_{text,json}.c.
+dnl
+if test "$with_qemu" = yes; then
+  lv_wrapper_shell=
+  AC_CACHE_CHECK([for shell that supports <> redirection],
+    [lv_cv_wrapper_shell],
+    [
+    # If cross-compiling, guess that /bin/sh is good enough except for
+    # Linux, where it might be dash 0.5.5 which is known broken; and on
+    # Linux, we have a good chance that /bin/bash will exist.
+    # If we guess wrong, a user can override the cache variable.
+    # Going through /bin/bash is a slight slowdown if /bin/sh works.
+    if test "$cross_compiling" = yes; then
+      case $host_os in
+        linux*) lv_cv_wrapper_shell=/bin/bash ;;
+        *) lv_cv_wrapper_shell=/bin/sh ;;
+      esac
+    else
+      for lv_cv_wrapper_shell in /bin/sh bash ksh zsh none; do
+        test $lv_cv_wrapper_shell = none &&
+          AC_MSG_ERROR([could not find decent shell])
+        echo a > conftest.a
+        ($lv_cv_wrapper_shell -c ': 1<>conftest.a') 2>/dev/null &&
+        case `cat conftest.a`.$lv_cv_wrapper_shell in
+          a./*) break;; dnl /bin/sh is good enough
+          a.*) dnl bash, ksh, and zsh all understand 'command', use that
+               dnl to determine the absolute path of the shell
+            lv_cv_wrapper_shell=`$lv_cv_wrapper_shell -c \
+              "command -v $lv_cv_wrapper_shell"`
+            case $lv_cv_wrapper_shell in
+              /*) break;;
+            esac
+            ;;
+        esac
+      done
+      rm -f conftest.a
+    fi
+  ])
+  if test "x$lv_cv_wrapper_shell" != x/bin/sh; then
+    lv_wrapper_shell=$lv_cv_wrapper_shell
+  fi
+  if test "x$lv_wrapper_shell" != x; then
+    AC_DEFINE_UNQUOTED([VIR_WRAPPER_SHELL], ["$lv_wrapper_shell"],
+      [Define to the absolute path of a shell that does not truncate on
+       <> redirection, if /bin/sh does not fit the bill])
+  fi
+fi
+

 dnl
 dnl check for kernel headers required by src/bridge.c
@@ -1160,15 +1222,15 @@ AC_SUBST([LIBXML_CFLAGS])
 AC_SUBST([LIBXML_LIBS])

 dnl xmlURI structure has query_raw?
-old_CFLAGS="$CFLAGS"
-old_LIBS="$LIBS"
+old_cflags="$CFLAGS"
+old_libs="$LIBS"
 CFLAGS="$CFLAGS $LIBXML_CFLAGS"
 LIBS="$LIBS $LIBXML_LIBS"
 AC_CHECK_MEMBER([struct _xmlURI.query_raw],
 		[AC_DEFINE([HAVE_XMLURI_QUERY_RAW], [], [Have query_raw field in libxml2 xmlURI structure])],,
 		[#include <libxml/uri.h>])
-CFLAGS="$old_CFLAGS"
-LIBS="$old_LIBS"
+CFLAGS="$old_cflags"
+LIBS="$old_libs"

 dnl GnuTLS library
 AC_ARG_WITH([gnutls],
@@ -1184,8 +1246,8 @@ if test "x$with_gnutls" != "xno"; then
    GNUTLS_LIBS="-L$with_gnutls/lib"
  fi
  fail=0
-  old_CFLAGS="$CFLAGS"
-  old_LIBS="$LIBS"
+  old_cflags="$CFLAGS"
+  old_libs="$LIBS"
  CFLAGS="$CFLAGS $GNUTLS_CFLAGS"
  LIBS="$LIBS $GNUTLS_LIBS"

@@ -1243,24 +1305,16 @@ if test "x$with_gnutls" != "xno"; then
        [set to 1 if it is known or assumed that GNUTLS uses gcrypt])
    fi

+    dnl gnutls 3.x moved some declarations to a new header
+    AC_CHECK_HEADERS([gnutls/crypto.h], [], [], [[
+      #include <gnutls/gnutls.h>
+    ]])
+
    with_gnutls=yes
  fi

-  dnl GNUTLS_CFLAGS and GNUTLS_LIBS have probably been updated above,
-  dnl and we need the final values for function probing to work
-  CFLAGS="$old_CFLAGS $GNUTLS_CFLAGS"
-  LIBS="$old_LIBS $GNUTLS_LIBS"
-
-  dnl gnutls 3.x moved some declarations to a new header
-  AC_CHECK_HEADERS([gnutls/crypto.h], [], [], [[
-    #include <gnutls/gnutls.h>
-  ]])
-
-  AC_CHECK_FUNCS([gnutls_rnd])
-  AC_CHECK_FUNCS([gnutls_cipher_encrypt])
-
+  LIBS="$old_libs"
  CFLAGS="$old_CFLAGS"
-  LIBS="$old_LIBS"
 fi

 if test "x$with_gnutls" = "xyes" ; then
@@ -1272,16 +1326,6 @@ AC_SUBST([GNUTLS_CFLAGS])
 AC_SUBST([GNUTLS_LIBS])


-AC_ARG_WITH([tls-priority],
-  [AS_HELP_STRING([--with-tls-priority],
-    [set the default TLS session priority string @<:@default=NORMAL@:>@])],
-  [],
-  [with_tls_priority=NORMAL])
-
-AC_DEFINE_UNQUOTED([TLS_PRIORITY], ["$with_tls_priority"],
-		   [TLS default priority string])
-
-
 dnl PolicyKit library
 POLKIT_CFLAGS=
 POLKIT_LIBS=
@@ -1411,8 +1455,8 @@ if test "$with_selinux" != "yes" ; then
        AC_MSG_ERROR([You must install the libselinux development package and enable SELinux with the --with-selinux=yes in order to compile libvirt --with-secdriver-selinux=yes])
  fi
 elif test "$with_secdriver_selinux" != "no"; then
-  old_CFLAGS="$CFLAGS"
-  old_LIBS="$LIBS"
+  old_cflags="$CFLAGS"
+  old_libs="$LIBS"
  CFLAGS="$CFLAGS $SELINUX_CFLAGS"
  LIBS="$CFLAGS $SELINUX_LIBS"

@@ -1420,8 +1464,8 @@ elif test "$with_secdriver_selinux" != "no"; then
  AC_CHECK_FUNC([selinux_virtual_domain_context_path], [], [fail=1])
  AC_CHECK_FUNC([selinux_virtual_image_context_path], [], [fail=1])
  AC_CHECK_FUNCS([selinux_lxc_contexts_path])
-  CFLAGS="$old_CFLAGS"
-  LIBS="$old_LIBS"
+  CFLAGS="$old_cflags"
+  LIBS="$old_libs"

  if test "$fail" = "1" ; then
    if test "$with_secdriver_selinux" = "check" ; then
@@ -1565,7 +1609,27 @@ dnl
 dnl Checks for the UML driver
 dnl

-LIBVIRT_DRIVER_CHECK_UML
+if test "$with_libvirtd" = "no" ; then
+  with_uml=no
+fi
+if test "$with_uml" = "yes" || test "$with_uml" = "check"; then
+    AC_CHECK_HEADER([sys/inotify.h], [
+        with_uml=yes
+    ], [
+        if test "$with_uml" = "check"; then
+            with_uml=no
+            AC_MSG_NOTICE([<sys/inotify.h> is required for the UML driver, disabling it])
+        else
+            AC_MSG_ERROR([The <sys/inotify.h> is required for the UML driver. Upgrade your libc6.])
+        fi
+    ])
+fi
+if test "$with_uml" = "yes" ; then
+    AC_DEFINE_UNQUOTED([WITH_UML], 1, [whether UML driver is enabled])
+fi
+AM_CONDITIONAL([WITH_UML], [test "$with_uml" = "yes"])
+
+

 dnl
 dnl check for PHYP
@@ -1847,7 +1911,7 @@ else
 fi
 AM_CONDITIONAL([WITH_STORAGE_ISCSI], [test "$with_storage_iscsi" = "yes"])

-if test "$with_storage_scsi" = "check" || test "$with_storage_scsi" = "yes"; then
+if test "$with_storage_scsi" = "check"; then
   with_storage_scsi=yes

   AC_DEFINE_UNQUOTED([WITH_STORAGE_SCSI], 1,
@@ -1855,16 +1919,13 @@ if test "$with_storage_scsi" = "check" || test "$with_storage_scsi" = "yes"; the
 fi
 AM_CONDITIONAL([WITH_STORAGE_SCSI], [test "$with_storage_scsi" = "yes"])

-if test "$with_storage_mpath" = "check" || test "$with_storage_mpath" = "yes"; then
+if test "$with_storage_mpath" = "check"; then
   if test "$with_linux" = "yes"; then
      with_storage_mpath=yes

      AC_DEFINE_UNQUOTED([WITH_STORAGE_MPATH], 1,
        [whether mpath backend for storage driver is enabled])
   else
-      if test "$with_storage_mpath" = "yes"; then
-        AC_MSG_ERROR([mpath storage is only supported on Linux])
-      fi
      with_storage_mpath=no
   fi
 fi
@@ -1925,6 +1986,14 @@ if test "$with_storage_gluster" = "yes"; then
 fi
 AM_CONDITIONAL([WITH_STORAGE_GLUSTER], [test "$with_storage_gluster" = "yes"])

+if test "$with_storage_zfs" = "check"; then
+    with_storage_zfs=$with_freebsd
+fi
+
+if test "$with_storage_zfs" = "yes" && test "$with_freebsd" = "no"; then
+    AC_MSG_ERROR([The ZFS storage driver can be enabled on FreeBSD only.])
+fi
+
 if test "$with_storage_zfs" = "yes" ||
   test "$with_storage_zfs" = "check"; then
  AC_PATH_PROG([ZFS], [zfs], [], [$PATH:/sbin:/usr/sbin])
@@ -1968,12 +2037,19 @@ LIBPARTED_LIBS=
 if test "$with_storage_disk" = "yes" ||
   test "$with_storage_disk" = "check"; then
  AC_PATH_PROG([PARTED], [parted], [], [$PATH:/sbin:/usr/sbin])
+  AC_PATH_PROG([DMSETUP], [dmsetup], [], [$PATH:/sbin:/usr/sbin])
  if test -z "$PARTED" ; then
    PARTED_FOUND=no
  else
    PARTED_FOUND=yes
  fi

+  if test -z "$DMSETUP" ; then
+    DMSETUP_FOUND=no
+  else
+    DMSETUP_FOUND=yes
+  fi
+
  if test "$PARTED_FOUND" = "yes" && test "x$PKG_CONFIG" != "x" ; then
    PKG_CHECK_MODULES([LIBPARTED], [libparted >= $PARTED_REQUIRED], [],
      [PARTED_FOUND=no])
@@ -1992,12 +2068,12 @@ if test "$with_storage_disk" = "yes" ||
  fi

  if test "$with_storage_disk" = "yes" &&
-     test "$PARTED_FOUND" != "yes"; then
-    AC_MSG_ERROR([Need parted for disk storage driver])
+     test "$PARTED_FOUND:$DMSETUP_FOUND" != "yes:yes"; then
+    AC_MSG_ERROR([Need both parted and dmsetup for disk storage driver])
  fi

  if test "$with_storage_disk" = "check"; then
-    if test "$PARTED_FOUND" != "yes"; then
+    if test "$PARTED_FOUND:$DMSETUP_FOUND" != "yes:yes"; then
      with_storage_disk=no
    else
      with_storage_disk=yes
@@ -2009,6 +2085,8 @@ if test "$with_storage_disk" = "yes" ||
      [whether Disk backend for storage driver is enabled])
    AC_DEFINE_UNQUOTED([PARTED],["$PARTED"],
      [Location or name of the parted program])
+    AC_DEFINE_UNQUOTED([DMSETUP],["$DMSETUP"],
+      [Location or name of the dmsetup program])
  fi
 fi
 AM_CONDITIONAL([WITH_STORAGE_DISK], [test "$with_storage_disk" = "yes"])
@@ -2442,7 +2520,7 @@ AC_DEFINE_UNQUOTED([QEMU_USER], ["$QEMU_USER"], [QEMU user account])
 AC_DEFINE_UNQUOTED([QEMU_GROUP], ["$QEMU_GROUP"], [QEMU group account])

 AC_PATH_PROG([QEMU_BRIDGE_HELPER], [qemu-bridge-helper], [/usr/libexec/qemu-bridge-helper],
-                  [/usr/libexec:/usr/lib/qemu:/usr/lib])
+                  [/usr/libexec:/usr/lib/qemu])
 AC_DEFINE_UNQUOTED([QEMU_BRIDGE_HELPER], ["$QEMU_BRIDGE_HELPER"], [QEMU bridge helper])

 AC_ARG_WITH([macvtap],
@@ -2698,7 +2776,8 @@ AC_DEFINE_UNQUOTED([base64_encode_alloc],[libvirt_gl_base64_encode_alloc],[Hack
 AC_CONFIG_FILES([run],
                [chmod +x,-w run])
 AC_CONFIG_FILES([\
-        Makefile src/Makefile include/libvirt/Makefile docs/Makefile \
+        Makefile src/Makefile include/Makefile docs/Makefile \
+        docs/schemas/Makefile \
        gnulib/lib/Makefile \
        gnulib/tests/Makefile \
        libvirt.pc \
@@ -2710,11 +2789,25 @@ AC_CONFIG_FILES([\
        src/libvirt-lxc.pc \
        libvirt.spec mingw-libvirt.spec \
        po/Makefile.in \
-        include/libvirt/libvirt-common.h \
+        include/libvirt/Makefile include/libvirt/libvirt.h \
        daemon/Makefile \
-        examples/Makefile \
+        tools/Makefile \
        tests/Makefile \
-        tools/Makefile])
+        examples/apparmor/Makefile \
+        examples/object-events/Makefile \
+        examples/domsuspend/Makefile \
+        examples/dominfo/Makefile \
+        examples/dommigrate/Makefile \
+        examples/domtop/Makefile \
+        examples/openauth/Makefile \
+        examples/hellolibvirt/Makefile \
+        examples/rename/Makefile \
+        examples/systemtap/Makefile \
+        examples/xml/nwfilter/Makefile \
+        examples/lxcconvert/Makefile \
+        examples/polkit/Makefile \
+        tools/wireshark/Makefile \
+        tools/wireshark/src/Makefile])
 AC_OUTPUT

 AC_MSG_NOTICE([])
@@ -2725,7 +2818,7 @@ AC_MSG_NOTICE([Drivers])
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([      Xen: $with_xen])
 AC_MSG_NOTICE([     QEMU: $with_qemu])
-LIBVIRT_DRIVER_RESULT_UML
+AC_MSG_NOTICE([      UML: $with_uml])
 AC_MSG_NOTICE([   OpenVZ: $with_openvz])
 AC_MSG_NOTICE([   VMware: $with_vmware])
 AC_MSG_NOTICE([     VBox: $with_vbox])
@@ -2795,9 +2888,9 @@ LIBVIRT_RESULT_SANLOCK
 LIBVIRT_RESULT_SASL
 LIBVIRT_RESULT_SELINUX
 LIBVIRT_RESULT_SSH2
+LIBVIRT_RESULT_SYSTEMD_DAEMON
 LIBVIRT_RESULT_UDEV
 LIBVIRT_RESULT_WIRESHARK
-LIBVIRT_RESULT_NSS
 LIBVIRT_RESULT_YAJL
 AC_MSG_NOTICE([  libxml: $LIBXML_CFLAGS $LIBXML_LIBS])
 AC_MSG_NOTICE([  dlopen: $DLOPEN_LIBS])
@@ -2871,19 +2964,16 @@ AC_MSG_NOTICE([        Alloc OOM: $enable_oom])
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([Miscellaneous])
 AC_MSG_NOTICE([])
-AC_MSG_NOTICE([             Debug: $enable_debug])
-AC_MSG_NOTICE([       Use -Werror: $set_werror])
-AC_MSG_NOTICE([     Warning Flags: $WARN_CFLAGS])
-AC_MSG_NOTICE([            DTrace: $with_dtrace])
-AC_MSG_NOTICE([             numad: $with_numad])
-AC_MSG_NOTICE([       XML Catalog: $XML_CATALOG_FILE])
-LIBVIRT_RESULT_INIT_SCRIPT
-AC_MSG_NOTICE([ Char device locks: $with_chrdev_lock_files])
-AC_MSG_NOTICE([    Default Editor: $DEFAULT_EDITOR])
-AC_MSG_NOTICE([      Loader/NVRAM: $with_loader_nvram])
-AC_MSG_NOTICE([  virt-login-shell: $with_login_shell])
-AC_MSG_NOTICE([virt-host-validate: $with_host_validate])
-AC_MSG_NOTICE([      TLS priority: $with_tls_priority])
+AC_MSG_NOTICE([            Debug: $enable_debug])
+AC_MSG_NOTICE([      Use -Werror: $set_werror])
+AC_MSG_NOTICE([    Warning Flags: $WARN_CFLAGS])
+AC_MSG_NOTICE([           DTrace: $with_dtrace])
+AC_MSG_NOTICE([            numad: $with_numad])
+AC_MSG_NOTICE([      XML Catalog: $XML_CATALOG_FILE])
+AC_MSG_NOTICE([      Init script: $with_init_script])
+AC_MSG_NOTICE([Char device locks: $with_chrdev_lock_files])
+AC_MSG_NOTICE([   Default Editor: $DEFAULT_EDITOR])
+AC_MSG_NOTICE([     Loader/NVRAM: $with_loader_nvram])
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([Developer Tools])
 AC_MSG_NOTICE([])
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@@ -46,14 +46,6 @@ DAEMON_SOURCES =					\

 LIBVIRTD_CONF_SOURCES = libvirtd-config.c libvirtd-config.h

-PODFILES = \
-	libvirtd.pod \
-	$(NULL)
-
-MANINFILES = \
-	libvirtd.8.in \
-	$(NULL)
-
 DISTCLEANFILES =
 EXTRA_DIST =						\
 	remote_dispatch.h				\
@@ -67,6 +59,7 @@ EXTRA_DIST =						\
 	libvirt.rules					\
 	libvirtd.sasl					\
 	libvirtd.service.in				\
+	libvirtd.socket.in				\
 	libvirtd.sysconf				\
 	libvirtd.sysctl					\
 	libvirtd.aug                                    \
@@ -77,8 +70,8 @@ EXTRA_DIST =						\
 	libvirtd.uml.logrotate.in                       \
 	test_libvirtd.aug.in                             \
 	THREADS.txt					\
-	$(PODFILES)					\
-	$(MANINFILES)					\
+	libvirtd.pod.in					\
+	libvirtd.8.in					\
 	$(DAEMON_SOURCES)				\
 	$(LIBVIRTD_CONF_SOURCES)			\
 	$(NULL)
@@ -135,7 +128,7 @@ libvirtd_conf_la_LIBADD = $(LIBXML_LIBS)

 noinst_LTLIBRARIES += libvirtd_admin.la
 libvirtd_admin_la_SOURCES = \
-		admin.c admin.h admin_server.c admin_server.h
+		admin_server.c admin_server.h

 libvirtd_admin_la_CFLAGS = \
 		$(AM_CFLAGS)		\
@@ -169,6 +162,13 @@ augeastests_DATA = test_libvirtd.aug

 CLEANFILES += test_libvirtd.aug

+libvirtd.8: $(srcdir)/libvirtd.8.in
+	$(AM_V_GEN)sed \
+	    -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \
+	    -e 's|[@]localstatedir[@]|$(localstatedir)|g' \
+	    < $< > $@-t && \
+	mv $@-t $@
+
 libvirtd_SOURCES = $(DAEMON_SOURCES)

 #-D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_POSIX_C_SOURCE=199506L
@@ -233,10 +233,6 @@ if WITH_VBOX
    libvirtd_LDADD += ../src/libvirt_driver_vbox.la
 endif WITH_VBOX

-if WITH_VZ
-    libvirtd_LDADD += ../src/libvirt_driver_vz.la
-endif WITH_VZ
-
 if WITH_STORAGE
    libvirtd_LDADD += ../src/libvirt_driver_storage.la
 endif WITH_STORAGE
@@ -323,8 +319,7 @@ endif ! WITH_POLKIT

 remote.c: $(DAEMON_GENERATED)
 remote.h: $(DAEMON_GENERATED)
-admin.c: $(DAEMON_GENERATED)
-admin.h: $(DAEMON_GENERATED)
+admin_server.c: $(DAEMON_GENERATED)

 LOGROTATE_CONFS = libvirtd.qemu.logrotate libvirtd.lxc.logrotate \
 		  libvirtd.libxl.logrotate libvirtd.uml.logrotate \
@@ -450,15 +445,18 @@ endif ! LIBVIRT_INIT_SCRIPT_UPSTART
 if LIBVIRT_INIT_SCRIPT_SYSTEMD

 SYSTEMD_UNIT_DIR = $(prefix)/lib/systemd/system
-BUILT_SOURCES += libvirtd.service
+BUILT_SOURCES += libvirtd.service libvirtd.socket

-install-init-systemd: install-sysconfig libvirtd.service
+install-init-systemd: install-sysconfig libvirtd.service libvirtd.socket
 	$(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR)
 	$(INSTALL_DATA) libvirtd.service \
 	  $(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirtd.service
+	$(INSTALL_DATA) libvirtd.socket \
+	  $(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirtd.socket

 uninstall-init-systemd: uninstall-sysconfig
 	rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirtd.service
+	rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirtd.socket
 	rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) || :
 else ! LIBVIRT_INIT_SCRIPT_SYSTEMD
 install-init-systemd:
@@ -482,6 +480,12 @@ libvirtd.service: libvirtd.service.in $(top_builddir)/config.status
 	    < $< > $@-t &&					\
 	    mv $@-t $@

+libvirtd.socket: libvirtd.socket.in $(top_builddir)/config.status
+	$(AM_V_GEN)sed						\
+	    -e 's|[@]runstatedir[@]|$(runstatedir)|g'		\
+	    < $< > $@-t &&					\
+	    mv $@-t $@
+

 check-local: check-augeas

@@ -505,24 +509,12 @@ install-data-local: install-data-sasl
 uninstall-local:: uninstall-data-sasl
 endif ! WITH_LIBVIRTD

-POD2MAN = pod2man -c "Virtualization Support" -r "$(PACKAGE)-$(VERSION)"
+POD2MAN = pod2man -c "Virtualization Support" \
+			-r "$(PACKAGE)-$(VERSION)" -s 8

-%.8.in: %.pod
-	$(AM_V_GEN)$(POD2MAN) --section=8 $< $@-t1 && \
-	if grep 'POD ERROR' $@-t1; then rm $@-t1; exit 1; fi && \
-	sed \
-		-e 's|SYSCONFDIR|\@sysconfdir\@|g' \
-		-e 's|LOCALSTATEDIR|\@localstatedir\@|g' \
-		< $@-t1 > $@-t2 && \
-	rm -f $@-t1 && \
-	mv $@-t2 $@
-
-%.8: %.8.in $(top_srcdir)/configure.ac
-	$(AM_V_GEN)sed \
-		-e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \
-		-e 's|[@]localstatedir[@]|$(localstatedir)|g' \
-		< $< > $@-t && \
-	mv $@-t $@
+$(srcdir)/libvirtd.8.in: libvirtd.pod.in $(top_srcdir)/configure.ac
+	$(AM_V_GEN)$(POD2MAN) --name LIBVIRTD $< $@ \
+	    && if grep 'POD ERROR' $@ ; then rm $@; exit 1; fi

 # This is needed for clients too, so can't wrap in
 # the WITH_LIBVIRTD conditional
@@ -543,4 +535,4 @@ endif ! WITH_SASL

 CLEANFILES += $(BUILT_SOURCES) $(man8_MANS)
 CLEANFILES += *.cov *.gcov .libs/*.gcda .libs/*.gcno *.gcno *.gcda
-MAINTAINERCLEANFILES = $(MANINFILES) $(DAEMON_GENERATED)
+MAINTAINERCLEANFILES = $(srcdir)/libvirtd.8.in $(DAEMON_GENERATED)
--- a/daemon/admin.c
+++ b/daemon/admin.c
@@ -1,386 +0,0 @@
-/*
- * admin.c: handlers for admin RPC method calls
- *
- * Copyright (C) 2014-2016 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library.  If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * Author: Martin Kletzander <mkletzan@redhat.com>
- */
-
-#include <config.h>
-
-#include "internal.h"
-#include "libvirtd.h"
-#include "libvirt_internal.h"
-
-#include "admin_protocol.h"
-#include "admin.h"
-#include "admin_server.h"
-#include "datatypes.h"
-#include "viralloc.h"
-#include "virerror.h"
-#include "virlog.h"
-#include "virnetdaemon.h"
-#include "virnetserver.h"
-#include "virstring.h"
-#include "virthreadjob.h"
-#include "virtypedparam.h"
-
-#define VIR_FROM_THIS VIR_FROM_ADMIN
-
-VIR_LOG_INIT("daemon.admin");
-
-
-void
-remoteAdmClientFreeFunc(void *data)
-{
-    struct daemonAdmClientPrivate *priv = data;
-
-    virMutexDestroy(&priv->lock);
-    virObjectUnref(priv->dmn);
-    VIR_FREE(priv);
-}
-
-void *
-remoteAdmClientInitHook(virNetServerClientPtr client ATTRIBUTE_UNUSED,
-                        void *opaque)
-{
-    struct daemonAdmClientPrivate *priv;
-
-    if (VIR_ALLOC(priv) < 0)
-        return NULL;
-
-    if (virMutexInit(&priv->lock) < 0) {
-        VIR_FREE(priv);
-        virReportSystemError(errno, "%s", _("unable to init mutex"));
-        return NULL;
-    }
-
-    /*
-     * We don't necessarily need to ref this object right now as there
-     * must be one ref being held throughout the life of the daemon,
-     * but let's just be safe for future.
-     */
-    priv->dmn = virObjectRef(opaque);
-
-    return priv;
-}
-
-/* Helpers */
-
-static virNetServerPtr
-get_nonnull_server(virNetDaemonPtr dmn, admin_nonnull_server srv)
-{
-    return virNetDaemonGetServer(dmn, srv.name);
-}
-
-static void
-make_nonnull_server(admin_nonnull_server *srv_dst,
-                    virNetServerPtr srv_src)
-{
-    ignore_value(VIR_STRDUP_QUIET(srv_dst->name, virNetServerGetName(srv_src)));
-}
-
-static virNetServerClientPtr
-get_nonnull_client(virNetServerPtr srv, admin_nonnull_client clnt)
-{
-    return virNetServerGetClient(srv, clnt.id);
-}
-
-static void
-make_nonnull_client(admin_nonnull_client *clt_dst,
-                    virNetServerClientPtr clt_src)
-{
-    clt_dst->id = virNetServerClientGetID(clt_src);
-    clt_dst->timestamp = virNetServerClientGetTimestamp(clt_src);
-    clt_dst->transport = virNetServerClientGetTransport(clt_src);
-}
-
-/* Functions */
-static int
-adminDispatchConnectOpen(virNetServerPtr server ATTRIBUTE_UNUSED,
-                         virNetServerClientPtr client,
-                         virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                         virNetMessageErrorPtr rerr,
-                         struct admin_connect_open_args *args)
-{
-    unsigned int flags;
-    struct daemonAdmClientPrivate *priv =
-        virNetServerClientGetPrivateData(client);
-    int ret = -1;
-
-    VIR_DEBUG("priv=%p dmn=%p", priv, priv->dmn);
-    virMutexLock(&priv->lock);
-
-    flags = args->flags;
-    virCheckFlagsGoto(0, cleanup);
-
-    ret = 0;
- cleanup:
-    if (ret < 0)
-        virNetMessageSaveError(rerr);
-    virMutexUnlock(&priv->lock);
-    return ret;
-}
-
-static int
-adminDispatchConnectClose(virNetServerPtr server ATTRIBUTE_UNUSED,
-                          virNetServerClientPtr client,
-                          virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                          virNetMessageErrorPtr rerr ATTRIBUTE_UNUSED)
-{
-    virNetServerClientDelayedClose(client);
-    return 0;
-}
-
-static int
-adminConnectGetLibVersion(virNetDaemonPtr dmn ATTRIBUTE_UNUSED,
-                          unsigned long long *libVer)
-{
-    if (libVer)
-        *libVer = LIBVIR_VERSION_NUMBER;
-    return 0;
-}
-
-static int
-adminDispatchServerGetThreadpoolParameters(virNetServerPtr server ATTRIBUTE_UNUSED,
-                                           virNetServerClientPtr client,
-                                           virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                                           virNetMessageErrorPtr rerr,
-                                           struct admin_server_get_threadpool_parameters_args *args,
-                                           struct admin_server_get_threadpool_parameters_ret *ret)
-{
-    int rv = -1;
-    virNetServerPtr srv = NULL;
-    virTypedParameterPtr params = NULL;
-    int nparams = 0;
-    struct daemonAdmClientPrivate *priv =
-        virNetServerClientGetPrivateData(client);
-
-    if (!(srv = virNetDaemonGetServer(priv->dmn, args->srv.name)))
-        goto cleanup;
-
-    if (adminServerGetThreadPoolParameters(srv, &params, &nparams,
-                                           args->flags) < 0)
-        goto cleanup;
-
-    if (nparams > ADMIN_SERVER_THREADPOOL_PARAMETERS_MAX) {
-        virReportError(VIR_ERR_INTERNAL_ERROR,
-                       _("Number of threadpool parameters %d exceeds max "
-                         "allowed limit: %d"), nparams,
-                       ADMIN_SERVER_THREADPOOL_PARAMETERS_MAX);
-        goto cleanup;
-    }
-
-    if (virTypedParamsSerialize(params, nparams,
-                                (virTypedParameterRemotePtr *) &ret->params.params_val,
-                                &ret->params.params_len, 0) < 0)
-        goto cleanup;
-
-    rv = 0;
- cleanup:
-    if (rv < 0)
-        virNetMessageSaveError(rerr);
-
-    virTypedParamsFree(params, nparams);
-    virObjectUnref(srv);
-    return rv;
-}
-
-static int
-adminDispatchServerSetThreadpoolParameters(virNetServerPtr server ATTRIBUTE_UNUSED,
-                                           virNetServerClientPtr client,
-                                           virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                                           virNetMessageErrorPtr rerr,
-                                           struct admin_server_set_threadpool_parameters_args *args)
-{
-    int rv = -1;
-    virNetServerPtr srv = NULL;
-    virTypedParameterPtr params = NULL;
-    int nparams = 0;
-    struct daemonAdmClientPrivate *priv =
-        virNetServerClientGetPrivateData(client);
-
-    if (!(srv = virNetDaemonGetServer(priv->dmn, args->srv.name))) {
-        virReportError(VIR_ERR_NO_SERVER,
-                       _("no server with matching name '%s' found"),
-                       args->srv.name);
-        goto cleanup;
-    }
-
-    if (virTypedParamsDeserialize((virTypedParameterRemotePtr) args->params.params_val,
-                                  args->params.params_len,
-                                  ADMIN_SERVER_THREADPOOL_PARAMETERS_MAX,
-                                  &params,
-                                  &nparams) < 0)
-        goto cleanup;
-
-
-    if (adminServerSetThreadPoolParameters(srv, params,
-                                           nparams, args->flags) < 0)
-        goto cleanup;
-
-    rv = 0;
- cleanup:
-    if (rv < 0)
-        virNetMessageSaveError(rerr);
-
-    virTypedParamsFree(params, nparams);
-    virObjectUnref(srv);
-    return rv;
-}
-
-static int
-adminDispatchClientGetInfo(virNetServerPtr server ATTRIBUTE_UNUSED,
-                           virNetServerClientPtr client,
-                           virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                           virNetMessageErrorPtr rerr,
-                           struct admin_client_get_info_args *args,
-                           struct admin_client_get_info_ret *ret)
-{
-    int rv = -1;
-    virNetServerPtr srv = NULL;
-    virNetServerClientPtr clnt = NULL;
-    virTypedParameterPtr params = NULL;
-    int nparams = 0;
-    struct daemonAdmClientPrivate *priv =
-        virNetServerClientGetPrivateData(client);
-
-    if (!(srv = virNetDaemonGetServer(priv->dmn, args->clnt.srv.name))) {
-        virReportError(VIR_ERR_NO_SERVER,
-                       _("no server with matching name '%s' found"),
-                       args->clnt.srv.name);
-        goto cleanup;
-    }
-
-    if (!(clnt = virNetServerGetClient(srv, args->clnt.id))) {
-        virReportError(VIR_ERR_NO_CLIENT,
-                       _("no client with matching id '%llu' found"),
-                       (unsigned long long) args->clnt.id);
-        goto cleanup;
-    }
-
-    if (adminClientGetInfo(clnt, &params, &nparams, args->flags) < 0)
-        goto cleanup;
-
-    if (nparams > ADMIN_CLIENT_INFO_PARAMETERS_MAX) {
-        virReportError(VIR_ERR_INTERNAL_ERROR,
-                       _("Number of client info parameters %d exceeds max "
-                         "allowed limit: %d"), nparams,
-                       ADMIN_CLIENT_INFO_PARAMETERS_MAX);
-        goto cleanup;
-    }
-
-    if (virTypedParamsSerialize(params, nparams,
-                                (virTypedParameterRemotePtr *) &ret->params.params_val,
-                                &ret->params.params_len,
-                                VIR_TYPED_PARAM_STRING_OKAY) < 0)
-        goto cleanup;
-
-    rv = 0;
-
- cleanup:
-    if (rv < 0)
-        virNetMessageSaveError(rerr);
-
-    virTypedParamsFree(params, nparams);
-    virObjectUnref(clnt);
-    virObjectUnref(srv);
-    return rv;
-}
-
-static int
-adminDispatchServerGetClientLimits(virNetServerPtr server ATTRIBUTE_UNUSED,
-                                   virNetServerClientPtr client,
-                                   virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                                   virNetMessageErrorPtr rerr ATTRIBUTE_UNUSED,
-                                   admin_server_get_client_limits_args *args,
-                                   admin_server_get_client_limits_ret *ret)
-{
-    int rv = -1;
-    virNetServerPtr srv = NULL;
-    virTypedParameterPtr params = NULL;
-    int nparams = 0;
-    struct daemonAdmClientPrivate *priv =
-        virNetServerClientGetPrivateData(client);
-
-    if (!(srv = virNetDaemonGetServer(priv->dmn, args->srv.name)))
-        goto cleanup;
-
-    if (adminServerGetClientLimits(srv, &params, &nparams, args->flags) < 0)
-        goto cleanup;
-
-    if (nparams > ADMIN_SERVER_CLIENT_LIMITS_MAX) {
-        virReportError(VIR_ERR_INTERNAL_ERROR,
-                       _("Number of client processing parameters %d exceeds "
-                         "max allowed limit: %d"), nparams,
-                       ADMIN_SERVER_CLIENT_LIMITS_MAX);
-        goto cleanup;
-    }
-
-    if (virTypedParamsSerialize(params, nparams,
-                                (virTypedParameterRemotePtr *) &ret->params.params_val,
-                                &ret->params.params_len, 0) < 0)
-        goto cleanup;
-
-    rv = 0;
- cleanup:
-    if (rv < 0)
-        virNetMessageSaveError(rerr);
-
-    virTypedParamsFree(params, nparams);
-    virObjectUnref(srv);
-    return rv;
-}
-
-static int
-adminDispatchServerSetClientLimits(virNetServerPtr server ATTRIBUTE_UNUSED,
-                                   virNetServerClientPtr client,
-                                   virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                                   virNetMessageErrorPtr rerr ATTRIBUTE_UNUSED,
-                                   admin_server_set_client_limits_args *args)
-{
-    int rv = -1;
-    virNetServerPtr srv = NULL;
-    virTypedParameterPtr params = NULL;
-    int nparams = 0;
-    struct daemonAdmClientPrivate *priv =
-        virNetServerClientGetPrivateData(client);
-
-    if (!(srv = virNetDaemonGetServer(priv->dmn, args->srv.name))) {
-        virReportError(VIR_ERR_NO_SERVER,
-                       _("no server with matching name '%s' found"),
-                       args->srv.name);
-        goto cleanup;
-    }
-
-    if (virTypedParamsDeserialize((virTypedParameterRemotePtr) args->params.params_val,
-        args->params.params_len,
-        ADMIN_SERVER_CLIENT_LIMITS_MAX, &params, &nparams) < 0)
-        goto cleanup;
-
-    if (adminServerSetClientLimits(srv, params, nparams, args->flags) < 0)
-        goto cleanup;
-
-    rv = 0;
- cleanup:
-    if (rv < 0)
-        virNetMessageSaveError(rerr);
-    virTypedParamsFree(params, nparams);
-    virObjectUnref(srv);
-    return rv;
-}
-#include "admin_dispatch.h"
--- a/daemon/admin.h
+++ b/daemon/admin.h
@@ -1,36 +0,0 @@
-/*
- * admin.h: handlers for admin RPC method calls
- *
- * Copyright (C) 2014-2016 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library.  If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * Author: Martin Kletzander <mkletzan@redhat.com>
- */
-
-#ifndef __LIBVIRTD_ADMIN_H__
-# define __LIBVIRTD_ADMIN_H__
-
-# include "rpc/virnetserverprogram.h"
-# include "rpc/virnetserverclient.h"
-
-
-extern virNetServerProgramProc adminProcs[];
-extern size_t adminNProcs;
-
-void remoteAdmClientFreeFunc(void *data);
-void *remoteAdmClientInitHook(virNetServerClientPtr client, void *opaque);
-
-#endif /* __ADMIN_REMOTE_H__ */
--- a/daemon/admin_server.c
+++ b/daemon/admin_server.c
@@ -1,7 +1,7 @@
 /*
- * admin_server.c: admin methods to manage daemons and clients
+ * admin_server.c:
 *
- * Copyright (C) 2016 Red Hat, Inc.
+ * Copyright (C) 2014-2015 Red Hat, Inc.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -17,374 +17,101 @@
 * License along with this library.  If not, see
 * <http://www.gnu.org/licenses/>.
 *
- * Authors: Erik Skultety <eskultet@redhat.com>
- *          Martin Kletzander <mkletzan@redhat.com>
+ * Author: Martin Kletzander <mkletzan@redhat.com>
 */

 #include <config.h>

+#include "internal.h"
+#include "libvirtd.h"
+#include "libvirt_internal.h"
+
+#include "admin_protocol.h"
 #include "admin_server.h"
 #include "datatypes.h"
 #include "viralloc.h"
 #include "virerror.h"
-#include "viridentity.h"
 #include "virlog.h"
 #include "virnetdaemon.h"
 #include "virnetserver.h"
 #include "virstring.h"
-#include "virthreadpool.h"
-#include "virtypedparam.h"
+#include "virthreadjob.h"

 #define VIR_FROM_THIS VIR_FROM_ADMIN

-VIR_LOG_INIT("daemon.admin_server");
+VIR_LOG_INIT("daemon.admin");

-int
-adminConnectListServers(virNetDaemonPtr dmn,
-                        virNetServerPtr **servers,
-                        unsigned int flags)
+
+void
+remoteAdmClientFreeFunc(void *data)
 {
-    int ret = -1;
-    virNetServerPtr *srvs = NULL;
+    struct daemonAdmClientPrivate *priv = data;

-    virCheckFlags(0, -1);
-
-    if ((ret = virNetDaemonGetServers(dmn, &srvs)) < 0)
-        goto cleanup;
-
-    if (servers) {
-        *servers = srvs;
-        srvs = NULL;
-    }
- cleanup:
-    if (ret > 0)
-        virObjectListFreeCount(srvs, ret);
-    return ret;
+    virMutexDestroy(&priv->lock);
+    virObjectUnref(priv->dmn);
+    VIR_FREE(priv);
 }

-virNetServerPtr
-adminConnectLookupServer(virNetDaemonPtr dmn,
-                         const char *name,
-                         unsigned int flags)
+void *
+remoteAdmClientInitHook(virNetServerClientPtr client ATTRIBUTE_UNUSED,
+                        void *opaque)
 {
-    virCheckFlags(flags, NULL);
+    struct daemonAdmClientPrivate *priv;

-    return virNetDaemonGetServer(dmn, name);
-}
+    if (VIR_ALLOC(priv) < 0)
+        return NULL;

-int
-adminServerGetThreadPoolParameters(virNetServerPtr srv,
-                                   virTypedParameterPtr *params,
-                                   int *nparams,
-                                   unsigned int flags)
-{
-    int ret = -1;
-    int maxparams = 0;
-    size_t minWorkers;
-    size_t maxWorkers;
-    size_t nWorkers;
-    size_t freeWorkers;
-    size_t nPrioWorkers;
-    size_t jobQueueDepth;
-    virTypedParameterPtr tmpparams = NULL;
-
-    virCheckFlags(0, -1);
-
-    if (virNetServerGetThreadPoolParameters(srv, &minWorkers, &maxWorkers,
-                                            &nWorkers, &freeWorkers,
-                                            &nPrioWorkers,
-                                            &jobQueueDepth) < 0) {
-        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
-                       _("Unable to retrieve threadpool parameters"));
-        goto cleanup;
+    if (virMutexInit(&priv->lock) < 0) {
+        VIR_FREE(priv);
+        virReportSystemError(errno, "%s", _("unable to init mutex"));
+        return NULL;
    }

-    if (virTypedParamsAddUInt(&tmpparams, nparams,
-                              &maxparams, VIR_THREADPOOL_WORKERS_MIN,
-                              minWorkers) < 0)
-        goto cleanup;
+    /*
+     * We don't necessarily need to ref this object right now as there
+     * must be one ref being held throughout the life of the daemon,
+     * but let's just be safe for future.
+     */
+    priv->dmn = virObjectRef(opaque);

-    if (virTypedParamsAddUInt(&tmpparams, nparams,
-                              &maxparams, VIR_THREADPOOL_WORKERS_MAX,
-                              maxWorkers) < 0)
-        goto cleanup;
+    return priv;
+}

-    if (virTypedParamsAddUInt(&tmpparams, nparams,
-                              &maxparams, VIR_THREADPOOL_WORKERS_CURRENT,
-                              nWorkers) < 0)
-        goto cleanup;
+/* Functions */
+static int
+adminDispatchConnectOpen(virNetServerPtr server ATTRIBUTE_UNUSED,
+                         virNetServerClientPtr client,
+                         virNetMessagePtr msg ATTRIBUTE_UNUSED,
+                         virNetMessageErrorPtr rerr,
+                         struct admin_connect_open_args *args)
+{
+    unsigned int flags;
+    struct daemonAdmClientPrivate *priv =
+        virNetServerClientGetPrivateData(client);
+    int ret = -1;

-    if (virTypedParamsAddUInt(&tmpparams, nparams,
-                              &maxparams, VIR_THREADPOOL_WORKERS_FREE,
-                              freeWorkers) < 0)
-        goto cleanup;
+    VIR_DEBUG("priv=%p dmn=%p", priv, priv->dmn);
+    virMutexLock(&priv->lock);

-    if (virTypedParamsAddUInt(&tmpparams, nparams,
-                              &maxparams, VIR_THREADPOOL_WORKERS_PRIORITY,
-                              nPrioWorkers) < 0)
-        goto cleanup;
+    flags = args->flags;
+    virCheckFlagsGoto(0, cleanup);

-    if (virTypedParamsAddUInt(&tmpparams, nparams,
-                              &maxparams, VIR_THREADPOOL_JOB_QUEUE_DEPTH,
-                              jobQueueDepth) < 0)
-        goto cleanup;
-
-    *params = tmpparams;
-    tmpparams = NULL;
    ret = 0;
-
 cleanup:
-    virTypedParamsFree(tmpparams, *nparams);
+    if (ret < 0)
+        virNetMessageSaveError(rerr);
+    virMutexUnlock(&priv->lock);
    return ret;
 }

-int
-adminServerSetThreadPoolParameters(virNetServerPtr srv,
-                                   virTypedParameterPtr params,
-                                   int nparams,
-                                   unsigned int flags)
+static int
+adminDispatchConnectClose(virNetServerPtr server ATTRIBUTE_UNUSED,
+                          virNetServerClientPtr client,
+                          virNetMessagePtr msg ATTRIBUTE_UNUSED,
+                          virNetMessageErrorPtr rerr ATTRIBUTE_UNUSED)
 {
-    long long int minWorkers = -1;
-    long long int maxWorkers = -1;
-    long long int prioWorkers = -1;
-    virTypedParameterPtr param = NULL;
-
-    virCheckFlags(0, -1);
-
-    if (virTypedParamsValidate(params, nparams,
-                               VIR_THREADPOOL_WORKERS_MIN,
-                               VIR_TYPED_PARAM_UINT,
-                               VIR_THREADPOOL_WORKERS_MAX,
-                               VIR_TYPED_PARAM_UINT,
-                               VIR_THREADPOOL_WORKERS_PRIORITY,
-                               VIR_TYPED_PARAM_UINT,
-                               NULL) < 0)
-        return -1;
-
-    if ((param = virTypedParamsGet(params, nparams,
-                                   VIR_THREADPOOL_WORKERS_MIN)))
-        minWorkers = param->value.ui;
-
-    if ((param = virTypedParamsGet(params, nparams,
-                                   VIR_THREADPOOL_WORKERS_MAX)))
-        maxWorkers = param->value.ui;
-
-    if ((param = virTypedParamsGet(params, nparams,
-                                   VIR_THREADPOOL_WORKERS_PRIORITY)))
-        prioWorkers = param->value.ui;
-
-    if (virNetServerSetThreadPoolParameters(srv, minWorkers,
-                                            maxWorkers, prioWorkers) < 0)
-        return -1;
-
+    virNetServerClientDelayedClose(client);
    return 0;
 }

-int
-adminServerListClients(virNetServerPtr srv,
-                       virNetServerClientPtr **clients,
-                       unsigned int flags)
-{
-    int ret = -1;
-    virNetServerClientPtr *clts;
-
-    virCheckFlags(0, -1);
-
-    if ((ret = virNetServerGetClients(srv, &clts)) < 0)
-        return -1;
-
-    if (clients) {
-        *clients = clts;
-        clts = NULL;
-    }
-
-    virObjectListFreeCount(clts, ret);
-    return ret;
-}
-
-virNetServerClientPtr
-adminServerLookupClient(virNetServerPtr srv,
-                        unsigned long long id,
-                        unsigned int flags)
-{
-    virCheckFlags(0, NULL);
-
-    return virNetServerGetClient(srv, id);
-}
-
-int
-adminClientGetInfo(virNetServerClientPtr client,
-                   virTypedParameterPtr *params,
-                   int *nparams,
-                   unsigned int flags)
-{
-    int ret = -1;
-    int maxparams = 0;
-    bool readonly;
-    char *sock_addr = NULL;
-    const char *attr = NULL;
-    virTypedParameterPtr tmpparams = NULL;
-    virIdentityPtr identity = NULL;
-
-    virCheckFlags(0, -1);
-
-    if (virNetServerClientGetInfo(client, &readonly,
-                                  &sock_addr, &identity) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddBoolean(&tmpparams, nparams, &maxparams,
-                                 VIR_CLIENT_INFO_READONLY,
-                                 readonly) < 0)
-        goto cleanup;
-
-    if (virIdentityGetSASLUserName(identity, &attr) < 0 ||
-        (attr &&
-         virTypedParamsAddString(&tmpparams, nparams, &maxparams,
-                                 VIR_CLIENT_INFO_SASL_USER_NAME,
-                                 attr) < 0))
-        goto cleanup;
-
-    if (!virNetServerClientIsLocal(client)) {
-        if (virTypedParamsAddString(&tmpparams, nparams, &maxparams,
-                                    VIR_CLIENT_INFO_SOCKET_ADDR,
-                                    sock_addr) < 0)
-            goto cleanup;
-
-        if (virIdentityGetX509DName(identity, &attr) < 0 ||
-            (attr &&
-             virTypedParamsAddString(&tmpparams, nparams, &maxparams,
-                                     VIR_CLIENT_INFO_X509_DISTINGUISHED_NAME,
-                                     attr) < 0))
-            goto cleanup;
-    } else {
-        pid_t pid;
-        uid_t uid;
-        gid_t gid;
-        if (virIdentityGetUNIXUserID(identity, &uid) < 0 ||
-            virTypedParamsAddInt(&tmpparams, nparams, &maxparams,
-                                 VIR_CLIENT_INFO_UNIX_USER_ID, uid) < 0)
-            goto cleanup;
-
-        if (virIdentityGetUNIXUserName(identity, &attr) < 0 ||
-            virTypedParamsAddString(&tmpparams, nparams, &maxparams,
-                                    VIR_CLIENT_INFO_UNIX_USER_NAME,
-                                    attr) < 0)
-            goto cleanup;
-
-        if (virIdentityGetUNIXGroupID(identity, &gid) < 0 ||
-            virTypedParamsAddInt(&tmpparams, nparams, &maxparams,
-                                 VIR_CLIENT_INFO_UNIX_GROUP_ID, gid) < 0)
-            goto cleanup;
-
-        if (virIdentityGetUNIXGroupName(identity, &attr) < 0 ||
-            virTypedParamsAddString(&tmpparams, nparams, &maxparams,
-                                    VIR_CLIENT_INFO_UNIX_GROUP_NAME,
-                                    attr) < 0)
-            goto cleanup;
-
-        if (virIdentityGetUNIXProcessID(identity, &pid) < 0 ||
-            virTypedParamsAddInt(&tmpparams, nparams, &maxparams,
-                                 VIR_CLIENT_INFO_UNIX_PROCESS_ID, pid) < 0)
-            goto cleanup;
-    }
-
-    if (virIdentityGetSELinuxContext(identity, &attr) < 0 ||
-        (attr &&
-         virTypedParamsAddString(&tmpparams, nparams, &maxparams,
-                                VIR_CLIENT_INFO_SELINUX_CONTEXT, attr) < 0))
-        goto cleanup;
-
-    *params = tmpparams;
-    tmpparams = NULL;
-    ret = 0;
-
- cleanup:
-    virObjectUnref(identity);
-    VIR_FREE(sock_addr);
-    return ret;
-}
-
-int adminClientClose(virNetServerClientPtr client,
-                     unsigned int flags)
-{
-    virCheckFlags(0, -1);
-
-    virNetServerClientClose(client);
-    return 0;
-}
-
-int
-adminServerGetClientLimits(virNetServerPtr srv,
-                           virTypedParameterPtr *params,
-                           int *nparams,
-                           unsigned int flags)
-{
-    int ret = -1;
-    int maxparams = 0;
-    virTypedParameterPtr tmpparams = NULL;
-
-    virCheckFlags(0, -1);
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams, &maxparams,
-                              VIR_SERVER_CLIENTS_MAX,
-                              virNetServerGetMaxClients(srv)) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams, &maxparams,
-                              VIR_SERVER_CLIENTS_CURRENT,
-                              virNetServerGetCurrentClients(srv)) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams, &maxparams,
-                              VIR_SERVER_CLIENTS_UNAUTH_MAX,
-                              virNetServerGetMaxUnauthClients(srv)) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams, &maxparams,
-                              VIR_SERVER_CLIENTS_UNAUTH_CURRENT,
-                              virNetServerGetCurrentUnauthClients(srv)) < 0)
-        goto cleanup;
-
-    *params = tmpparams;
-    tmpparams = NULL;
-    ret = 0;
-
- cleanup:
-    virTypedParamsFree(tmpparams, *nparams);
-    return ret;
-}
-
-int
-adminServerSetClientLimits(virNetServerPtr srv,
-                           virTypedParameterPtr params,
-                           int nparams,
-                           unsigned int flags)
-{
-    long long int maxClients = -1;
-    long long int maxClientsUnauth = -1;
-    virTypedParameterPtr param = NULL;
-
-    virCheckFlags(0, -1);
-
-    if (virTypedParamsValidate(params, nparams,
-                               VIR_SERVER_CLIENTS_MAX,
-                               VIR_TYPED_PARAM_UINT,
-                               VIR_SERVER_CLIENTS_UNAUTH_MAX,
-                               VIR_TYPED_PARAM_UINT,
-                               NULL) < 0)
-        return -1;
-
-    if ((param = virTypedParamsGet(params, nparams,
-                                   VIR_SERVER_CLIENTS_MAX)))
-        maxClients = param->value.ui;
-
-    if ((param = virTypedParamsGet(params, nparams,
-                                   VIR_SERVER_CLIENTS_UNAUTH_MAX)))
-        maxClientsUnauth = param->value.ui;
-
-    if (virNetServerSetClientLimits(srv, maxClients,
-                                    maxClientsUnauth) < 0)
-        return -1;
-
-    return 0;
-}
+#include "admin_dispatch.h"
--- a/daemon/admin_server.h
+++ b/daemon/admin_server.h
@@ -1,7 +1,7 @@
 /*
- * admin_server.h: admin methods to manage daemons and clients
+ * admin_server.h
 *
- * Copyright (C) 2016 Red Hat, Inc.
+ * Copyright (C) 2014 Red Hat, Inc.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -17,59 +17,20 @@
 * License along with this library.  If not, see
 * <http://www.gnu.org/licenses/>.
 *
- * Authors: Erik Skultety <eskultet@redhat.com>
- *          Martin Kletzander <mkletzan@redhat.com>
+ * Author: Martin Kletzander <mkletzan@redhat.com>
 */

-#ifndef __LIBVIRTD_ADMIN_SERVER_H__
-# define __LIBVIRTD_ADMIN_SERVER_H__
+#ifndef __LIBVIRTD_ADMIN_H__
+# define __LIBVIRTD_ADMIN_H__

-# include "rpc/virnetdaemon.h"
-# include "rpc/virnetserver.h"
+# include "rpc/virnetserverprogram.h"
+# include "rpc/virnetserverclient.h"

-int adminConnectListServers(virNetDaemonPtr dmn,
-                            virNetServerPtr **servers,
-                            unsigned int flags);

-virNetServerPtr adminConnectLookupServer(virNetDaemonPtr dmn,
-                                         const char *name,
-                                         unsigned int flags);
+extern virNetServerProgramProc adminProcs[];
+extern size_t adminNProcs;

-int
-adminServerGetThreadPoolParameters(virNetServerPtr srv,
-                                   virTypedParameterPtr *params,
-                                   int *nparams,
-                                   unsigned int flags);
-int
-adminServerSetThreadPoolParameters(virNetServerPtr srv,
-                                   virTypedParameterPtr params,
-                                   int nparams,
-                                   unsigned int flags);
+void remoteAdmClientFreeFunc(void *data);
+void *remoteAdmClientInitHook(virNetServerClientPtr client, void *opaque);

-int adminServerListClients(virNetServerPtr srv,
-                           virNetServerClientPtr **clients,
-                           unsigned int flags);
-
-virNetServerClientPtr adminServerLookupClient(virNetServerPtr srv,
-                                              unsigned long long id,
-                                              unsigned int flags);
-
-int adminClientGetInfo(virNetServerClientPtr client,
-                       virTypedParameterPtr *params,
-                       int *nparams,
-                       unsigned int flags);
-
-int adminClientClose(virNetServerClientPtr client,
-                     unsigned int flags);
-
-int adminServerGetClientLimits(virNetServerPtr srv,
-                               virTypedParameterPtr *params,
-                               int *nparams,
-                               unsigned int flags);
-
-int adminServerSetClientLimits(virNetServerPtr srv,
-                               virTypedParameterPtr params,
-                               int nparams,
-                               unsigned int flags);
-
-#endif /* __LIBVIRTD_ADMIN_SERVER_H__ */
+#endif /* __ADMIN_REMOTE_H__ */
--- a/daemon/libvirtd-config.c
+++ b/daemon/libvirtd-config.c
@@ -39,38 +39,171 @@

 VIR_LOG_INIT("daemon.libvirtd-config");

-
+/* Allocate an array of malloc'd strings from the config file, filename
+ * (used only in diagnostics), using handle "conf".  Upon error, return -1
+ * and free any allocated memory.  Otherwise, save the array in *list_arg
+ * and return 0.
+ */
 static int
-remoteConfigGetAuth(virConfPtr conf,
-                    const char *filename,
-                    const char *key,
-                    int *auth)
+remoteConfigGetStringList(virConfPtr conf, const char *key, char ***list_arg,
+                          const char *filename)
 {
-    char *authstr = NULL;
-
-    if (virConfGetValueString(conf, key, &authstr) < 0)
-        return -1;
-
-    if (!authstr)
+    char **list;
+    virConfValuePtr p = virConfGetValue(conf, key);
+    if (!p)
        return 0;

-    if (STREQ(authstr, "none")) {
-        *auth = VIR_NET_SERVER_SERVICE_AUTH_NONE;
-#if WITH_SASL
-    } else if (STREQ(authstr, "sasl")) {
-        *auth = VIR_NET_SERVER_SERVICE_AUTH_SASL;
-#endif
-    } else if (STREQ(authstr, "polkit")) {
-        *auth = VIR_NET_SERVER_SERVICE_AUTH_POLKIT;
-    } else {
+    switch (p->type) {
+    case VIR_CONF_STRING:
+        if (VIR_ALLOC_N(list, 2) < 0) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                           _("failed to allocate memory for %s config list"),
+                           key);
+            return -1;
+        }
+        if (VIR_STRDUP(list[0], p->str) < 0) {
+            VIR_FREE(list);
+            return -1;
+        }
+        list[1] = NULL;
+        break;
+
+    case VIR_CONF_LIST: {
+        int len = 0;
+        size_t i;
+        virConfValuePtr pp;
+        for (pp = p->list; pp; pp = pp->next)
+            len++;
+        if (VIR_ALLOC_N(list, 1+len) < 0) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                           _("failed to allocate memory for %s config list"),
+                           key);
+            return -1;
+        }
+        for (i = 0, pp = p->list; pp; ++i, pp = pp->next) {
+            if (pp->type != VIR_CONF_STRING) {
+                virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                               _("remoteReadConfigFile: %s: %s:"
+                                 " must be a string or list of strings"),
+                               filename, key);
+                VIR_FREE(list);
+                return -1;
+            }
+            if (VIR_STRDUP(list[i], pp->str) < 0) {
+                size_t j;
+                for (j = 0; j < i; j++)
+                    VIR_FREE(list[j]);
+                VIR_FREE(list);
+                return -1;
+            }
+
+        }
+        list[i] = NULL;
+        break;
+    }
+
+    default:
        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                       _("%s: %s: unsupported auth %s"),
-                       filename, key, authstr);
-        VIR_FREE(authstr);
+                       _("remoteReadConfigFile: %s: %s:"
+                         " must be a string or list of strings"),
+                       filename, key);
+        return -1;
+    }
+
+    *list_arg = list;
+    return 0;
+}
+
+/* A helper function used by each of the following macros.  */
+static int
+checkType(virConfValuePtr p, const char *filename,
+          const char *key, virConfType required_type)
+{
+    if (p->type != required_type) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                       _("remoteReadConfigFile: %s: %s: invalid type:"
+                         " got %s; expected %s"), filename, key,
+                       virConfTypeToString(p->type),
+                       virConfTypeToString(required_type));
+        return -1;
+    }
+    return 0;
+}
+
+/* If there is no config data for the key, #var_name, then do nothing.
+   If there is valid data of type VIR_CONF_STRING, and VIR_STRDUP succeeds,
+   store the result in var_name.  Otherwise, (i.e. invalid type, or VIR_STRDUP
+   failure), give a diagnostic and "goto" the cleanup-and-fail label.  */
+#define GET_CONF_STR(conf, filename, var_name)                          \
+    do {                                                                \
+        virConfValuePtr p = virConfGetValue(conf, #var_name);           \
+        if (p) {                                                        \
+            if (checkType(p, filename, #var_name, VIR_CONF_STRING) < 0) \
+                goto error;                                             \
+            VIR_FREE(data->var_name);                                   \
+            if (VIR_STRDUP(data->var_name, p->str) < 0)                 \
+                goto error;                                             \
+        }                                                               \
+    } while (0)
+
+/* Like GET_CONF_STR, but for signed integral values.  */
+#define GET_CONF_INT(conf, filename, var_name)                          \
+    do {                                                                \
+        virConfValuePtr p = virConfGetValue(conf, #var_name);           \
+        if (p) {                                                        \
+            if (p->type != VIR_CONF_ULONG &&                            \
+                checkType(p, filename, #var_name, VIR_CONF_LONG) < 0)   \
+                goto error;                                             \
+            data->var_name = p->l;                                      \
+        }                                                               \
+    } while (0)
+
+/* Like GET_CONF_STR, but for unsigned integral values.  */
+#define GET_CONF_UINT(conf, filename, var_name)                         \
+    do {                                                                \
+        virConfValuePtr p = virConfGetValue(conf, #var_name);           \
+        if (p) {                                                        \
+            if (checkType(p, filename, #var_name, VIR_CONF_ULONG) < 0)  \
+                goto error;                                             \
+            data->var_name = p->l;                                      \
+        }                                                               \
+    } while (0)
+
+
+
+static int
+remoteConfigGetAuth(virConfPtr conf,
+                    const char *key,
+                    int *auth,
+                    const char *filename)
+{
+    virConfValuePtr p;
+
+    p = virConfGetValue(conf, key);
+    if (!p)
+        return 0;
+
+    if (checkType(p, filename, key, VIR_CONF_STRING) < 0)
+        return -1;
+
+    if (!p->str)
+        return 0;
+
+    if (STREQ(p->str, "none")) {
+        *auth = VIR_NET_SERVER_SERVICE_AUTH_NONE;
+#if WITH_SASL
+    } else if (STREQ(p->str, "sasl")) {
+        *auth = VIR_NET_SERVER_SERVICE_AUTH_SASL;
+#endif
+    } else if (STREQ(p->str, "polkit")) {
+        *auth = VIR_NET_SERVER_SERVICE_AUTH_POLKIT;
+    } else {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                       _("remoteReadConfigFile: %s: %s: unsupported auth %s"),
+                       filename, key, p->str);
        return -1;
    }

-    VIR_FREE(authstr);
    return 0;
 }

@@ -147,7 +280,6 @@ daemonConfigNew(bool privileged ATTRIBUTE_UNUSED)
    data->min_workers = 5;
    data->max_workers = 20;
    data->max_clients = 5000;
-    data->max_queued_clients = 1000;
    data->max_anonymous_clients = 20;

    data->prio_workers = 5;
@@ -234,7 +366,6 @@ daemonConfigFree(struct daemonConfig *data)
        tmp++;
    }
    VIR_FREE(data->sasl_allowed_username_list);
-    VIR_FREE(data->tls_priority);

    VIR_FREE(data->key_file);
    VIR_FREE(data->ca_file);
@@ -242,7 +373,6 @@ daemonConfigFree(struct daemonConfig *data)
    VIR_FREE(data->crl_file);

    VIR_FREE(data->host_uuid);
-    VIR_FREE(data->host_uuid_source);
    VIR_FREE(data->log_filters);
    VIR_FREE(data->log_outputs);

@@ -254,18 +384,13 @@ daemonConfigLoadOptions(struct daemonConfig *data,
                        const char *filename,
                        virConfPtr conf)
 {
-    if (virConfGetValueBool(conf, "listen_tcp", &data->listen_tcp) < 0)
-        goto error;
-    if (virConfGetValueBool(conf, "listen_tls", &data->listen_tls) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "tls_port", &data->tls_port) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "tcp_port", &data->tcp_port) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "listen_addr", &data->listen_addr) < 0)
-        goto error;
+    GET_CONF_UINT(conf, filename, listen_tcp);
+    GET_CONF_UINT(conf, filename, listen_tls);
+    GET_CONF_STR(conf, filename, tls_port);
+    GET_CONF_STR(conf, filename, tcp_port);
+    GET_CONF_STR(conf, filename, listen_addr);

-    if (remoteConfigGetAuth(conf, filename, "auth_unix_rw", &data->auth_unix_rw) < 0)
+    if (remoteConfigGetAuth(conf, "auth_unix_rw", &data->auth_unix_rw, filename) < 0)
        goto error;
 #if WITH_POLKIT
    /* Change default perms to be wide-open if PolicyKit is enabled.
@@ -277,116 +402,76 @@ daemonConfigLoadOptions(struct daemonConfig *data,
            goto error;
    }
 #endif
-    if (remoteConfigGetAuth(conf, filename, "auth_unix_ro", &data->auth_unix_ro) < 0)
+    if (remoteConfigGetAuth(conf, "auth_unix_ro", &data->auth_unix_ro, filename) < 0)
        goto error;
-    if (remoteConfigGetAuth(conf, filename, "auth_tcp", &data->auth_tcp) < 0)
+    if (remoteConfigGetAuth(conf, "auth_tcp", &data->auth_tcp, filename) < 0)
        goto error;
-    if (remoteConfigGetAuth(conf, filename, "auth_tls", &data->auth_tls) < 0)
+    if (remoteConfigGetAuth(conf, "auth_tls", &data->auth_tls, filename) < 0)
        goto error;

-    if (virConfGetValueStringList(conf, "access_drivers", false,
-                                  &data->access_drivers) < 0)
+    if (remoteConfigGetStringList(conf, "access_drivers",
+                                  &data->access_drivers, filename) < 0)
        goto error;

-    if (virConfGetValueString(conf, "unix_sock_group", &data->unix_sock_group) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "unix_sock_admin_perms", &data->unix_sock_admin_perms) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "unix_sock_ro_perms", &data->unix_sock_ro_perms) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "unix_sock_rw_perms", &data->unix_sock_rw_perms) < 0)
-        goto error;
+    GET_CONF_STR(conf, filename, unix_sock_group);
+    GET_CONF_STR(conf, filename, unix_sock_admin_perms);
+    GET_CONF_STR(conf, filename, unix_sock_ro_perms);
+    GET_CONF_STR(conf, filename, unix_sock_rw_perms);

-    if (virConfGetValueString(conf, "unix_sock_dir", &data->unix_sock_dir) < 0)
-        goto error;
+    GET_CONF_STR(conf, filename, unix_sock_dir);

-    if (virConfGetValueBool(conf, "mdns_adv", &data->mdns_adv) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "mdns_name", &data->mdns_name) < 0)
-        goto error;
+    GET_CONF_UINT(conf, filename, mdns_adv);
+    GET_CONF_STR(conf, filename, mdns_name);

-    if (virConfGetValueBool(conf, "tls_no_sanity_certificate", &data->tls_no_sanity_certificate) < 0)
-        goto error;
-    if (virConfGetValueBool(conf, "tls_no_verify_certificate", &data->tls_no_verify_certificate) < 0)
-        goto error;
+    GET_CONF_UINT(conf, filename, tls_no_sanity_certificate);
+    GET_CONF_UINT(conf, filename, tls_no_verify_certificate);

-    if (virConfGetValueString(conf, "key_file", &data->key_file) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "cert_file", &data->cert_file) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "ca_file", &data->ca_file) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "crl_file", &data->crl_file) < 0)
-        goto error;
+    GET_CONF_STR(conf, filename, key_file);
+    GET_CONF_STR(conf, filename, cert_file);
+    GET_CONF_STR(conf, filename, ca_file);
+    GET_CONF_STR(conf, filename, crl_file);

-    if (virConfGetValueStringList(conf, "tls_allowed_dn_list", false,
-                                  &data->tls_allowed_dn_list) < 0)
+    if (remoteConfigGetStringList(conf, "tls_allowed_dn_list",
+                                  &data->tls_allowed_dn_list, filename) < 0)
        goto error;


-    if (virConfGetValueStringList(conf, "sasl_allowed_username_list", false,
-                                  &data->sasl_allowed_username_list) < 0)
+    if (remoteConfigGetStringList(conf, "sasl_allowed_username_list",
+                                  &data->sasl_allowed_username_list, filename) < 0)
        goto error;

-    if (virConfGetValueString(conf, "tls_priority", &data->tls_priority) < 0)
-        goto error;

-    if (virConfGetValueUInt(conf, "min_workers", &data->min_workers) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "max_workers", &data->max_workers) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "max_clients", &data->max_clients) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "max_queued_clients", &data->max_queued_clients) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "max_anonymous_clients", &data->max_anonymous_clients) < 0)
-        goto error;
+    GET_CONF_UINT(conf, filename, min_workers);
+    GET_CONF_UINT(conf, filename, max_workers);
+    GET_CONF_UINT(conf, filename, max_clients);
+    GET_CONF_UINT(conf, filename, max_queued_clients);
+    GET_CONF_UINT(conf, filename, max_anonymous_clients);

-    if (virConfGetValueUInt(conf, "prio_workers", &data->prio_workers) < 0)
-        goto error;
+    GET_CONF_UINT(conf, filename, prio_workers);

-    if (virConfGetValueUInt(conf, "max_requests", &data->max_requests) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "max_client_requests", &data->max_client_requests) < 0)
-        goto error;
+    GET_CONF_INT(conf, filename, max_requests);
+    GET_CONF_UINT(conf, filename, max_client_requests);

-    if (virConfGetValueUInt(conf, "admin_min_workers", &data->admin_min_workers) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "admin_max_workers", &data->admin_max_workers) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "admin_max_clients", &data->admin_max_clients) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "admin_max_queued_clients", &data->admin_max_queued_clients) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "admin_max_client_requests", &data->admin_max_client_requests) < 0)
-        goto error;
+    GET_CONF_UINT(conf, filename, admin_min_workers);
+    GET_CONF_UINT(conf, filename, admin_max_workers);
+    GET_CONF_UINT(conf, filename, admin_max_clients);
+    GET_CONF_UINT(conf, filename, admin_max_queued_clients);
+    GET_CONF_UINT(conf, filename, admin_max_client_requests);

-    if (virConfGetValueUInt(conf, "audit_level", &data->audit_level) < 0)
-        goto error;
-    if (virConfGetValueBool(conf, "audit_logging", &data->audit_logging) < 0)
-        goto error;
+    GET_CONF_UINT(conf, filename, audit_level);
+    GET_CONF_UINT(conf, filename, audit_logging);

-    if (virConfGetValueString(conf, "host_uuid", &data->host_uuid) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "host_uuid_source", &data->host_uuid_source) < 0)
-        goto error;
+    GET_CONF_STR(conf, filename, host_uuid);

-    if (virConfGetValueUInt(conf, "log_level", &data->log_level) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "log_filters", &data->log_filters) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "log_outputs", &data->log_outputs) < 0)
-        goto error;
+    GET_CONF_UINT(conf, filename, log_level);
+    GET_CONF_STR(conf, filename, log_filters);
+    GET_CONF_STR(conf, filename, log_outputs);

-    if (virConfGetValueInt(conf, "keepalive_interval", &data->keepalive_interval) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "keepalive_count", &data->keepalive_count) < 0)
-        goto error;
+    GET_CONF_INT(conf, filename, keepalive_interval);
+    GET_CONF_UINT(conf, filename, keepalive_count);

-    if (virConfGetValueInt(conf, "admin_keepalive_interval", &data->admin_keepalive_interval) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "admin_keepalive_count", &data->admin_keepalive_count) < 0)
-        goto error;
+    GET_CONF_INT(conf, filename, admin_keepalive_interval);
+    GET_CONF_UINT(conf, filename, admin_keepalive_count);

    return 0;

--- a/daemon/libvirtd-config.h
+++ b/daemon/libvirtd-config.h
@@ -28,10 +28,9 @@

 struct daemonConfig {
    char *host_uuid;
-    char *host_uuid_source;

-    bool listen_tls;
-    bool listen_tcp;
+    int listen_tls;
+    int listen_tcp;
    char *listen_addr;
    char *tls_port;
    char *tcp_port;
@@ -49,46 +48,45 @@ struct daemonConfig {

    char **access_drivers;

-    bool mdns_adv;
+    int mdns_adv;
    char *mdns_name;

-    bool tls_no_verify_certificate;
-    bool tls_no_sanity_certificate;
+    int tls_no_verify_certificate;
+    int tls_no_sanity_certificate;
    char **tls_allowed_dn_list;
    char **sasl_allowed_username_list;
-    char *tls_priority;

    char *key_file;
    char *cert_file;
    char *ca_file;
    char *crl_file;

-    unsigned int min_workers;
-    unsigned int max_workers;
-    unsigned int max_clients;
-    unsigned int max_queued_clients;
-    unsigned int max_anonymous_clients;
+    int min_workers;
+    int max_workers;
+    int max_clients;
+    int max_queued_clients;
+    int max_anonymous_clients;

-    unsigned int prio_workers;
+    int prio_workers;

-    unsigned int max_requests;
-    unsigned int max_client_requests;
+    int max_requests;
+    int max_client_requests;

-    unsigned int log_level;
+    int log_level;
    char *log_filters;
    char *log_outputs;

-    unsigned int audit_level;
-    bool audit_logging;
+    int audit_level;
+    int audit_logging;

    int keepalive_interval;
    unsigned int keepalive_count;

-    unsigned int admin_min_workers;
-    unsigned int admin_max_workers;
-    unsigned int admin_max_clients;
-    unsigned int admin_max_queued_clients;
-    unsigned int admin_max_client_requests;
+    int admin_min_workers;
+    int admin_max_workers;
+    int admin_max_clients;
+    int admin_max_queued_clients;
+    int admin_max_client_requests;

    int admin_keepalive_interval;
    unsigned int admin_keepalive_count;
--- a/daemon/libvirtd.aug
+++ b/daemon/libvirtd.aug
@@ -13,7 +13,7 @@ module Libvirtd =

   let str_val = del /\"/ "\"" . store /[^\"]*/ . del /\"/ "\""
   let bool_val = store /0|1/
-   let int_val = store /-?[0-9]+/
+   let int_val = store /[0-9]+/
   let str_array_element = [ seq "el" . str_val ] . del /[ \t\n]*/ ""
   let str_array_val = counter "el" . array_start . ( str_array_element . ( array_sep . str_array_element ) * ) ? . array_end

@@ -53,7 +53,6 @@ module Libvirtd =
                           | str_array_entry "tls_allowed_dn_list"
                           | str_array_entry "sasl_allowed_username_list"
                           | str_array_entry "access_drivers"
-                           | str_entry "tls_priority"

   let processing_entry = int_entry "min_workers"
                        | int_entry "max_workers"
@@ -87,7 +86,6 @@ module Libvirtd =
                             | bool_entry "admin_keepalive_required"

   let misc_entry = str_entry "host_uuid"
-                  | str_entry "host_uuid_source"

   (* Each enty in the config is one of the following three ... *)
   let entry = network_entry
--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
@@ -30,6 +30,7 @@
 #include <getopt.h>
 #include <stdlib.h>
 #include <grp.h>
+#include <locale.h>

 #include "libvirt_internal.h"
 #include "virerror.h"
@@ -43,7 +44,7 @@
 #include "libvirtd.h"
 #include "libvirtd-config.h"

-#include "admin.h"
+#include "admin_server.h"
 #include "viruuid.h"
 #include "remote_driver.h"
 #include "viralloc.h"
@@ -57,7 +58,6 @@
 #include "locking/lock_manager.h"
 #include "viraccessmanager.h"
 #include "virutil.h"
-#include "virgettext.h"

 #ifdef WITH_DRIVER_MODULES
 # include "driver.h"
@@ -102,9 +102,6 @@
 #  include "nwfilter/nwfilter_driver.h"
 # endif
 #endif
-#ifdef WITH_VZ
-# include "vz/vz_driver.h"
-#endif

 #include "configmake.h"

@@ -333,8 +330,6 @@ static int daemonErrorLogFilter(virErrorPtr err, int priority)
    case VIR_ERR_NO_DOMAIN_SNAPSHOT:
    case VIR_ERR_OPERATION_INVALID:
    case VIR_ERR_NO_DOMAIN_METADATA:
-    case VIR_ERR_NO_SERVER:
-    case VIR_ERR_NO_CLIENT:
        return VIR_LOG_DEBUG;
    }

@@ -395,9 +390,6 @@ static void daemonInitialize(void)
 # ifdef WITH_BHYVE
    virDriverLoadModule("bhyve");
 # endif
-# ifdef WITH_VZ
-    virDriverLoadModule("vz");
-# endif
 #else
 # ifdef WITH_NETWORK
    networkRegister();
@@ -438,9 +430,6 @@ static void daemonInitialize(void)
 # ifdef WITH_BHYVE
    bhyveRegister();
 # endif
-# ifdef WITH_VZ
-    vzRegister();
-# endif
 #endif
 }

@@ -533,7 +522,8 @@ daemonSetupNetworking(virNetServerPtr srv,
        virNetServerAddService(srv, svcRO, NULL) < 0)
        goto cleanup;

-    if (sock_path_adm) {
+    /* Temporarily disabled */
+    if (sock_path_adm && false) {
        VIR_DEBUG("Registering unix socket %s", sock_path_adm);
        if (!(svcAdm = virNetServerServiceNewUNIX(sock_path_adm,
                                                  unix_sock_adm_mask,
@@ -542,7 +532,7 @@ daemonSetupNetworking(virNetServerPtr srv,
 #if WITH_GNUTLS
                                                  NULL,
 #endif
-                                                  false,
+                                                  true,
                                                  config->admin_max_queued_clients,
                                                  config->admin_max_client_requests)))
            goto cleanup;
@@ -584,7 +574,6 @@ daemonSetupNetworking(virNetServerPtr srv,
                                                       config->cert_file,
                                                       config->key_file,
                                                       (const char *const*)config->tls_allowed_dn_list,
-                                                       config->tls_priority,
                                                       config->tls_no_sanity_certificate ? false : true,
                                                       config->tls_no_verify_certificate ? false : true)))
                    goto cleanup;
@@ -592,7 +581,6 @@ daemonSetupNetworking(virNetServerPtr srv,
                if (!(ctxt = virNetTLSContextNewServerPath(NULL,
                                                           !privileged,
                                                           (const char *const*)config->tls_allowed_dn_list,
-                                                           config->tls_priority,
                                                           config->tls_no_sanity_certificate ? false : true,
                                                           config->tls_no_verify_certificate ? false : true)))
                    goto cleanup;
@@ -1079,39 +1067,6 @@ static int migrateProfile(void)
    return ret;
 }

-static int
-daemonSetupHostUUID(const struct daemonConfig *config)
-{
-    static const char *machine_id = "/etc/machine-id";
-    char buf[VIR_UUID_STRING_BUFLEN];
-    const char *uuid;
-
-    if (config->host_uuid) {
-        uuid = config->host_uuid;
-    } else if (!config->host_uuid_source ||
-               STREQ(config->host_uuid_source, "smbios")) {
-        /* smbios UUID is fetched on demand in virGetHostUUID */
-        return 0;
-    } else if (STREQ(config->host_uuid_source, "machine-id")) {
-        if (virFileReadBufQuiet(machine_id, buf, sizeof(buf)) < 0) {
-            VIR_ERROR(_("Can't read %s"), machine_id);
-            return -1;
-        }
-
-        uuid = buf;
-    } else {
-        VIR_ERROR(_("invalid UUID source: %s"), config->host_uuid_source);
-        return -1;
-    }
-
-    if (virSetHostUUIDStr(uuid)) {
-        VIR_ERROR(_("invalid host UUID: %s"), uuid);
-        return -1;
-    }
-
-    return 0;
-}
-
 /* Print command-line usage. */
 static void
 daemonUsage(const char *argv0, bool privileged)
@@ -1217,7 +1172,9 @@ int main(int argc, char **argv) {
        {0, 0, 0, 0}
    };

-    if (virGettextInitialize() < 0 ||
+    if (setlocale(LC_ALL, "") == NULL ||
+        bindtextdomain(PACKAGE, LOCALEDIR) == NULL ||
+        textdomain(PACKAGE) == NULL ||
        virInitialize() < 0) {
        fprintf(stderr, _("%s: initialization failed\n"), argv[0]);
        exit(EXIT_FAILURE);
@@ -1316,8 +1273,12 @@ int main(int argc, char **argv) {
    /* Read the config file if it exists*/
    if (remote_config_file &&
        daemonConfigLoadFile(config, remote_config_file, implicit_conf) < 0) {
-        VIR_ERROR(_("Can't load config file: %s: %s"),
-                  virGetLastErrorMessage(), remote_config_file);
+        virErrorPtr err = virGetLastError();
+        if (err && err->message)
+            VIR_ERROR(_("Can't load config file: %s: %s"),
+                      err->message, remote_config_file);
+        else
+            VIR_ERROR(_("Can't load config file: %s"), remote_config_file);
        exit(EXIT_FAILURE);
    }

@@ -1327,8 +1288,9 @@ int main(int argc, char **argv) {
        exit(EXIT_FAILURE);
    }

-    if (daemonSetupHostUUID(config) < 0) {
-        VIR_ERROR(_("Can't setup host uuid"));
+    if (config->host_uuid &&
+        virSetHostUUIDStr(config->host_uuid) < 0) {
+        VIR_ERROR(_("invalid host UUID: %s"), config->host_uuid);
        exit(EXIT_FAILURE);
    }

@@ -1420,8 +1382,7 @@ int main(int argc, char **argv) {
        goto cleanup;
    }

-    if (!(srv = virNetServerNew("libvirtd", 1,
-                                config->min_workers,
+    if (!(srv = virNetServerNew(config->min_workers,
                                config->max_workers,
                                config->prio_workers,
                                config->max_clients,
@@ -1495,8 +1456,7 @@ int main(int argc, char **argv) {
        goto cleanup;
    }

-    if (!(srvAdm = virNetServerNew("admin", 1,
-                                   config->admin_min_workers,
+    if (!(srvAdm = virNetServerNew(config->admin_min_workers,
                                   config->admin_max_workers,
                                   0,
                                   config->admin_max_clients,
--- a/daemon/libvirtd.conf
+++ b/daemon/libvirtd.conf
@@ -77,6 +77,11 @@
 # UNIX socket access controls
 #

+# Beware that if you are changing *any* of these options, and you use
+# socket activation with systemd, you need to adjust the settings in
+# the libvirtd.socket file as well since it could impose a security
+# risk if you rely on file permission checking only.
+
 # Set the UNIX domain socket group ownership. This can be used to
 # allow a 'trusted' set of users access to management capabilities
 # without becoming root.
@@ -242,7 +247,7 @@
 #tls_allowed_dn_list = ["DN1", "DN2"]


-# A whitelist of allowed SASL usernames. The format for username
+# A whitelist of allowed SASL usernames. The format for usernames
 # depends on the SASL authentication mechanism. Kerberos usernames
 # look like username@REALM
 #
@@ -259,13 +264,6 @@
 #sasl_allowed_username_list = ["joe@EXAMPLE.COM", "fred@EXAMPLE.COM" ]


-# Override the compile time default TLS priority string. The
-# default is usually "NORMAL" unless overridden at build time.
-# Only set this is it is desired for libvirt to deviate from
-# the global default settings.
-#
-#tls_priority="NORMAL"
-

 #################################################################
 #
@@ -283,8 +281,8 @@
 #max_queued_clients = 1000

 # The maximum length of queue of accepted but not yet
-# authenticated clients. The default value is 20. Set this to
-# zero to turn this feature off.
+# authenticated clients. The default value is zero, meaning
+# the feature is disabled.
 #max_anonymous_clients = 20

 # The minimum limit sets the number of workers to start up
@@ -346,16 +344,10 @@
 # The format for a filter is one of:
 #    x:name
 #    x:+name
-
-#      where name is a string which is matched against the category
-#      given in the VIR_LOG_INIT() at the top of each libvirt source
-#      file, e.g., "remote", "qemu", or "util.json" (the name in the
-#      filter can be a substring of the full category name, in order
-#      to match multiple similar categories), the optional "+" prefix
-#      tells libvirt to log stack trace for each message matching
-#      name, and x is the minimal level where matching messages should
-#      be logged:
-
+#      where name is a string which is matched against source file name,
+#      e.g., "remote", "qemu", or "util/json", the optional "+" prefix
+#      tells libvirt to log stack trace for each message matching name,
+#      and x is the minimal level where matching messages should be logged:
 #    1: DEBUG
 #    2: INFO
 #    3: WARNING
@@ -417,16 +409,10 @@

 ###################################################################
 # UUID of the host:
-# Host UUID is read from one of the sources specified in host_uuid_source.
-#
-# - 'smbios': fetch the UUID from 'dmidecode -s system-uuid'
-# - 'machine-id': fetch the UUID from /etc/machine-id
-#
-# The host_uuid_source default is 'smbios'. If 'dmidecode' does not provide
-# a valid UUID a temporary UUID will be generated.
-#
-# Another option is to specify host UUID in host_uuid.
-#
+# Provide the UUID of the host here in case the command
+# 'dmidecode -s system-uuid' does not provide a valid uuid. In case
+# 'dmidecode' does not provide a valid UUID and none is provided here, a
+# temporary UUID will be generated.
 # Keep the format of the example UUID below. UUID must not have all digits
 # be the same.

@@ -434,7 +420,6 @@
 # it with the output of the 'uuidgen' command and then
 # uncomment this entry
 #host_uuid = "00000000-0000-0000-0000-000000000000"
-#host_uuid_source = "smbios"

 ###################################################################
 # Keepalive protocol:
--- a/daemon/libvirtd.h
+++ b/daemon/libvirtd.h
@@ -60,11 +60,6 @@ struct daemonClientPrivate {
    size_t nnetworkEventCallbacks;
    daemonClientEventCallbackPtr *qemuEventCallbacks;
    size_t nqemuEventCallbacks;
-    daemonClientEventCallbackPtr *storageEventCallbacks;
-    size_t nstorageEventCallbacks;
-    daemonClientEventCallbackPtr *nodeDeviceEventCallbacks;
-    size_t nnodeDeviceEventCallbacks;
-    bool closeRegistered;

 # if WITH_SASL
    virNetSASLSessionPtr sasl;
--- a/daemon/libvirtd.init.in
+++ b/daemon/libvirtd.init.in
@@ -1,16 +1,19 @@
 #!/bin/sh

 # the following is the LSB init header see
-# http://refspecs.linuxfoundation.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic/initscrcomconv.html
+# http://www.linux-foundation.org/spec//booksets/LSB-Core-generic/LSB-Core-generic.html#INITSCRCOMCONV
 #
 ### BEGIN INIT INFO
 # Provides: libvirtd
+# Required-Start: $network messagebus
+# Should-Start: $named
+# Should-Start: xend
+# Should-Start: avahi-daemon
+# Should-Start: virtlockd
+# Required-Stop: $network messagebus
+# Should-Stop: $named
 # Default-Start: 3 4 5
 # Default-Stop: 0 1 2 6
-# Required-Start: $network messagebus virtlogd
-# Required-Stop: $network messagebus
-# Should-Start: $named xend avahi-daemon virtlockd
-# Should-Stop: $named
 # Short-Description: daemon for libvirt virtualization API
 # Description: This is a daemon for managing guest instances
 #              and libvirt virtual networks
--- a/daemon/libvirtd.pod.in
+++ b/daemon/libvirtd.pod.in
@@ -4,7 +4,9 @@ libvirtd - libvirtd management daemon

 =head1 SYNOPSIS

-B<libvirtd> [I<OPTION>]...
+B<libvirtd> [ -dlv ] [ -f config_file ] [ -p pid_file ] [ -t timeout_seconds ]
+
+B<libvirtd> --version

 =head1 DESCRIPTION

--- a/daemon/libvirtd.service.in
+++ b/daemon/libvirtd.service.in
@@ -1,11 +1,5 @@
-# NB we don't use socket activation. When libvirtd starts it will
-# spawn any virtual machines registered for autostart. We want this
-# to occur on every boot, regardless of whether any client connects
-# to a socket. Thus socket activation doesn't have any benefit
-
 [Unit]
 Description=Virtualization daemon
-Requires=virtlogd.socket
 Before=libvirt-guests.service
 After=network.target
 After=dbus.service
@@ -28,5 +22,3 @@ Restart=on-failure

 [Install]
 WantedBy=multi-user.target
-Also=virtlockd.socket
-Also=virtlogd.socket
--- a/daemon/libvirtd.socket.in
+++ b/daemon/libvirtd.socket.in
@@ -0,0 +1,11 @@
+[Socket]
+ListenStream=@runstatedir@/libvirt/libvirt-sock
+ListenStream=@runstatedir@/libvirt/libvirt-sock-ro
+
+; The following settings must match libvirtd.conf file in order to
+; work as expected because libvirtd can't change them later.
+; SocketMode=0777 is safe only if authentication on the socket is set
+; up.  For further information, please see the libvirtd.conf file.
+SocketMode=0777
+SocketUser=root
+SocketGroup=root
--- a/daemon/remote.c
+++ b/daemon/remote.c
--- a/daemon/stream.c
+++ b/daemon/stream.c
@@ -42,15 +42,15 @@ struct daemonClientStream {

    virStreamPtr st;
    int procedure;
-    unsigned int serial;
+    int serial;

-    bool recvEOF;
-    bool closed;
+    unsigned int recvEOF : 1;
+    unsigned int closed : 1;

    int filterID;

    virNetMessagePtr rx;
-    bool tx;
+    int tx;

    daemonClientStreamPtr next;
 };
@@ -76,8 +76,6 @@ static void
 daemonStreamUpdateEvents(daemonClientStream *stream)
 {
    int newEvents = 0;
-    if (stream->closed)
-        return;
    if (stream->rx)
        newEvents |= VIR_STREAM_EVENT_WRITABLE;
    if (stream->tx && !stream->recvEOF)
@@ -94,14 +92,14 @@ daemonStreamUpdateEvents(daemonClientStream *stream)
 * fast stream, but slow client
 */
 static void
-daemonStreamMessageFinished(virNetMessagePtr msg,
+daemonStreamMessageFinished(virNetMessagePtr msg ATTRIBUTE_UNUSED,
                            void *opaque)
 {
    daemonClientStream *stream = opaque;
-    VIR_DEBUG("stream=%p proc=%d serial=%u",
+    VIR_DEBUG("stream=%p proc=%d serial=%d",
              stream, msg->header.proc, msg->header.serial);

-    stream->tx = true;
+    stream->tx = 1;
    daemonStreamUpdateEvents(stream);

    daemonFreeClientStream(NULL, stream);
@@ -199,8 +197,8 @@ daemonStreamEvent(virStreamPtr st, int events, void *opaque)
        (events & VIR_STREAM_EVENT_HANGUP)) {
        virNetMessagePtr msg;
        events &= ~(VIR_STREAM_EVENT_HANGUP);
-        stream->tx = false;
-        stream->recvEOF = true;
+        stream->tx = 0;
+        stream->recvEOF = 1;
        if (!(msg = virNetMessageNew(false))) {
            daemonRemoveClientStream(client, stream);
            virNetServerClientClose(client);
@@ -229,7 +227,7 @@ daemonStreamEvent(virStreamPtr st, int events, void *opaque)
        virNetMessageError rerr;

        memset(&rerr, 0, sizeof(rerr));
-        stream->closed = true;
+        stream->closed = 1;
        virStreamEventRemoveCallback(stream->st);
        virStreamAbort(stream->st);
        if (events & VIR_STREAM_EVENT_HANGUP)
@@ -295,7 +293,7 @@ daemonStreamFilter(virNetServerClientPtr client ATTRIBUTE_UNUSED,
        msg->header.serial != stream->serial)
        goto cleanup;

-    VIR_DEBUG("Incoming client=%p, rx=%p, serial=%u, proc=%d, status=%d",
+    VIR_DEBUG("Incoming client=%p, rx=%p, serial=%d, proc=%d, status=%d",
              client, stream->rx, msg->header.proc,
              msg->header.serial, msg->header.status);

@@ -326,7 +324,7 @@ daemonCreateClientStream(virNetServerClientPtr client,
    daemonClientStream *stream;
    daemonClientPrivatePtr priv = virNetServerClientGetPrivateData(client);

-    VIR_DEBUG("client=%p, proc=%d, serial=%u, st=%p",
+    VIR_DEBUG("client=%p, proc=%d, serial=%d, st=%p",
              client, header->proc, header->serial, st);

    if (VIR_ALLOC(stream) < 0)
@@ -362,7 +360,7 @@ int daemonFreeClientStream(virNetServerClientPtr client,
    if (stream->refs)
        return 0;

-    VIR_DEBUG("client=%p, proc=%d, serial=%u",
+    VIR_DEBUG("client=%p, proc=%d, serial=%d",
              client, stream->procedure, stream->serial);

    virObjectUnref(stream->prog);
@@ -400,7 +398,7 @@ int daemonAddClientStream(virNetServerClientPtr client,
                          daemonClientStream *stream,
                          bool transmit)
 {
-    VIR_DEBUG("client=%p, proc=%d, serial=%u, st=%p, transmit=%d",
+    VIR_DEBUG("client=%p, proc=%d, serial=%d, st=%p, transmit=%d",
              client, stream->procedure, stream->serial, stream->st, transmit);
    daemonClientPrivatePtr priv = virNetServerClientGetPrivateData(client);

@@ -424,7 +422,7 @@ int daemonAddClientStream(virNetServerClientPtr client,
    }

    if (transmit)
-        stream->tx = true;
+        stream->tx = 1;

    virMutexLock(&priv->lock);
    stream->next = priv->streams;
@@ -444,13 +442,13 @@ int daemonAddClientStream(virNetServerClientPtr client,
 *
 * Removes a stream from the list of active streams for the client
 *
- * Returns 0 if the stream was removed, -1 if it doesn't exist
+ * Returns 0 if the stream was removd, -1 if it doesn't exist
 */
 int
 daemonRemoveClientStream(virNetServerClientPtr client,
                         daemonClientStream *stream)
 {
-    VIR_DEBUG("client=%p, proc=%d, serial=%u, st=%p",
+    VIR_DEBUG("client=%p, proc=%d, serial=%d, st=%p",
              client, stream->procedure, stream->serial, stream->st);
    daemonClientPrivatePtr priv = virNetServerClientGetPrivateData(client);
    daemonClientStream *curr = priv->streams;
@@ -463,7 +461,6 @@ daemonRemoveClientStream(virNetServerClientPtr client,
    }

    if (!stream->closed) {
-        stream->closed = true;
        virStreamEventRemoveCallback(stream->st);
        virStreamAbort(stream->st);
    }
@@ -494,7 +491,6 @@ daemonRemoveAllClientStreams(daemonClientStream *stream)
        tmp = stream->next;

        if (!stream->closed) {
-            stream->closed = true;
            virStreamEventRemoveCallback(stream->st);
            virStreamAbort(stream->st);
        }
@@ -519,7 +515,7 @@ daemonStreamHandleWriteData(virNetServerClientPtr client,
 {
    int ret;

-    VIR_DEBUG("client=%p, stream=%p, proc=%d, serial=%u, len=%zu, offset=%zu",
+    VIR_DEBUG("client=%p, stream=%p, proc=%d, serial=%d, len=%zu, offset=%zu",
              client, stream, msg->header.proc, msg->header.serial,
              msg->bufferLength, msg->bufferOffset);

@@ -542,10 +538,7 @@ daemonStreamHandleWriteData(virNetServerClientPtr client,
        memset(&rerr, 0, sizeof(rerr));

        VIR_INFO("Stream send failed");
-        stream->closed = true;
-        virStreamEventRemoveCallback(stream->st);
-        virStreamAbort(stream->st);
-
+        stream->closed = 1;
        return virNetServerProgramSendReplyError(stream->prog,
                                                 client,
                                                 msg,
@@ -572,10 +565,10 @@ daemonStreamHandleFinish(virNetServerClientPtr client,
 {
    int ret;

-    VIR_DEBUG("client=%p, stream=%p, proc=%d, serial=%u",
+    VIR_DEBUG("client=%p, stream=%p, proc=%d, serial=%d",
              client, stream, msg->header.proc, msg->header.serial);

-    stream->closed = true;
+    stream->closed = 1;
    virStreamEventRemoveCallback(stream->st);
    ret = virStreamFinish(stream->st);

@@ -609,42 +602,31 @@ daemonStreamHandleAbort(virNetServerClientPtr client,
                        daemonClientStream *stream,
                        virNetMessagePtr msg)
 {
-    VIR_DEBUG("client=%p, stream=%p, proc=%d, serial=%u",
+    VIR_DEBUG("client=%p, stream=%p, proc=%d, serial=%d",
              client, stream, msg->header.proc, msg->header.serial);
-    int ret;
-    bool raise_error = false;
+    virNetMessageError rerr;

-    stream->closed = true;
+    memset(&rerr, 0, sizeof(rerr));
+
+    stream->closed = 1;
    virStreamEventRemoveCallback(stream->st);
-    ret = virStreamAbort(stream->st);
+    virStreamAbort(stream->st);

    if (msg->header.status == VIR_NET_ERROR) {
-        VIR_INFO("stream aborted at client request");
-        raise_error = (ret < 0);
+        virReportError(VIR_ERR_RPC,
+                       "%s", _("stream aborted at client request"));
    } else {
+        VIR_WARN("unexpected stream status %d", msg->header.status);
        virReportError(VIR_ERR_RPC,
                       _("stream aborted with unexpected status %d"),
                       msg->header.status);
-        raise_error = true;
    }

-    if (raise_error) {
-        virNetMessageError rerr;
-        memset(&rerr, 0, sizeof(rerr));
-        return virNetServerProgramSendReplyError(remoteProgram,
-                                                 client,
-                                                 msg,
-                                                 &rerr,
-                                                 &msg->header);
-    } else {
-        /* Send zero-length confirm */
-        return virNetServerProgramSendStreamData(stream->prog,
-                                                 client,
-                                                 msg,
-                                                 stream->procedure,
-                                                 stream->serial,
-                                                 NULL, 0);
-    }
+    return virNetServerProgramSendReplyError(remoteProgram,
+                                             client,
+                                             msg,
+                                             &rerr,
+                                             &msg->header);
 }


@@ -727,12 +709,9 @@ static int
 daemonStreamHandleRead(virNetServerClientPtr client,
                       daemonClientStream *stream)
 {
-    virNetMessagePtr msg = NULL;
-    virNetMessageError rerr;
    char *buffer;
    size_t bufferLen = VIR_NET_MESSAGE_LEGACY_PAYLOAD_MAX;
-    int ret = -1;
-    int rv;
+    int ret;

    VIR_DEBUG("client=%p, stream=%p tx=%d closed=%d",
              client, stream, stream->tx, stream->closed);
@@ -749,48 +728,50 @@ daemonStreamHandleRead(virNetServerClientPtr client,
    if (!stream->tx)
        return 0;

-    memset(&rerr, 0, sizeof(rerr));
-
    if (VIR_ALLOC_N(buffer, bufferLen) < 0)
        return -1;

-    if (!(msg = virNetMessageNew(false)))
-        goto cleanup;
-
-    rv = virStreamRecv(stream->st, buffer, bufferLen);
-    if (rv == -2) {
+    ret = virStreamRecv(stream->st, buffer, bufferLen);
+    if (ret == -2) {
        /* Should never get this, since we're only called when we know
         * we're readable, but hey things change... */
-    } else if (rv < 0) {
-        if (virNetServerProgramSendStreamError(remoteProgram,
-                                               client,
-                                               msg,
-                                               &rerr,
-                                               stream->procedure,
-                                               stream->serial) < 0)
-            goto cleanup;
-        msg = NULL;
-    } else {
-        stream->tx = false;
-        if (rv == 0)
-            stream->recvEOF = true;
+        ret = 0;
+    } else if (ret < 0) {
+        virNetMessagePtr msg;
+        virNetMessageError rerr;

-        msg->cb = daemonStreamMessageFinished;
-        msg->opaque = stream;
-        stream->refs++;
-        if (virNetServerProgramSendStreamData(remoteProgram,
-                                              client,
-                                              msg,
-                                              stream->procedure,
-                                              stream->serial,
-                                              buffer, rv) < 0)
-            goto cleanup;
-        msg = NULL;
+        memset(&rerr, 0, sizeof(rerr));
+
+        if (!(msg = virNetMessageNew(false)))
+            ret = -1;
+        else
+            ret = virNetServerProgramSendStreamError(remoteProgram,
+                                                     client,
+                                                     msg,
+                                                     &rerr,
+                                                     stream->procedure,
+                                                     stream->serial);
+    } else {
+        virNetMessagePtr msg;
+        stream->tx = 0;
+        if (ret == 0)
+            stream->recvEOF = 1;
+        if (!(msg = virNetMessageNew(false)))
+            ret = -1;
+
+        if (msg) {
+            msg->cb = daemonStreamMessageFinished;
+            msg->opaque = stream;
+            stream->refs++;
+            ret = virNetServerProgramSendStreamData(remoteProgram,
+                                                    client,
+                                                    msg,
+                                                    stream->procedure,
+                                                    stream->serial,
+                                                    buffer, ret);
+        }
    }

-    ret = 0;
- cleanup:
    VIR_FREE(buffer);
-    virNetMessageFree(msg);
    return ret;
 }
--- a/daemon/stream.h
+++ b/daemon/stream.h
@@ -26,6 +26,8 @@

 # include "libvirtd.h"

+
+
 daemonClientStream *
 daemonCreateClientStream(virNetServerClientPtr client,
                         virStreamPtr st,
--- a/daemon/test_libvirtd.aug.in
+++ b/daemon/test_libvirtd.aug.in
@@ -35,7 +35,6 @@ module Test_libvirtd =
             { "1" = "joe@EXAMPLE.COM" }
             { "2" = "fred@EXAMPLE.COM" }
        }
-        { "tls_priority" = "NORMAL" }
        { "max_clients" = "5000" }
        { "max_queued_clients" = "1000" }
        { "max_anonymous_clients" = "20" }
@@ -56,7 +55,6 @@ module Test_libvirtd =
        { "audit_level" = "2" }
        { "audit_logging" = "1" }
        { "host_uuid" = "00000000-0000-0000-0000-000000000000" }
-        { "host_uuid_source" = "smbios" }
        { "keepalive_interval" = "5" }
        { "keepalive_count" = "5" }
        { "keepalive_required" = "1" }
--- a/docs/Makefile.am
+++ b/docs/Makefile.am
@@ -1,6 +1,6 @@
 ## Process this file with automake to produce Makefile.in

-## Copyright (C) 2005-2016 Red Hat, Inc.
+## Copyright (C) 2005-2015 Red Hat, Inc.
 ##
 ## This library is free software; you can redistribute it and/or
 ## modify it under the terms of the GNU Lesser General Public
@@ -16,6 +16,8 @@
 ## License along with this library.  If not, see
 ## <http://www.gnu.org/licenses/>.

+SUBDIRS= schemas
+
 PERL = perl

 # The directory containing the source code (if it contains documentation).
@@ -28,7 +30,6 @@ apihtml =					\
  $(apihtml_generated)

 apihtml_generated = \
-  html/libvirt-libvirt-common.html		\
  html/libvirt-libvirt-domain.html		\
  html/libvirt-libvirt-domain-snapshot.html	\
  html/libvirt-libvirt-event.html		\
@@ -71,6 +72,8 @@ devhelpxsl = devhelp/devhelp.xsl devhelp/html.xsl

 png = \
  32favicon.png \
+  footer_corner.png \
+  footer_pattern.png \
  libvirt-header-bg.png \
  libvirt-header-logo.png \
  libvirtLogo.png \
@@ -80,6 +83,7 @@ png = \
  libvirt-driver-arch.png \
  libvirt-object-model.png \
  madeWith.png \
+  et.png \
  migration-managed-direct.png \
  migration-managed-p2p.png \
  migration-native.png \
@@ -132,8 +136,7 @@ apidir = $(pkgdatadir)/api
 api_DATA = \
       libvirt-api.xml \
       libvirt-qemu-api.xml \
-       libvirt-lxc-api.xml \
-       libvirt-admin-api.xml
+       libvirt-lxc-api.xml

 fig = \
  libvirt-net-logical.fig \
@@ -147,21 +150,17 @@ fig = \
  migration-tunnel.fig \
  migration-unmanaged-direct.fig

-schemadir = $(pkgdatadir)/schemas
-schema_DATA = $(wildcard $(srcdir)/schemas/*.rng)
-
 EXTRA_DIST=					\
  apibuild.py genaclperms.pl \
-  site.xsl subsite.xsl newapi.xsl news.xsl page.xsl \
+  site.xsl newapi.xsl news.xsl page.xsl \
  hacking1.xsl hacking2.xsl wrapstring.xsl \
  $(dot_html) $(dot_html_in) $(gif) $(apihtml) $(apipng) \
  $(devhelphtml) $(devhelppng) $(devhelpcss) $(devhelpxsl) \
-  $(xml) $(qemu_xml) $(lxc_xml) $(admin_xml) $(fig) $(png) $(css) \
+  $(xml) $(qemu_xml) $(lxc_xml) $(fig) $(png) $(css) \
  $(patches) $(dot_php_in) $(dot_php_code_in) $(dot_php)\
  $(internals_html_in) $(internals_html) \
  sitemap.html.in aclperms.htmlinc \
-  todo.pl hvsupport.pl todo.cfg-example \
-  $(schema_DATA)
+  todo.pl hvsupport.pl todo.cfg-example

 acl_generated = aclperms.htmlinc

@@ -219,21 +218,21 @@ $(srcdir)/hvsupport.html.in: $(srcdir)/hvsupport.pl $(api_DATA) \
 %.png: %.fig
 	convert -rotate 90 $< $@

-%.html.tmp: %.html.in site.xsl subsite.xsl page.xsl \
-		sitemap.html.in $(acl_generated)
+internals/%.html.tmp: internals/%.html.in subsite.xsl page.xsl sitemap.html.in
+	@if [ -x $(XSLTPROC) ] ; then \
+	  echo "Generating $@"; \
+	  $(MKDIR_P) internals; \
+	  name=`echo $@ | sed -e 's/.tmp//'`; \
+	  $(XSLTPROC) --stringparam pagename $$name --nonet \
+	    $(top_srcdir)/docs/subsite.xsl $< > $@ \
+	    || { rm $@ && exit 1; }; fi
+
+%.html.tmp: %.html.in site.xsl page.xsl sitemap.html.in $(acl_generated)
 	@if [ -x $(XSLTPROC) ] ; then \
 	  echo "Generating $@"; \
 	  name=`echo $@ | sed -e 's/.tmp//'`; \
-	  dir=`dirname $@` ; \
-	  if test "$$dir" = "."; \
-	  then \
-	    style=site.xsl; \
-	  else \
-	    $(MKDIR_P) $$dir; \
-	    style=subsite.xsl; \
-	  fi; \
 	  $(XSLTPROC) --stringparam pagename $$name --nonet \
-	    $(top_srcdir)/docs/$$style $< > $@ \
+	    $(top_srcdir)/docs/site.xsl $< > $@ \
 	    || { rm $@ && exit 1; }; fi

 %.html: %.html.tmp
@@ -302,8 +301,7 @@ EXTRA_DIST += $(APIBUILD_STAMP)
 $(python_generated_files): $(APIBUILD_STAMP)

 $(APIBUILD_STAMP): $(srcdir)/apibuild.py \
-		$(top_srcdir)/include/libvirt/libvirt.h \
-		$(top_srcdir)/include/libvirt/libvirt-common.h.in \
+		$(top_srcdir)/include/libvirt/libvirt.h.in \
 		$(top_srcdir)/include/libvirt/libvirt-domain-snapshot.h \
 		$(top_srcdir)/include/libvirt/libvirt-domain.h \
 		$(top_srcdir)/include/libvirt/libvirt-event.h \
@@ -326,7 +324,7 @@ $(APIBUILD_STAMP): $(srcdir)/apibuild.py \
 		$(top_srcdir)/src/util/virerror.c \
 		$(top_srcdir)/src/util/virevent.c \
 		$(top_srcdir)/src/util/virtypedparam.c
-	$(AM_V_GEN)srcdir=$(srcdir) builddir=$(builddir) $(PYTHON) $(APIBUILD)
+	$(AM_V_GEN)srcdir=$(srcdir) $(PYTHON) $(APIBUILD)
 	touch $@


@@ -365,15 +363,8 @@ install-data-local:
 	$(INSTALL_DATA) $(srcdir)/libvirtLogo.png $(DESTDIR)$(pkgdatadir)

 uninstall-local:
-	for f in $(css) $(dot_html) $(gif) $(png); do \
-	  rm -f $(DESTDIR)$(HTML_DIR)/$$f; \
-	done
-	for h in $(apihtml); do rm -f $(DESTDIR)$(HTML_DIR)/$$h; done
-	for p in $(apipng); do rm -f $(DESTDIR)$(HTML_DIR)/$$p; done
-	for f in $(internals_html); do \
-	  rm -f $(DESTDIR)$(HTML_DIR)/$$f; \
-	done
+	for h in $(apihtml); do rm $(DESTDIR)$(HTML_DIR)/$$h; done
+	for p in $(apipng); do rm $(DESTDIR)$(HTML_DIR)/$$p; done
 	for f in $(devhelphtml) $(devhelppng) $(devhelpcss); do \
-	  rm -f $(DESTDIR)$(DEVHELP_DIR)/$$(basename $$f); \
+	  rm $(DESTDIR)$(DEVHELP_DIR)/$$(basename $$f); \
 	done
-	rm -f $(DESTDIR)$(pkgdatadir)/libvirtLogo.png
--- a/docs/aclpolkit.html.in
+++ b/docs/aclpolkit.html.in
@@ -224,10 +224,6 @@
          <td>secret_usage_target</td>
          <td>Name of the associated iSCSI target, if any</td>
        </tr>
-        <tr>
-          <td>secret_usage_name</td>
-          <td>Name of the associated TLS secret, if any</td>
-        </tr>
      </tbody>
    </table>

--- a/docs/apibuild.py
+++ b/docs/apibuild.py
@@ -21,7 +21,6 @@ debugsym=None
 # C parser analysis code
 #
 included_files = {
-  "libvirt-common.h": "header with general libvirt API definitions",
  "libvirt-domain.h": "header with general libvirt API definitions",
  "libvirt-domain-snapshot.h": "header with general libvirt API definitions",
  "libvirt-event.h": "header with general libvirt API definitions",
@@ -112,12 +111,6 @@ ignored_macros = {
  "_virMemoryParameter": "backward compatibility macro for virTypedParameter",
 }

-# macros that should be completely skipped
-hidden_macros = {
-  "VIR_DEPRECATED": "internal macro to mark deprecated apis",
-  "VIR_EXPORT_VAR": "internal macro to mark exported vars",
-}
-
 def escape(raw):
    raw = string.replace(raw, '&', '&amp;')
    raw = string.replace(raw, '<', '&lt;')
@@ -240,11 +233,6 @@ class index:
        self.references = {}
        self.info = {}

-    def warning(self, msg):
-        global warnings
-        warnings = warnings + 1
-        print msg
-
    def add_ref(self, name, header, module, static, type, lineno, info=None, extra=None, conditionals = None):
        if name[0:2] == '__':
            return None
@@ -1046,11 +1034,6 @@ class CParser:
                    name = string.split(name, '(') [0]
                except:
                    pass
-
-                # skip hidden macros
-                if name in hidden_macros:
-                    return token
-
                strValue = None
                if len(lst) == 1 and lst[0][0] == '"' and lst[0][-1] == '"':
                    strValue = lst[0][1:-1]
@@ -1398,8 +1381,7 @@ class CParser:
                    token = self.token()
                    while token[0] != "sep" or (token[1] != ',' and
                          token[1] != '}'):
-                        # We might be dealing with '1U << 12' here
-                        value = value + re.sub("^(\d+)U$","\\1", token[1])
+                        value = value + token[1]
                        token = self.token()
                else:
                    try:
@@ -2267,7 +2249,6 @@ class docBuilder:
        if name == debugsym and not quiet:
            print "=>", id

-        # NB: this is consumed by a regex in 'getAPIFilenames' in hvsupport.pl
        output.write("    <%s name='%s' file='%s' module='%s'>\n" % (id.type,
                     name, self.modulename_file(id.header),
                     self.modulename_file(id.module)))
@@ -2586,65 +2567,52 @@ class docBuilder:
        output.close()


-class app:
-    def warning(self, msg):
-        global warnings
-        warnings = warnings + 1
-        print msg
-
-    def rebuild(self, name):
-        if name not in ["libvirt", "libvirt-qemu", "libvirt-lxc", "libvirt-admin"]:
-            self.warning("rebuild() failed, unknown module %s" % name)
-            return None
-        builder = None
-        srcdir = os.path.abspath((os.environ["srcdir"]))
-        builddir = os.path.abspath((os.environ["builddir"]))
-        if srcdir == builddir:
-            builddir = None
-        if glob.glob(srcdir + "/../src/libvirt.c") != [] :
-            if not quiet:
-                print "Rebuilding API description for %s" % name
-            dirs = [srcdir + "/../src",
-                    srcdir + "/../src/util",
-                    srcdir + "/../include/libvirt"]
-            if builddir:
-                dirs.append(builddir + "/../include/libvirt")
-            if glob.glob(srcdir + "/../include/libvirt/libvirt.h") == [] :
-                dirs.append("../include/libvirt")
-            builder = docBuilder(name, srcdir, dirs, [])
-        elif glob.glob("src/libvirt.c") != [] :
-            if not quiet:
-                print "Rebuilding API description for %s" % name
-            builder = docBuilder(name, srcdir,
-                                 ["src", "src/util", "include/libvirt"],
-                                 [])
-        else:
-            self.warning("rebuild() failed, unable to guess the module")
-            return None
-        builder.scan()
-        builder.analyze()
-        builder.serialize()
-        return builder
-
-    #
-    # for debugging the parser
-    #
-    def parse(self, filename):
-        parser = CParser(filename)
-        idx = parser.parse()
-        return idx
+def rebuild(name):
+    if name not in ["libvirt", "libvirt-qemu", "libvirt-lxc", "libvirt-admin"]:
+        self.warning("rebuild() failed, unknown module %s") % name
+        return None
+    builder = None
+    srcdir = os.environ["srcdir"]
+    if glob.glob(srcdir + "/../src/libvirt.c") != [] :
+        if not quiet:
+            print "Rebuilding API description for %s" % name
+        dirs = [srcdir + "/../src",
+                srcdir + "/../src/util",
+                srcdir + "/../include/libvirt"]
+        if glob.glob(srcdir + "/../include/libvirt/libvirt.h") == [] :
+            dirs.append("../include/libvirt")
+        builder = docBuilder(name, srcdir, dirs, [])
+    elif glob.glob("src/libvirt.c") != [] :
+        if not quiet:
+            print "Rebuilding API description for %s" % name
+        builder = docBuilder(name, srcdir,
+                             ["src", "src/util", "include/libvirt"],
+                             [])
+    else:
+        self.warning("rebuild() failed, unable to guess the module")
+        return None
+    builder.scan()
+    builder.analyze()
+    builder.serialize()
+    return builder

+#
+# for debugging the parser
+#
+def parse(filename):
+    parser = CParser(filename)
+    idx = parser.parse()
+    return idx

 if __name__ == "__main__":
-    app = app()
    if len(sys.argv) > 1:
        debug = 1
-        app.parse(sys.argv[1])
+        parse(sys.argv[1])
    else:
-        app.rebuild("libvirt")
-        app.rebuild("libvirt-qemu")
-        app.rebuild("libvirt-lxc")
-        app.rebuild("libvirt-admin")
+        rebuild("libvirt")
+        rebuild("libvirt-qemu")
+        rebuild("libvirt-lxc")
+        rebuild("libvirt-admin")
    if warnings > 0:
        sys.exit(2)
    else:
--- a/docs/apps.html.in
+++ b/docs/apps.html.in
@@ -2,7 +2,7 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
  <body>
-    <h1>Applications using libvirt</h1>
+    <h1>Applications using <strong>libvirt</strong></h1>

    <p>
      This page provides an illustration of the wide variety of
@@ -404,14 +404,6 @@
        infrastructure. You can deploy a new service just dragging and
        dropping a VM.
      </dd>
-      <dt><a href="https://kimchi-project.github.io/kimchi/">Kimchi</a></dt>
-      <dd>
-        Kimchi is an HTML5 based management tool for KVM. It is designed to
-        make it as easy as possible to get started with KVM and create your first guest.
-
-        Kimchi manages KVM guests through libvirt. The management interface is accessed
-        over the web using a browser that supports HTML5.
-      </dd>
      <dt><a href="http://ovirt.org/">oVirt</a></dt>
      <dd>
        oVirt provides the ability to manage large numbers of virtual
@@ -449,19 +441,5 @@
      </dd>
    </dl>

-    <h2><a name="other">Other</a></h2>
-
-    <dl>
-      <dt><a href="http://cuckoosandbox.org/">Cuckoo Sandbox</a></dt>
-      <dd>
-        Cuckoo Sandbox is a malware analysis system.  You can throw
-        any suspicious file at it and in a matter of seconds Cuckoo
-        will provide you back some detailed results outlining what
-        such file did when executed inside an isolated environment.
-        And libvirt is one of the backends that can be used for the
-        isolated environment.
-      </dd>
-    </dl>
-
  </body>
 </html>
--- a/docs/auditlog.html.in
+++ b/docs/auditlog.html.in
@@ -57,13 +57,13 @@
    </p>

    <dl>
-      <dt><code>pid</code></dt>
+      <dt>pid</dt>
      <dd>Process ID of the libvirtd daemon generating the audit record.</dd>
-      <dt><code>uid</code></dt>
+      <dt>uid</dt>
      <dd>User ID of the libvirtd daemon process generating the audit record.</dd>
-      <dt><code>subj</code></dt>
+      <dt>subj</dt>
      <dd>Security context of the libvirtd daemon process generating the audit record.</dd>
-      <dt><code>msg</code></dt>
+      <dt>msg</dt>
      <dd>String containing a list of key=value pairs specific to the type of audit record being reported.</dd>
    </dl>

@@ -72,21 +72,21 @@
    </p>

    <dl>
-      <dt><code>virt</code></dt>
+      <dt>virt</dt>
      <dd>Type of virtualization driver used. One of <code>qemu</code> or <code>lxc</code></dd>
-      <dt><code>vm</code></dt>
+      <dt>vm</dt>
      <dd>Host driver unique name of the guest</dd>
-      <dt><code>uuid</code></dt>
+      <dt>uuid</dt>
      <dd>Globally unique identifier for the guest</dd>
-      <dt><code>exe</code></dt>
+      <dt>exe</dt>
      <dd>Path of the libvirtd daemon</dd>
-      <dt><code>hostname</code></dt>
+      <dt>hostname</dt>
      <dd>Currently unused</dd>
-      <dt><code>addr</code></dt>
+      <dt>addr</dt>
      <dd>Currently unused</dd>
-      <dt><code>terminal</code></dt>
+      <dt>terminal</dt>
      <dd>Currently unused</dd>
-      <dt><code>res</code></dt>
+      <dt>res</dt>
      <dd>Result of the action, either <code>success</code> or <code>failed</code></dd>
    </dl>

@@ -98,15 +98,15 @@
    </p>

    <dl>
-      <dt><code>op</code></dt>
+      <dt>op</dt>
      <dd>Type of operation performed. One of <code>start</code>, <code>stop</code> or <code>init</code></dd>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the operation to happen</dd>
-      <dt><code>vm-pid</code></dt>
+      <dt>vm-pid</dt>
      <dd>ID of the primary/leading process associated with the guest</dd>
-      <dt><code>init-pid</code></dt>
+      <dt>init-pid</dt>
      <dd>ID of the <code>init</code> process in a container. Only if <code>op=init</code> and <code>virt=lxc</code></dd>
-      <dt><code>pid-ns</code></dt>
+      <dt>pid-ns</dt>
      <dd>Namespace ID of the <code>init</code> process in a container. Only if <code>op=init</code> and <code>virt=lxc</code></dd>
    </dl>

@@ -118,11 +118,11 @@
    </p>

    <dl>
-      <dt><code>model</code></dt>
+      <dt>model</dt>
      <dd>The security driver type. One of <code>selinux</code> or <code>apparmor</code></dd>
-      <dt><code>vm-ctx</code></dt>
+      <dt>vm-ctx</dt>
      <dd>Security context for the guest process</dd>
-      <dt><code>img-ctx</code></dt>
+      <dt>img-ctx</dt>
      <dd>Security context for the guest disk images and other assigned host resources</dd>
    </dl>

@@ -144,13 +144,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>vcpu</code></dd>
-      <dt><code>old-vcpu</code></dt>
+      <dt>old-vcpu</dt>
      <dd>Original vCPU count, or 0</dd>
-      <dt><code>new-vcpu</code></dt>
+      <dt>new-vcpu</dt>
      <dd>Updated vCPU count</dd>
    </dl>

@@ -162,13 +162,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>mem</code></dd>
-      <dt><code>old-mem</code></dt>
+      <dt>old-mem</dt>
      <dd>Original memory size in bytes, or 0</dd>
-      <dt><code>new-mem</code></dt>
+      <dt>new-mem</dt>
      <dd>Updated memory size in bytes</dd>
    </dl>

@@ -178,13 +178,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>disk</code></dd>
-      <dt><code>old-disk</code></dt>
+      <dt>old-disk</dt>
      <dd>Original host file or device path acting as the disk backing file</dd>
-      <dt><code>new-disk</code></dt>
+      <dt>new-disk</dt>
      <dd>Updated host file or device path acting as the disk backing file</dd>
    </dl>

@@ -195,13 +195,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>net</code></dd>
-      <dt><code>old-net</code></dt>
+      <dt>old-net</dt>
      <dd>Original MAC address of the guest network interface</dd>
-      <dt><code>new-net</code></dt>
+      <dt>new-net</dt>
      <dd>Updated MAC address of the guest network interface</dd>
    </dl>

@@ -211,13 +211,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>net</code></dd>
-      <dt><code>net</code></dt>
+      <dt>net</dt>
      <dd>MAC address of the host network interface</dd>
-      <dt><code>rdev</code></dt>
+      <dt>rdev</dt>
      <dd>Name of the host network interface</dd>
    </dl>

@@ -227,13 +227,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>fs</code></dd>
-      <dt><code>old-fs</code></dt>
+      <dt>old-fs</dt>
      <dd>Original host directory, file or device path backing the filesystem </dd>
-      <dt><code>new-fs</code></dt>
+      <dt>new-fs</dt>
      <dd>Updated host directory, file or device path backing the filesystem</dd>
    </dl>

@@ -243,15 +243,15 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>hostdev</code> or <code>dev</code></dd>
-      <dt><code>dev</code></dt>
+      <dt>dev</dt>
      <dd>The unique bus identifier of the USB, PCI or SCSI device, if <code>resrc=dev</code></dd>
-      <dt><code>disk</code></dt>
+      <dt>disk</dt>
      <dd>The path of the block device assigned to the guest, if <code>resrc=hostdev</code></dd>
-      <dt><code>chardev</code></dt>
+      <dt>chardev</dt>
      <dd>The path of the character device assigned to the guest, if <code>resrc=hostdev</code></dd>
    </dl>

@@ -261,11 +261,11 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>tpm</code></dd>
-      <dt><code>device</code></dt>
+      <dt>device</dt>
      <dd>The path of the host TPM device assigned to the guest</dd>
    </dl>

@@ -275,13 +275,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>rng</code></dd>
-      <dt><code>old-rng</code></dt>
+      <dt>old-rng</dt>
      <dd>Original path of the host entropy source for the RNG</dd>
-      <dt><code>new-rng</code></dt>
+      <dt>new-rng</dt>
      <dd>Updated path of the host entropy source for the RNG</dd>
    </dl>

@@ -291,13 +291,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>chardev</code></dd>
-      <dt><code>old-chardev</code></dt>
+      <dt>old-chardev</dt>
      <dd>Original path of the backing character device for given emulated device</dd>
-      <dt><code>new-chardev</code></dt>
+      <dt>new-chardev</dt>
      <dd>Updated path of the backing character device for given emulated device</dd>
    </dl>

@@ -307,15 +307,15 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>smartcard</code></dd>
-      <dt><code>old-smartcard</code></dt>
+      <dt>old-smartcard</dt>
      <dd>Original path of the backing character device, certificate store or
          "nss-smartcard-device" for host smartcard passthrough.
      </dd>
-      <dt><code>new-smartcard</code></dt>
+      <dt>new-smartcard</dt>
      <dd>Updated path of the backing character device, certificate store or
          "nss-smartcard-device" for host smartcard passthrough.
      </dd>
@@ -327,13 +327,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>redir</code></dd>
-      <dt><code>bus</code></dt>
+      <dt>bus</dt>
      <dd>The bus type, only <code>usb</code> allowed</dd>
-      <dt><code>device</code></dt>
+      <dt>device</dt>
      <dd>The device type, only <code>USB redir</code> allowed</dd>
    </dl>

@@ -344,32 +344,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>cgroup</code></dd>
-      <dt><code>cgroup</code></dt>
+      <dt>cgroup</dt>
      <dd>The name of the cgroup controller</dd>
    </dl>

-
-    <h4><a name="typeresourceshmem">Shared memory</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>shmem</code></dd>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>size</code></dt>
-      <dd>The size of the shared memory region</dd>
-      <dt><code>shmem</code></dt>
-      <dd>Name of the shared memory region</dd>
-      <dt><code>source</code></dt>
-      <dd>Path of the backing character device for given emulated device</dd>
-    </dl>
-
  </body>
 </html>
--- a/docs/auth.html.in
+++ b/docs/auth.html.in
@@ -76,11 +76,7 @@ password=letmein

 [credentials-dev]
 username=joe
-password=hello
-
-[credentials-defgrp]
-username=defuser
-password=defpw</pre>
+password=hello</pre>

    <p>
      The second set of groups provide mappings of credentials to
@@ -94,8 +90,7 @@ credentials=$CREDENTIALS</pre>

    <p>
      For example, following the previous example, here is how to
-      map some machines. For convenience libvirt supports a default
-      mapping of credentials to machines:
+      list some machines
    </p>

    <pre>
@@ -111,15 +106,8 @@ credentials=test
 [auth-libvirt-prod1.example.com]
 credentials=prod

-[auth-libvirt-default]
-credentials=defgrp
-
 [auth-esx-dev1.example.com]
-credentials=dev
-
-[auth-esx-default]
-credentials=defgrp</pre>
-
+credentials=dev</pre>

    <p>
      The following service types are known to libvirt
--- a/docs/bindings.html.in
+++ b/docs/bindings.html.in
@@ -14,10 +14,6 @@
        <strong>C#</strong>: Arnaud Champion develops
        <a href="csharp.html">C# bindings</a>.
      </li>
-     <li>
-        <strong>Go</strong>: Kyle Kelley et al. are developing
-        <a href="https://github.com/rgbkrk/libvirt-go">Go bindings</a>.
-      </li>
      <li>
        <strong>Java</strong>: Daniel Veillard develops
        <a href="java.html">Java bindings</a>.
--- a/docs/compiling.html.in
+++ b/docs/compiling.html.in
@@ -13,7 +13,7 @@
    </p>

    <pre>
-      $ xz -c libvirt-x.x.x.tar.xz | tar xvf -
+      $ gunzip -c libvirt-x.x.x.tar.gz | tar xvf -
      $ cd libvirt-x.x.x
      $ ./configure</pre>

--- a/docs/downloads.html.in
+++ b/docs/downloads.html.in
@@ -28,67 +28,24 @@
    </p>

    <ul>
-      <li><a href="ftp://libvirt.org/libvirt/libvirt-git-snapshot.tar.xz">libvirt.org FTP server</a></li>
-      <li><a href="http://libvirt.org/sources/libvirt-git-snapshot.tar.xz">libvirt.org HTTP server</a></li>
+      <li><a href="ftp://libvirt.org/libvirt/libvirt-git-snapshot.tar.gz">libvirt.org FTP server</a></li>
+      <li><a href="http://libvirt.org/sources/libvirt-git-snapshot.tar.gz">libvirt.org HTTP server</a></li>
    </ul>

-    <h2><a name="schedule">Primary release schedule</a></h2>
-
-    <p>
-      Libvirt follows a time based plan, with releases made once a month
-      on the 1st of each month give or take a few days. The only exception
-      is at the start of the year where there are two 6 weeks gaps (first
-      release in the middle of Jan, then skip the Feb release), giving
-      a total of 11 releases a year.
-    </p>
-
-    <h2><a name="numbering">Release numbering</a></h2>
-
-    <p>
-      Since libvirt 2.0.0, a time based version numbering rule
-      is applied. As such, the changes in version number have
-      do not have any implications with respect to the scope of
-      features or bugfixes included, the stability of the code,
-      or the API / ABI compatibility (libvirt API / ABI is guaranteed
-      stable forever). The rules applied for changing the libvirt
-      version number are:
-    </p>
-
-    <dl>
-      <dt><code>major</code></dt>
-      <dd>incremented by 1 for the first release of the year (the
-        Jan 15th release)</dd>
-      <dt><code>minor</code></dt>
-      <dd>incremented by 1 for each monthly release from git master</dd>
-      <dt><code>micro</code></dt>
-      <dd>always 0 for releases from git master, incremented by 1
-        for each stable maintenance release</dd>
-    </dl>
-
-    <p>
-      Prior to 2.0.0, the major/minor numbers were incremented
-      fairly arbitrarily, and maintenance releases appended a
-      fourth digit.
-    </p>
-
    <h2><a name="maintenance">Maintenance releases</a></h2>
    <p>
      In the git repository are several stable maintenance branches,
      matching the
-      pattern <code>v<i>major</i>.<i>minor</i>-maint</code>;
+      pattern <code>v<i>major</i>.<i>minor</i>.<i>micro</i>-maint</code>;
      these branches are forked off the corresponding
-      <code>v<i>major</i>.<i>minor</i>.0</code> formal
+      <code>v<i>major</i>.<i>minor</i>.<i>micro</i></code> formal
      release, and may have further releases of the
-      form <code>v<i>major</i>.<i>minor</i>.<i>micro</i></code>.
+      form <code>v<i>major</i>.<i>minor</i>.<i>micro</i>.<i>rel</i></code>.
      These maintenance branches should only contain bug fixes, and no
      new features, backported from the master branch, and are
      supported as long as at least one downstream distribution
      expresses interest in a given branch.  These maintenance
-      branches are considered during CVE analysis. In contrast
-      to the primary releases which are made once a month, there
-      is no formal schedule for the maintenance releases, which
-      are made whenever there is a need to make available key
-      bugfixes to downstream consumers.
+      branches are considered during CVE analysis.
    </p>

    <p>
--- a/docs/drvlxc.html.in
+++ b/docs/drvlxc.html.in
@@ -80,15 +80,15 @@ to be provided by all container technologies on Linux.
 </p>

 <dl>
-<dt><code>container</code></dt>
+<dt>container</dt>
 <dd>The fixed string <code>libvirt-lxc</code> to identify libvirt as the creator</dd>
-<dt><code>container_uuid</code></dt>
+<dt>container_uuid</dt>
 <dd>The UUID assigned to the container by libvirt</dd>
-<dt><code>PATH</code></dt>
+<dt>PATH</dt>
 <dd>The fixed string <code>/bin:/usr/bin</code></dd>
-<dt><code>TERM</code></dt>
+<dt>TERM</dt>
 <dd>The fixed string <code>linux</code></dd>
-<dt><code>HOME</code></dt>
+<dt>HOME</dt>
 <dd>The fixed string <code>/</code></dd>
 </dl>

@@ -98,11 +98,11 @@ environment variables are also provided
 </p>

 <dl>
-<dt><code>LIBVIRT_LXC_NAME</code></dt>
+<dt>LIBVIRT_LXC_NAME</dt>
 <dd>The name assigned to the container by libvirt</dd>
-<dt><code>LIBVIRT_LXC_UUID</code></dt>
+<dt>LIBVIRT_LXC_UUID</dt>
 <dd>The UUID assigned to the container by libvirt</dd>
-<dt><code>LIBVIRT_LXC_CMDLINE</code></dt>
+<dt>LIBVIRT_LXC_CMDLINE</dt>
 <dd>The unparsed command line arguments specified in the container configuration.
 Use of this is discouraged, in favour of passing arguments directly to the
 container init process via the <code>initarg</code> config element.</dd>
--- a/docs/drvqemu.html.in
+++ b/docs/drvqemu.html.in
@@ -8,7 +8,9 @@

    <p>
      The libvirt KVM/QEMU driver can manage any QEMU emulator from
-      version 0.12.0 or later.
+      version 0.8.1 or later. It can also manage Xenner, which
+      provides the same QEMU command line syntax and monitor
+      interaction.
    </p>

    <h2><a name="project">Project Links</a></h2>
@@ -41,6 +43,12 @@
        node. If both are found, then KVM fullyvirtualized, hardware accelerated
        guests will be available.
      </li>
+      <li>
+        <strong>Xenner hypervisor</strong>: The driver will probe <code>/usr/bin</code>
+        for the presence of <code>xenner</code> and <code>/dev/kvm</code> device
+        node. If both are found, then Xen paravirtualized guests can be run using
+        the KVM hardware acceleration.
+      </li>
    </ul>

    <h2><a name="uris">Connections to QEMU driver</a></h2>
@@ -639,5 +647,9 @@ $ virsh domxml-to-native qemu-argv demo.xml
  &lt;/devices&gt;
 &lt;/domain&gt;</pre>

+    <h3>Xen paravirtualized guests with hardware acceleration</h3>
+
+
+
  </body>
 </html>
--- a/docs/et.png
+++ b/docs/et.png
--- a/docs/footer_corner.png
+++ b/docs/footer_corner.png
--- a/docs/footer_pattern.png
+++ b/docs/footer_pattern.png
--- a/docs/formatcaps.html.in
+++ b/docs/formatcaps.html.in
@@ -73,19 +73,19 @@
        <dd>This expresses what kind of operating system the hypervisor
        is able to run. Possible values are:
        <dl>
-          <dt><code>xen</code></dt>
+          <dt>xen</dt>
          <dd>for XEN</dd>

-          <dt><code>linux</code></dt>
+          <dt>linux</dt>
          <dd>legacy alias for <code>xen</code></dd>

-          <dt><code>hvm</code></dt>
+          <dt>hvm</dt>
          <dd>Unmodified operating system</dd>

-          <dt><code>exe</code></dt>
+          <dt>exe</dt>
          <dd>Container based virtualization</dd>

-          <dt><code>uml</code></dt>
+          <dt>uml</dt>
          <dd>User Mode Linux</dd>
        </dl>
        </dd>
@@ -97,37 +97,37 @@
        <dd>This optional element encases possible features that can be used
          with a guest of described type.  Possible subelements are:
          <dl>
-            <dt><code>pae</code></dt><dd>If present, 32-bit guests can use PAE
+            <dt>pae</dt><dd>If present, 32-bit guests can use PAE
              address space extensions, <span class="since">since
              0.4.1</span></dd>
-            <dt><code>nonpae</code></dt><dd>If present, 32-bit guests can be run
+            <dt>nonpae</dt><dd>If present, 32-bit guests can be run
              without requiring PAE, <span class="since">since
              0.4.1</span></dd>
-            <dt><code>ia64_be</code></dt><dd>If present, IA64 guests can be run in
+            <dt>ia64_be</dt><dd>If present, IA64 guests can be run in
              big-endian mode, <span class="since">since 0.4.1</span></dd>
-            <dt><code>acpi</code></dt><dd>If this element is present,
+            <dt>acpi</dt><dd>If this element is present,
              the <code>default</code> attribute describes whether the
              hypervisor exposes ACPI to the guest by default, and
              the <code>toggle</code> attribute describes whether the
              user can override this
              default. <span class="since">Since 0.4.1</span></dd>
-            <dt><code>apic</code></dt><dd>If this element is present,
+            <dt>apic</dt><dd>If this element is present,
              the <code>default</code> attribute describes whether the
              hypervisor exposes APIC to the guest by default, and
              the <code>toggle</code> attribute describes whether the
              user can override this
              default. <span class="since">Since 0.4.1</span></dd>
-            <dt><code>cpuselection</code></dt><dd>If this element is present, the
+            <dt>cpuselection</dt><dd>If this element is present, the
              hypervisor supports the <code>&lt;cpu&gt;</code> element
              within a domain definition for fine-grained control over
              the CPU presented to the
              guest. <span class="since">Since 0.7.5</span></dd>
-            <dt><code>deviceboot</code></dt><dd>If this element is present,
+            <dt>deviceboot</dt><dd>If this element is present,
              the <code>&lt;boot order='...'/&gt;</code> element can
              be used inside devices, rather than the older boot
              specification by category. <span class="since">Since
              0.8.8</span></dd>
-            <dt><code>disksnapshot</code></dt><dd>If this element is present,
+            <dt>disksnapshot</dt><dd>If this element is present,
              the <code>default</code> attribute describes whether
              external disk snapshots are supported.  If absent,
              external snapshots may still be supported, but it
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
--- a/docs/formatdomaincaps.html.in
+++ b/docs/formatdomaincaps.html.in
@@ -61,18 +61,18 @@
 &lt;/domainCapabilities&gt;
 </pre>
    <dl>
-      <dt><code>path</code></dt>
+      <dt>path</dt>
      <dd>The full path to the emulator binary.</dd>

-      <dt><code>domain</code></dt>
+      <dt>domain</dt>
      <dd>Describes the <a href="formatdomain.html#elements">virtualization
          type</a> (or so called domain type).</dd>

-      <dt><code>machine</code></dt>
+      <dt>machine</dt>
      <dd>The domain's <a href="formatdomain.html#elementsOSBIOS">machine
          type</a>.</dd>

-      <dt><code>arch</code></dt>
+      <dt>arch</dt>
      <dd>The domain's <a href="formatdomain.html#elementsOSBIOS">
          architecture</a>.</dd>

@@ -92,7 +92,7 @@
 </pre>

    <dl>
-      <dt><code>vcpu</code></dt>
+      <dt>vcpu</dt>
      <dd>The maximum number of supported virtual CPUs</dd>
    </dl>

@@ -126,91 +126,26 @@
    <p>For the <code>loader</code> element, the following can occur:</p>

    <dl>
-      <dt><code>value</code></dt>
+      <dt>value</dt>
      <dd>List of known loader paths. Currently this is only used
      to advertise known locations of OVMF binaries for qemu. Binaries
      will only be listed if they actually exist on disk.</dd>

-      <dt><code>type</code></dt>
+      <dt>type</dt>
      <dd>Whether loader is a typical BIOS (<code>rom</code>) or
      an UEFI binary (<code>pflash</code>). This refers to
      <code>type</code> attribute of the &lt;loader/&gt;
      element.</dd>

-      <dt><code>readonly</code></dt>
+      <dt>readonly</dt>
      <dd>Options for the <code>readonly</code> attribute of the
      &lt;loader/&gt; element.</dd>
    </dl>

-    <h3><a name="elementsCPU">CPU configuration</a></h3>
-
-    <p>
-      The <code>cpu</code> element exposes options usable for configuring
-      <a href="formatdomain.html#elementsCPU">guest CPUs</a>.
-    </p>
-
-<pre>
-&lt;domainCapabilities&gt;
-  ...
-  &lt;cpu&gt;
-    &lt;mode name='host-passthrough' supported='yes'/&gt;
-    &lt;mode name='host-model' supported='yes'&gt;
-      &lt;model fallback='allow'&gt;Broadwell&lt;/model&gt;
-      &lt;vendor&gt;Intel&lt;/vendor&gt;
-      &lt;feature policy='disable' name='aes'/&gt;
-      &lt;feature policy='require' name='vmx'/&gt;
-    &lt;/mode&gt;
-    &lt;mode name='custom' supported='yes'&gt;
-      &lt;model usable='no'&gt;Broadwell&lt;/model&gt;
-      &lt;model usable='yes'&gt;Broadwell-noTSX&lt;/model&gt;
-      &lt;model usable='no'&gt;Haswell&lt;/model&gt;
-      ...
-    &lt;/mode&gt;
-  &lt;/cpu&gt;
-  ...
-&lt;domainCapabilities&gt;
-</pre>
-
-    <p>
-      Each CPU mode understood by libvirt is described with a
-      <code>mode</code> element which tells whether the particular mode
-      is supported and provides (when applicable) more details about it:
-    </p>
-
-    <dl>
-      <dt><code>host-passthrough</code></dt>
-      <dd>No mode specific details are provided.</dd>
-
-      <dt><code>host-model</code></dt>
-      <dd>
-        If <code>host-model</code> is supported by the hypervisor, the
-        <code>mode</code> describes the guest CPU which will be used when
-        starting a domain with <code>host-model</code> CPU. The hypervisor
-        specifics (such as unsupported CPU models or features, machine type,
-        etc.) may be accounted for in this guest CPU specification and thus
-        the CPU can be different from the one shown in host capabilities XML.
-        This is indicated by the <code>fallback</code> attribute of the
-        <code>model</code> sub element: <code>allow</code> means not all
-        specifics were accounted for and thus the CPU a guest will see may
-        be different; <code>forbid</code> indicates that the CPU a guest will
-        see should match this CPU definition.
-      </dd>
-
-      <dt><code>custom</code></dt>
-      <dd>
-        The <code>mode</code> element contains a list of supported CPU
-        models, each described by a dedicated <code>model</code> element.
-        The <code>usable</code> attribute specifies whether the model can
-        be used on the host. A special value <code>unknown</code> indicates
-        libvirt does not have enough information to provide the usability
-        data.
-      </dd>
-    </dl>
-
    <h3><a name="elementsDevices">Devices</a></h3>

    <p>
-      Another set of XML elements describe the supported devices and their
+      The final set of XML elements describe the supported devices and their
      capabilities. All devices occur as children of the main
      <code>devices</code> element.
    </p>
@@ -240,7 +175,7 @@
    <code>floppy</code>, or <code>lun</code>.</p>

    <h4><a name="elementsDisks">Hard drives, floppy disks, CDROMs</a></h4>
-    <p>Disk capabilities are exposed under the <code>disk</code> element. For
+    <p>Disk capabilities are exposed under <code>disk</code> element. For
    instance:</p>

 <pre>
@@ -272,72 +207,15 @@
 </pre>

    <dl>
-      <dt><code>diskDevice</code></dt>
+      <dt>diskDevice</dt>
      <dd>Options for the <code>device</code> attribute of the &lt;disk/&gt;
      element.</dd>

-      <dt><code>bus</code></dt>
+      <dt>bus</dt>
      <dd>Options for the <code>bus</code> attribute of the &lt;target/&gt;
      element for a &lt;disk/&gt;.</dd>
    </dl>

-
-    <h4><a name="elementsGraphics">Graphical framebuffers</a></h4>
-    <p>Graphics device capabilities are exposed under the
-    <code>graphics</code> element. For instance:</p>
-
-<pre>
-&lt;domainCapabilities&gt;
-  ...
-  &lt;devices&gt;
-    &lt;graphics supported='yes'&gt;
-      &lt;enum name='type'&gt;
-        &lt;value&gt;sdl&lt;/value&gt;
-        &lt;value&gt;vnc&lt;/value&gt;
-        &lt;value&gt;spice&lt;/value&gt;
-      &lt;/enum&gt;
-    &lt;/graphics&gt;
-    ...
-  &lt;/devices&gt;
-&lt;/domainCapabilities&gt;
-</pre>
-
-    <dl>
-      <dt><code>type</code></dt>
-      <dd>Options for the <code>type</code> attribute of the &lt;graphics/&gt;
-      element.</dd>
-    </dl>
-
-
-    <h4><a name="elementsVideo">Video device</a></h4>
-    <p>Video device capabilities are exposed under the
-    <code>video</code> element. For instance:</p>
-
-<pre>
-&lt;domainCapabilities&gt;
-  ...
-  &lt;devices&gt;
-    &lt;video supported='yes'&gt;
-      &lt;enum name='modelType'&gt;
-        &lt;value&gt;vga&lt;/value&gt;
-        &lt;value&gt;cirrus&lt;/value&gt;
-        &lt;value&gt;vmvga&lt;/value&gt;
-        &lt;value&gt;qxl&lt;/value&gt;
-        &lt;value&gt;virtio&lt;/value&gt;
-      &lt;/enum&gt;
-    &lt;/video&gt;
-    ...
-  &lt;/devices&gt;
-&lt;/domainCapabilities&gt;
-</pre>
-
-    <dl>
-      <dt><code>modelType</code></dt>
-      <dd>Options for the <code>type</code> attribute of the
-      &lt;video&gt;&lt;model&gt; element.</dd>
-    </dl>
-
-
    <h4><a name="elementsHostDev">Host device assignment</a></h4>
    <p>Some host devices can be passed through to a guest (e.g. USB, PCI and
    SCSI). Well, only if the following is enabled:</p>
@@ -379,66 +257,25 @@
 </pre>

    <dl>
-      <dt><code>mode</code></dt>
+      <dt>mode</dt>
      <dd>Options for the <code>mode</code> attribute of the &lt;hostdev/&gt;
      element.</dd>

-      <dt><code>startupPolicy</code></dt>
+      <dt>startupPolicy</dt>
      <dd>Options for the <code>startupPolicy</code> attribute of the
      &lt;hostdev/&gt; element.</dd>

-      <dt><code>subsysType</code></dt>
+      <dt>subsysType</dt>
      <dd>Options for the <code>type</code> attribute of the &lt;hostdev/&gt;
      element in case of <code>mode="subsystem"</code>.</dd>

-      <dt><code>capsType</code></dt>
+      <dt>capsType</dt>
      <dd>Options for the <code>type</code> attribute of the &lt;hostdev/&gt;
      element in case of <code>mode="capabilities"</code>.</dd>

-      <dt><code>pciBackend</code></dt>
+      <dt>pciBackend</dt>
      <dd>Options for the <code>name</code> attribute of the &lt;driver/&gt;
      element.</dd>
    </dl>
-
-    <h3><a name="elementsFeatures">Features</a></h3>
-
-    <p>One more set of XML elements describe the supported features and
-    their capabilities. All features occur as children of the main
-    <code>features</code> element.</p>
-
-<pre>
-&lt;domainCapabilities&gt;
-  ...
-  &lt;features&gt;
-    &lt;gic supported='yes'&gt;
-      &lt;enum name='version'&gt;
-        &lt;value&gt;2&lt;/value&gt;
-        &lt;value&gt;3&lt;/value&gt;
-      &lt;/enum&gt;
-    &lt;/gic&gt;
-  &lt;/features&gt;
-&lt;/domainCapabilities&gt;
-</pre>
-
-    <p>Reported capabilities are expressed as an enumerated list of
-    possible values for each of the elements or attributes. For example, the
-    <code>gic</code> element has an attribute <code>version</code> which can
-    support the values <code>2</code> or <code>3</code>.</p>
-
-    <p>For information about the purpose of each feature, see the
-    <a href="formatdomain.html#elementsFeatures">relevant section</a> in
-    the domain XML documentation.
-    </p>
-
-    <h4><a name="elementsGIC">GIC capabilities</a></h4>
-
-    <p>GIC capabilities are exposed under the <code>gic</code> element.</p>
-
-    <dl>
-      <dt><code>version</code></dt>
-      <dd>Options for the <code>version</code> attribute of the
-      <code>gic</code> element.</dd>
-    </dl>
-
  </body>
 </html>
--- a/docs/formatnetwork.html.in
+++ b/docs/formatnetwork.html.in
@@ -38,10 +38,6 @@
      &lt;network ipv6='yes' trustGuestRxFilters='no'&gt;
        &lt;name&gt;default&lt;/name&gt;
        &lt;uuid&gt;3e3fce45-4f53-4fa7-bb32-11f34168b82b&lt;/uuid&gt;
-        &lt;metadata&gt;
-          &lt;app1:foo xmlns:app1="http://app1.org/app1/"&gt;..&lt;/app1:foo&gt;
-          &lt;app2:bar xmlns:app2="http://app1.org/app2/"&gt;..&lt;/app2:bar&gt;
-        &lt;/metadata&gt;
        ...</pre>

    <dl>
@@ -58,20 +54,13 @@
        The format must be RFC 4122 compliant, eg <code>3e3fce45-4f53-4fa7-bb32-11f34168b82b</code>.
        If omitted when defining/creating a new network, a random
        UUID is generated. <span class="since">Since 0.3.0</span></dd>
-      <dd>The <code>metadata</code> node can be used by applications to
-        store custom metadata in the form of XML nodes/trees. Applications
-        must use custom namespaces on their XML nodes/trees, with only
-        one top-level element per namespace (if the application needs
-        structure, they should have sub-elements to their namespace
-        element). <span class="since">Since 2.1.0</span></dd>
-      <dt><code>ipv6</code></dt>
-      <dd>When set to <code>yes</code>, the optional parameter
-        <code>ipv6</code> enables
+      <dt><code>ipv6='yes'</code></dt>
+      <dd>The new, optional parameter <code>ipv6='yes'</code> enables
        a network definition with no IPv6 gateway addresses specified
        to have guest-to-guest communications.  For further information,
        see the example below for the example with no gateway addresses.
        <span class="since">Since 1.0.1</span></dd>
-      <dt><code>trustGuestRxFilters</code></dt>
+      <dt><code>trustGuestRxFilters='yes'</code></dt>
      <dd>The optional parameter <code>trustGuestRxFilters</code> can
        be used to set that attribute of the same name for each domain
        interface connected to this network (<span class="since">since
@@ -260,28 +249,6 @@
            <span class="since">Since 0.4.2</span>
          </dd>

-          <dt><code>open</code></dt>
-          <dd>
-            As with mode='route', guest network traffic will be
-            forwarded to the physical network via the host's IP
-            routing stack, but there will be no firewall rules added
-            to either enable or prevent any of this traffic. When
-            forward='open' is set, the <code>dev</code> attribute
-            cannot be set (because the forward dev is enforced with
-            firewall rules, and the purpose of forward='open' is to
-            have a forwarding mode where libvirt doesn't add any
-            firewall rules).  This mode presumes that the local LAN
-            router has suitable routing table entries to return
-            traffic to this host, and that some other management
-            system has been used to put in place any necessary
-            firewall rules. Although no firewall rules will be added
-            for the network, it is of course still possible to add
-            restrictions for specific guests using
-            <a href="formatnwfilter.html">nwfilter rules</a> on the
-            guests' interfaces.)
-            <span class="since">Since 2.2.0</span>
-          </dd>
-
          <dt><code>bridge</code></dt>
          <dd>
            This network describes either 1) an existing host bridge
@@ -640,47 +607,31 @@
 </pre>

    <p>
-      If (and only if) the network connection used by the guest
-      supports VLAN tagging transparent to the guest, an
-      optional <code>&lt;vlan&gt;</code> element can specify one or
-      more VLAN tags to apply to the guest's network
-      traffic <span class="since">Since 0.10.0</span>. Network
-      connections that support guest-transparent VLAN tagging include
-      1) type='bridge' interfaces connected to an Open vSwitch bridge
-      <span class="since">Since 0.10.0</span>, 2) SRIOV Virtual
-      Functions (VF) used via type='hostdev' (direct device
-      assignment) <span class="since">Since 0.10.0</span>, and 3)
-      SRIOV VFs used via type='direct' with mode='passthrough'
-      (macvtap "passthru" mode) <span class="since">Since
-      1.3.5</span>. All other connection types, including standard
+      If (and only if) the network type supports vlan tagging
+      transparent to the guest, an optional <code>&lt;vlan&gt;</code>
+      element can specify one or more vlan tags to apply to the
+      traffic of all guests using this
+      network <span class="since">Since 0.10.0</span>. (openvswitch
+      and type='hostdev' SR-IOV networks do support transparent vlan
+      tagging of guest traffic; everything else, including standard
      linux bridges and libvirt's own virtual networks, <b>do not</b>
      support it. 802.1Qbh (vn-link) and 802.1Qbg (VEPA) switches
      provide their own way (outside of libvirt) to tag guest traffic
-      onto a specific VLAN. Each tag is given in a
-      separate <code>&lt;tag&gt;</code> subelement
-      of <code>&lt;vlan&gt;</code> (for example: <code>&lt;tag
-      id='42'/&gt;</code>). For VLAN trunking of multiple tags (which
-      is supported only on Open vSwitch connections),
-      multiple <code>&lt;tag&gt;</code> subelements can be specified,
-      which implies that the user wants to do VLAN trunking on the
-      interface for all the specified tags. In the case that VLAN
-      trunking of a single tag is desired, the optional
-      attribute <code>trunk='yes'</code> can be added to the toplevel
-      <code>&lt;vlan&gt;</code> element to differentiate trunking of a
-      single tag from normal tagging.
+      onto specific vlans.) As expected, the <code>tag</code>
+      attribute specifies which vlan tag to use. If a network has more
+      than one <code>&lt;vlan&gt;</code> element defined, it is
+      assumed that the user wants to do VLAN trunking using all the
+      specified tags. In the case that vlan trunking with a single tag
+      is desired, the optional attribute <code>trunk='yes'</code> can
+      be added to the vlan element.
    </p>
    <p>
-      For network connections using Open vSwitch it is also possible
-      to configure 'native-tagged' and 'native-untagged' VLAN modes
-      <span class="since">Since 1.1.0.</span> This is done with the
-      optional <code>nativeMode</code> attribute on
-      the <code>&lt;tag&gt;</code> subelement: <code>nativeMode</code>
-      may be set to 'tagged' or 'untagged'. The <code>id</code>
-      attribute of the <code>&lt;tag&gt;</code> subelement
-      containing <code>nativeMode</code> sets which VLAN is considered
-      to be the "native" VLAN for this interface, and
-      the <code>nativeMode</code> attribute determines whether or not
-      traffic for that VLAN will be tagged.
+      For network connections using openvswitch it is possible to
+      configure the 'native-tagged' and 'native-untagged' vlan modes
+      <span class="since">Since 1.1.0</span>. This uses the optional
+      <code>nativeMode</code> attribute on the <code>&lt;tag&gt;</code>
+      element: <code>nativeMode</code> may be set to 'tagged' or
+      'untagged'. The id attribute of the element sets the native vlan.
    </p>
    <p>
      <code>&lt;vlan&gt;</code> elements can also be specified in
@@ -847,8 +798,7 @@
        &lt;dns&gt;
          &lt;txt name="example" value="example value" /&gt;
          &lt;forwarder addr="8.8.8.8"/&gt;
-          &lt;forwarder domain='example.com' addr="8.8.4.4"/&gt;
-          &lt;forwarder domain='www.example.com'/&gt;
+          &lt;forwarder addr="8.8.4.4"/&gt;
          &lt;srv service='name' protocol='tcp' domain='test-domain-name' target='.' port='1024' priority='10' weight='10'/&gt;
          &lt;host ip='192.168.122.2'&gt;
            &lt;hostname&gt;myhost&lt;/hostname&gt;
@@ -886,18 +836,6 @@
        information for the virtual network's DNS
        server <span class="since">Since 0.9.3</span>.

-        <p>
-          The dns element can have an optional <code>enable</code>
-          attribute <span class="since">Since 2.2.0</span>.
-          If <code>enable</code> is "no", then no DNS server will be
-          setup by libvirt for this network (and any other
-          configuration in <code>&lt;dns&gt;</code> will be ignored).
-          If <code>enable</code> is "yes" or unspecified (including
-          the complete absence of any <code>&lt;dns&gt;</code>
-          element) then a DNS server will be setup by libvirt to
-          listen on all IP addresses specified in the network's
-          configuration.
-        </p>
        <p>
          The dns element
          can have an optional <code>forwardPlainNames</code>
@@ -916,25 +854,12 @@
        Currently supported sub-elements of <code>&lt;dns&gt;</code> are:
        <dl>
          <dt><code>forwarder</code></dt>
-          <dd>The dns element can have 0 or
-            more <code>&lt;forwarder&gt;</code> elements.  Each
-            forwarder element defines an alternate DNS server to use
-            for some, or all, DNS requests sent to this network's DNS
-            server. There are two attributes - <code>domain</code>,
-            and <code>addr</code>; at least one of these must be
-            specified in any <code>&lt;forwarder&gt;</code>
-            element. If both <code>domain</code> and <code>addr</code>
-            are specified, then all requests that match the given
-            domain will be forwarded to the DNS server at addr. If
-            only <code>domain</code> is specified, then all matching
-            domains will be resolved locally (or via the host's
-            standard DNS forwarding if they can't be resolved
-            locally). If an <code>addr</code> is specified by itself,
-            then all DNS requests to the network's DNS server will be
-            forwarded to the DNS server at that address with no
-            exceptions. <code>addr</code> <span class="since">Since
-            1.1.3</span>, <code>domain</code> <span class="since">Since
-            2.2.0</span>.
+          <dd>A <code>dns</code> element can have 0 or
+            more <code>forwarder</code> elements.  Each forwarder
+            element defines an IP address to be used as forwarder in
+            DNS server configuration. The addr attribute is required
+            and defines the IP address of every
+            forwarder. <span class="since">Since 1.1.3</span>
          </dd>
          <dt><code>txt</code></dt>
          <dd>A <code>dns</code> element can have 0 or more <code>txt</code> elements.
--- a/docs/formatnode.html.in
+++ b/docs/formatnode.html.in
@@ -97,38 +97,18 @@
              <dd>
                This optional element can occur multiple times. If it
                exists, it has a mandatory <code>type</code> attribute
-                which will be set to:
-                <dl>
-                  <dt><code>physical_function</code></dt>
-                  <dd>
-                    That means there will be a single <code>address</code>
-                    subelement which contains the PCI address of the SRIOV
-                    Physical Function (PF) that is the parent of this device
-                    (and this device is, by implication, an SRIOV Virtual
-                    Function (VF)).
-                  </dd>
-                  <dt><code>virtual_function</code></dt>
-                  <dd>
-                    In this case this device is an SRIOV PF, and the capability
-                    element will have a list of <code>address</code>
-                    subelements, one for each VF on this PF. If the host system
-                    supports reporting it (via the "sriov_maxvfs" file in the
-                    device's sysfs directory) the capability element will also
-                    have an attribute named <code>maxCount</code> which is the
-                    maximum number of SRIOV VFs supported by this device, which
-                    could be higher than the number of VFs that are curently
-                    active <span class="since">since 1.3.0</span>; in this case,
-                    even if there are currently no active VFs the
-                    virtual_functions capabililty will still be shown.
-                  </dd>
-                  <dt><code>pci-bridge</code> or <code>cardbus-bridge</code></dt>
-                  <dd>
-                    This shows merely that the lower 7 bits of PCI header type
-                    have either value of 1 or 2 respectively.  Usually this
-                    means such device cannot be used for PCI passthrough.
-                    <span class="since">Since 1.3.3</span>
-                  </dd>
-                </dl>
+                which will be set to
+                either <code>physical_function</code>
+                or <code>virtual_functions</code>. If the type
+                is <code>physical_function</code>, there will be a
+                single <code>address</code> subelement which contains
+                the PCI address of the SRIOV Physical Function (PF)
+                that is the parent of this device (and this device is,
+                by implication, an SRIOV Virtual Function (VF)). If
+                the type is <code>virtual_functions</code>, then this
+                device is an SRIOV PF, and the capability element will
+                have a list of <code>address</code> subelements, one
+                for each VF on this PF.
              </dd>
              <dt><code>numa</code></dt>
              <dd>
--- a/docs/formatnwfilter.html.in
+++ b/docs/formatnwfilter.html.in
@@ -1779,9 +1779,9 @@
      <br/><br/>
    </p>

-    <h5><a name="nwfelemsRulesProtoMiscv6">ESP, AH, UDPLITE, 'ALL' over IPv6</a></h5>
+    <h5><a name="nwfelemsRulesProtoMiscv6">IGMP, ESP, AH, UDPLITE, 'ALL' over IPv6</a></h5>
    <p>
-      Protocol ID: <code>esp-ipv6</code>, <code>ah-ipv6</code>, <code>udplite-ipv6</code>, <code>all-ipv6</code>
+      Protocol ID: <code>igmp-ipv6</code>, <code>esp-ipv6</code>, <code>ah-ipv6</code>, <code>udplite-ipv6</code>, <code>all-ipv6</code>
      <br/>
      Note: The chain parameter is ignored for this type of traffic
      and should either be omitted or set to <code>root</code>.
--- a/docs/formatsecret.html.in
+++ b/docs/formatsecret.html.in
@@ -41,21 +41,18 @@
      <dd>
        Specifies what this secret is used for.  A mandatory
        <code>type</code> attribute specifies the usage category, currently
-        only <code>volume</code>, <code>ceph</code>, <code>iscsi</code>,
-        and <code>tls</code> are defined. Specific usage categories
-        are described below.
+        only <code>volume</code>, <code>ceph</code> and <code>iscsi</code>
+        are defined. Specific usage categories are described below.
      </dd>
    </dl>

    <h3><a name="VolumeUsageType">Usage type "volume"</a></h3>

    <p>
-      This secret is associated with a volume, whether the format is either
-      for a "qcow" or a "luks" encrypted volume. Each volume will have a
-      unique secret associated with it and it is safe to delete the
-      secret after the volume is deleted. The
-      <code>&lt;usage type='volume'&gt;</code> element must contain a
-      single <code>volume</code> element that specifies the path of the volume
+      This secret is associated with a volume, and it is safe to delete the
+      secret after the volume is deleted.  The <code>&lt;usage
+      type='volume'&gt;</code> element must contain a
+      single <code>volume</code> element that specifies the key of the volume
      this secret is associated with. For example, create a volume-secret.xml
      file as follows:
    </p>
@@ -71,7 +68,7 @@
    </pre>

    <p>
-      Define the secret and set the passphrase as follows:
+      Define the secret and set the pass phrase as follows:
    </p>
    <pre>
      # virsh secret-define volume-secret.xml
@@ -84,8 +81,8 @@
    </pre>

    <p>
-      The volume type secret can be supplied in domain XML for a qcow storage
-      volume <a href="formatstorageencryption.html">encryption</a> as follows:
+      The volume type secret can then be used in the XML for a storage volume
+      <a href="formatstorageencryption.html">encryption</a> as follows:
    </p>
    <pre>
      &lt;encryption format='qcow'&gt;
@@ -93,33 +90,6 @@
      &lt;/encryption&gt;
    </pre>

-    <p>
-      The volume type secret can be supplied either in volume XML during
-      creation of a <a href="formatstorage.html#StorageVol">storage volume</a>
-      in order to provide the passphrase to encrypt the volume or in
-      domain XML <a href="formatdomain.html#elementsDisks">disk device</a>
-      in order to provide the passphrase to decrypt the volume,
-      <span class="since">since 2.1.0</span>. An example follows:
-    </p>
-    <pre>
-      # cat luks-secret.xml
-      &lt;secret ephemeral='no' private='yes'&gt;
-         &lt;description&gt;LUKS Sample Secret&lt;/description&gt;
-         &lt;uuid&gt;f52a81b2-424e-490c-823d-6bd4235bc57&lt;/uuid&gt;
-         &lt;usage type='volume'&gt;
-            &lt;volume&gt;/var/lib/libvirt/images/luks-sample.img&lt;/volume&gt;
-         &lt;/usage&gt;
-      &lt;/secret&gt;
-
-      # virsh secret-define luks-secret.xml
-      Secret f52a81b2-424e-490c-823d-6bd4235bc57 created
-      #
-      # MYSECRET=`printf %s "letmein" | base64`
-      # virsh secret-set-value f52a81b2-424e-490c-823d-6bd4235bc57 $MYSECRET
-      Secret value set
-      #
-    </pre>
-
    <h3><a name="CephUsageType">Usage type "ceph"</a></h3>
    <p>
      This secret is associated with a Ceph RBD (rados block device).
@@ -153,9 +123,9 @@
      Secret 1b40a534-8301-45d5-b1aa-11894ebb1735 created
      #
      # virsh secret-list
-       UUID                                 Usage
+      UUID                                 Usage
      -----------------------------------------------------------
-       1b40a534-8301-45d5-b1aa-11894ebb1735 cephx ceph_example
+      1b40a534-8301-45d5-b1aa-11894ebb1735 cephx ceph_example
      #
      # CEPHPHRASE=`printf %s "pass phrase" | base64`
      # virsh secret-set-value 1b40a534-8301-45d5-b1aa-11894ebb1735 $CEPHPHRASE
@@ -239,9 +209,9 @@
      Secret c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 created

      # virsh secret-list
-       UUID                                 Usage
+      UUID                                 Usage
      -----------------------------------------------------------
-       c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 iscsi libvirtiscsi
+      c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 iscsi libvirtiscsi

      # MYSECRET=`printf %s "mysecret" | base64`
      # virsh secret-set-value c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 $MYSECRET
@@ -271,60 +241,5 @@
        &lt;secret usage='libvirtiscsi'/&gt;
      &lt;/auth&gt;
    </pre>
-
-    <h3><a name="tlsUsageType">Usage type "tls"</a></h3>
-
-    <p>
-      This secret may be used in order to provide the passphrase for the
-      private key used to provide TLS credentials.
-      The <code>&lt;usage type='tls'&gt;</code> element must contain a
-      single <code>name</code> element that specifies a usage name
-      for the secret.
-      <span class="since">Since 2.3.0</span>.
-      The following is an example of the expected XML and processing to
-      define the secret:
-    </p>
-
-    <pre>
-      # cat tls-secret.xml
-      &lt;secret ephemeral='no' private='yes'&gt;
-         &lt;description&gt;sample tls secret&lt;/description&gt;
-         &lt;usage type='tls'&gt;
-            &lt;name&gt;TLS_example&lt;/name&gt;
-         &lt;/usage&gt;
-      &lt;/secret&gt;
-
-      # virsh secret-define tls-secret.xml
-      Secret 718c71bd-67b5-4a2b-87ec-a24e8ca200dc created
-
-      # virsh secret-list
-       UUID                                 Usage
-      -----------------------------------------------------------
-       718c71bd-67b5-4a2b-87ec-a24e8ca200dc  tls TLS_example
-      #
-
-    </pre>
-
-    <p>
-      A secret may also be defined via the
-      <a href="html/libvirt-libvirt-secret.html#virSecretDefineXML">
-       <code>virSecretDefineXML</code></a> API.
-
-      Once the secret is defined, a secret value will need to be set. The
-      secret would be the passphrase used to access the TLS credentials.
-      The following is a simple example of using
-      <code>virsh secret-set-value</code> to set the secret value. The
-      <a href="html/libvirt-libvirt-secret.html#virSecretSetValue">
-      <code>virSecretSetValue</code></a> API may also be used to set
-      a more secure secret without using printable/readable characters.
-    </p>
-
-    <pre>
-      # MYSECRET=`printf %s "letmein" | base64`
-      # virsh secret-set-value 718c71bd-67b5-4a2b-87ec-a24e8ca200dc $MYSECRET
-      Secret value set
-
-    </pre>
-
  </body>
 </html>
--- a/docs/formatsnapshot.html.in
+++ b/docs/formatsnapshot.html.in
@@ -12,7 +12,7 @@
      There are several types of snapshots:
    </p>
    <dl>
-      <dt>disk snapshot</dt> <!-- exempt from syntax-check -->
+      <dt>disk snapshot</dt>
      <dd>Contents of disks (whether a subset or all disks associated
        with the domain) are saved at a given point of time, and can
        be restored back to that state.  On a running guest, a disk
@@ -26,14 +26,14 @@
        since the snapshot in a single file) and external (the
        snapshot is one file, and the changes since the snapshot are
        in another file).</dd>
-      <dt>memory state (or VM state)</dt> <!-- exempt from syntax-check -->
+      <dt>memory state (or VM state)</dt>
      <dd>Tracks only the state of RAM and all other resources in use
        by the VM.  If the disks are unmodified between the time a VM
        state snapshot is taken and restored, then the guest will
        resume in a consistent state; but if the disks are modified
        externally in the meantime, this is likely to lead to data
        corruption.</dd>
-      <dt>system checkpoint</dt> <!-- exempt from syntax-check -->
+      <dt>system checkpoint</dt>
      <dd>A combination of disk snapshots for all disks as well as VM
        memory state, which can be used to resume the guest from where it
        left off with symptoms similar to hibernation (that is, TCP
--- a/docs/formatstorage.html.in
+++ b/docs/formatstorage.html.in
@@ -87,14 +87,6 @@
        &lt;/source&gt;
        ...</pre>

-    <pre>
-        ...
-        &lt;source&gt;
-          &lt;device path='/dev/mapper/mpatha' part_separator='no'/&gt;
-          &lt;format type='gpt'/&gt;
-        &lt;/source&gt;
-        ...</pre>
-
    <pre>
        ...
        &lt;source&gt;
@@ -126,20 +118,10 @@
        (pool types <code>fs</code>, <code>logical</code>, <code>disk</code>,
        <code>iscsi</code>, <code>zfs</code>).
        May be repeated multiple times depending on backend driver. Contains
-        a required attribute <code>path</code> which is either the fully
+        a single attribute <code>path</code> which is either the fully
        qualified path to the block device node or for <code>iscsi</code>
        the iSCSI Qualified Name (IQN).
-        <span class="since">Since 0.4.1</span>
-        <p>An optional attribute <code>part_separator</code> for each
-        <code>path</code> may be supplied. Valid values for the attribute
-        may be either "yes" or "no". This attribute is to be used for a
-        <code>disk</code> pool type using a <code>path</code> to a
-        device mapper multipath device. Setting the attribute to "yes"
-        causes libvirt to attempt to generate and find target volume path's
-        using a "p" separator. The default algorithm used by device mapper
-        is to add the "p" separator only when the source device path ends
-        with a number.
-        <span class="since">Since 1.3.1</span></p></dd>
+        <span class="since">Since 0.4.1</span></dd>
      <dt><code>dir</code></dt>
      <dd>Provides the source for pools backed by directories (pool
        types <code>dir</code>, <code>netfs</code>, <code>gluster</code>),
@@ -486,7 +468,7 @@
      A storage volume will generally be either a file or a device
      node; <span class="since">since 1.2.0</span>, an optional
      output-only attribute <code>type</code> lists the actual type
-      (file, block, dir, network, netdir or ploop), which is also available
+      (file, block, dir, network, or netdir), which is also available
      from <code>virStorageVolGetInfo()</code>.  The storage volume
      XML format is available <span class="since">since 0.4.1</span>
    </p>
@@ -752,21 +734,5 @@
          &lt;/permissions&gt;
        &lt;/target&gt;
      &lt;/volume&gt;</pre>
-
-    <h3><a name="exampleLuks">Storage volume using LUKS</a></h3>
-
-    <pre>
-      &lt;volume&gt;
-        &lt;name&gt;MyLuks.img&lt;/name&gt;
-        &lt;capacity unit="G"&gt;5&lt;/capacity&gt;
-        &lt;target&gt;
-          &lt;path&gt;/var/lib/virt/images/MyLuks.img&lt;/path&gt;
-          &lt;format type='raw'/&gt;
-          &lt;encryption format='luks'&gt;
-            &lt;secret type='passphrase' uuid='f52a81b2-424e-490c-823d-6bd4235bc572'/&gt;
-          &lt;/encryption&gt;
-        &lt;/target&gt;
-      &lt;/volume&gt;
-    </pre>
  </body>
 </html>
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -25,14 +25,10 @@
    <p>
      The <code>encryption</code> tag can currently contain a sequence of
      <code>secret</code> tags, each with mandatory attributes <code>type</code>
-      and either <code>uuid</code> or <code>usage</code>
-      (<span class="since">since 2.1.0</span>). The only currently defined
-      value of <code>type</code> is <code>volume</code>. The
-      <code>uuid</code> is "uuid" of the <code>secret</code> while
-      <code>usage</code> is the "usage" subelement field.
-      A secret value can be set in libvirt by the
-      <a href="html/libvirt-libvirt-secret.html#virSecretSetValue">
-      <code>virSecretSetValue</code></a> API. Alternatively, if supported
+      and <code>uuid</code>.  The only currently defined value of
+      <code>type</code> is <code>passphrase</code>.  <code>uuid</code>
+      refers to a secret known to libvirt.  libvirt can use a secret value
+      previously set using <code>virSecretSetValue()</code>, or, if supported
      by the particular volume format and driver, automatically generate a
      secret value at the time of volume creation, and store it using the
      specified <code>uuid</code>.
@@ -40,7 +36,7 @@
    <h3><a name="StorageEncryptionDefault">"default" format</a></h3>
    <p>
      <code>&lt;encryption format="default"/&gt;</code> can be specified only
-      when creating a qcow volume.  If the volume is successfully created, the
+      when creating a volume.  If the volume is successfully created, the
      encryption formats, parameters and secrets will be auto-generated by
      libvirt and the attached <code>encryption</code> tag will be updated.
      The unmodified contents of the <code>encryption</code> tag can be used
@@ -56,70 +52,8 @@
      the <code>secret</code> element is not present during volume creation,
      a secret is automatically generated and attached to the volume.
    </p>
-    <h3><a name="StorageEncryptionLuks">"luks" format</a></h3>
-    <p>
-      The <code>luks</code> format is specific to a luks encrypted volume
-      and the secret is used in order to either encrypt during volume creation
-      or decrypt the volume for usage by the domain. A single
-      <code>&lt;secret type='passphrase'...&gt;</code> element is expected.
-      <span class="since">Since 2.1.0</span>.
-    </p>
-    <p>
-      For volume creation, it is possible to specify the encryption
-      algorithm used to encrypt the luks volume. The following two
-      optional elements may be provided for that purpose. It is hypervisor
-      dependent as to which algorithms are supported. The default algorithm
-      used by the storage driver backend when using qemu-img to create
-      the volume is 'aes-256-cbc' using 'essiv' for initialization vector
-      generation and 'sha256' hash algorithm for both the cipher and the
-      initialization vector generation.
-    </p>

-    <dl>
-      <dt><code>cipher</code></dt>
-      <dd>This element describes the cipher algorithm to be used to either
-          encrypt or decrypt the luks volume. This element has the following
-          attributes:
-          <dl>
-            <dt><code>name</code></dt>
-            <dd>The name of the cipher algorithm used for data encryption,
-            such as 'aes', 'des', 'cast5', 'serpent', 'twofish', etc.
-            Support of the specific algorithm is storage driver
-            implementation dependent.</dd>
-            <dt><code>size</code></dt>
-            <dd>The size of the cipher in bits, such as '256', '192', '128',
-            etc. Support of the specific size for a specific cipher is
-            hypervisor dependent.</dd>
-            <dt><code>mode</code></dt>
-            <dd>An optional cipher algorithm mode such as 'cbc', 'xts',
-            'ecb', etc. Support of the specific cipher mode is
-            hypervisor dependent.</dd>
-            <dt><code>hash</code></dt>
-            <dd>An optional master key hash algorithm such as 'md5', 'sha1',
-            'sha256', etc. Support of the specific hash algorithm is
-            hypervisor dependent.</dd>
-          </dl>
-      </dd>
-      <dt><code>ivgen</code></dt>
-      <dd>This optional element describes the initialization vector
-          generation algorithm used in conjunction with the
-          <code>cipher</code>. If the <code>cipher</code> is not provided,
-          then an error will be generated by the parser.
-          <dl>
-            <dt><code>name</code></dt>
-            <dd>The name of the algorithm, such as 'plain', 'plain64',
-            'essiv', etc. Support of the specific algorithm is hypervisor
-            dependent.</dd>
-            <dt><code>hash</code></dt>
-            <dd>An optional hash algorithm such as 'md5', 'sha1', 'sha256',
-            etc. Support of the specific ivgen hash algorithm is hypervisor
-            dependent.</dd>
-          </dl>
-      </dd>
-    </dl>
-
-
-    <h2><a name="example">Examples</a></h2>
+    <h2><a name="example">Example</a></h2>

    <p>
      Here is a simple example, specifying use of the <code>qcow</code> format:
@@ -129,39 +63,5 @@
      &lt;encryption format='qcow'&gt;
         &lt;secret type='passphrase' uuid='c1f11a6d-8c5d-4a3e-ac7a-4e171c5e0d4a' /&gt;
      &lt;/encryption&gt;</pre>
-
-    <p>
-      Assuming a <a href="formatsecret.html#VolumeUsageType">
-      <code>luks volume type secret</code></a> is already defined,
-      a simple example specifying use of the <code>luks</code> format
-      for either volume creation without a specific cipher being defined or
-      as part of a domain volume definition:
-    </p>
-    <pre>
-      &lt;encryption format='luks'&gt;
-        &lt;secret type='passphrase' uuid='f52a81b2-424e-490c-823d-6bd4235bc572'/&gt;
-      &lt;/encryption&gt;
-    </pre>
-
-    <p>
-      Here is an example specifying use of the <code>luks</code> format for
-      a specific cipher algorithm for volume creation:
-    </p>
-    <pre>
-      &lt;volume&gt;
-        &lt;name&gt;twofish.luks&lt;/name&gt;
-        &lt;capacity unit='G'&gt;5&lt;/capacity&gt;
-        &lt;target&gt;
-          &lt;path&gt;/var/lib/libvirt/images/demo.luks&lt;/path&gt;
-          &lt;format type='raw'/&gt;
-          &lt;encryption format='luks'&gt;
-             &lt;secret type='passphrase' uuid='f52a81b2-424e-490c-823d-6bd4235bc572'/&gt;
-             &lt;cipher name='twofish' size='256' mode='cbc' hash='sha256'/&gt;
-             &lt;ivgen name='plain64' hash='sha256'/&gt;
-          &lt;/encryption&gt;
-        &lt;/target&gt;
-      &lt;/volume&gt;
-    </pre>
-
  </body>
 </html>
--- a/docs/generic.css
+++ b/docs/generic.css
@@ -2,75 +2,71 @@ body {
  margin: 0em;
  padding: 0px;
  color: rgb(0,0,0);
-  font-family: sans-serif;
-  font-size: 90%;
+  font-family: Verdana, Arial, Helvetica, sans-serif;
+  font-size: smaller;
  background: #ffffff;
 }

 p, ul, ol, dl {
  padding: 0px;
  margin: 0px;
-  line-height: 150%;
 }

-p {
+ol,ul {
+  margin-left: 3em;
+}
+
+ol,ul,dl,p {
  margin-top: 1em;
  margin-bottom: 1em;
 }

-ul, ol {
-  margin-left: 2em;
+p:first-line {
+  margin-right: 1em;
 }

-dt {
+div.body p:first-letter {
+  font-size: 1.2em;
+  font-weight: bold;
+}
+
+h1,h2,h3,h4,h5,h6 {
+  font-weight: bold;
+  margin: 0px;
+  padding: 0px;
+  margin-top: 0.5em;
+}
+
+div.footer {
+  margin-top: 1em;
+}
+
+h1 {
+  font-size: 2em;
+}
+h2 {
+  font-size: 1.6em;
+}
+h3 {
+  font-size: 1.4em;
+}
+h4 {
+  font-size: 1.2em;
+}
+h5 {
+  font-size: 1em;
+}
+h6 {
+  font-size: 0.8em;
+}
+
+dl dt {
  margin-left: 1em;
  margin-right: 2em;
 }

-dt code {
-  font-weight: bold;
-}
-
 dl dd {
  margin-left: 2em;
  margin-right: 2em;
  margin-bottom: 0.5em;
 }
-
-h1, h2, h3, h4, h5, h6 {
-  font-weight: bold;
-  margin: 0px;
-  padding: 0px;
-  margin-bottom: 0.25em;
-  border-bottom: 1px solid #aaa;
-}
-
-h1 {
-  margin-top: 0em;
-  font-size: 1.6em;
-}
-
-h2 {
-  margin-top: 1.0em;
-  font-size: 1.4em;
-}
-
-h3 {
-  margin-top: 1.0em;
-  font-size: 1.2em;
-}
-
-h4 {
-  margin-top: 1.0em;
-  font-size: 1.1em;
-}
-
-h5 {
-  margin-top: 0.75em;
-  font-size: 1em;
-}
-
-h6 {
-  margin-top: 0.75em;
-  font-size: 0.8em;
-}
--- a/docs/hacking.html.in
+++ b/docs/hacking.html.in
@@ -23,10 +23,20 @@
        automatically pulls the latest version of each translation
        file from zanata.</li>

-      <li><p>Post patches using "git send-email", with git rename
+      <li><p>Post patches in unified diff format, with git rename
        detection enabled.  You need a one-time setup of:</p>
 <pre>
  git config diff.renames true
+</pre>
+        <p>After that, a command similar to this should work:</p>
+<pre>
+  diff -urp libvirt.orig/ libvirt.modified/ &gt; libvirt-myfeature.patch
+</pre>
+        <p>
+          or:
+        </p>
+<pre>
+  git diff &gt; libvirt-myfeature.patch
 </pre>
        <p>Also, for code motion patches, you may find that <code>git
        diff --patience</code> provides an easier-to-read patch.
@@ -179,19 +189,6 @@
          under gdb or Valgrind.
        </p>

-        <p>When running our test suite it may happen that the test result is
-        nondeterministic because of the test suite relying on a particular file
-        in the system being accessible or having some specific value. To catch
-        this kind of errors, the test suite has a module for that prints any
-        path touched that fulfils constraints described above
-        into a file. To enable it just set
-        <code>VIR_TEST_FILE_ACCESS</code> environment variable.
-        Then <code>VIR_TEST_FILE_ACCESS_OUTPUT</code> environment
-        variable can alter location where the file is stored.</p>
-<pre>
-  VIR_TEST_FILE_ACCESS=1 VIR_TEST_FILE_ACCESS_OUTPUT="/tmp/file_access.txt" ./qemuxml2argvtest
-</pre>
-
      </li>
      <li><p>The Valgrind test should produce similar output to
          <code>make check</code>. If the output has traces within libvirt
--- a/docs/hooks.html.in
+++ b/docs/hooks.html.in
@@ -17,10 +17,8 @@
          (<span class="since">since 0.8.0</span>)<br/><br/></li>
      <li>A QEMU guest is started or stopped
         (<span class="since">since 0.8.0</span>)<br/><br/></li>
-      <li>An LXC guest is started or stopped
+         <li>An LXC guest is started or stopped
         (<span class="since">since 0.8.0</span>)<br/><br/></li>
-      <li>A libxl-handled Xen guest is started or stopped
-         (<span class="since">since 2.1.0</span>)<br/><br/></li>
      <li>A network is started or stopped or an interface is
          plugged/unplugged to/from the network
          (<span class="since">since 1.2.2</span>)<br/><br/></li>
@@ -43,7 +41,7 @@
    <br/>

    <h2><a name="names">Script names</a></h2>
-    <p>At present, there are five hook scripts that can be called:</p>
+    <p>At present, there are three hook scripts that can be called:</p>
    <ul>
      <li><code>/etc/libvirt/hooks/daemon</code><br/><br/>
          Executed when the libvirt daemon is started, stopped, or reloads
@@ -52,9 +50,6 @@
          Executed when a QEMU guest is started, stopped, or migrated<br/><br/></li>
      <li><code>/etc/libvirt/hooks/lxc</code><br /><br/>
          Executed when an LXC guest is started or stopped</li>
-      <li><code>/etc/libvirt/hooks/libxl</code><br/><br/>
-          Executed when a libxl-handled Xen guest is started, stopped, or
-          migrated<br/><br/></li>
      <li><code>/etc/libvirt/hooks/network</code><br/><br/>
          Executed when a network is started or stopped or an
          interface is plugged/unplugged to/from the network</li>
@@ -240,50 +235,6 @@
      </li>
    </ul>

-    <h5><a name="libxl">/etc/libvirt/hooks/libxl</a></h5>
-    <ul>
-      <li>Before a Xen guest is started using libxl driver, the libxl hook
-        script is called in three locations; if any location fails, the guest
-        is not started.  The first location, <span class="since">since
-        2.1.0</span>, is before libvirt performs any resource
-        labeling, and the hook can allocate resources not managed by
-        libvirt.  This is called as:<br/>
-        <pre>/etc/libvirt/hooks/libxl guest_name prepare begin -</pre>
-        The second location, available <span class="since">Since
-        2.1.0</span>, occurs after libvirt has finished labeling
-        all resources, but has not yet started the guest, called as:<br/>
-        <pre>/etc/libvirt/hooks/libxl guest_name start begin -</pre>
-        The third location, <span class="since">2.1.0</span>,
-        occurs after the domain has successfully started up:<br/>
-        <pre>/etc/libvirt/hooks/libxl guest_name started begin -</pre>
-      </li>
-      <li>When a libxl-handled Xen guest is stopped, the libxl hook script
-        is called in two locations, to match the startup.
-        First, <span class="since">since 2.1.0</span>, the hook is
-        called before libvirt restores any labels:<br/>
-        <pre>/etc/libvirt/hooks/libxl guest_name stopped end -</pre>
-        Then, after libvirt has released all resources, the hook is
-        called again, <span class="since">since 2.1.0</span>, to allow
-        any additional resource cleanup:<br/>
-        <pre>/etc/libvirt/hooks/libxl guest_name release end -</pre></li>
-      <li><span class="since">Since 2.1.0</span>, the libxl hook script
-        is also called at the beginning of incoming migration. It is called
-        as: <pre>/etc/libvirt/hooks/libxl guest_name migrate begin -</pre>
-        with domain XML sent to standard input of the script. In this case,
-        the script acts as a filter and is supposed to modify the domain
-        XML and print it out on its standard output. Empty output is
-        identical to copying the input XML without changing it. In case the
-        script returns failure or the output XML is not valid, incoming
-        migration will be canceled. This hook may be used, e.g., to change
-        location of disk images for incoming domains.</li>
-      <li><span class="since">Since 2.1.0</span>, the libxl hook script
-        is also called when the libvirtd daemon restarts and reconnects
-        to previously running Xen domains. If the script fails, the
-        existing Xen domains will be killed off. It is called as:
-        <pre>/etc/libvirt/hooks/libxl guest_name reconnect begin -</pre>
-      </li>
-    </ul>
-
    <h5><a name="network">/etc/libvirt/hooks/network</a></h5>
    <ul>
      <li><span class="since">Since 1.2.2</span>, before a network is started,
@@ -299,8 +250,6 @@
          <pre>/etc/libvirt/hooks/network network_name plugged begin -</pre>
        Please note, that in this case, the script is passed both network and
        domain XMLs on its stdin.</li>
-      <li>When network is updated, the hook script is called as:<br/>
-          <pre>/etc/libvirt/hooks/network network_name updated begin -</pre></li>
      <li>When the domain from previous case is shutting down, the interface
        is unplugged. This leads to another script invocation:<br/>
          <pre>/etc/libvirt/hooks/network network_name unplugged begin -</pre>
--- a/docs/hvsupport.pl
+++ b/docs/hvsupport.pl
@@ -4,6 +4,8 @@ use strict;
 use warnings;

 use File::Find;
+use XML::XPath;
+use XML::XPath::XMLParser;

 die "syntax: $0 SRCDIR\n" unless int(@ARGV) == 1;

@@ -42,91 +44,136 @@ find({
            push @srcs, $_ if $_ !~ /vbox_driver\.c/;
        }
    }, no_chdir => 1}, $srcdir);
+my $line;

-# Map API functions to the header and documentation files they're in
-# so that we can generate proper hyperlinks to their documentation.
-#
-# The function names are grep'd from the XML output of apibuild.py.
-sub getAPIFilenames {
-    my $filename = shift;
-
-    my %files;
-    my $line;
-
-    open FILE, "<", $filename or die "cannot read $filename: $!";
-
-    while (defined($line = <FILE>)) {
-        if ($line =~ /function name='([^']+)' file='([^']+)'/) {
-            $files{$1} = $2;
-        }
-    }
-
-    close FILE;
-
-    if (keys %files == 0) {
-        die "No functions found in $filename. Has the apibuild.py output changed?";
-    }
-    return \%files;
-}
-
-sub parseSymsFile {
-    my $apisref = shift;
-    my $prefix = shift;
-    my $filename = shift;
-    my $xmlfilename = shift;
-
-    my $line;
-    my $vers;
-    my $prevvers;
-
-    my $filenames = getAPIFilenames($xmlfilename);
-
-    open FILE, "<$filename"
-        or die "cannot read $filename: $!";
-
-    while (defined($line = <FILE>)) {
-        chomp $line;
-        next if $line =~ /^\s*#/;
-        next if $line =~ /^\s*$/;
-        next if $line =~ /^\s*(global|local):/;
-        if ($line =~ /^\s*${prefix}_(\d+\.\d+\.\d+)\s*{\s*$/) {
-            if (defined $vers) {
-                die "malformed syms file";
-            }
-            $vers = $1;
-        } elsif ($line =~ /\s*}\s*;\s*$/) {
-            if (defined $prevvers) {
-                die "malformed syms file";
-            }
-            $prevvers = $vers;
-            $vers = undef;
-        } elsif ($line =~ /\s*}\s*${prefix}_(\d+\.\d+\.\d+)\s*;\s*$/) {
-            if ($1 ne $prevvers) {
-                die "malformed syms file $1 != $vers";
-            }
-            $prevvers = $vers;
-            $vers = undef;
-        } elsif ($line =~ /\s*(\w+)\s*;\s*$/) {
-            $$apisref{$1} = {};
-            $$apisref{$1}->{vers} = $vers;
-            $$apisref{$1}->{file} = $$filenames{$1};
-        } else {
-            die "unexpected data $line\n";
-        }
-    }
-
-    close FILE;
-}
+# Get the list of all public APIs and their corresponding version

 my %apis;
-# Get the list of all public APIs and their corresponding version
-parseSymsFile(\%apis, "LIBVIRT", $symslibvirt, "$srcdir/../docs/libvirt-api.xml");
+open FILE, "<$symslibvirt"
+    or die "cannot read $symslibvirt: $!";
+
+my $vers;
+my $prevvers;
+my $apixpath = XML::XPath->new(filename => "$srcdir/../docs/libvirt-api.xml");
+while (defined($line = <FILE>)) {
+    chomp $line;
+    next if $line =~ /^\s*#/;
+    next if $line =~ /^\s*$/;
+    next if $line =~ /^\s*(global|local):/;
+    if ($line =~ /^\s*LIBVIRT_(\d+\.\d+\.\d+)\s*{\s*$/) {
+        if (defined $vers) {
+            die "malformed syms file";
+        }
+        $vers = $1;
+    } elsif ($line =~ /\s*}\s*;\s*$/) {
+        if (defined $prevvers) {
+            die "malformed syms file";
+        }
+        $prevvers = $vers;
+        $vers = undef;
+    } elsif ($line =~ /\s*}\s*LIBVIRT_(\d+\.\d+\.\d+)\s*;\s*$/) {
+        if ($1 ne $prevvers) {
+            die "malformed syms file $1 != $vers";
+        }
+        $prevvers = $vers;
+        $vers = undef;
+    } elsif ($line =~ /\s*(\w+)\s*;\s*$/) {
+        my $file = $apixpath->find("/api/symbols/function[\@name='$1']/\@file");
+        $apis{$1} = {};
+        $apis{$1}->{vers} = $vers;
+        $apis{$1}->{file} = $file;
+    } else {
+        die "unexpected data $line\n";
+    }
+}
+
+close FILE;
+

 # And the same for the QEMU specific APIs
-parseSymsFile(\%apis, "LIBVIRT_QEMU", $symsqemu, "$srcdir/../docs/libvirt-qemu-api.xml");
+
+open FILE, "<$symsqemu"
+    or die "cannot read $symsqemu: $!";
+
+$prevvers = undef;
+$vers = undef;
+$apixpath = XML::XPath->new(filename => "$srcdir/../docs/libvirt-qemu-api.xml");
+while (defined($line = <FILE>)) {
+    chomp $line;
+    next if $line =~ /^\s*#/;
+    next if $line =~ /^\s*$/;
+    next if $line =~ /^\s*(global|local):/;
+    if ($line =~ /^\s*LIBVIRT_QEMU_(\d+\.\d+\.\d+)\s*{\s*$/) {
+        if (defined $vers) {
+            die "malformed syms file";
+        }
+        $vers = $1;
+    } elsif ($line =~ /\s*}\s*;\s*$/) {
+        if (defined $prevvers) {
+            die "malformed syms file";
+        }
+        $prevvers = $vers;
+        $vers = undef;
+    } elsif ($line =~ /\s*}\s*LIBVIRT_QEMU_(\d+\.\d+\.\d+)\s*;\s*$/) {
+        if ($1 ne $prevvers) {
+            die "malformed syms file $1 != $vers";
+        }
+        $prevvers = $vers;
+        $vers = undef;
+    } elsif ($line =~ /\s*(\w+)\s*;\s*$/) {
+        my $file = $apixpath->find("/api/symbols/function[\@name='$1']/\@file");
+        $apis{$1} = {};
+        $apis{$1}->{vers} = $vers;
+        $apis{$1}->{file} = $file;
+    } else {
+        die "unexpected data $line\n";
+    }
+}
+
+close FILE;
+

 # And the same for the LXC specific APIs
-parseSymsFile(\%apis, "LIBVIRT_LXC", $symslxc, "$srcdir/../docs/libvirt-lxc-api.xml");
+
+open FILE, "<$symslxc"
+    or die "cannot read $symslxc: $!";
+
+$prevvers = undef;
+$vers = undef;
+$apixpath = XML::XPath->new(filename => "$srcdir/../docs/libvirt-lxc-api.xml");
+while (defined($line = <FILE>)) {
+    chomp $line;
+    next if $line =~ /^\s*#/;
+    next if $line =~ /^\s*$/;
+    next if $line =~ /^\s*(global|local):/;
+    if ($line =~ /^\s*LIBVIRT_LXC_(\d+\.\d+\.\d+)\s*{\s*$/) {
+        if (defined $vers) {
+            die "malformed syms file";
+        }
+        $vers = $1;
+    } elsif ($line =~ /\s*}\s*;\s*$/) {
+        if (defined $prevvers) {
+            die "malformed syms file";
+        }
+        $prevvers = $vers;
+        $vers = undef;
+    } elsif ($line =~ /\s*}\s*LIBVIRT_LXC_(\d+\.\d+\.\d+)\s*;\s*$/) {
+        if ($1 ne $prevvers) {
+            die "malformed syms file $1 != $vers";
+        }
+        $prevvers = $vers;
+        $vers = undef;
+    } elsif ($line =~ /\s*(\w+)\s*;\s*$/) {
+        my $file = $apixpath->find("/api/symbols/function[\@name='$1']/\@file");
+        $apis{$1} = {};
+        $apis{$1}->{vers} = $vers;
+        $apis{$1}->{file} = $file;
+    } else {
+        die "unexpected data $line\n";
+    }
+}
+
+close FILE;


 # Some special things which aren't public APIs,
@@ -159,8 +206,6 @@ $apis{virDomainMigrateConfirm3Params}->{vers} = "1.1.0";
 # and driver struct fields. This lets us later match
 # update the driver impls with the public APis.

-my $line;
-
 # Group name -> hash of APIs { fields -> api name }
 my %groups;
 my $ingrp;
@@ -207,30 +252,28 @@ foreach my $src (@srcs) {
    open FILE, "<$src" or
        die "cannot read $src: $!";

-    my $groups_regex = join("|", keys %groups);
    $ingrp = undef;
    my $impl;
    while (defined($line = <FILE>)) {
        if (!$ingrp) {
-            # skip non-matching lines early to save time
-            next if not $line =~ /$groups_regex/;
+            foreach my $grp (keys %groups) {
+                if ($line =~ /^\s*(?:static\s+)?$grp\s+(\w+)\s*=\s*{/ ||
+                    $line =~ /^\s*(?:static\s+)?$grp\s+NAME\(\w+\)\s*=\s*{/) {
+                    $ingrp = $grp;
+                    $impl = $src;

-            if ($line =~ /^\s*(?:static\s+)?($groups_regex)\s+(\w+)\s*=\s*{/ ||
-                $line =~ /^\s*(?:static\s+)?($groups_regex)\s+NAME\(\w+\)\s*=\s*{/) {
-                $ingrp = $1;
-                $impl = $src;
+                    if ($impl =~ m,.*/node_device_(\w+)\.c,) {
+                        $impl = $1;
+                    } else {
+                        $impl =~ s,.*/(\w+?)_((\w+)_)?(\w+)\.c,$1,;
+                    }

-                if ($impl =~ m,.*/node_device_(\w+)\.c,) {
-                    $impl = $1;
-                } else {
-                    $impl =~ s,.*/(\w+?)_((\w+)_)?(\w+)\.c,$1,;
+                    if ($groups{$ingrp}->{drivers}->{$impl}) {
+                        die "Group $ingrp already contains $impl";
+                    }
+
+                    $groups{$ingrp}->{drivers}->{$impl} = {};
                }
-
-                if ($groups{$ingrp}->{drivers}->{$impl}) {
-                    die "Group $ingrp already contains $impl";
-                }
-
-                $groups{$ingrp}->{drivers}->{$impl} = {};
            }

        } else {
--- a/docs/internals.html.in
+++ b/docs/internals.html.in
@@ -14,7 +14,6 @@
      <li>Introduction to basic rules and guidelines for
      <a href="hacking.html">hacking</a> on libvirt code</li>
      <li>Guide to adding <a href="api_extension.html">public APIs</a></li>
-      <li>Insight into libvirt <a href="internals/eventloop.html">event loop and worker pool</a></li>
      <li>Approach for <a href="internals/command.html">spawning commands</a>
      from libvirt driver code</li>
      <li>The libvirt <a href="internals/rpc.html">RPC infrastructure</a></li>
--- a/docs/internals/eventloop.html.in
+++ b/docs/internals/eventloop.html.in
@@ -1,106 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Libvirt's event loop</h1>
-
-    <ul id="toc"></ul>
-
-    <p>
-      This page describes the event loop approach used in
-      libvirt. Both server and client.
-    </p>
-
-    <h2><a name="event_loop">Event driven programming</a></h2>
-
-    <p>Traditionally, a program simply ran once, then terminated.
-    This type of program was very common in the early days of
-    computing, and lacked any form of user interactivity. This is
-    still used frequently, particularly in small one purpose
-    programs.</p>
-
-    <p>However, that approach is not suitable for all the types
-    of applications. For instance graphical applications spend
-    most of their run time waiting for an input from user. Only
-    after it happened (in our example a button was clicked, a key
-    pressed, etc.) an event is generated to which they respond
-    by executing desired function. If generalized, this is how
-    many long running programs (daemons) work. Even those who are
-    not waiting for direct user input and have no graphical
-    interface. Such as Libvirt.</p>
-
-    <img alt="event loop" src="http://libvirt.org/git/?p=libvirt-media.git;a=blob_plain;f=png/event_loop_simple.png;hb=HEAD"/>
-
-    <p>In Libvirt this approach is used in combination with
-    <code>poll(2)</code> as all the communication with its
-    clients (and domains it manages too) happens through sockets.
-    Therefore whenever new client connects, it is given exclusive
-    file descriptor which is then watched for incoming events,
-    e.g. messages. </p>
-
-    <h2><a name="api">The event loop API</a></h2>
-
-    <p>To work with event loop from our code we have plenty of
-    APIs.</p>
-
-    <ul>
-      <li><code>virEventAddHandle</code>: Registers a
-        callback for monitoring file handle events.</li>
-      <li><code>virEventUpdateHandle</code>: Change set of events
-        monitored file handle is being watched for.</li>
-      <li><code>virEventRemoveHandle</code>: Unregisters
-        previously registered file handle so that it is no
-        longer monitored for any events.</li>
-      <li><code>virEventAddTimeout</code>: Registers a
-        callback for timer event.</li>
-      <li><code>virEventUpdateTimeout</code>: Changes frequency
-        for a timer.</li>
-      <li><code>virEventRemoveTimeout</code>: Unregisters
-        a timer.</li>
-    </ul>
-
-    <p>For more information on these APIs continue reading <a
-    href="../html/libvirt-libvirt-event.html">here</a>.</p>
-
-    <h2><a name="worker_pool">Worker pool</a></h2>
-
-    <p>Looking back at the image above we can see one big
-    limitation. While processing a message event loop is blocked
-    and for an outside observer unresponsive. This is not
-    acceptable for Libvirt. Therefore we have came up with the
-    following solution.</p>
-
-    <img alt="event loop" src="http://libvirt.org/git/?p=libvirt-media.git;a=blob_plain;f=png/event_loop_worker.png;hb=HEAD"/>
-
-    <p>The event loop does only necessary minimum and hand over
-    message processing to another thread. In fact, there can be
-    as many processing threads as configured increasing
-    processing power.</p>
-
-    <p>To break this high level description into smaller pieces,
-    here is what happens when user calls an API:</p>
-    <ol>
-      <li>User (or management application) calls a Libvirt API.
-      Depending on the connection URI, this may or may not
-      involve server. Well, for the sake of our
-      demonstration we assume the former.</li>
-      <li>Remote driver encodes the API among it's arguments
-      into an <a href="rpc.html">RPC message</a> and sends
-      it to the server.</li>
-      <li>Here, server is waiting in <code>poll(2)</code> for
-      an event, like incoming message.</li>
-      <li>As soon as the first bytes of message are received,
-      even loop wakes up and server starts reading the
-      whole message.</li>
-      <li>Once fully read, the event loop notifies threads
-      known as worker threads from which one picks the incoming
-      message, decodes and process it.</li>
-      <li>As soon as API execution is finished, a reply is sent
-      to the client.</li>
-    </ol>
-
-    <p>In case that there's no free worker to process an incoming
-    message in step 5, message is placed at the end of a message
-    queue and is processed in next iteration.</p>
-  </body>
-</html>
--- a/docs/libvirt.css
+++ b/docs/libvirt.css
@@ -1,4 +1,12 @@
-h1, h2, h3, h4, h5, h6 {
+h1 {
+    font-weight: normal;
+    color: #3c857c;
+}
+h1 strong {
+    font-weight: bold;
+}
+
+h2, h3, h4, h5, h6 {
    color: #3c857c;
 }

@@ -47,6 +55,12 @@ h1, h2, h3, h4, h5, h6 {
    padding: 0px;
    margin: 0px;
    border: 0px;
+    font-weight: bold;
+    font-size: 1.2em;
+}
+
+#menu li ul li {
+    font-size: 1em;
 }

 #menu ul li a, #menu ul li span {
@@ -80,7 +94,6 @@ h1, h2, h3, h4, h5, h6 {
 #menu ul.l1 li .inactive {
    border-left: 6px solid #dfebea;
 }
-
 #menu ul.l1 li .active {
    border-left: 6px solid #a5c6c2;
 }
@@ -96,6 +109,7 @@ h1, h2, h3, h4, h5, h6 {
    padding-left: 3em;
 }

+
 #headerLogo {
    position: absolute;
    top: 0px;
@@ -104,7 +118,6 @@ h1, h2, h3, h4, h5, h6 {
    width: 400px;
    background: url(libvirt-header-logo.png);
 }
-
 #headerSearch {
    position: absolute;
    top: 0px;
@@ -129,6 +142,7 @@ h1, h2, h3, h4, h5, h6 {
    font-size: 1em;
 }

+
 #sitemap ul li {
    list-style: none;
 }
@@ -163,6 +177,7 @@ a {
    color: #566866;
 }

+
 div.api {
    border: 1px solid #999999;
    background: #eeeeee;
@@ -188,6 +203,7 @@ div.api table td, div.variablelist table td {
    padding-left: 1em;
 }

+
 h1 a, h2 a, h3 a, h4 a, h5 a {
    color: inherit;
    text-decoration: inherit;
@@ -227,6 +243,36 @@ p.image {
    background: #c5dbd8;
 }

+#footer {
+    clear: both;
+    position: relative;
+    margin: 0px;
+    padding: 0px;
+    border: 0px;
+    width: 100%;
+    height: 180px;
+    background: #FFFFFF;
+/*    background: #757575; */
+}
+/* This is hidden from IE <= 6 because it can't do transparency */
+/* body > #footer {
+    background: #757575 url(footer_pattern.png) repeat-x;
+} */
+
+#footer p {
+    position: absolute;
+    top: 0px;
+    left: 0px;
+    margin: 0px;
+    border: 0px solid red;
+    width: 220px;
+    text-align: center;
+}
+
+#footer p a img {
+    border: 0px;
+}
+
 #projects {
    margin: 0px;
    border: 0px;
@@ -236,6 +282,7 @@ p.image {
    width: 100%;
 }

+
 #projects dl {
    margin: 0px;
    border: 0px solid white;
@@ -244,6 +291,10 @@ p.image {
    top: 0px;
    left: 0px;
 }
+/* This is hidden from IE <= 6 because it can't do transparency */
+head:first-child+body #projects dl {
+    background: url(footer_corner.png) no-repeat ! important;
+}

 #projects #p1 {
    margin-left: 25%;
@@ -268,15 +319,16 @@ p.image {
 #projects #p1 dt, #projects #p1 dd {
    width: 33%;
 }
-
 #projects #p2 dt, #projects #p2 dd {
    width: 50%;
 }
-
 #projects #p3 dt, #projects #p3 dd {
    width: 99%;
 }

+#projects {
+}
+
 #projects span {
    font-size: 0.8em;
    display: block;
@@ -300,6 +352,13 @@ p.image {
    color: #ccc;
 }

+
+#sponsor {
+    color: #757575;
+    text-decoration: inherit;
+    font-size: 1.2em;
+}
+
 span.since {
    color: #3c857c;
    font-style: italic;
@@ -345,7 +404,6 @@ table.data tr.head th {
 table.data tbody td {
    background: rgb(240,240,240);
 }
-
 table.data tbody td.y {
    background: rgb(220,255,220);
    text-align: center;
--- a/docs/locking.html.in
+++ b/docs/locking.html.in
@@ -23,19 +23,19 @@
    </p>

    <dl>
-      <dt><code>nop</code></dt>
+      <dt>nop</dt>
      <dd>This is a "no op" implementation which does absolutely
        nothing. This can be used if mutual exclusion between
        virtual machines is not required, or if it is being
        solved at another level in the management stack.</dd>
-      <dt><code><a href="locking-lockd.html">lockd</a></code></dt>
+      <dt><a href="locking-lockd.html">lockd</a></dt>
      <dd>This is the current preferred implementation shipped
        with libvirt. It uses the <code>virtlockd</code> daemon
        to manage locks using the POSIX fcntl() advisory locking
        capability. As such it requires a shared filesystem of
        some kind be accessible to all hosts which share the
        same image storage.</dd>
-      <dt><code><a href="locking-sanlock.html">sanlock</a></code></dt>
+      <dt><a href="locking-sanlock.html">sanlock</a></dt>
      <dd>This is an alternative implementation preferred by
        the oVirt project. It uses a disk paxos algorithm for
        maintaining continuously renewed leases. In the default
--- a/docs/logging.html.in
+++ b/docs/logging.html.in
@@ -104,15 +104,12 @@
    <pre>
  x:name  (log message only)
  x:+name (log message + stack trace)</pre>
-    <p>where <code>name</code> is a string which is matched against
-    the category given in the VIR_LOG_INIT() at the top of each
-    libvirt source file, e.g., <code>remote</code>, <code>qemu</code>,
-    or <code>util.json</code> (the name in the filter can be a
-    substring of the full category name, in order to match multiple
-    similar categories), the optional <code>+</code> prefix tells
-    libvirt to log stack trace for each message
-    matching <code>name</code>, and <code>x</code> is the minimal
-    level where matching messages should be logged:</p>
+    <p>where <code>name</code> is a string which is matched against source
+    file name, e.g., <code>remote</code>, <code>qemu</code>, or
+    <code>util/json</code>, the optional <code>+</code> prefix tells libvirt
+    to log stack trace for each message matching <code>name</code>, and
+    <code>x</code> is the minimal level where matching messages should
+    be logged:</p>
    <ul>
      <li>1: DEBUG</li>
      <li>2: INFO</li>
--- a/docs/migration.html.in
+++ b/docs/migration.html.in
@@ -148,9 +148,8 @@
      <code>virsh dumpxml</code> on source host followed by
      <code>virsh define</code> on destination host, as offline migration
      will run the pre-migration hook to update the domain XML on
-      destination host. Currently, copying non-shared storage or other file
-      based storages (e.g. UEFI variable storage) is not supported during
-      offline migration.
+      destination host. Currently, copying non-shared storage is not
+      supported during offline migration.
    </p>

    <h2><a name="uris">Migration URIs</a></h2>
@@ -476,7 +475,7 @@
    </pre>

    <p>
-      Supported by Xen, QEMU, VMware and VirtualBox drivers
+      Supported by Xen, QEMU, VMWare and VirtualBox drivers
    </p>

    <h3><a name="scenarionativepeer2peer">Native migration, client to and peer2peer between, two libvirtd servers</a></h3>
--- a/docs/news-2005.html.in
+++ b/docs/news-2005.html.in
@@ -1,28 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  </head>
-  <body>
-    <h1>Releases (2005)</h1>
-    <p>Here is the list of official releases made during the year 2005.
-    </p>
-    <p>It is also possible to just use
-    the <a href="downloads.html" shape="rect">GIT version or snapshot</a>,
-    contact the mailing list and check
-    the <a href="http://libvirt.org/git/?p=libvirt.git;a=log" shape="rect">GIT log</a>
-    to gauge progress.
-    </p>
-
-    <h3>0.0.1: Dec 19 2005</h3>
-    <ul>
-      <li>Features:<br/>
-      First release,<br/>
-      Basic management of existing Xen domains,<br/>
-      Minimal autogenerated Python bindings<br/>
-      </li>
-    </ul>
-
-  </body>
-</html>
--- a/docs/news-2006.html.in
+++ b/docs/news-2006.html.in
@@ -1,354 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  </head>
-  <body>
-    <h1>Releases (2006)</h1>
-    <p>Here is the list of official releases made during the year 2006.
-    A similar list for <a href="news-2005.html">2005</a> is also available.
-    </p>
-    <p>It is also possible to just use
-    the <a href="downloads.html" shape="rect">GIT version or snapshot</a>,
-    contact the mailing list and check
-    the <a href="http://libvirt.org/git/?p=libvirt.git;a=log" shape="rect">GIT log</a>
-    to gauge progress.
-    </p>
-
-    <h3>0.1.10: Dec 20 2006</h3>
-    <ul>
-      <li>Bug Fixes:<br/>
-      VCPU info breakages on xen 3.0.3,<br/>
-      xenDaemonListDomains buffer overflow (Daniel Berrange),<br/>
-      reference count bug when creating Xen domains (Daniel Berrange)<br/>
-      </li>
-
-      <li>Improvements:<br/>
-      more localizations,<br/>
-      support graphic framebuffer for Xen paravirt (Daniel Berrange),<br/>
-      VNC listen IP range support (Daniel Berrange),<br/>
-      support for default Xen config files and inactive domains of 3.0.4 (Daniel Berrange)<br/>
-      </li>
-    </ul>
-
-    <h3>0.1.9: Nov 29 2006</h3>
-    <ul>
-      <li>Features:<br/>
-      separate the notion of maximum memory and current use at the XML level,<br/>
-      add support for shareable drives,<br/>
-      add support for non-bridge style networking configs for guests (Daniel Berrange),<br/>
-      new config APIs virConfNew() and virConfSetValue() to build configs from scratch,<br/>
-      hot plug device support based on Michel Ponceau patch,<br/>
-      added support for inactive domains, new APIs, various associated cleanup (Daniel Berrange),<br/>
-      special device model for HVM guests (Daniel Berrange),<br/>
-      add API to dump core of domains (but requires a patched xend),<br/>
-      pygrub bootloader information take over &lt;os&gt; information<br/>
-      </li>
-
-      <li>Bug Fixes:<br/>
-      fix OS reporting when running as non-root,<br/>
-      fix the reconnect regression test,<br/>
-      Fix a memory leak (Daniel Berrange),<br/>
-      python bindings: fix unsigned long marshalling (Daniel Berrange)<br/>
-      </li>
-
-      <li>Improvements:<br/>
-      python bindings: release interpeter lock when calling C (Daniel Berrange),<br/>
-      don't raise HTTP error when looking information for a domain,<br/>
-      better error reporting (Daniel Berrange),<br/>
-      provide XML parsing errors,<br/>
-      extension of the test framework (Daniel Berrange),<br/>
-      python bindings: Domain instances now link to the Connect to avoid garbage collection and disconnect,<br/>
-      updated the localization strings<br/>
-      </li>
-
-      <li>Cleanups:<br/>
-      some refactoring to use the driver for all entry points<br/>
-      </li>
-    </ul>
-
-    <h3>0.1.8: Oct 16 2006</h3>
-    <ul>
-      <li>Documentation:<br/>
-      fix virsh man page (Noriko Mizumoto)<br/>
-      </li>
-
-      <li>Bug Fixes:<br/>
-      Bug for system with page size != 4k,<br/>
-      memory leak fixes (xend interface and XML parsing) (Daniel Berrange),<br/>
-      compile fix,<br/>
-      mlock/munlock size fixes (Daniel Berrange),<br/>
-      don't label crashed domains as shut off (Peter Vetere)<br/>
-      </li>
-
-      <li>Improvements:<br/>
-      vcpu number initialization (Philippe Berthault),<br/>
-      blktapdd support for alternate drivers like blktap (Daniel Berrange),<br/>
-      improve error reporting<br/>
-      </li>
-    </ul>
-
-    <h3>0.1.7: Sep 29 2006</h3>
-    <ul>
-      <li>Bug Fixes:<br/>
-      fix a memory bug on getting vcpu information from xend (Daniel Berrange),<br/>
-      fix another problem in the hypercalls change in Xen changeset 86d26e6ec89b when getting domain information (Daniel Berrange)<br/>
-      </li>
-    </ul>
-
-    <h3>0.1.6: Sep 22 2006</h3>
-    <ul>
-      <li>Features:<br/>
-      Support for localization of strings using gettext (Daniel Berrange),<br/>
-      Support for new Xen-3.0.3 cdrom and disk configuration (Daniel Berrange),<br/>
-      Support for setting VNC port when creating domains with new xend config files (Daniel Berrange)<br/>
-      </li>
-
-      <li>Bug Fixes:<br/>
-      Fix bug when running against xen-3.0.2 hypercalls (Jim Fehlig),<br/>
-      Fix reconnection problem when talking directly to http xend<br/>
-      </li>
-    </ul>
-
-    <h3>0.1.5: Sep 05 2006</h3>
-    <ul>
-      <li>Features:<br/>
-      Support for new hypercalls change in Xen changeset 86d26e6ec89b<br/>
-      </li>
-
-      <li>Bug Fixes:<br/>
-      virParseUUID() was wrong,<br/>
-      networking for paravirt guests (Daniel Berrange),<br/>
-      virsh on non-existent domains (Daniel Berrange),<br/>
-      string cast bug when handling error in python (Pete Vetere),<br/>
-      HTTP 500 xend error code handling (Pete Vetere and Daniel Berrange)<br/>
-      </li>
-
-      <li>Improvements:<br/>
-      test suite for SEXPR &lt;-&gt; XML format conversions (Daniel Berrange),<br/>
-      virsh output regression suite (Daniel Berrange),<br/>
-      new environ variable VIRSH_DEFAULT_CONNECT_URI for the default URI when connecting (Daniel Berrange),<br/>
-      graphical console support for paravirt guests (Jeremy Katz),<br/>
-      parsing of simple Xen config files (with Daniel Berrange),<br/>
-      early work on defined (not running) domains (Daniel Berrange),<br/>
-      virsh output improvement (Daniel Berrange)<br/>
-      </li>
-    </ul>
-
-    <h3>0.1.4: Aug 16 2006</h3>
-    <ul>
-      <li>Documentation:<br/>
-      spelling (Daniel Berrange),<br/>
-      test driver examples<br/>
-      </li>
-
-      <li>Bug Fixes:<br/>
-      spec file fix (Mark McLoughlin),<br/>
-      error report problem (with Hugh Brock),<br/>
-      long integer in Python bindings (with Daniel Berrange),<br/>
-      XML generation bug for CDRom (Daniel Berrange),<br/>
-      bug whem using number() XPath function (Mark McLoughlin),<br/>
-      fix python detection code,<br/>
-      remove duplicate initialization errors (Daniel Berrange)<br/>
-      </li>
-
-      <li>Improvements:<br/>
-      UUID in XML description (Peter Vetere),<br/>
-      proxy code cleanup,<br/>
-      virtual CPU and affinity support + virsh support (Michel Ponceau, Philippe Berthault, Daniel Berrange),<br/>
-      port and tty information for console in XML (Daniel Berrange),<br/>
-      added XML dump to driver and proxy support (Daniel Berrange),<br/>
-      extension of boot options with support for floppy and cdrom (Daniel Berrange),<br/>
-      features block in XML to report/ask PAE, ACPI, APIC for HVM domains (Daniel Berrange),<br/>
-      fail saide-effect operations when using read-only connection,<br/>
-      large improvements to test driver (Daniel Berrange)<br/>
-      </li>
-    </ul>
-
-    <h3>0.1.3: Jul 11 2006</h3>
-    <ul>
-      <li>Documentation:<br/>
-      augmented to cover hvm domains<br/>
-      </li>
-
-      <li>Bug Fixes:<br/>
-      build as non-root,<br/>
-      fix xend access when root,<br/>
-      handling of empty XML elements (Mark McLoughlin),<br/>
-      XML serialization and parsing fixes (Mark McLoughlin),<br/>
-      allow to create domains without disk (Mark McLoughlin)<br/>
-      </li>
-
-      <li>Improvements:<br/>
-      xenDaemonLookupByID from O(n^2) to O(n) (Daniel Berrange),<br/>
-      support for fully virtualized guest (Jim Fehlig, DV, Mark McLoughlin)<br/>
-      </li>
-    </ul>
-
-    <h3>0.1.2: Jul 03 2006</h3>
-    <ul>
-      <li>Features:<br/>
-      proxy mechanism for unprivileged read-only access by http<br/>
-      </li>
-
-      <li>Bug Fixes:<br/>
-      headers include paths fixup<br/>
-      </li>
-    </ul>
-
-    <h3>0.1.1: Jun 21 2006</h3>
-    <ul>
-      <li>Features:<br/>
-      Cope with API change introduced in Xen changeset 10277,<br/>
-      new test driver for regression checks (Daniel P. Berrange)<br/>
-      </li>
-
-      <li>Documentation:<br/>
-      Python examples (David Lutterkort),<br/>
-      new Perl binding URL,<br/>
-      man page update (Karel Zak)<br/>
-      </li>
-
-      <li>Portability:<br/>
-      ncurses fallback (Jim Fehlig),<br/>
-      VPATH builds (Daniel P. Berrange)<br/>
-      </li>
-
-      <li>Bug Fixes:<br/>
-      uninitialized memory access in error reporting,<br/>
-      S-Expr parsing (Jim Fehlig, Jeremy Katz),<br/>
-      virConnectOpen bug,<br/>
-      remove a TODO in xs_internal.c<br/>
-      </li>
-
-      <li>Improvements:<br/>
-      added UUID to XML serialization,<br/>
-      buffer usage (Karel Zak),<br/>
-      --connect argument to virsh (Daniel P. Berrange)<br/>
-      </li>
-
-      <li>Cleanups:<br/>
-      new entry points,<br/>
-      cleanup of libvirt.c (with Daniel P. Berrange)<br/>
-      </li>
-    </ul>
-
-    <h3>0.1.0: Apr 10 2006</h3>
-    <ul>
-      <li>Features:<br/>
-      new APIs for Node information and Reboot<br/>
-      </li>
-
-      <li>Documentation:<br/>
-      updates on architecture and format,<br/>
-      typo fix (Jim Meyering),<br/>
-      virsh: man page (Andrew Puch)<br/>
-      </li>
-
-      <li>Portability:<br/>
-      --with-xen-distdir option (Ronald Aigner),<br/>
-      out of tree build and pkginfo cflag fix (Daniel Berrange)<br/>
-      </li>
-
-      <li>Bug Fixes:<br/>
-      error message (Jim Meyering),<br/>
-      error allocation in virsh (Jim Meyering),<br/>
-      virDomainLookupByID (Jim Fehlig)<br/>
-      </li>
-
-      <li>Improvements:<br/>
-      enhancement and fixes of the XML description format (David Lutterkort and Jim Fehlig),<br/>
-      virsh: more options, create, nodeinfo (Karel Zak),<br/>
-      virsh: renaming of some options (Karel Zak),<br/>
-      virsh: use stderr only for errors (Karel Zak),<br/>
-      bindings: exception handling in examples (Jim Meyering),<br/>
-      bindings: perl ones out of tree (Daniel Berrange)<br/>
-      </li>
-
-      <li>Cleanups:<br/>
-      refactoring internals into a driver model,<br/>
-      more error handling,<br/>
-      structure sharing,<br/>
-      thread safety and ref counting<br/>
-      </li>
-    </ul>
-
-    <h3>0.0.6: Feb 28 2006</h3>
-    <ul>
-      <li>Features:<br/>
-      add UUID lookup and extract API,<br/>
-      add error handling APIs both synchronous and asynchronous,<br/>
-      added minimal hook for error handling at the python level<br/>
-      </li>
-
-      <li>Documentation:<br/>
-      augment the documentation and tests to cover error handling<br/>
-      </li>
-
-      <li>Improvements:<br/>
-      improved the python bindings<br/>
-      </li>
-    </ul>
-
-    <h3>0.0.5: Feb 23 2006</h3>
-    <ul>
-      <li>Features:<br/>
-      Added XML description parsing, dependance to libxml2, implemented the creation API virDomainCreateLinux(),<br/>
-      new APIs to lookup and name domain by UUID,<br/>
-      Adding regression tests in python and examples in C,<br/>
-      Added devhelp help for Gnome/Gtk programmers,<br/>
-      </li>
-
-      <li>Documentation:<br/>
-      web site improvement, extended the documentation to cover the XML format and Python API<br/>
-      </li>
-
-      <li>Bug Fixes:<br/>
-      fixed the XML dump when using the Xend access,<br/>
-      Fixed a few more problem related to the name change<br/>
-      </li>
-    </ul>
-
-    <h3>0.0.4: Feb 10 2006</h3>
-    <ul>
-      <li>Bug Fixes:<br/>
-      Fix various bugs introduced in the name change<br/>
-      </li>
-    </ul>
-
-    <h3>0.0.3: Feb 09 2006</h3>
-    <ul>
-      <li>Features:<br/>
-      Switch name from 'libvir' to libvirt,<br/>
-      Starting infrastructure to add code examples<br/>
-      </li>
-
-      <li>Improvements:<br/>
-      Update of python bindings for completeness<br/>
-      </li>
-    </ul>
-
-    <h3>0.0.2: Jan 29 2006</h3>
-    <ul>
-      <li>Features:<br/>
-      integration of HTTP xend RPC based on libxend by Anthony Liquori for most operations,<br/>
-      Adding Save and Restore APIs<br/>
-      </li>
-
-      <li>Documentation:<br/>
-      Update of the documentation, web site redesign (Diana Fong)<br/>
-      </li>
-
-      <li>Bug Fixes:<br/>
-      fix the Python bindings bug when domain and connections where freed<br/>
-      </li>
-
-      <li>Improvements:<br/>
-      extended the virsh command line tool (Karel Zak),<br/>
-      remove xenstore transactions (Anthony Liguori)<br/>
-      </li>
-    </ul>
-
-  </body>
-</html>
--- a/docs/news-2007.html.in
+++ b/docs/news-2007.html.in
@@ -1,534 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  </head>
-  <body>
-    <h1>Releases (2007)</h1>
-    <p>Here is the list of official releases made during the year 2007.
-    A similar list for <a href="news-2006.html">2006</a> is also available.
-    </p>
-    <p>It is also possible to just use
-    the <a href="downloads.html" shape="rect">GIT version or snapshot</a>,
-    contact the mailing list and check
-    the <a href="http://libvirt.org/git/?p=libvirt.git;a=log" shape="rect">GIT log</a>
-    to gauge progress.
-    </p>
-
-    <h3>0.4.0: Dec 18 2007</h3>
-    <ul>
-      <li>Features:<br/>
-      Compilation on Windows cygwin/mingw (Richard Jones),<br/>
-      Ruby bindings (David Lutterkort),<br/>
-      SASL based authentication for libvirt remote support (Daniel Berrange),<br/>
-      PolicyKit authentication (Daniel Berrange)<br/>
-      </li>
-
-      <li>Documentation:<br/>
-      example files for QEMU and libvirtd configuations (Daniel Berrange),<br/>
-      english cleanups (Jim Paris),<br/>
-      CIM and OpenVZ references,<br/>
-      document &lt;shareable/&gt;,<br/>
-      daemon startup when using QEMU/KVM,<br/>
-      document HV support for new NUMA calls (Richard Jones),<br/>
-      various english fixes (Bruce Montague),<br/>
-      OCaml docs links (Richard Jones),<br/>
-      describe the various bindings add Ruby link,<br/>
-      Windows support page (Richard Jones),<br/>
-      authentication documentation updates (Daniel Berrange)<br/>
-      </li>
-
-      <li>Bug Fixes:<br/>
-      NUMA topology error handling (Beth Kon),<br/>
-      NUMA topology cells without CPU (Beth Kon),<br/>
-      XML to/from XM bridge config (Daniel Berrange),<br/>
-      XM processing of vnc parameters (Daniel Berrange),<br/>
-      Reset migration source after failure (Jim Paris),<br/>
-      negative integer in config (Tatsuro Enokura),<br/>
-      zero terminating string buffer,<br/>
-      detect integer overflow (Jim Meyering),<br/>
-      QEmu command line ending fixes (Daniel Berrange),<br/>
-      recursion problem in the daemon (Daniel Berrange),<br/>
-      HVM domain with CDRom (Masayuki Sunou),<br/>
-      off by one error in NUMA cpu count (Beth Kon),<br/>
-      avoid xend errors when adding disks (Masayuki Sunou),<br/>
-      compile error (Chris Lalancette),<br/>
-      transposed fwrite args (Jim Meyering),<br/>
-      compile without xen and on solaris (Jim Paris),<br/>
-      parsing of interface names (Richard Jones),<br/>
-      overflow for starts on 32bits (Daniel Berrange),<br/>
-      fix problems in error reporting (Saori Fukuta),<br/>
-      wrong call to brSetForwardDelay changed to brSetEnableSTP (Richard Jones),<br/>
-      allow shareable disk in old Xen,<br/>
-      fix wrong certificate file (Jim Meyering),<br/>
-      avoid some startup error when non-root,<br/>
-      off-by-1 buffer NULL termination (Daniel Berrange),<br/>
-      various string allocation fixes (Daniel Berrange),<br/>
-      avoid problems with vnetXXX interfaces in domain dumps (Daniel Berrange),<br/>
-      build fixes for RHEL (Daniel Berrange),<br/>
-      virsh prompt should not depend on uid (Richard Jones),<br/>
-      fix scaping of '&lt;' (Richard Jones),<br/>
-      fix detach-disk on Xen tap devices (Saori Fukuta),<br/>
-      CPU parameter setting in XM config (Saori Fukuta),<br/>
-      credential handling fixes (Daniel Berrange),<br/>
-      fix compatibility with Xen 3.2.0 (Daniel Berrange)<br/>
-      </li>
-
-      <li>Improvements:<br/>
-      /etc/libvirt/qemu.conf configuration for QEMU driver (Daniel Berrange),<br/>
-      NUMA cpu pinning in config files (DV and Saori Fukuta),<br/>
-      CDRom media change in KVM/QEMU (Daniel Berrange),<br/>
-      tests for &lt;shareable/&gt; in configs,<br/>
-      pinning inactive domains for Xen 3.0.3 (Saori Fukuta),<br/>
-      use gnulib for portability enhancement (Jim Meyering),<br/>
-      --without-libvirtd config option (Richard Jones),<br/>
-      Python bindings for NUMA,<br/>
-      add extra utility functions to buffer (Richard Jones),<br/>
-      separate qparams module for handling query parameters (Richard Jones)<br/>
-      </li>
-
-      <li>Cleanups:<br/>
-      remove virDomainRestart from API as it was never used (Richard Jones),<br/>
-      constify params for attach/detach APIs (Daniel Berrange),<br/>
-      gcc printf attribute checkings (Jim Meyering),<br/>
-      refactoring of device parsing code and shell escaping (Daniel Berrange),<br/>
-      virsh schedinfo parameters validation (Masayuki Sunou),<br/>
-      Avoid risk of format string abuse (Jim Meyering),<br/>
-      integer parsing cleanups (Jim Meyering),<br/>
-      build out of the source tree (Jim Meyering),<br/>
-      URI parsing refactoring (Richard Jones),<br/>
-      failed strdup/malloc handling (Jim Meyering),<br/>
-      Make "make distcheck" work (Jim Meyering),<br/>
-      improve xen internall error reports (Richard Jones),<br/>
-      cleanup of the daemon remote code (Daniel Berrange),<br/>
-      rename error VIR_FROM_LINUX to VIR_FROM_STATS_LINUX (Richard Jones),<br/>
-      don't compile the proxy if without Xen (Richard Jones),<br/>
-      fix paths when configuring for /usr prefix,<br/>
-      improve error reporting code (Jim Meyering),<br/>
-      detect heap allocation failure (Jim Meyering),<br/>
-      disable xen sexpr parsing code if Xen is disabled (Daniel Berrange),<br/>
-      cleanup of the GetType entry point for Xen drivers,<br/>
-      move some QEmu path handling to generic module (Daniel Berrange),<br/>
-      many code cleanups related to the Windows port (Richard Jones),<br/>
-      disable the proxy if using PolicyKit,<br/>
-      readline availability detection,<br/>
-      test libvirtd's config-processing code (Jim Meyering),<br/>
-      use a variable name as sizeof argument (Jim Meyering)<br/>
-      </li>
-    </ul>
-
-    <h3>0.3.3: Sep 30 2007</h3>
-    <ul>
-      <li>Features:<br/>
-      Avahi mDNS daemon export (Daniel Berrange),<br/>
-      NUMA support (Beth Kan)<br/>
-      </li>
-
-      <li>Documentation:<br/>
-      cleanups (Toth Istvan),<br/>
-      typos (Eduardo Pereira)<br/>
-      </li>
-
-      <li>Bug Fixes:<br/>
-      memory corruption on large dumps (Masayuki Sunou),<br/>
-      fix virsh vncdisplay command exit (Masayuki Sunou),<br/>
-      Fix network stats TX/RX result (Richard Jones),<br/>
-      warning on Xen 3.0.3 (Richard Jones),<br/>
-      missing buffer check in virDomainXMLDevID (Hugh Brock),<br/>
-      avoid zombies when using remote (Daniel Berrange),<br/>
-      xend connection error message (Richard Jones),<br/>
-      avoid ssh tty prompt (Daniel Berrange),<br/>
-      username handling for remote URIs (Fabian Deutsch),<br/>
-      fix potential crash on multiple input XML tags (Daniel Berrange),<br/>
-      Solaris Xen hypercalls fixup (Mark Johnson)<br/>
-      </li>
-
-      <li>Improvements:<br/>
-      OpenVZ support (Shuveb Hussain and Anoop Cyriac),<br/>
-      CD-Rom reload on XEn (Hugh Brock),<br/>
-      PXE boot got QEmu/KVM (Daniel Berrange),<br/>
-      QEmu socket permissions customization (Daniel Berrange),<br/>
-      more QEmu support (Richard Jones),<br/>
-      better path detection for qemu and dnsmasq (Richard Jones),<br/>
-      QEmu flags are per-Domain (Daniel Berrange),<br/>
-      virsh freecell command,<br/>
-      Solaris portability fixes (Mark Johnson),<br/>
-      default bootloader support (Daniel Berrange),<br/>
-      new virNodeGetFreeMemory API,<br/>
-      vncpasswd extraction in configuration files if secure (Mark Johnson and Daniel Berrange),<br/>
-      Python bindings for block and interface statistics<br/>
-      </li>
-
-      <li>Cleanups:<br/>
-      virDrvOpenRemoteFlags definition (Richard Jones),<br/>
-      configure tests and output (Daniel Berrange)<br/>
-      </li>
-    </ul>
-
-    <h3>0.3.2: Aug 21 2007</h3>
-    <ul>
-      <li>Features:<br/>
-      KVM migration and save/restore (Jim Paris),<br/>
-      added API for migration (Richard Jones),<br/>
-      added APIs for block device and interface statistic (Richard Jones)<br/>
-      </li>
-
-      <li>Documentation:<br/>
-      examples for XML network APIs,<br/>
-      fix typo and schedinfo synopsis in man page (Atsushi SAKAI),<br/>
-      hypervisor support page update (Richard Jones)<br/>
-      </li>
-
-      <li>Bug Fixes:<br/>
-      remove a couple of leaks in QEmu/KVM backend (Daniel berrange),<br/>
-      fix GnuTLS 1.0 compatibility (Richard Jones),<br/>
-      --config/-f option mistake for libvirtd (Richard Jones),<br/>
-      remove leak in QEmu backend (Jim Paris),<br/>
-      fix some QEmu communication bugs (Jim Paris),<br/>
-      UUID lookup though proxy fix,<br/>
-      setvcpus checking bugs (with Atsushi SAKAI),<br/>
-      int checking in virsh parameters (with Masayuki Sunou),<br/>
-      deny devices attach/detach for &lt; Xen 3.0.4 (Masayuki Sunou),<br/>
-      XenStore query memory leak (Masayuki Sunou),<br/>
-      virsh schedinfo cleanup (Saori Fukuta)<br/>
-      </li>
-
-      <li>Improvements:<br/>
-      virsh new ttyconsole command,<br/>
-      networking API implementation for test driver (Daniel berrange),<br/>
-      qemu/kvm feature reporting of ACPI/APIC (David Lutterkort),<br/>
-      checking of QEmu architectures (Daniel berrange),<br/>
-      improve devices XML errors reporting (Masayuki Sunou),<br/>
-      speedup of domain queries on Xen (Daniel berrange),<br/>
-      augment XML dumps with interface devices names (Richard Jones),<br/>
-      internal API to query drivers for features (Richard Jones)<br/>
-      </li>
-
-      <li>Cleanups:<br/>
-      Improve virNodeGetInfo implentation (Daniel berrange),<br/>
-      general UUID code cleanup (Daniel berrange),<br/>
-      fix API generator file selection<br/>
-      </li>
-    </ul>
-
-    <h3>0.3.1: Jul 24 2007</h3>
-    <ul>
-      <li>Documentation:<br/>
-      index to remote page,<br/>
-      script to test certificates,<br/>
-      IPv6 remote support docs (Daniel Berrange),<br/>
-      document VIRSH_DEFAULT_CONNECT_URI in virsh man page (David Lutterkort),<br/>
-      Relax-NG early grammar for the network XML (David Lutterkort)<br/>
-      </li>
-
-      <li>Bug Fixes:<br/>
-      leaks in disk XML parsing (Masayuki Sunou),<br/>
-      hypervisor alignment call problems on PPC64 (Christian Ehrhardt),<br/>
-      dead client registration in daemon event loop (Daniel Berrange),<br/>
-      double free in error handling (Daniel Berrange),<br/>
-      close on exec for log file descriptors in the daemon (Daniel Berrange),<br/>
-      avoid caching problem in remote daemon (Daniel Berrange),<br/>
-      avoid crash after QEmu domain failure (Daniel Berrange)<br/>
-      </li>
-
-      <li>Improvements:<br/>
-      checks of x509 certificates and keys (Daniel Berrange),<br/>
-      error reports in the daemon (Daniel Berrange),<br/>
-      checking of Ethernet MAC addresses in XML configs (Masayuki Sunou),<br/>
-      support for a new clock switch between UTC and localtime (Daniel Berrange),<br/>
-      early version of OpenVZ support (Shuveb Hussain),<br/>
-      support for input devices on PS/2 and USB buses (Daniel Berrange),<br/>
-      more tests especially the QEmu support (Daniel Berrange),<br/>
-      range check in credit scheduler (with Saori Fukuta and Atsushi Sakai),<br/>
-      add support for listen VNC parameter un QEmu and fix command line arg (Daniel Berrange)<br/>
-      </li>
-
-      <li>Cleanups:<br/>
-      debug tracing (Richard Jones),<br/>
-      removal of --with-qemud-pid-file (Richard Jones),<br/>
-      remove unused virDeviceMode,<br/>
-      new util module for code shared between drivers (Shuveb Hussain),<br/>
-      xen header location detection (Richard Jones)<br/>
-      </li>
-    </ul>
-
-    <h3>0.3.0: Jul 09 2007</h3>
-    <ul>
-      <li>Features:<br/>
-      Secure Remote support (Richard Jones).
-      See <a href="http://libvirt.org/remote.html">the remote page</a> of the documentation<br/>
-      </li>
-
-      <li>Documentation:<br/>
-      remote support (Richard Jones),<br/>
-      description of the URI connection strings (Richard Jones),<br/>
-      update of virsh man page,<br/>
-      matrix of libvirt API/hypervisor support with version information (Richard Jones)<br/>
-      </li>
-
-      <li>Bug Fixes:<br/>
-      examples Makefile.am generation (Richard Jones),<br/>
-      SetMem fix (Mark Johnson),<br/>
-      URI handling and ordering of drivers (Daniel Berrange),<br/>
-      fix virsh help without hypervisor (Richard Jones),<br/>
-      id marshalling fix (Daniel Berrange),<br/>
-      fix virConnectGetMaxVcpus on remote (Richard Jones),<br/>
-      avoid a realloc leak (Jim Meyering),<br/>
-      scheduler parameters handling for Xen (Richard Jones),<br/>
-      various early remote bug fixes (Richard Jones),<br/>
-      remove virsh leaks of domains references (Masayuki Sunou),<br/>
-      configCache refill bug (Richard Jones),<br/>
-      fix XML serialization bugs<br/>
-      </li>
-
-      <li>Improvements:<br/>
-      QEmu switch to XDR-based protocol (Dan Berrange),<br/>
-      device attach/detach commands (Masayuki Sunou),<br/>
-      OCaml bindings (Richard Jones),<br/>
-      new entry points virDomainGetConnect and virNetworkGetConnect useful for bindings (Richard Jones),<br/>
-      reunitifaction of remote and qemu daemon under a single libvirtd with a config file (Daniel Berrange),<br/>
-      Localization updates<br/>
-      </li>
-
-      <li>Cleanups:<br/>
-      parsing of connection URIs (Richard Jones),<br/>
-      messages from virsh (Saori Fukuta),<br/>
-      Coverage files (Daniel Berrange),<br/>
-      Solaris fixes (Mark Johnson),<br/>
-      avoid [r]index calls (Richard Jones),<br/>
-      release information in Xen backend,<br/>
-      virsh cpupin command cleanups (Masayuki Sunou),<br/>
-      xen:/// support as standard Xen URI (Richard Jones and Daniel Berrange),<br/>
-      improve driver selection/decline mechanism (Richard Jones),<br/>
-      error reporting on XML dump (Richard Jones),<br/>
-      Remove unused virDomainKernel structure (Richard Jones),<br/>
-      daemon event loop event handling (Daniel Berrange),<br/>
-      various unifications cleanup in the daemon merging (Daniel Berrange),<br/>
-      internal file and timer monitoring API (Daniel Berrange),<br/>
-      remove libsysfs dependancy,<br/>
-      call brctl program directly (Daniel Berrange),<br/>
-      virBuffer functions cleanups (Richard Jones),<br/>
-      make init script LSB compliant,<br/>
-      error handling on lookup functions (Richard Jones),<br/>
-      remove internal virGetDomainByID (Richard Jones),<br/>
-      revamp of xen subdrivers interfaces (Richard Jones)<br/>
-      </li>
-    </ul>
-
-    <h3>0.2.3: Jun 08 2007</h3>
-    <ul>
-      <li>Documentation:<br/>
-      documentation for upcoming remote access (Richard Jones),<br/>
-      virConnectNumOfDefinedDomains doc (Jan Michael),<br/>
-      virsh help messages for dumpxml and net-dumpxml (Chris Wright)<br/>
-      </li>
-
-      <li>Bug Fixes:<br/>
-      RelaxNG schemas regexp fix (Robin Green),<br/>
-      RelaxNG arch bug (Mark McLoughlin),<br/>
-      large buffers bug fixes (Shigeki Sakamoto),<br/>
-      error on out of memory condition (Shigeki Sakamoto),<br/>
-      virshStrdup fix,<br/>
-      non-root driver when using Xen bug (Richard Jones),<br/>
-      use --strict-order when running dnsmasq (Daniel Berrange),<br/>
-      virbr0 weirdness on restart (Mark McLoughlin),<br/>
-      keep connection error messages (Richard Jones),<br/>
-      increase QEmu read buffer on help (Daniel Berrange),<br/>
-      rpm dependance on dnsmasq (Daniel Berrange),<br/>
-      fix XML boot device syntax (Daniel Berrange),<br/>
-      QEmu memory bug (Daniel Berrange),<br/>
-      memory leak fix (Masayuki Sunou),<br/>
-      fix compiler flags (Richard Jones),<br/>
-      remove type ioemu on recent Xen HVM for paravirt drivers (Saori Fukuta),<br/>
-      uninitialized string bug (Masayuki Sunou),<br/>
-      allow init even if the daemon is not running,<br/>
-      XML to config fix (Daniel Berrange)<br/>
-      </li>
-
-      <li>Improvements:<br/>
-      add a special error class for the test module (Richard Jones),<br/>
-      virConnectGetCapabilities on proxy (Richard Jones),<br/>
-      allow network driver to decline usage (Richard Jones),<br/>
-      extend error messages for upcoming remote access (Richard Jones),<br/>
-      on_reboot support for QEmu (Daniel Berrange),<br/>
-      save daemon output in a log file (Daniel Berrange),<br/>
-      xenXMDomainDefineXML can override guest config (Hugh Brock),<br/>
-      add attach-device and detach-device commands to virsh (Masayuki Sunou and Mark McLoughlin and Richard Jones),<br/>
-      make virGetVersion case insensitive and Python bindings (Richard Jones),<br/>
-      new scheduler API (Atsushi SAKAI),<br/>
-      localizations updates,<br/>
-      add logging option for virsh (Nobuhiro Itou),<br/>
-      allow arguments to be passed to bootloader (Hugh Brock),<br/>
-      increase the test suite (Daniel Berrange and Hugh Brock)<br/>
-      </li>
-
-      <li>Cleanups:<br/>
-      Remove VIR_DRV_OPEN_QUIET (Richard Jones),<br/>
-      disable xm_internal.c for Xen &gt; 3.0.3 (Daniel Berrange),<br/>
-      unused fields in _virDomain (Richard Jones),<br/>
-      export __virGetDomain and __virGetNetwork for libvirtd only (Richard Jones),<br/>
-      ignore old VNC config for HVM on recent Xen (Daniel Berrange),<br/>
-      various code cleanups,<br/>
-      -Werror cleanup (Hugh Brock)<br/>
-      </li>
-    </ul>
-
-    <h3>0.2.2: Apr 17 2007</h3>
-    <ul>
-      <li>Documentation:<br/>
-      fix errors due to Amaya (with Simon Hernandez),<br/>
-      virsh uses kB not bytes (Atsushi SAKAI),<br/>
-      add command line help to qemud (Richard Jones),<br/>
-      xenUnifiedRegister docs (Atsushi SAKAI),<br/>
-      strings typos (Nikolay Sivov),<br/>
-      ilocalization problem raised by Thomas Canniot<br/>
-      </li>
-
-      <li>Bug Fixes:<br/>
-      virsh memory values test (Masayuki Sunou),<br/>
-      operations without libvirt_qemud (Atsushi SAKAI),<br/>
-      fix spec file (Florian La Roche, Jeremy Katz, Michael Schwendt),<br/>
-      direct hypervisor call (Atsushi SAKAI),<br/>
-      buffer overflow on qemu networking command (Daniel Berrange),<br/>
-      buffer overflow in quemud (Daniel Berrange),<br/>
-      virsh vcpupin bug (Masayuki Sunou),<br/>
-      host PAE detections and strcuctures size (Richard Jones),<br/>
-      Xen PAE flag handling (Daniel Berrange),<br/>
-      bridged config configuration (Daniel Berrange),<br/>
-      erroneous XEN_V2_OP_SETMAXMEM value (Masayuki Sunou),<br/>
-      memory free error (Mark McLoughlin),<br/>
-      set VIR_CONNECT_RO on read-only connections (S.Sakamoto),<br/>
-      avoid memory explosion bug (Daniel Berrange),<br/>
-      integer overflow for qemu CPU time (Daniel Berrange),<br/>
-      QEMU binary path check (Daniel Berrange)<br/>
-      </li>
-
-      <li>Cleanups:<br/>
-      remove some global variables (Jim Meyering),<br/>
-      printf-style functions checks (Jim Meyering),<br/>
-      better virsh error messages,<br/>
-      increase compiler checkings and security (Daniel Berrange),<br/>
-      virBufferGrow usage and docs,<br/>
-      use calloc instead of malloc/memset,<br/>
-      replace all sprintf by snprintf,<br/>
-      avoid configure clobbering user's CTAGS (Jim Meyering),<br/>
-      signal handler error cleanup (Richard Jones),<br/>
-      iptables internal code claenup (Mark McLoughlin),<br/>
-      unified Xen driver (Richard Jones),<br/>
-      cleanup XPath libxml2 calls,<br/>
-      IPTables rules tightening (Daniel Berrange)<br/>
-      </li>
-
-      <li>Improvements:<br/>
-      more regression tests on XML (Daniel Berrange),<br/>
-      Python bindings now generate exception in error cases (Richard Jones),<br/>
-      Python bindings for vir*GetAutoStart (Daniel Berrange),<br/>
-      handling of CD-Rom device without device name (Nobuhiro Itou),<br/>
-      fix hypervisor call to work with Xen 3.0.5 (Daniel Berrange),<br/>
-      DomainGetOSType for inactive domains (Daniel Berrange),<br/>
-      multiple boot devices for HVM (Daniel Berrange)<br/>
-      </li>
-    </ul>
-
-    <h3>0.2.1: Mar 16 2007</h3>
-    <ul>
-      <li>Features:<br/>
-      Add support for network autostart and init scripts (Mark McLoughlin),<br/>
-      New API virConnectGetCapabilities() to detect the virtualization capabilities of a host (Richard Jones)<br/>
-      </li>
-
-      <li>Documentation:<br/>
-      Documentation updates especially on the XML formats<br/>
-      </li>
-
-      <li>Portability:<br/>
-      IA64 fixes (Atsushi SAKAI),<br/>
-      dependancies and build (Daniel Berrange),<br/>
-      fix xend port detection (Daniel Berrange),<br/>
-      icompile time warnings (Mark),<br/>
-      avoid const related compiler warnings (Daniel Berrange),<br/>
-      automated builds (Daniel Berrange),<br/>
-      pointer/int mismatch (Richard Jones),<br/>
-      configure time selection of drivers,<br/>
-      libvirt spec hacking (Daniel Berrange)<br/>
-      </li>
-
-      <li>Bug Fixes:<br/>
-      libvirt_qemud daemon path (Daniel Berrange),<br/>
-      libvirt config directory (Daniel Berrange and Mark McLoughlin),<br/>
-      memory leak in qemud (Mark),<br/>
-      various fixes on network support (Mark),<br/>
-      avoid Xen domain zombies on device hotplug errors (Daniel Berrange),<br/>
-      various fixes on qemud (Mark),<br/>
-      args parsing (Richard Jones),<br/>
-      virsh -t argument (Saori Fukuta),<br/>
-      avoid virsh crash on TAB key (Daniel Berrange),<br/>
-      detect xend operation failures (Kazuki Mizushima),<br/>
-      don't listen on null socket (Rich Jones),<br/>
-      read-only socket cleanup (Rich Jones),<br/>
-      use of vnc port 5900 (Nobuhiro Itou),<br/>
-      assorted networking fixes (Daniel Berrange),<br/>
-      shutoff and shutdown mismatches (Kazuki Mizushima),<br/>
-      unlimited memory handling (Atsushi SAKAI),<br/>
-      python binding fixes (Tatsuro Enokura)<br/>
-      </li>
-
-      <li>Improvements:<br/>
-      qemud signal handling (Mark),<br/>
-      don't shutdown or reboot domain0 (Kazuki Mizushima),<br/>
-      QEmu version autodetection (Daniel Berrange),<br/>
-      network UUIDs (Mark),<br/>
-      speed up UUID domain lookups (Tatsuro Enokura and Daniel Berrange),<br/>
-      support for paused QEmu CPU (Daniel Berrange),<br/>
-      keymap VNC attribute support (Takahashi Tomohiro and Daniel Berrange),<br/>
-      maximum number of virtual CPU (Masayuki Sunou),<br/>
-      virtsh --readonly option (Rich Jones),<br/>
-      python bindings for new functions (Daniel Berrange)<br/>
-      </li>
-
-      <li>Cleanups:<br/>
-      Various internal cleanups (Richard Jones, Daniel Berrange, Mark McLoughlin)<br/>
-      </li>
-    </ul>
-
-    <h3>0.2.0: Feb 14 2007</h3>
-    <ul>
-      <li>Features:<br/>
-      Add support for QEmu and KVM virtualization (Daniel Berrange),<br/>
-      Add support for network configuration (Mark McLoughlin)<br/>
-      </li>
-
-      <li>Bug Fixes:<br/>
-      avoid a crash in connect (Daniel Berrange),<br/>
-      virsh args parsing (Richard Jones)<br/>
-      </li>
-
-      <li>Improvements:<br/>
-      regression testing (Daniel Berrange),<br/>
-      localization string updates<br/>
-      </li>
-
-      <li>Cleanups:<br/>
-      Various internal cleanups (Mark McLoughlin, Richard Jones, Daniel Berrange, Karel Zak)<br/>
-      </li>
-    </ul>
-
-    <h3>0.1.11: Jan 22 2007</h3>
-    <ul>
-      <li>Features:<br/>
-      Added a Relax-NG schemas to check XML instances<br/>
-      </li>
-
-      <li>Bug Fixes:<br/>
-      Remove memory leak when freeing virConf objects<br/>
-      </li>
-
-      <li>Improvements:<br/>
-      Finish XML &lt;-&gt; XM config files support,<br/>
-      Finishing inactive domain support (Daniel Berrange)<br/>
-      </li>
-    </ul>
-
-  </body>
-</html>
--- a/docs/news-2008.html.in
+++ b/docs/news-2008.html.in
@@ -1,580 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  </head>
-  <body>
-    <h1>Releases (2008)</h1>
-    <p>Here is the list of official releases made during the year 2008.
-    A similar list for <a href="news-2007.html">2007</a> is also available.
-    </p>
-    <p>It is also possible to just use
-    the <a href="downloads.html" shape="rect">GIT version or snapshot</a>,
-    contact the mailing list and check
-    the <a href="http://libvirt.org/git/?p=libvirt.git;a=log" shape="rect">GIT log</a>
-    to gauge progress.
-    </p>
-
-    <h3>0.5.1: Dec 04 2008</h3>
-    <ul>
-      <li>Portability:<br/>
-      fix missing dep in spec file,<br/>
-      fix compilation with new NUMA libraries (Daniel Berrange),<br/>
-      udev compatibility for RHEL (Chris Lalancette)<br/>
-      </li>
-
-      <li>Documentation:<br/>
-      documentation copy and paste errors and typo (Cole Robinson)<br/>
-      </li>
-
-      <li>Bug Fixes:<br/>
-      add a delay in storage backend for disks to show up (Chris Lalancette),<br/>
-      fix parsing for CDRom device with no source (Daniel Berrange),<br/>
-      use xenstore to list domains to avoid some bugs (Guido Günther),<br/>
-      remove a leak in xen inotify code (Daniel Berrange),<br/>
-      UML driver freeing of uninitialialized variable (Ron Yorston),<br/>
-      fix UML inotify code (Daniel Berrange),<br/>
-      crash when adding storage without a format (Cole Robinson)<br/>
-      </li>
-
-      <li>Improvements:<br/>
-      use xend preferably to hypervisor call to set Xen max memory (Jim Fehlig),<br/>
-      allow remote://hostname/ URI for automatic probe of hypervisors (Daniel Berrange),<br/>
-      fix daemon configuration regression testing (Jim Meyering),<br/>
-      check /usr/bin/kvm for QEmu driver init (Guido Günther),<br/>
-      proper active vs. inactive differentiation (Guido Günther),<br/>
-      improve MTU setting on tap interfaces (Eduardo Habkost),<br/>
-      increase timeout for initial QEmu monitor poll (Cole Robinson)<br/>
-      </li>
-
-      <li>Cleanups:<br/>
-      fix improper initialisations (Jim Meyering)<br/>
-      </li>
-    </ul>
-
-    <h3>0.5.0: Nov 25 2008</h3>
-    <ul>
-      <li>Features:<br/>
-      CPU and scheduler support for LXC (Dan Smith),<br/>
-      SDL display configuration (Daniel Berrange),<br/>
-      domain lifecycle event support for QEmu and Xen with python bindings (Ben Guthro and Daniel Berrange),<br/>
-      KVM/QEmu migration support (Rich Jones and Chris Lalancette),<br/>
-      User Mode Linux driver (Daniel Berrange),<br/>
-      API for node device enumeration using HAL and DeviceKit with python bindings (David Lively)<br/>
-      </li>
-
-      <li>Portability:<br/>
-      RHEL build fixes,<br/>
-      VPATH build (Guido Gunther),<br/>
-      many MinGW related cleanups and fixes (Richard Jones),<br/>
-      compilation without libvirtd (Richard Jones),<br/>
-      Add a Windows icon (Richard Jones),<br/>
-      sys/poll.h portability fixes (Daniel Berrange),<br/>
-      gnulib and mingw cleanups (Jim Meyering)<br/>
-      </li>
-
-      <li>Documentation:<br/>
-      virsh man page cleanups (Mark McLoughlin),<br/>
-      doc for NIC model selection (Richard Jones),<br/>
-      monitoring section,<br/>
-      link to AMQP bindings,<br/>
-      inew APIs,<br/>
-      UML driver docs (Daniel Berrange)<br/>
-      </li>
-
-      <li>Bug Fixes:<br/>
-      Xen interfaces ordering (Jim Fehlig),<br/>
-      startup timeout with multiple pty (Cole Robinson),<br/>
-      segfault if QEmu without active virtual network (Cole Robinson),<br/>
-      qemu small leak (Eduardo Habkost),<br/>
-      index creation for more than 26 disks (Sanjay Rao and Chris Wright),<br/>
-      virRealloc handling of 0 (Daniel Berrange),<br/>
-      missing pointer initialization (Chris Lalancette),<br/>
-      bus device index bug (Guido Günther),<br/>
-      avoid crash in some error patch (Chris Lalancette),<br/>
-      fix a problem in storage back-end (Chris Lalancette),<br/>
-      minimum domain memory size check for Xen (Shigeki Sakamoto),<br/>
-      switch off QEmu cache if device is shared (Charles Duffy),<br/>
-      logical volume definition before scan bug (Chris Lalancette),<br/>
-      a couple of memory leaks on QEmu vnc (Jim Meyering),<br/>
-      lvs parsing fixes (Cole Robinson)<br/>
-      </li>
-
-      <li>Improvements:<br/>
-      LXC resources control and internal cgroup API (Dan Smith),<br/>
-      virDomainCreateLinux renamed virDomainDefineXML,<br/>
-      network driver modularization (Daniel Berrange),<br/>
-      change the way domain and net are reported in errors (Jim Meyering),<br/>
-      partition table scan on iSCSI (Chris Lalancette),<br/>
-      qemudDiskDeviceName to handle normal disks (Guido Günther),<br/>
-      qemudDomainBlockStats improvement (Guido Günther),<br/>
-      scsi/virtio hotplug support for KVM (Guido Günther),<br/>
-      USB hot addition in QEmu (Guido Günther),<br/>
-      logical pool and storage backend XML dump improvement (Chris Lalancette),<br/>
-      MAC addresses prefix per driver (Daniel Berrange),<br/>
-      OpenVZ getVersion support (Daniel Berrange),<br/>
-      hot removal of scsi/virtio disks for KVM (Guido Günther),<br/>
-      test storage driver (Cole Robinson),<br/>
-      iSCSI and disk storage driver improvement on path handling (Chris Lalancette),<br/>
-      UUID and ID support for Xenner (Daniel Berrange),<br/>
-      better logging when when executing commands (Cole Robinson),<br/>
-      bridged network for OpenVZ (Daniel Berrange),<br/>
-      OpenVZ config file params (Evgeniy Sokolov),<br/>
-      allow to build drivers as libtool convenience libs (Daniel Berrange),<br/>
-      fully versioned linker script for exported ABI (Daniel Berrange),<br/>
-      Push URI probing down into drivers open (Daniel Berrange),<br/>
-      move all stateful drivers into the daemon binary (Daniel Berrange),<br/>
-      improve domain event with a detail field (Daniel Berrange),<br/>
-      domain events for QEMU driver (Daniel Berrange),<br/>
-      event unregister callback crash (David Lively),<br/>
-      plug a few leaks (Daniel Berrange),<br/>
-      internal APIs for handling node device XML config (David Lively),<br/>
-      tweaks to node device implementation (Daniel Berrange),<br/>
-      OpenVZ vCPUs values init (Evgeniy Sokolov)<br/>
-      </li>
-
-      <li>Cleanups:<br/>
-      C99 initializers (Guido Gunther),<br/>
-      test output (Cole Robinson),<br/>
-      debug macro centralization (Cole Robinson),<br/>
-      various error handling (Guido Günther),<br/>
-      safewrite use cleanup (Jim Meyering),<br/>
-      centralize error reporting logic (Cole Robinson),<br/>
-      avoid printf warnings (Daniel Berrange),<br/>
-      use arrays instead of list for internal APIs (Daniel Berrange),<br/>
-      remove many format string warnings Jim Meyering),<br/>
-      avoid syntax check warnings (Chris Lalancette),<br/>
-      improve po-check and list generation (Jim Meyering),<br/>
-      .gitignore generation and handling (Jim Meyering),<br/>
-      use ARRAY_CARDINALITY (Jim Meyering),<br/>
-      gnulib updates and switch to use netdb.h (Jim Meyering),<br/>
-      drop usage of socket_errno (Jim Meyering),<br/>
-      remove socketcompat.h (Jim Meyering),<br/>
-      more tests (Jim Meyering),<br/>
-      drop virStringList (Daniel Berrange),<br/>
-      reformatting and isolation of the error APIs (Daniel Berrange),<br/>
-      cleanup internal.h and move internal APIs in specific headers (Daniel Berrange),<br/>
-      move domain events helpers into domain_events.c (Daniel Berrange),<br/>
-      cleanup the way optional modules are compiled (Daniel Berrange),<br/>
-      add new logging module,<br/>
-      optional dlopen of drivers (Daniel Berrange),<br/>
-      various new tests (Jim Meyering),<br/>
-      cleanups when Xen is not configured in (Daniel Berrange),<br/>
-      add some missing functions comments (Jim Meyering)<br/>
-      </li>
-    </ul>
-
-    <h3>0.4.6: Sep 23 2008</h3>
-    <ul>
-      <li>Documentation:<br/>
-      fix some comments in API (Anton Protopopov),<br/>
-      cleanup and extension of bindings and windows pages (Richard Jones)<br/>
-      </li>
-
-      <li>Portability:<br/>
-      missing include file (Richard Jones)<br/>
-      </li>
-
-      <li>Bug Fixes:<br/>
-      avoid a segfault if missing qemu emulator (Cole Robinson),<br/>
-      reading vncdisplay from xend domain (Cole Robinson),<br/>
-      segfault in OpenVZ (Evgeniy Sokolov),<br/>
-      fix parsing of pool without a source (Chris Lalancette and Daniel Berrange)<br/>
-      </li>
-
-      <li>Improvements:<br/>
-      add storage disk volume delete (Cole Robinson),<br/>
-      KVM dynamic max CPU detection (Guido Günther),<br/>
-      spec file improvement for minimal builds (Ben Guthro),<br/>
-      improved error message in XM configuration module (Richard Jones),<br/>
-      network config in OpenVZ support (Evgeniy Sokolov),<br/>
-      enable stopping a pool in logical storage backend and cleanup deletion of pool (Chris Lalancette)<br/>
-      </li>
-
-      <li>Cleanups:<br/>
-      deadcode removal (Nguyen Anh Quynh),<br/>
-      fix one test case (Daniel Berrange),<br/>
-      various strings and space cleanups (Daniel Berrange),<br/>
-      structure initialization cleanup (Chris Lalancette)<br/>
-      </li>
-    </ul>
-
-    <h3>0.4.5: Sep 08 2008</h3>
-    <ul>
-      <li>Features:<br/>
-      NETNS support for Linux containers (Dan Smith),<br/>
-      unified XML domain and network parsing for all drivers (Daniel Berrange),<br/>
-      OpenVZ features improvements (Evgeniy Sokolov),<br/>
-      OpenVZ and Linux containers support now default,<br/>
-      USB device passthrough for QEmu/KVM (Guido Günther),<br/>
-      storage pool source discovery (David Lively)<br/>
-      </li>
-
-      <li>Portability:<br/>
-      fixes for MinGW (Atsushi SAKAI and Daniel Berrange),<br/>
-      detection of xen lib improvement (David Lively),<br/>
-      storage backend portability for SLES (David Lively),<br/>
-      fix make distclean and distcheck (Jim Meyering),<br/>
-      fix build failures on RHEL4,<br/>
-      lot of MinGW portability fixes (Atsushi SAKAI and Daniel Berrange),<br/>
-      HTML generation fix,<br/>
-      -lpthread explicit linking when needed (Jim Meyering)<br/>
-      </li>
-
-      <li>Documentation:<br/>
-      various typo fixes (Anton Protopopov, Toth István, Atsushi SAKAI, Nguyen Anh Quynh),<br/>
-      Java bindings docs,<br/>
-      remove Xen centric comments (Guido Günther),<br/>
-      various typo in comments (Chris Lalancette),<br/>
-      docs and API comments fixes (Charles Duffy),<br/>
-      how to contribute to open source link (Richard Jones),<br/>
-      memory unit fixups (matthew chan)<br/>
-      </li>
-
-      <li>Bug Fixes:<br/>
-      memory leaks and testing for OOM (Daniel Berrange),<br/>
-      do_open driver bug (Evgeniy Sokolov),<br/>
-      don't use polkit auth when running as non-root (Daniel Berrange),<br/>
-      boot of CDRom devices in QEmu/KVM (Daniel Berrange),<br/>
-      fix OpenVZ probe function (Evgeniy Sokolov),<br/>
-      ID related lookup fixes in OpenVZ (Evgeniy Sokolov),<br/>
-      pool cration for netfs (Cole Robinson),<br/>
-      check for migrate support with QEmu (Guido Günther),<br/>
-      check against double create with QEmu (Guido Günther),<br/>
-      broken open failure detection in QEmu (Guido Günther),<br/>
-      UUID string conversions in QEmu (Guido Günther),<br/>
-      various small cleanup and bug fixes (Daniel Berrange),<br/>
-      ID related fixes in the test driver (Daniel Berrange),<br/>
-      better error reporting on XML parsing (Daniel Berrange),<br/>
-      empty CD-ROM source device section (Chris Lalancette),<br/>
-      avoid crashes for interface without a name in QEmu (Guido Günther),<br/>
-      provide the real vncport (Charles Duffy),<br/>
-      fix forward delay (Daniel Berrange),<br/>
-      new VM state is initialized to be SHUTOFF (Daniel Berrange),<br/>
-      virsh attach-disk bug fixes (Chris Lalancette),<br/>
-      veth clash of device names (Dan Smith),<br/>
-      connection lookup fixes on storage creation (Cole Robinson),<br/>
-      parted call fix (Cole Robinson),<br/>
-      use "server" option when using serial/telnet with QEmu (Mark McLoughlin),<br/>
-      duplicate virInitialize calls (Nguyen Anh Quynh),<br/>
-      many fixes to virExec and related functions (Daniel Berrange),<br/>
-      size of disk without partitions (Cole Robinson),<br/>
-      creating and cleaning up logical volumes with target path (Cole Robinson),<br/>
-      fix reporting of virConnectOpen problems (Daniel Berrange),<br/>
-      veth cleanup at shutdown (Dan Smith),<br/>
-      lookup of Xen VMs after define (Cole Robinson),<br/>
-      fix emulator reported capabilities (Cole Robinson),<br/>
-      avoid segfault on KVM CD eject (Cole Robinson),<br/>
-      fix disk ordering and avoid duplicate in QEmu XML parsing (Cole Robinson),<br/>
-      update domain XML after device hotplug (Cole Robinson),<br/>
-      use poweroff instead of halt when shutting down a Xen domain (John Levon),<br/>
-      don't dump core of Xen domain live by default (John Levon),<br/>
-      vgcreate command line size bug (Jim Fehlig),<br/>
-      signed/unsigned issue in probing file (Cole Robinson),<br/>
-      Fix Xen domains without PVFB console (Daniel Berrange),<br/>
-      OpenVZ config read bug fix (Evgeniy Sokolov)<br/>
-      </li>
-
-      <li>Improvements:<br/>
-      improved failure diagnostic for TAP (Jim Meyering),<br/>
-      better exec and error diagnostic for OpenVZ commands (Evgeniy Sokolov),<br/>
-      OpenVZ auto start and stop of domains (Evgeniy Sokolov),<br/>
-      OpenVZ domain cpu time consumption (Evgeniy Sokolov),<br/>
-      virsh shutdown improvements and test (Jim Meyering),<br/>
-      better report of XML well formedness errors (Richard Jones),<br/>
-      new XML elements (Daniel Berrange),<br/>
-      virsh "edit" command (Richard Jones),<br/>
-      save UUID of OpenVZ domains (Evgeniy Sokolov),<br/>
-      improve xen blocks statistics (Chris Lalancette),<br/>
-      gnulib updates (Jim Meyering),<br/>
-      allow to add disk as USB devices (Guido Günther),<br/>
-      LXC container process should survive libvirtd restarts (Daniel Berrange),<br/>
-      allow to define static host domain configs,<br/>
-      number of CPU used by OpenVZ domains (Evgeniy Sokolov),<br/>
-      private root fs for LXC (Daniel Berrange),<br/>
-      storage source information in storage pools (David Lively),<br/>
-      virsh reports attach and detach success (Cole Robinson),<br/>
-      detect failure in QEmu eject command (Cole Robinson),<br/>
-      add support for eect on floppy and SCSI cdroms for QEmu (Cole Robinson),<br/>
-      LXC hypervisor version extraction (Dan Smith),<br/>
-      Augeas config file support (Daniel Berrange),<br/>
-      support for a domain name in network config (JJ Reynolds)<br/>
-      </li>
-
-      <li>Cleanups:<br/>
-      Python verbosity cleanup (Ryan Scott),<br/>
-      space and tabs cleanups (Atsushi SAKAI),<br/>
-      OpenVZ and LXC drivers cleanup and unification of XML handling (Daniel Berrange),<br/>
-      updates to Relax-NG XML schemas (John Levon and Daniel Berrange),<br/>
-      more printf format checkings (Jim Meyering),<br/>
-      VIR_FREE related cleanups (Jim Meyering),<br/>
-      integer string parsing cleanup (Evgeniy Sokolov),<br/>
-      initial OpenVZ xml refactoring (Evgeniy Sokolov),<br/>
-      better error message on domain redefine (Charles Duffy),<br/>
-      check XML files against the RNG Schemas (Daniel Berrange),<br/>
-      const-correctness in virsh (Richard Jones and Jim Meyering),<br/>
-      const-correctness and cleanups in LXC and OpenVZ drivers (Daniel Berrange),<br/>
-      virFileLinkPointsTo rewrite (Jim Meyering),<br/>
-      cleanup of the conditional compilation of C files (Daniel Berrange),<br/>
-      shell quoting fixes (Jim Meyering),<br/>
-      parallel build support (James Morris and Jim Meyering),<br/>
-      new convenience virFileReadLimFD function (Jim Meyering)<br/>
-      </li>
-    </ul>
-
-    <h3>0.4.4: Jun 25 2008</h3>
-    <ul>
-      <li>Bug Fixes:<br/>
-      QEmu network serialization (Kaitlin Rupert),<br/>
-      internal memory allocation fixes (Chris Lalancette Jim Meyering),<br/>
-      virsh large file config problem (Jim Meyering),<br/>
-      xen list APIs when max is zero,<br/>
-      string escape problems in the xm driver<br/>
-      </li>
-
-      <li>Improvements:<br/>
-      add autogen to tarballs,<br/>
-      improve iSCSI support (Chris Lalancette),<br/>
-      localization updates<br/>
-      </li>
-
-      <li>Cleanups:<br/>
-      const-ness fixed (Daniel P. Berrange),<br/>
-      string helpers for enumerations (Daniel P. Berrange)<br/>
-      </li>
-    </ul>
-
-    <h3>0.4.3: Jun 12 2008</h3>
-    <ul>
-      <li>Features:<br/>
-      Linux Container start and stop (Dave Leskovec),<br/>
-      Network interface model settings (Daniel Berrange),<br/>
-      serial and parallel device support for QEmu and Xen (Daniel Berrange),<br/>
-      Sound support for QEmu and Xen (Cole Robinson),<br/>
-      vCPU settings for QEmu (Cole Robinson),<br/>
-      support for NUMA and vCPU pinning in QEmu (Daniel Berrange),<br/>
-      new virDomainBlockPeek API (Richard Jones)<br/>
-      </li>
-
-      <li>Documentation:<br/>
-      coding guidelines (Jim Meyering and Richard Jones),<br/>
-      small man page missing entries and cleanup,<br/>
-      Web site revamp (Daniel Berrange),<br/>
-      typo fixes (Atsushi SAKAI),<br/>
-      more docs on network XML format (Daniel Berrange),<br/>
-      libvirt Wiki (Daniel Berrange),<br/>
-      policykit config docs (Cole Robinson),<br/>
-      XML domain docs revamp (Daniel Berrange),<br/>
-      docs for remote listen-tls/tcp fixes (Kenneth Nagin)<br/>
-      </li>
-
-      <li>Bug Fixes:<br/>
-      save change to config file for Xen (Ryan Scott),<br/>
-      fix /var/run/libvirt/ group ownership (Anton Protopopov),<br/>
-      ancient libparted workaround (Soren Hansen),<br/>
-      out of bount array access (Daniel Berrange),<br/>
-      remote check bug (Dave Leskovec),<br/>
-      LXC signal and daemon restart problems (Dave Leskovec),<br/>
-      bus selection logic fix in the daemon config (Daniel Berrange),<br/>
-      2 memory leaks in the daemon (Jim Meyering),<br/>
-      daemon pid file logic bug fix (Daniel Berrange),<br/>
-      python generator fixes (Daniel Berrange),<br/>
-      ivarious leaks and memory problem pointed by valgrind (Daniel Berrange),<br/>
-      iptables forwarding cleanup (Daniel Berrange),<br/>
-      Xen cpuset value checking (Hiroyuki Kaguchi),<br/>
-      container process checks for LXC (Dave Leskovec),<br/>
-      let xend check block device syntax (Hiroyuki Kaguchi),<br/>
-      UUIDString for python fixes (Cole Robinson)<br/>
-      </li>
-
-      <li>Improvements:<br/>
-      fixes for MinGW compilation (Richard Jones),<br/>
-      autostart for running Xen domains (Cole Robinson),<br/>
-      control of listening IP for daemon (Stefan de Konink),<br/>
-      various Xenner related fixes and improvements (Daniel Berrange)<br/>
-      autostart status printed in virsh domainfo (Shigeki Sakamoto),<br/>
-      better error messages for xend driver (Richard Jones)<br/>
-      </li>
-
-      <li>Cleanups:<br/>
-      OpenVZ compilation (Richard Jones),<br/>
-      conn dom and net fields deprecation in error structures (Richard Jones),<br/>
-      Xen-ism on UUID (Richard Jones),<br/>
-      add missing .pod to dist (Richard Jones),<br/>
-      tab cleanup from sources (Jim Meyering),<br/>
-      remove unused field in virsh control structure (Richard Jones),<br/>
-      compilation without pthread.h (Jim Meyering),<br/>
-      cleanup of tests (Daniel Berrange),<br/>
-      syntax-check improvements (Jim Meyering),<br/>
-      python cleanup,<br/>
-      remove dependancy on libc is_* character tests (Jim Meyering),<br/>
-      format related cleanups (Jim Meyering),<br/>
-      cleanup of the buffer internal APIs (Daniel Berrange),<br/>
-      conversion to the new memory allocation API (Daniel Berrange),<br/>
-      lcov coverage testing (Daniel Berrange),<br/>
-      gnulib updates (Jim Meyering),<br/>
-      compatibility fix with RHEL 5 (Daniel Berrange),<br/>
-      SuSE compatibility fix (Jim Fehlig),<br/>
-      const'ification of a number of structures (Jim Meyering),<br/>
-      string comparison macro cleanups (Daniel Berrange),<br/>
-      character range testing cleanups and assorted bug fixes (Jim Meyering),<br/>
-      QEmu test fixes (Daniel Berrange),<br/>
-      configure macro cleanup (Daniel Berrange),<br/>
-      refactor QEmu command line building code (Daniel Berrange),<br/>
-      type punning warning in remote code (Richard Jones),<br/>
-      refactoring of internal headers (Richard Jones),<br/>
-      generic out of memory testing and associated bug fixes (Daniel Berrange),<br/>
-      don't raise internal error for unsupported features (Kaitlin Rupert),<br/>
-      missing driver entry points (Daniel Berrange)<br/>
-      </li>
-    </ul>
-
-    <h3>0.4.2: Apr 08 2008</h3>
-    <ul>
-      <li>Features:<br/>
-      memory operation for QEmu/KVM driver (Cole Robinson),<br/>
-      new routed networking schemas (Mads Olesen)<br/>
-      </li>
-
-      <li>Documentation:<br/>
-      storage documentation fixes (Atsushi Sakai),<br/>
-      many typo cleanups (Atsushi Sakai),<br/>
-      string fixes (Francesco Tombolini)<br/>
-      </li>
-
-      <li>Bug Fixes:<br/>
-      pointer errors in qemu (Jim Meyering),<br/>
-      iSCSI login fix (Chris Lalancette),<br/>
-      well formedness error in test driver capabilities (Cole Robinson),<br/>
-      fixes cleanup code when daemon exits (Daniel Berrange),<br/>
-      CD Rom change on live QEmu/KVM domains (Cole Robinson),<br/>
-      setting scheduler parameter is forbidden for read-only (Saori Fukuta)i,<br/>
-      fixes for TAP devices (Daniel Berrange),<br/>
-      assorted storage driver fixes (Daniel Berrange),<br/>
-      Makefile fixes (Jim Meyering),<br/>
-      Xen-3.2 hypercall fix,<br/>
-      fix iptables rules to avoid blocking traffic within virtual network (Daniel Berrange),<br/>
-      XML output fix for directory pools (Daniel Berrange),<br/>
-      remove dandling domain/net/conn pointers from error data,<br/>
-      do not ask polkit auth when root (Daniel Berrange),<br/>
-      handling of fork and pipe errors when starting the daemon (Richard Jones)<br/>
-      </li>
-
-      <li>Improvements:<br/>
-      better validation of MAC addresses (Jim Meyering and Hiroyuki Kaguchi),<br/>
-      virsh vcpupin error report (Shigeki Sakamoto),<br/>
-      keep boot tag on HVM domains (Cole Robinson),<br/>
-      virsh non-root should not be limited to read only anymore (Daniel Berrange),<br/>
-      switch to polkit-auth from polkit-grant (Daniel Berrange),<br/>
-      better handling of missing SElinux data (Daniel Berrange and Jim Meyering),<br/>
-      cleanup of the connection opening logic (Daniel Berrange),<br/>
-      first bits of Linux Containers support (Dave Leskovec),<br/>
-      scheduler API support via xend (Saori Fukuta),<br/>
-      improvement of the testing framework and first tests (Jim Meyering),<br/>
-      missing error messages from virsh parameters validation (Shigeki Sakamoto),<br/>
-      improve support of older iscsiadm command (Chris Lalancette),<br/>
-      move linux container support in the daemon (Dan Berrange),<br/>
-      older awk implementation support (Mike Gerdts),<br/>
-      NUMA support in test driver (Cole Robinson),<br/>
-      xen and hvm added to test driver capabilities (Cole Robinson)<br/>
-      </li>
-
-      <li>Cleanups:<br/>
-      remove unused getopt header (Jim Meyering),<br/>
-      mark more strings as translatable (Guido G&#xFC;nther and Jim Meyering),<br/>
-      convert error strings to something meaningful and translatable (Jim Meyering),<br/>
-      Linux Containers code cleanup,<br/>
-      last error initializer (Guido G&#xFC;nther)<br/>
-      </li>
-    </ul>
-
-    <h3>0.4.1: Mar 03 2008</h3>
-    <ul>
-      <li>Features:<br/>
-      build on MacOSX (Richard Jones),<br/>
-      storage management (Daniel Berrange),<br/>
-      Xenner - Xen on KVM - support (Daniel Berrange)<br/>
-      </li>
-
-      <li>Documentation:<br/>
-      Fix of various typos (Atsushi SAKAI),<br/>
-      memory and vcpu settings details (Richard Jones),<br/>
-      ethernet bridging typo (Maxwell Bottiger),<br/>
-      add storage APIs documentation (Daniel Berrange)<br/>
-      </li>
-
-      <li>Bug Fixes:<br/>
-      OpenVZ code compilation (Mikhail Pokidko),<br/>
-      crash in policykit auth handling (Daniel Berrange),<br/>
-      large config files (Daniel Berrange),<br/>
-      cpumap hypercall size (Saori Fukuta),<br/>
-      crash in remote auth (Daniel Berrange),<br/>
-      ssh args error (Daniel Berrange),<br/>
-      preserve vif order from config files (Hiroyuki Kaguchi),<br/>
-      invalid pointer access (Jim Meyering),<br/>
-      virDomainGetXMLDesc flag handling,<br/>
-      device name conversion on stats (Daniel Berrange),<br/>
-      double mutex lock (Daniel Berrange),<br/>
-      config file reading crashes (Guido Guenther),<br/>
-      xenUnifiedDomainSuspend bug (Marcus Meissner),<br/>
-      do not crash if /sys/hypervisor/capabilities is missing (Mark McLoughlin),<br/>
-      virHashRemoveSet bug (Hiroyuki Kaguchi),<br/>
-      close-on-exec flag for qemud signal pipe (Daniel Berrange),<br/>
-      double free in OpenVZ (Anton Protopopov),<br/>
-      handle mac without addresses (Shigeki Sakamoto),<br/>
-      MAC addresses checks (Shigeki Sakamoto and Richard Jones),<br/>
-      allow to read non-seekable files (Jim Meyering)<br/>
-      </li>
-
-      <li>Improvements:<br/>
-      Windows build (Richard Jones),<br/>
-      KVM/QEmu shutdown (Guido Guenther),<br/>
-      catch virExec output on debug (Mark McLoughlin),<br/>
-      integration of iptables and lokkit (Mark McLoughlin),<br/>
-      keymap parameter for VNC servers (Daniel Hokka Zakrisson),<br/>
-      enable debug by default using VIR_DEBUG (Daniel Berrange),<br/>
-      xen 3.2 fixes (Daniel Berrange),<br/>
-      Python bindings for VCPU and scheduling (Daniel Berrange),<br/>
-      framework for automatic code syntax checks (Jim Meyering),<br/>
-      allow kernel+initrd setup in Xen PV (Daniel Berrange),<br/>
-      allow change of Disk/NIC of an inactive domains (Shigeki Sakamoto),<br/>
-      virsh commands to manipulate and create storage (Daniel Berrange),<br/>
-      update use of PolicyKit APIs,<br/>
-      better detection of fedault hypervisor,<br/>
-      block device statistics for QEmu/KVM (Richard Jones),<br/>
-      various improvements for Xenner (Daniel Berrange)<br/>
-      </li>
-
-      <li>Cleanups:<br/>
-      avoid warnings (Daniel Berrange),<br/>
-      virRun helper function (Dan Berrange),<br/>
-      iptable code fixes (Mark McLoughlin),<br/>
-      static and const cleanups (Jim Meyering),<br/>
-      malloc and python cleanups (Jim Meyering),<br/>
-      xstrtol_ull and xstrtol_ll functions (Daniel Berrange),<br/>
-      remove no-op networking from OpenVZ (Daniel Berrange),<br/>
-      python generator cleanups (Daniel Berrange),<br/>
-      cleanup ref counting (Daniel Berrange),<br/>
-      remove uninitialized warnings (Jim Meyering),<br/>
-      cleanup configure for RHEL4 (Daniel Berrange),<br/>
-      CR/LF cleanups (Richard Jones),<br/>
-      various automatic code check and associated cleanups (Jim Meyering),<br/>
-      various memory leaks (Jim Meyering),<br/>
-      fix compilation when building without Xen (Guido Guenther),<br/>
-      mark translatables strings (Jim Meyering),<br/>
-      use virBufferAddLit for constant strings (Jim Meyering),<br/>
-      fix make distcheck (Jim Meyering),<br/>
-      return values for python bindings (Cole Robinson),<br/>
-      trailing blanks fixes (Jim Meyering),<br/>
-      gcc-4.3.0 fixes (Mark McLoughlin),<br/>
-      use safe read and write routines (Jim Meyering),<br/>
-      refactoring of code dealing with hypervisor capabilities (Daniel Berrange),<br/>
-      qemudReportError to use virErrorMsg (Cole Robinson),<br/>
-      intemediate library and Makefiles for compiling static and coverage rule support (Jim Meyering),<br/>
-      cleanup of various leaks (Jim Meyering)<br/>
-      </li>
-    </ul>
-
-  </body>
-</html>
--- a/docs/news-2009.html.in
+++ b/docs/news-2009.html.in
--- a/docs/news-2010.html.in
+++ b/docs/news-2010.html.in
--- a/docs/news-2011.html.in
+++ b/docs/news-2011.html.in
--- a/docs/news-2012.html.in
+++ b/docs/news-2012.html.in
--- a/docs/news-2013.html.in
+++ b/docs/news-2013.html.in
--- a/docs/news-2014.html.in
+++ b/docs/news-2014.html.in
--- a/docs/news-2015.html.in
+++ b/docs/news-2015.html.in
--- a/docs/news.html.in
+++ b/docs/news.html.in
--- a/docs/news.xsl
+++ b/docs/news.xsl
@@ -1,46 +1,39 @@
 <?xml version="1.0"?>
-<xsl:stylesheet version="1.0"
-                xmlns:html="http://www.w3.org/1999/xhtml"
-                xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+                version="1.0">
  <xsl:output method="text" encoding="UTF-8"/>

  <xsl:template match="/">
    <xsl:text>
        NEWS file for libvirt

-  Note that this file contains only the most recent releases; for the full
-  list, please visit:
+  Note that this is automatically generated from the news webpage at:
       http://libvirt.org/news.html

 </xsl:text>
-    <xsl:apply-templates select="html:html/html:body/*"/>
+    <xsl:apply-templates select="html/body/*"/>
  </xsl:template>
+  <xsl:template match="h1"/>

-  <xsl:template match="html:h1"/>
-  <xsl:template match="html:p"/>
-
-  <xsl:template match="html:h3">
+  <xsl:template match="h3">
    <xsl:text>
 </xsl:text>
    <xsl:apply-templates/>
    <xsl:text>:
 </xsl:text>
  </xsl:template>
-
-  <xsl:template match="html:ul">
-      <xsl:apply-templates select="html:li"/>
+  <xsl:template match="ul">
+    <xsl:apply-templates select=".//li"/>
    <xsl:text>
 </xsl:text>
  </xsl:template>
-
-  <xsl:template match="html:li">
+  <xsl:template match="li">
    <xsl:text>   - </xsl:text>
    <xsl:value-of select="."/>
    <xsl:text>
 </xsl:text>
  </xsl:template>
-
-  <xsl:template match="html:a">
+  <xsl:template match="a">
    <xsl:value-of select="."/>
    <xsl:text> at
 </xsl:text>
@@ -48,5 +41,6 @@
    <xsl:text>
 </xsl:text>
  </xsl:template>
-
+  <xsl:template match="p">
+  </xsl:template>
 </xsl:stylesheet>
--- a/docs/nss.html.in
+++ b/docs/nss.html.in
@@ -1,141 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Libvirt NSS module</h1>
-
-    <ul id="toc"></ul>
-
-    <p>
-    When it comes to managing guests and executing commands inside them, logging
-    into guest operating system and doing the job is convenient. Users are used
-    to ssh in this case. Ideally:
-    </p>
-
-    <code>ssh user@virtualMachine</code>
-
-    <p>
-    would be nice. But depending on virtual network configuration it might not
-    be always possible. For instance, when using libvirt NATed network it's
-    dnsmasq (spawned by libvirt) who assigns IP addresses to domains. But by
-    default, the dnsmasq process is then not consulted when it comes to host
-    name translation.  Users work around this problem by configuring their
-    libvirt network to assign static IP addresses and maintaining
-    <code>/etc/hosts</code> file in sync. But this puts needless burden onto
-    users. This is where NSS module comes handy.
-    </p>
-
-    <h2><a name="Installation">Installation</a></h2>
-
-    <p>
-    Installing the module is really easy:
-    </p>
-
-<pre>
-# yum install libvirt-nss
-</pre>
-
-    <h2><a name="Configuration">Configuration</a></h2>
-
-    <p>
-    Enabling the module is really easy. Just add <b>libvirt</b> into
-    <code>/etc/nsswitch.conf</code> file. For instance:
-    </p>
-
-<pre>
-$ cat /etc/nsswitch.conf
-# /etc/nsswitch.conf:
-passwd:      compat
-shadow:      compat
-group:       compat
-hosts:       files libvirt dns
-# ...
-</pre>
-
-    <p>
-    So, in this specific case, whenever ssh program is looking up the host user
-    is trying to connect to, <b>files</b> module is consulted first (which
-    boils down to looking up the host name in <code>/etc/hosts</code> file), if
-    not found <b>libvirt</b> module is consulted then. The DNS is the last
-    effort then, if none of the previous modules matched the host in question.
-    Therefore users should consider the order in which they want the modules to
-    lookup given host name.
-    </p>
-
-    <h2><a name="Internals">How does it work?</a></h2>
-
-    <p>
-    Whenever an Unix process wants to do a host name translation
-    <a href="http://linux.die.net/man/3/gethostbyname"><code>gethostbyname()</code></a>
-    or some variant of it is called. This is a glibc function that takes a
-    string containing the host name, crunch it and produces a list of IP
-    addresses assigned to that host. Now, glibc developers made a really good
-    decision when implementing the internals of the function when they decided
-    to make the function pluggable. Since there can be several sources for the
-    records (e.g. <code>/etc/hosts</code> file, DNS, LDAP, etc.) it would not
-    make much sense to create one big implementation containing all possible
-    cases. What they have done instead is this pluggable mechanism. Small
-    plugins implementing nothing but specific technology for lookup process are
-    provided and the function then calls those plugins. There is just one
-    configuration file that instructs the lookup function in which order should
-    the plugins be called and which plugins should be loaded. For more info
-    reading <a href="https://en.wikipedia.org/wiki/Name_Service_Switch">wiki
-    page</a> is recommended.
-    </p>
-
-    <p>
-    And this is point where libvirt comes in. Libvirt provides plugin for the
-    NSS ecosystem. For some time now libvirt keeps a list of assigned IP
-    addresses for libvirt networks. The NSS plugin does no more than search the
-    list trying to find matching record for given host name. When found,
-    matching IP address is returned to the caller. If not found, translation
-    process continues with the next plugin configured. At this point it is
-    important to stress the order in which plugins are called. Users should be
-    aware that a hostname might match in multiple plugins and right after first
-    match, translation process is terminated and no other plugin is consulted.
-    Therefore, if there are two different records for the same host name users
-    should carefully chose the lookup order.
-    </p>
-
-    <h2><a name="Limitations">Limitations</a></h2>
-
-    <ol>
-      <li>The libvirt NSS module matches only hostnames provided by guest. If
-        the libvirt name and one advertised by guest differs, the latter is
-        matched.</li>
-      <li>The module works only in that cases where IP addresses are assigned by
-        dnsmasq spawned by libvirt. Libvirt NATed networks are typical
-        example.</li>
-    </ol>
-
-    <p>
-    These limitation are result of libvirt's internal implementation. While
-    libvirt can report IP addresses regardless of their origin, a public API
-    must be used to obtain those. However, for the API a connection object is
-    required. Doing that for every name translation request would be too
-    costly.  Fortunately, libvirt spawns dnsmasq for NATed networks. Not only
-    that, it provides small executable that on each IP address space change
-    updates an internal list of addresses thus keeping it in sync. The NSS
-    module then merely consults the list trying to find the match. Users can
-    view the list themselves:
-    </p>
-
-<pre>
-virsh net-dhcp-leases $network
-</pre>
-
-    <p>
-    where <code>$network</code> iterates through all running networks. So the module
-    does merely the same as
-    </p>
-
-<pre>
-virsh domifaddr --source lease $domain
-</pre>
-
-    <p>
-    If there's no record for either of the aforementioned commands, it's very
-    likely that NSS module won't find anything and vice versa.
-    </p>
-  </body>
-</html>
--- a/docs/page.xsl
+++ b/docs/page.xsl
@@ -163,6 +163,12 @@
            <xsl:apply-templates select="/html:html/html:body/*" mode="content"/>
          </div>
        </div>
+        <div id="footer">
+          <p id="sponsor">
+	    Sponsored by:<br/>
+            <a href="http://et.redhat.com/"><img src="{$href_base}et.png" alt="Project sponsored by Red Hat Emerging Technology"/></a>
+          </p>
+        </div>
      </body>
    </html>
  </xsl:template>
--- a/docs/remote.html.in
+++ b/docs/remote.html.in
@@ -102,7 +102,7 @@ much slower than, say, direct hypervisor calls. </li>
 Remote libvirt supports a range of transports:
 </p>
    <dl>
-      <dt><code>tls</code></dt>
+      <dt> tls </dt>
      <dd><a href="http://en.wikipedia.org/wiki/Transport_Layer_Security" title="Transport Layer Security">TLS</a>
 1.0 (SSL 3.1) authenticated and encrypted TCP/IP socket, usually
 listening on a public port number.  To use this you will need to
@@ -110,7 +110,7 @@ Remote libvirt supports a range of transports:
 server certificates</a>.
 The standard port is 16514.
 </dd>
-      <dt><code>unix</code></dt>
+      <dt> unix </dt>
      <dd> Unix domain socket.  Since this is only accessible on the
 local machine, it is not encrypted, and uses Unix permissions or
 SELinux for authentication.
@@ -119,7 +119,7 @@ Remote libvirt supports a range of transports:
 <code>/var/run/libvirt/libvirt-sock-ro</code> (the latter
 for read-only connections).
 </dd>
-      <dt><code>ssh</code></dt>
+      <dt> ssh </dt>
      <dd> Transported over an ordinary
 <a href="http://www.openssh.com/" title="OpenSSH homepage">ssh
 (secure shell)</a> connection.
@@ -130,15 +130,15 @@ Remote libvirt supports a range of transports:
 <a href="http://mah.everybody.org/docs/ssh" title="Using ssh-agent with ssh">ssh-agent</a>)
 otherwise programs which use
 this transport will stop to ask for a password. </dd>
-      <dt><code>ext</code></dt>
+      <dt> ext </dt>
      <dd> Any external program which can make a connection to the
 remote machine by means outside the scope of libvirt. </dd>
-      <dt><code>tcp</code></dt>
+      <dt> tcp </dt>
      <dd> Unencrypted TCP/IP socket.  Not recommended for production
 use, this is normally disabled, but an administrator can enable
 it for testing or use over a trusted network.
 The standard port is 16509. </dd>
-      <dt><code>libssh2</code></dt>
+      <dt> libssh2 </dt>
      <dd> Transport over the SSH protocol using
      <a href="http://libssh2.org/" title="libssh2 homepage">libssh2</a> instead
 of the OpenSSH binary. This transport uses the libvirt authentication callback for
@@ -228,19 +228,6 @@ Note that parameter values must be
        <td colspan="2"/>
        <td> Example: <code>name=qemu:///system</code> </td>
      </tr>
-      <tr>
-        <td>
-          <code>tls_priority</code>
-        </td>
-        <td> tls </td>
-        <td>
-  A vaid GNUTLS priority string
-</td>
-      </tr>
-      <tr>
-        <td colspan="2"/>
-        <td> Example: <code>tls_priority=NORMAL:-VERS-SSL3.0</code> </td>
-      </tr>
      <tr>
        <td>
          <code>command</code>
@@ -419,21 +406,13 @@ next section.
        <td>
          <code>/etc/pki/CA/cacert.pem</code>
        </td>
-        <td> Installed on the client and server </td>
+        <td> Installed on all clients and servers </td>
        <td> CA's certificate (<a href="#Remote_TLS_CA">more info</a>)</td>
        <td> n/a </td>
      </tr>
      <tr>
        <td>
-          <code>$HOME/.pki/cacert.pem</code>
-        </td>
-        <td> Installed on the client </td>
-        <td> CA's certificate (<a href="#Remote_TLS_CA">more info</a>)</td>
-        <td> n/a </td>
-      </tr>
-      <tr>
-        <td>
-          <code>/etc/pki/libvirt/private/serverkey.pem</code>
+          <code>/etc/pki/libvirt/ private/serverkey.pem</code>
        </td>
        <td> Installed on the server </td>
        <td> Server's private key (<a href="#Remote_TLS_server_certificates">more info</a>)</td>
@@ -441,7 +420,7 @@ next section.
      </tr>
      <tr>
        <td>
-          <code>/etc/pki/libvirt/servercert.pem</code>
+          <code>/etc/pki/libvirt/ servercert.pem</code>
        </td>
        <td> Installed on the server </td>
        <td> Server's certificate signed by the CA.
@@ -451,7 +430,7 @@ next section.
      </tr>
      <tr>
        <td>
-          <code>/etc/pki/libvirt/private/clientkey.pem</code>
+          <code>/etc/pki/libvirt/ private/clientkey.pem</code>
        </td>
        <td> Installed on the client </td>
        <td> Client's private key. (<a href="#Remote_TLS_client_certificates">more info</a>) </td>
@@ -459,26 +438,7 @@ next section.
      </tr>
      <tr>
        <td>
-          <code>/etc/pki/libvirt/clientcert.pem</code>
-        </td>
-        <td> Installed on the client </td>
-        <td> Client's certificate signed by the CA
-  (<a href="#Remote_TLS_client_certificates">more info</a>) </td>
-        <td> Distinguished Name (DN) can be checked against an access
-  control list (<code>tls_allowed_dn_list</code>).
-  </td>
-      </tr>
-      <tr>
-        <td>
-          <code>$HOME/.pki/libvirt/clientkey.pem</code>
-        </td>
-        <td> Installed on the client </td>
-        <td> Client's private key. (<a href="#Remote_TLS_client_certificates">more info</a>) </td>
-        <td> n/a </td>
-      </tr>
-      <tr>
-        <td>
-          <code>$HOME/.pki/libvirt/clientcert.pem</code>
+          <code>/etc/pki/libvirt/ clientcert.pem</code>
        </td>
        <td> Installed on the client </td>
        <td> Client's certificate signed by the CA
@@ -496,7 +456,7 @@ next section.
    </p>
    <ul>
      <li> For a non-root user, libvirt tries to find the certificates
-        in $HOME/.pki/libvirt first. If the required CA certificate cannot
+        in $HOME/.pki/libvirt. If the required CA certificate cannot
        be found, then the global default location
        (/etc/pki/CA/cacert.pem) will be used.
        Likewise, if either the client certificate
@@ -504,7 +464,7 @@ next section.
        locations (/etc/pki/libvirt/clientcert.pem,
        /etc/pki/libvirt/private/clientkey.pem) will be used.
      </li>
-      <li> For the root user, the global default locations will always be used.</li>
+      <li> For the root user, the global default locations will be used.</li>
    </ul>
    <h4>
      <a name="Remote_TLS_background">Background to TLS certificates</a>
@@ -752,7 +712,7 @@ cp clientcert.pem /etc/pki/libvirt/clientcert.pem
      <a name="Remote_TLS_troubleshooting">Troubleshooting TLS certificate problems</a>
    </h4>
    <dl>
-      <dt>failed to verify client's certificate</dt> <!-- exempt from syntax-check -->
+      <dt> failed to verify client's certificate </dt>
      <dd>
        <p>
 On the server side, run the libvirtd server with
--- a/docs/schemas/Makefile.am
+++ b/docs/schemas/Makefile.am
@@ -0,0 +1,35 @@
+## Copyright (C) 2005-2011, 2013-2014 Red Hat, Inc.
+##
+## This library is free software; you can redistribute it and/or
+## modify it under the terms of the GNU Lesser General Public
+## License as published by the Free Software Foundation; either
+## version 2.1 of the License, or (at your option) any later version.
+##
+## This library is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+## Lesser General Public License for more details.
+##
+## You should have received a copy of the GNU Lesser General Public
+## License along with this library.  If not, see
+## <http://www.gnu.org/licenses/>.
+
+schemadir = $(pkgdatadir)/schemas
+schema_DATA = \
+	basictypes.rng \
+	capability.rng \
+	domain.rng \
+	domaincaps.rng \
+	domaincommon.rng \
+	domainsnapshot.rng \
+	interface.rng \
+	network.rng \
+	networkcommon.rng \
+	nodedev.rng \
+	nwfilter.rng \
+	secret.rng \
+	storagecommon.rng \
+	storagepool.rng \
+	storagevol.rng
+
+EXTRA_DIST = $(schema_DATA)
--- a/docs/schemas/basictypes.rng
+++ b/docs/schemas/basictypes.rng
@@ -32,7 +32,7 @@
    </data>
  </define>

-  <define name="uint8">
+  <define name="uint8range">
    <choice>
      <data type="string">
        <param name="pattern">0x[0-9a-fA-F]{1,2}</param>
@@ -43,18 +43,7 @@
      </data>
    </choice>
  </define>
-  <define name="uint16">
-    <choice>
-      <data type="string">
-        <param name="pattern">(0x)?[0-9a-fA-F]{1,4}</param>
-      </data>
-      <data type='int'>
-        <param name="minInclusive">0</param>
-        <param name="maxInclusive">65535</param>
-      </data>
-    </choice>
-  </define>
-  <define name="uint24">
+  <define name="uint24range">
    <choice>
      <data type="string">
        <param name="pattern">0x[0-9a-fA-F]{1,6}</param>
@@ -83,21 +72,15 @@
        <ref name="pciDomain"/>
      </attribute>
    </optional>
-    <optional>
-      <attribute name="bus">
-        <ref name="pciBus"/>
-      </attribute>
-    </optional>
-    <optional>
-      <attribute name="slot">
-        <ref name="pciSlot"/>
-      </attribute>
-    </optional>
-    <optional>
-      <attribute name="function">
-        <ref name="pciFunc"/>
-      </attribute>
-    </optional>
+    <attribute name="bus">
+      <ref name="pciBus"/>
+    </attribute>
+    <attribute name="slot">
+      <ref name="pciSlot"/>
+    </attribute>
+    <attribute name="function">
+      <ref name="pciFunc"/>
+    </attribute>
    <optional>
      <attribute name="multifunction">
        <ref name="virOnOff"/>
@@ -247,25 +230,25 @@

  <define name="filePath">
    <data type="string">
-      <param name="pattern">.+</param>
+      <param name="pattern">[a-zA-Z0-9_\.\+\-\\&amp;&quot;&apos;&lt;&gt;/%]+</param>
    </data>
  </define>

  <define name="dirPath">
    <data type="string">
-      <param name="pattern">.+</param>
+      <param name="pattern">[a-zA-Z0-9_\.\+\-\\&amp;&quot;&apos;&lt;&gt;/%]+</param>
    </data>
  </define>

  <define name="absFilePath">
    <data type="string">
-      <param name="pattern">/.+</param>
+      <param name="pattern">/[a-zA-Z0-9_\.\+\-\\&amp;&quot;&apos;&lt;&gt;/%,:]+</param>
    </data>
  </define>

  <define name="absDirPath">
    <data type="string">
-      <param name="pattern">/.*</param>
+      <param name="pattern">/[a-zA-Z0-9_\.\+\-\\&amp;&quot;&apos;&lt;&gt;/%]*</param>
    </data>
  </define>

@@ -284,32 +267,24 @@
  </define>

  <define name="pciDomain">
-    <ref name="uint16"/>
+    <data type="string">
+      <param name="pattern">(0x)?[0-9a-fA-F]{1,4}</param>
+    </data>
  </define>
  <define name="pciBus">
-    <ref name="uint8"/>
+    <data type="string">
+      <param name="pattern">(0x)?[0-9a-fA-F]{1,2}</param>
+    </data>
  </define>
  <define name="pciSlot">
-    <choice>
-      <data type="string">
-        <param name="pattern">(0x)?[0-1]?[0-9a-fA-F]</param>
-      </data>
-      <data type="int">
-        <param name="minInclusive">0</param>
-        <param name="maxInclusive">31</param>
-      </data>
-    </choice>
+    <data type="string">
+      <param name="pattern">(0x)?[0-1]?[0-9a-fA-F]</param>
+    </data>
  </define>
  <define name="pciFunc">
-    <choice>
-      <data type="string">
-        <param name="pattern">(0x)?[0-7]</param>
-      </data>
-      <data type="int">
-        <param name="minInclusive">0</param>
-        <param name="maxInclusive">7</param>
-      </data>
-    </choice>
+    <data type="string">
+      <param name="pattern">(0x)?[0-7]</param>
+    </data>
  </define>

  <define name='wwn'>
@@ -495,27 +470,4 @@
    </choice>
  </define>

-  <define name="metadata">
-    <element name="metadata">
-      <zeroOrMore>
-        <ref name="customElement"/>
-      </zeroOrMore>
-    </element>
-  </define>
-
-  <define name="customElement">
-    <element>
-      <anyName/>
-      <zeroOrMore>
-        <choice>
-          <attribute>
-            <anyName/>
-          </attribute>
-          <text/>
-          <ref name="customElement"/>
-        </choice>
-      </zeroOrMore>
-    </element>
-  </define>
-
 </grammar>
--- a/docs/schemas/cputypes.rng
+++ b/docs/schemas/cputypes.rng
@@ -1,135 +0,0 @@
-<?xml version="1.0"?>
-<!-- CPU-related definitions used in multiple grammars -->
-<grammar xmlns="http://relaxng.org/ns/structure/1.0"
-         datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
-
-  <define name="cpuMode">
-    <attribute name="mode">
-      <choice>
-        <value>custom</value>
-        <value>host-model</value>
-        <value>host-passthrough</value>
-      </choice>
-    </attribute>
-  </define>
-
-  <define name="cpuMatch">
-    <attribute name="match">
-      <choice>
-        <value>minimum</value>
-        <value>exact</value>
-        <value>strict</value>
-      </choice>
-    </attribute>
-  </define>
-
-  <define name="cpuModel">
-    <element name="model">
-      <optional>
-        <attribute name="fallback">
-          <choice>
-            <value>allow</value>
-            <value>forbid</value>
-          </choice>
-        </attribute>
-      </optional>
-      <optional>
-        <attribute name="vendor_id">
-          <data type="string">
-            <param name='pattern'>[^,]{12}</param>
-          </data>
-        </attribute>
-      </optional>
-      <choice>
-        <text/>
-        <empty/>
-      </choice>
-    </element>
-  </define>
-
-  <define name="cpuVendor">
-    <element name="vendor">
-      <text/>
-    </element>
-  </define>
-
-  <define name="cpuFeature">
-    <element name="feature">
-      <attribute name="policy">
-        <choice>
-          <value>force</value>
-          <value>require</value>
-          <value>optional</value>
-          <value>disable</value>
-          <value>forbid</value>
-        </choice>
-      </attribute>
-      <attribute name="name">
-        <ref name="featureName"/>
-      </attribute>
-      <empty/>
-    </element>
-  </define>
-
-  <define name="cpuTopology">
-    <element name="topology">
-      <attribute name="sockets">
-        <ref name="positiveInteger"/>
-      </attribute>
-      <attribute name="cores">
-        <ref name="positiveInteger"/>
-      </attribute>
-      <attribute name="threads">
-        <ref name="positiveInteger"/>
-      </attribute>
-    </element>
-  </define>
-
-  <define name="cpuNuma">
-    <element name="numa">
-      <oneOrMore>
-        <ref name="numaCell"/>
-      </oneOrMore>
-    </element>
-  </define>
-
-  <define name="numaCell">
-    <element name="cell">
-      <optional>
-        <attribute name="id">
-          <ref name="unsignedInt"/>
-        </attribute>
-      </optional>
-      <attribute name="cpus">
-        <ref name="cpuset"/>
-      </attribute>
-      <attribute name="memory">
-        <ref name="memoryKB"/>
-      </attribute>
-      <optional>
-        <attribute name="unit">
-          <ref name="unit"/>
-        </attribute>
-      </optional>
-      <optional>
-        <attribute name="memAccess">
-          <choice>
-            <value>shared</value>
-            <value>private</value>
-          </choice>
-        </attribute>
-      </optional>
-    </element>
-  </define>
-
-  <!-- Memory as an attribute is in KiB, no way to express a unit -->
-  <define name="memoryKB">
-    <data type="unsignedLong"/>
-  </define>
-  <define name="featureName">
-    <data type="string">
-      <param name='pattern'>[a-zA-Z0-9\-_\.]+</param>
-    </data>
-  </define>
-
-</grammar>
--- a/docs/schemas/domaincaps.rng
+++ b/docs/schemas/domaincaps.rng
@@ -2,7 +2,6 @@
 <!-- A Relax NG schema for the libvirt domain capabilities XML format -->
 <grammar xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
  <include href='basictypes.rng'/>
-  <include href='cputypes.rng'/>
  <start>
    <ref name='domainCapabilities'/>
  </start>
@@ -29,15 +28,9 @@
        <optional>
          <ref name='os'/>
        </optional>
-        <optional>
-          <ref name='cpu'/>
-        </optional>
        <optional>
          <ref name='devices'/>
        </optional>
-        <optional>
-          <ref name='features'/>
-        </optional>
      </interleave>
    </element>
  </define>
@@ -72,68 +65,10 @@
    </element>
  </define>

-  <define name='cpu'>
-    <element name='cpu'>
-      <ref name='cpuHost'/>
-      <ref name='cpuHostModel'/>
-      <ref name='cpuCustom'/>
-    </element>
-  </define>
-
-  <define name='cpuHost'>
-    <element name='mode'>
-      <attribute name='name'>
-        <value>host-passthrough</value>
-      </attribute>
-      <ref name='supported'/>
-    </element>
-  </define>
-
-  <define name='cpuHostModel'>
-    <element name='mode'>
-      <attribute name='name'>
-        <value>host-model</value>
-      </attribute>
-      <ref name='supported'/>
-      <optional>
-        <ref name="cpuModel"/>
-        <optional>
-          <ref name="cpuVendor"/>
-        </optional>
-        <zeroOrMore>
-          <ref name="cpuFeature"/>
-        </zeroOrMore>
-      </optional>
-    </element>
-  </define>
-
-  <define name='cpuCustom'>
-    <element name='mode'>
-      <attribute name='name'>
-        <value>custom</value>
-      </attribute>
-      <ref name='supported'/>
-      <zeroOrMore>
-        <element name='model'>
-          <attribute name='usable'>
-            <choice>
-              <value>yes</value>
-              <value>no</value>
-              <value>unknown</value>
-            </choice>
-          </attribute>
-          <text/>
-        </element>
-      </zeroOrMore>
-    </element>
-  </define>
-
  <define name='devices'>
    <element name='devices'>
      <interleave>
        <ref name='disk'/>
-        <ref name='graphics'/>
-        <ref name='video'/>
        <ref name='hostdev'/>
      </interleave>
    </element>
@@ -146,20 +81,6 @@
    </element>
  </define>

-  <define name='graphics'>
-    <element name='graphics'>
-      <ref name='supported'/>
-      <ref name='enum'/>
-    </element>
-  </define>
-
-  <define name='video'>
-    <element name='video'>
-      <ref name='supported'/>
-      <ref name='enum'/>
-    </element>
-  </define>
-
  <define name='hostdev'>
    <element name='hostdev'>
      <ref name='supported'/>
@@ -167,21 +88,6 @@
    </element>
  </define>

-  <define name='features'>
-    <element name='features'>
-      <interleave>
-        <ref name='gic'/>
-      </interleave>
-    </element>
-  </define>
-
-  <define name='gic'>
-    <element name='gic'>
-      <ref name='supported'/>
-      <ref name='enum'/>
-    </element>
-  </define>
-
  <define name='value'>
    <zeroOrMore>
      <element name='value'>
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
--- a/docs/schemas/network.rng
+++ b/docs/schemas/network.rng
@@ -37,11 +37,6 @@
          <text/>
        </element>

-        <!-- <metadata> element -->
-        <optional>
-          <ref name="metadata"/>
-        </optional>
-
        <!-- <uuid> element -->
        <optional>
          <element name="uuid"><ref name="UUID"/></element>
@@ -72,7 +67,10 @@

            <optional>
              <attribute name="macTableManager">
-                <ref name="macTableManager"/>
+                <choice>
+                  <value>kernel</value>
+                  <value>libvirt</value>
+                </choice>
              </attribute>
            </optional>

@@ -103,7 +101,6 @@
                <choice>
                  <value>nat</value>
                  <value>route</value>
-                  <value>open</value>
                  <value>bridge</value>
                  <value>passthrough</value>
                  <value>private</value>
@@ -247,11 +244,6 @@
             and other features in the <dns> element -->
        <optional>
          <element name="dns">
-            <optional>
-              <attribute name="enable">
-                <ref name="virYesNo"/>
-              </attribute>
-            </optional>
            <optional>
              <attribute name="forwardPlainNames">
                <ref name="virYesNo"/>
@@ -260,13 +252,7 @@
            <interleave>
              <zeroOrMore>
                <element name="forwarder">
-                  <optional>
-                    <attribute name="addr"><ref name="ipAddr"/></attribute>
-                  </optional>
-                  <optional>
-                    <attribute name="domain"><ref name="dnsName"/></attribute>
-                  </optional>
-                  <empty/>
+                  <attribute name="addr"><ref name="ipAddr"/></attribute>
                </element>
              </zeroOrMore>
              <zeroOrMore>
--- a/docs/schemas/networkcommon.rng
+++ b/docs/schemas/networkcommon.rng
@@ -19,17 +19,17 @@
            <element name="parameters">
              <optional>
                <attribute name="managerid">
-                  <ref name="uint8"/>
+                  <ref name="uint8range"/>
                </attribute>
              </optional>
              <optional>
                <attribute name="typeid">
-                  <ref name="uint24"/>
+                  <ref name="uint24range"/>
                </attribute>
              </optional>
              <optional>
                <attribute name="typeidversion">
-                  <ref name="uint8"/>
+                  <ref name="uint8range"/>
                </attribute>
              </optional>
              <optional>
@@ -97,17 +97,17 @@
            <element name="parameters">
              <optional>
                <attribute name="managerid">
-                  <ref name="uint8"/>
+                  <ref name="uint8range"/>
                </attribute>
              </optional>
              <optional>
                <attribute name="typeid">
-                  <ref name="uint24"/>
+                  <ref name="uint24range"/>
                </attribute>
              </optional>
              <optional>
                <attribute name="typeidversion">
-                  <ref name="uint8"/>
+                  <ref name="uint8range"/>
                </attribute>
              </optional>
              <optional>
@@ -260,10 +260,4 @@
      </optional>
    </element>
  </define>
-  <define name="macTableManager">
-    <choice>
-      <value>kernel</value>
-      <value>libvirt</value>
-    </choice>
-  </define>
 </grammar>
--- a/docs/schemas/nodedev.rng
+++ b/docs/schemas/nodedev.rng
@@ -40,7 +40,6 @@
        <ref name="capusbinterface"/>
        <ref name="capnet"/>
        <ref name="capscsihost"/>
-        <ref name="capscsitarget"/>
        <ref name="capscsi"/>
        <ref name="capstorage"/>
      </choice>
@@ -143,24 +142,8 @@
          <value>virt_functions</value>
        </attribute>
        <optional>
-          <attribute name='maxCount'>
-            <ref name='unsignedInt'/>
-          </attribute>
-        </optional>
-        <zeroOrMore>
          <ref name='address'/>
-        </zeroOrMore>
-      </element>
-    </optional>
-
-    <optional>
-      <element name='capability'>
-        <attribute name='type'>
-          <choice>
-            <value>pci-bridge</value>
-            <value>cardbus-bridge</value>
-          </choice>
-        </attribute>
+        </optional>
      </element>
    </optional>

@@ -388,16 +371,6 @@
    </optional>
  </define>

-  <define name='capscsitarget'>
-    <attribute name='type'>
-      <value>scsi_target</value>
-    </attribute>
-
-    <element name='target'>
-      <text/>
-    </element>
-  </define>
-
  <define name='capscsi'>
    <attribute name='type'>
      <value>scsi</value>
--- a/docs/schemas/nwfilter.rng
+++ b/docs/schemas/nwfilter.rng
@@ -578,12 +578,12 @@
    <interleave>
      <optional>
        <attribute name="type">
-          <ref name="uint8"/>
+          <ref name="uint8range"/>
        </attribute>
      </optional>
      <optional>
        <attribute name="code">
-          <ref name="uint8"/>
+          <ref name="uint8range"/>
        </attribute>
      </optional>
    </interleave>
@@ -593,22 +593,22 @@
    <interleave>
      <optional>
        <attribute name="type">
-          <ref name="uint8"/>
+          <ref name="uint8range"/>
        </attribute>
      </optional>
      <optional>
        <attribute name="typeend">
-          <ref name="uint8"/>
+          <ref name="uint8range"/>
        </attribute>
      </optional>
      <optional>
        <attribute name="code">
-          <ref name="uint8"/>
+          <ref name="uint8range"/>
        </attribute>
      </optional>
      <optional>
        <attribute name="codeend">
-          <ref name="uint8"/>
+          <ref name="uint8range"/>
        </attribute>
      </optional>
    </interleave>
@@ -642,12 +642,12 @@
  <define name="stp-attributes">
    <optional>
      <attribute name="type">
-        <ref name="uint8"/>
+        <ref name="uint8range"/>
      </attribute>
    </optional>
    <optional>
      <attribute name="flags">
-        <ref name="uint8"/>
+        <ref name="uint8range"/>
      </attribute>
    </optional>
    <optional>
--- a/docs/schemas/secret.rng
+++ b/docs/schemas/secret.rng
@@ -36,7 +36,6 @@
              <ref name='usagevolume'/>
              <ref name='usageceph'/>
              <ref name='usageiscsi'/>
-              <ref name='usagetls'/>
              <!-- More choices later -->
            </choice>
          </element>
@@ -72,13 +71,4 @@
    </element>
  </define>

-  <define name='usagetls'>
-    <attribute name='type'>
-      <value>tls</value>
-    </attribute>
-    <element name='name'>
-      <ref name='genericName'/>
-    </element>
-  </define>
-
 </grammar>
--- a/docs/schemas/storagecommon.rng
+++ b/docs/schemas/storagecommon.rng
@@ -12,22 +12,11 @@
        <choice>
          <value>default</value>
          <value>qcow</value>
-          <value>luks</value>
        </choice>
      </attribute>
-      <interleave>
-        <zeroOrMore>
-          <ref name='secret'/>
-        </zeroOrMore>
-        <optional>
-          <element name='cipher'>
-            <ref name='keycipher'/>
-          </element>
-          <element name='ivgen'>
-            <ref name='keyivgen'/>
-          </element>
-        </optional>
-      </interleave>
+      <zeroOrMore>
+        <ref name='secret'/>
+      </zeroOrMore>
    </element>
  </define>

@@ -38,14 +27,9 @@
          <value>passphrase</value>
        </choice>
      </attribute>
-      <choice>
-        <attribute name='uuid'>
-          <ref name="UUID"/>
-        </attribute>
-        <attribute name='usage'>
-          <text/>
-        </attribute>
-      </choice>
+      <attribute name='uuid'>
+        <ref name="UUID"/>
+      </attribute>
    </element>
  </define>

@@ -92,7 +76,6 @@
      <value>fat</value>
      <value>vhd</value>
      <value>ploop</value>
-      <value>luks</value>
      <ref name='storageFormatBacking'/>
    </choice>
  </define>
@@ -146,32 +129,4 @@
    </optional>
  </define>

-  <define name='keycipher'>
-    <attribute name='name'>
-      <text/>
-    </attribute>
-    <attribute name='size'>
-      <ref name="unsignedInt"/>
-    </attribute>
-    <optional>
-      <attribute name='mode'>
-        <text/>
-      </attribute>
-      <attribute name='hash'>
-        <text/>
-      </attribute>
-    </optional>
-  </define>
-
-  <define name='keyivgen'>
-    <attribute name='name'>
-      <text/>
-    </attribute>
-    <optional>
-      <attribute name='hash'>
-        <text/>
-      </attribute>
-    </optional>
-  </define>
-
 </grammar>
--- a/docs/schemas/storagepool.rng
+++ b/docs/schemas/storagepool.rng
@@ -278,11 +278,6 @@
        <empty/>
        <ref name='devextents'/>
      </choice>
-      <optional>
-        <attribute name="part_separator">
-          <ref name="virYesNo"/>
-        </attribute>
-      </optional>
    </element>
  </define>

--- a/docs/sitemap.html.in
+++ b/docs/sitemap.html.in
@@ -120,10 +120,6 @@
                <a href="hooks.html">Hooks</a>
                <span>Hooks for system specific management</span>
              </li>
-              <li>
-                <a href="nss.html">NSS module</a>
-                <span>Enable domain host name translation to IP addresses</span>
-              </li>
            </ul>
          </li>
          <li>
@@ -304,10 +300,6 @@
            </ul>
            -->
            <ul>
-              <li>
-                <a href="html/libvirt-libvirt-common.html">Common</a>
-                <span>common APIs for the libvirt library</span>
-              </li>
              <li>
                <a href="html/libvirt-libvirt-domain.html">Domain</a>
                <span>domain APIs for the libvirt library</span>
@@ -396,10 +388,6 @@
                <a href="api_extension.html">API extensions</a>
                <span>Adding new public libvirt APIs</span>
              </li>
-              <li>
-                <a href="internals/eventloop.html">Event loop and worker pool</a>
-                <span>Libvirt's event loop and worker pool mode</span>
-              </li>
              <li>
                <a href="internals/command.html">Spawning commands</a>
                <span>Spawning commands from libvirt driver code</span>
--- a/docs/storage.html.in
+++ b/docs/storage.html.in
@@ -161,7 +161,7 @@
      <li><code>qcow</code>: QEMU v1 disk image format</li>
      <li><code>qcow2</code>: QEMU v2 disk image format</li>
      <li><code>qed</code>: QEMU Enhanced Disk image format</li>
-      <li><code>vmdk</code>: VMware disk image format</li>
+      <li><code>vmdk</code>: VMWare disk image format</li>
      <li><code>vpc</code>: VirtualPC disk image format</li>
    </ul>
    <p>
@@ -550,9 +550,7 @@
      backend supports cephx authentication for communication with the
      Ceph cluster. Storing the cephx authentication key is done with
      the libvirt secret mechanism. The UUID in the example pool input
-      refers to the UUID of the stored secret.<br />
-      The port attribute for a Ceph monitor does not have to be provided.
-      If not provided librados will use the default Ceph monitor port.
+      refers to the UUID of the stored secret.
      <span class="since">Since 0.9.13</span>
    </p>

@@ -562,8 +560,8 @@
        &lt;name&gt;myrbdpool&lt;/name&gt;
        &lt;source&gt;
          &lt;name&gt;rbdpool&lt;/name&gt;
-          &lt;host name='1.2.3.4'/&gt;
-          &lt;host name='my.ceph.monitor'/&gt;
+          &lt;host name='1.2.3.4' port='6789'/&gt;
+          &lt;host name='my.ceph.monitor' port='6789'/&gt;
          &lt;host name='third.ceph.monitor' port='6789'/&gt;
          &lt;auth username='admin' type='ceph'&gt;
            &lt;secret uuid='2ec115d7-3a88-3ceb-bc12-0ac909a6fd87'/&gt;
@@ -755,10 +753,8 @@

    <h2><a name="StorageBackendZFS">ZFS pools</a></h2>
    <p>
-      This provides a pool based on the ZFS filesystem. Initially it was developed
-      for FreeBSD, and <span class="since">since 1.3.2</span> experimental support
-      for <a href="http://zfsonlinux.org/">ZFS on Linux</a> version 0.6.4 or newer
-      is available.
+      This provides a pool based on the ZFS filesystem. It is currently
+      supported on FreeBSD only.
    </p>

    <p>A pool could either be created manually using the <code>zpool create</code>
--- a/examples/Makefile.am
+++ b/examples/Makefile.am
@@ -1,104 +0,0 @@
-## Process this file with automake to produce Makefile.in
-
-## Copyright (C) 2005-2016 Red Hat, Inc.
-##
-## This library is free software; you can redistribute it and/or
-## modify it under the terms of the GNU Lesser General Public
-## License as published by the Free Software Foundation; either
-## version 2.1 of the License, or (at your option) any later version.
-##
-## This library is distributed in the hope that it will be useful,
-## but WITHOUT ANY WARRANTY; without even the implied warranty of
-## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-## Lesser General Public License for more details.
-##
-## You should have received a copy of the GNU Lesser General Public
-## License along with this library.  If not, see
-## <http://www.gnu.org/licenses/>.
-
-FILTERS = $(wildcard $(srcdir)/xml/nwfilter/*.xml)
-
-EXTRA_DIST = \
-	apparmor/TEMPLATE.qemu \
-	apparmor/TEMPLATE.lxc \
-	apparmor/libvirt-qemu \
-	apparmor/libvirt-lxc \
-	apparmor/usr.lib.libvirt.virt-aa-helper \
-	apparmor/usr.sbin.libvirtd \
-	lxcconvert/virt-lxc-convert \
-	polkit/libvirt-acl.rules \
-	systemtap/events.stp \
-	systemtap/rpc-monitor.stp \
-	$(FILTERS) \
-	$(wildcard $(srcdir)/xml/storage/*.xml) \
-	$(wildcard $(srcdir)/xml/test/*.xml)
-
-
-INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include -I$(top_srcdir) \
-	-I$(top_builddir)/gnulib/lib -I$(top_srcdir)/gnulib/lib
-LDADD = $(STATIC_BINARIES) $(WARN_CFLAGS) $(COVERAGE_LDFLAGS) \
-	$(top_builddir)/src/libvirt.la $(top_builddir)/gnulib/lib/libgnu.la \
-	$(top_builddir)/src/libvirt-admin.la
-
-noinst_PROGRAMS=dominfo/info1 dommigrate/dommigrate domsuspend/suspend \
-	domtop/domtop hellolibvirt/hellolibvirt object-events/event-test \
-	openauth/openauth rename/rename admin/list_servers admin/list_clients \
-	admin/threadpool_params admin/client_limits admin/client_info \
-	admin/client_close
-
-dominfo_info1_SOURCES = dominfo/info1.c
-dommigrate_dommigrate_SOURCES = dommigrate/dommigrate.c
-domsuspend_suspend_SOURCES = domsuspend/suspend.c
-domtop_domtop_SOURCES = domtop/domtop.c
-hellolibvirt_hellolibvirt_SOURCES = hellolibvirt/hellolibvirt.c
-
-object_events_event_test_CFLAGS = \
-		$(WARN_CFLAGS)						\
-		$(NULL)
-object_events_event_test_SOURCES = object-events/event-test.c
-
-openauth_openauth_SOURCES = openauth/openauth.c
-rename_rename_SOURCES = rename/rename.c
-
-admin_list_servers_SOURCES = admin/list_servers.c
-admin_list_clients_SOURCES = admin/list_clients.c
-admin_threadpool_params_SOURCES = admin/threadpool_params.c
-admin_client_limits_SOURCES = admin/client_limits.c
-admin_client_info_SOURCES = admin/client_info.c
-admin_client_close_SOURCES = admin/client_close.c
-
-if WITH_APPARMOR_PROFILES
-apparmordir = $(sysconfdir)/apparmor.d/
-apparmor_DATA = \
-	apparmor/usr.lib.libvirt.virt-aa-helper \
-	apparmor/usr.sbin.libvirtd \
-	$(NULL)
-
-abstractionsdir = $(apparmordir)/abstractions
-abstractions_DATA = \
-	apparmor/libvirt-qemu \
-	apparmor/libvirt-lxc \
-	$(NULL)
-
-templatesdir = $(apparmordir)/libvirt
-templates_DATA = \
-	apparmor/TEMPLATE.qemu \
-	apparmor/TEMPLATE.lxc \
-	$(NULL)
-endif WITH_APPARMOR_PROFILES
-
-if WITH_NWFILTER
-NWFILTER_DIR = "$(DESTDIR)$(sysconfdir)/libvirt/nwfilter"
-
-install-data-local:
-	$(MKDIR_P) "$(NWFILTER_DIR)"
-	for f in $(FILTERS); do \
-		$(INSTALL_DATA) $$f "$(NWFILTER_DIR)"; \
-	done
-
-uninstall-local::
-	for f in $(FILTERS); do \
-		rm -f "$(NWFILTER_DIR)/`basename $$f`"; \
-	done
-	-test -z "$(shell ls $(NWFILTER_DIR))" || rmdir $(NWFILTER_DIR)
-endif WITH_NWFILTER
--- a/examples/admin/client_close.c
+++ b/examples/admin/client_close.c
@@ -1,57 +0,0 @@
-#include<stdio.h>
-#include<stdlib.h>
-#include<libvirt/libvirt.h>
-#include<libvirt/libvirt-admin.h>
-
-int main(void)
-{
-    int ret = -1;
-    virAdmConnectPtr conn1 = NULL; /* admin connection */
-    virConnectPtr conn2 = NULL;    /* libvirt standard connection */
-    virAdmServerPtr srv = NULL;    /* which server is the client connected to */
-    virAdmClientPtr clnt = NULL;   /* which client to disconnect */
-
-    /* first, open a standard libvirt connection to the daemon */
-    if (!(conn2 = virConnectOpen(NULL)))
-        return -1;
-
-    /* next, open an admin connection that will be used to disconnect the
-     * standard libvirt client
-     */
-    if (!(conn1 = virAdmConnectOpen(NULL, 0)))
-        goto cleanup;
-
-    /* a virAdmServerPtr handle is needed, so a server lookup is performed */
-    if (!(srv = virAdmConnectLookupServer(conn1, "libvirtd", 0)))
-        goto cleanup;
-
-    /* a virAdmClientPtr handle is also necessary, so lookup for client is
-     * performed as well
-     */
-    if (!(clnt = virAdmServerLookupClient(srv, 1, 0)))
-        goto cleanup;
-
-    /* finally, use the client handle to disconnect the standard libvirt client
-     * from libvirtd daemon
-     */
-    if (virAdmClientClose(clnt, 0) < 0)
-        goto cleanup;
-
-    ret = 0;
- cleanup:
-    /* Once finished, both server and client handles need to be freed and
-     * both connections @conn1 and @conn2 should be closed to free the
-     * memory.
-     * NOTE: Although @conn2 has been disconnected, unlike disconnecting by
-     * calling virConnectClose which closes the connection voluntarily and
-     * frees the object automatically, virAdmClientClose is a forceful
-     * disconnect of another client (client can use it on itself as well).
-     * Therefore no automatic deallocation of the object takes place and is
-     * the callers responsibility to do so.
-     */
-    virAdmClientFree(clnt);
-    virAdmServerFree(srv);
-    virAdmConnectClose(conn1);
-    virConnectClose(conn2);
-    return ret;
-}
--- a/examples/admin/client_info.c
+++ b/examples/admin/client_info.c
@@ -1,170 +0,0 @@
-#define _GNU_SOURCE
-#include<stdio.h>
-#include<stdlib.h>
-#include<time.h>
-#include<string.h>
-#include<libvirt/libvirt-admin.h>
-
-static const char *
-exampleTransportToString(int transport)
-{
-    const char *str = NULL;
-
-    switch ((virClientTransport) transport) {
-    case VIR_CLIENT_TRANS_UNIX:
-        str = "unix";
-        break;
-    case VIR_CLIENT_TRANS_TCP:
-        str = "tcp";
-        break;
-    case VIR_CLIENT_TRANS_TLS:
-        str = "tls";
-        break;
-    }
-
-    return str ? str : "unknown";
-}
-
-static char *
-exampleGetTimeStr(time_t then)
-{
-    char *ret = NULL;
-    struct tm timeinfo;
-
-    if (!localtime_r(&then, &timeinfo))
-        return NULL;
-
-    if (!(ret = calloc(64, sizeof(char))))
-        return NULL;
-
-    if (strftime(ret, 64, "%Y-%m-%d %H:%M:%S%z",
-                 &timeinfo) == 0) {
-        free(ret);
-        return NULL;
-    }
-
-    return ret;
-}
-
-static char *
-exampleGetTypedParamValue(virTypedParameterPtr item)
-{
-    int ret = 0;
-    char *str = NULL;
-
-    switch (item->type) {
-    case VIR_TYPED_PARAM_INT:
-        ret = asprintf(&str, "%d", item->value.i);
-        break;
-
-    case VIR_TYPED_PARAM_UINT:
-        ret = asprintf(&str, "%u", item->value.ui);
-        break;
-
-    case VIR_TYPED_PARAM_LLONG:
-        ret = asprintf(&str, "%lld", item->value.l);
-        break;
-
-    case VIR_TYPED_PARAM_ULLONG:
-        ret = asprintf(&str, "%llu", item->value.ul);
-        break;
-
-    case VIR_TYPED_PARAM_DOUBLE:
-        ret = asprintf(&str, "%f", item->value.d);
-        break;
-
-    case VIR_TYPED_PARAM_BOOLEAN:
-        str = strdup(item->value.b ? "yes" : "no");
-        break;
-
-    case VIR_TYPED_PARAM_STRING:
-        str = strdup(item->value.s);
-        break;
-
-    default:
-        fprintf(stderr, "unimplemented parameter type %d\n", item->type);
-        return NULL;
-    }
-
-    if (ret < 0) {
-        fprintf(stderr, "error formatting typed param value\n");
-        return NULL;
-    }
-
-    return str;
-}
-
-int main(int argc, char **argv)
-{
-    int ret = -1;
-    virAdmConnectPtr conn = NULL;
-    virAdmServerPtr srv = NULL;    /* which server is the client connected to */
-    virAdmClientPtr clnt = NULL;   /* which client get identity for */
-    virTypedParameterPtr params = NULL;     /* where to store identity info */
-    int nparams = 0;
-    size_t i = 0;
-    char *timestr = NULL;
-
-    if (argc != 3) {
-        fprintf(stderr, "Two arguments, first specifying the server client is "
-                "connected to and second, specifying the client's ID for which "
-                "identity information should be retrieved, are expected\n");
-        return -1;
-    }
-
-    /* first, open a connection to the daemon */
-    if (!(conn = virAdmConnectOpen(NULL, 0)))
-        return -1;
-
-    /* first a virAdmServerPtr handle is necessary to obtain, that is done by
-     * doing a lookup for specific server, argv[1] holds the server name
-     */
-    if (!(srv = virAdmConnectLookupServer(conn, argv[1], 0)))
-        goto cleanup;
-
-    /* next, virAdmClientPtr handle is necessary to obtain, that is done by
-     * doing a lookup on a specific server, argv[2] holds the client's ID
-     */
-    if (!(clnt = virAdmServerLookupClient(srv, strtoll(argv[2], NULL, 10), 0)))
-        goto cleanup;
-
-    /* finally, retrieve @clnt's identity information */
-    if (virAdmClientGetInfo(clnt, &params, &nparams, 0) < 0)
-        goto cleanup;
-
-    /* this information is provided by the client object itself, not by typed
-     * params container; it is unnecessary to call virAdmClientGetInfo if only
-     * ID, transport method, and timestamp are the required data
-     */
-    if (!(timestr = exampleGetTimeStr(virAdmClientGetTimestamp(clnt))))
-        goto cleanup;
-
-    printf("%-15s: %llu\n", "id", virAdmClientGetID(clnt));
-    printf("%-15s: %s\n", "connection_time", timestr);
-    printf("%-15s: %s\n", "transport",
-             exampleTransportToString(virAdmClientGetTransport(clnt)));
-
-    /* this is the actual identity information retrieved in typed params
-     * container
-     */
-    for (i = 0; i < nparams; i++) {
-        char *str = NULL;
-        if (!(str = exampleGetTypedParamValue(&params[i])))
-            goto cleanup;
-        printf("%-15s: %s\n", params[i].field, str);
-        free(str);
-    }
-
-    ret = 0;
- cleanup:
-    /* Once finished, free the typed params container, server and client
-     * handles and close the connection properly, @conn will be deallocated
-     * automatically
-     */
-    virTypedParamsFree(params, nparams);
-    virAdmClientFree(clnt);
-    virAdmServerFree(srv);
-    virAdmConnectClose(conn);
-    free(timestr);
-    return ret;
-}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Ján Tomko	c5cc88c323	api: disallow virConnectGetDomainCapabilities on read-only connections This API can be used to execute arbitrary emulators. Forbid it on read-only connections. Fixes: CVE-2019-10167 Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> (cherry picked from commit `8afa68bac0`) Signed-off-by: Ján Tomko <jtomko@redhat.com>	2019-06-24 10:26:30 +02:00
Ján Tomko	99ac102b83	api: disallow virDomainSaveImageGetXMLDesc on read-only connections The virDomainSaveImageGetXMLDesc API is taking a path parameter, which can point to any path on the system. This file will then be read and parsed by libvirtd running with root privileges. Forbid it on read-only connections. Fixes: CVE-2019-10161 Reported-by: Matthias Gerstner <mgerstner@suse.de> Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> (cherry picked from commit `aed6a032ce`) Signed-off-by: Ján Tomko <jtomko@redhat.com> Conflicts: src/libvirt-domain.c src/remote/remote_protocol.x Upstream commit `12a51f372` which introduced the VIR_DOMAIN_SAVE_IMAGE_XML_SECURE alias for VIR_DOMAIN_XML_SECURE is not backported. Just skip the commit since we now disallow the whole API on read-only connections, regardless of the flag. Signed-off-by: Ján Tomko <jtomko@redhat.com>	2019-06-24 10:26:29 +02:00
Jiri Denemark	8c30687b71	qemu: Let empty default VNC password work as documented CVE-2016-5008 Setting an empty graphics password is documented as a way to disable VNC/SPICE access, but QEMU does not always behaves like that. VNC would happily accept the empty password. Let's enforce the behavior by setting password expiration to "now". https://bugzilla.redhat.com/show_bug.cgi?id=1180092 Signed-off-by: Jiri Denemark <jdenemar@redhat.com> (cherry picked from commit `bb848feec0`)	2016-06-30 12:50:38 +01:00
Eric Blake	edeef640db	CVE-2015-5313: storage: don't allow '/' in filesystem volume names The libvirt file system storage driver determines what file to act on by concatenating the pool location with the volume name. If a user is able to pick names like "../../../etc/passwd", then they can escape the bounds of the pool. For that matter, virStoragePoolListVolumes() doesn't descend into subdirectories, so a user really shouldn't use a name with a slash. Normally, only privileged users can coerce libvirt into creating or opening existing files using the virStorageVol APIs; and such users already have full privilege to create any domain XML (so it is not an escalation of privilege). But in the case of fine-grained ACLs, it is feasible that a user can be granted storage_vol:create but not domain:write, and it violates assumptions if such a user can abuse libvirt to access files outside of the storage pool. Therefore, prevent all use of volume names that contain "/", whether or not such a name is actually attempting to escape the pool. This changes things from: $ virsh vol-create-as default ../../../../../../etc/haha --capacity 128 Vol ../../../../../../etc/haha created $ rm /etc/haha to: $ virsh vol-create-as default ../../../../../../etc/haha --capacity 128 error: Failed to create vol ../../../../../../etc/haha error: Requested operation is not valid: volume name '../../../../../../etc/haha' cannot contain '/' Signed-off-by: Eric Blake <eblake@redhat.com> (cherry picked from commit `034e47c338`)	2015-12-12 20:53:43 -07:00