api: disallow virConnectGetDomainCapabilities on read-only connections

This API can be used to execute arbitrary emulators. Forbid it on read-only connections. Fixes: CVE-2019-10167 Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> (cherry picked from commit 8afa68bac0) Signed-off-by: Ján Tomko <jtomko@redhat.com>
api: disallow virDomainSaveImageGetXMLDesc on read-only connections
2025-10-04 05:44:48 +03:00 · 2019-06-24 10:26:37 +02:00 · 2019-06-24 10:26:37 +02:00 · 2016-10-03 18:30:26 +02:00 · 2016-10-03 18:30:24 +02:00 · 2016-10-03 18:30:19 +02:00
5221 changed files with 933395 additions and 2615079 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,7 +1,5 @@
 *#*#
 *.#*#
-*.[18]
-*.[18].in
 *.a
 *.cov
 *.exe
@@ -11,7 +9,6 @@
 *.gcov
 *.html
 *.i
-*.init
 *.la
 *.lo
 *.loT
@@ -21,8 +18,6 @@
 *.pyc
 *.rej
 *.s
-*.service
-*.socket
 *.swp
 *~
 .#*
@@ -43,6 +38,7 @@
 /NEWS
 /aclocal.m4
 /autom4te.cache
+/build-aux
 /build-aux/
 /build/
 /confdefs.h
@@ -61,7 +57,13 @@
 /daemon/libvirt_qemud
 /daemon/libvirtd
 /daemon/libvirtd*.logrotate
+/daemon/libvirtd.8
+/daemon/libvirtd.8.in
+/daemon/libvirtd.init
+/daemon/libvirtd.pod
 /daemon/libvirtd.policy
+/daemon/libvirtd.service
+/daemon/libvirtd.socket
 /daemon/test_libvirtd.aug
 /docs/aclperms.htmlinc
 /docs/apibuild.py.stamp
@@ -74,12 +76,6 @@
 /docs/libvirt-refs.xml
 /docs/search.php
 /docs/todo.html.in
-/examples/admin/client_close
-/examples/admin/client_info
-/examples/admin/client_limits
-/examples/admin/list_clients
-/examples/admin/list_servers
-/examples/admin/threadpool_params
 /examples/object-events/event-test
 /examples/dominfo/info1
 /examples/domsuspend/suspend
@@ -93,7 +89,7 @@
 /gnulib/tests/*
 /include/libvirt/libvirt-common.h
 /libtool
-/libvirt-*.tar.xz
+/libvirt-*.tar.gz
 /libvirt-[0-9]*
 /libvirt*.pc
 /libvirt.spec
@@ -160,23 +156,29 @@
 /src/util/virkeymaps.h
 /src/virt-aa-helper
 /src/virtlockd
+/src/virtlockd.8
+/src/virtlockd.8.in
+/src/virtlockd.init
 /src/virtlogd
+/src/virtlogd.8
+/src/virtlogd.8.in
+/src/virtlogd.init
 /tests/*.log
 /tests/*.pid
 /tests/*.trs
-/tests/*test
 /tests/commandhelper
-/tests/qemucapsprobe
-!/tests/virsh-self-test
+/tests/*test
+!/tests/*schematest
 !/tests/virt-aa-helper-test
-!/tests/virt-admin-self-test
 /tests/objectlocking
 /tests/objectlocking-files.txt
 /tests/objectlocking.cm[ix]
 /tests/reconnect
 /tests/ssh
-/tests/test_file_access.txt
 /tests/test_conf
+/tools/*.[18]
+/tools/libvirt-guests.init
+/tools/libvirt-guests.service
 /tools/libvirt-guests.sh
 /tools/virt-login-shell
 /tools/virsh
@@ -203,7 +205,6 @@ stamp-h
 stamp-h.in
 stamp-h1
 tags
-!/build-aux/*.pl
 !/gnulib/lib/Makefile.am
 !/gnulib/tests/Makefile.am
 !/m4/virt-*.m4
--- a/.gnulib
+++ b/.gnulib
--- a/21
+++ b/21
@@ -23,11 +23,19 @@ libvirt-python) online <http://libvirt.org/git/>.
 join the appropriate language team. The libvirt release process automatically
 pulls the latest version of each translation file from zanata.

-(4) Post patches using "git send-email", with git rename detection enabled. You
+(4) Post patches in unified diff format, with git rename detection enabled. You
 need a one-time setup of:

  git config diff.renames true

+After that, a command similar to this should work:
+
+  diff -urp libvirt.orig/ libvirt.modified/ > libvirt-myfeature.patch
+
+or:
+
+  git diff > libvirt-myfeature.patch
+
 Also, for code motion patches, you may find that "git diff --patience"
 provides an easier-to-read patch. However, the usual workflow of libvirt
 developer is:
@@ -144,17 +152,6 @@ There is also a "./run" script at the top level, to make it easier to run
 programs that have not yet been installed, as well as to wrap invocations of
 various tests under gdb or Valgrind.

-When running our test suite it may happen that the test result is
-nondeterministic because of the test suite relying on a particular file in the
-system being accessible or having some specific value. To catch this kind of
-errors, the test suite has a module for that prints any path touched that
-fulfils constraints described above into a file. To enable it just set
-"VIR_TEST_FILE_ACCESS" environment variable. Then
-"VIR_TEST_FILE_ACCESS_OUTPUT" environment variable can alter location where
-the file is stored.
-
-  VIR_TEST_FILE_ACCESS=1 VIR_TEST_FILE_ACCESS_OUTPUT="/tmp/file_access.txt" ./qemuxml2argvtest
-


 (9) The Valgrind test should produce similar output to "make check". If the output
--- a/Makefile.am
+++ b/Makefile.am
@@ -19,12 +19,9 @@
 LCOV = lcov
 GENHTML = genhtml

-SUBDIRS = . gnulib/lib include/libvirt src daemon tools docs gnulib/tests \
+SUBDIRS = . gnulib/lib include src daemon tools docs gnulib/tests \
  tests po examples

-XZ_OPT ?= -v -T0
-export XZ_OPT
-
 ACLOCAL_AMFLAGS = -I m4

 EXTRA_DIST = \
@@ -44,7 +41,7 @@ EXTRA_DIST = \
  AUTHORS.in

 pkgconfigdir = $(libdir)/pkgconfig
-pkgconfig_DATA = libvirt.pc libvirt-qemu.pc libvirt-lxc.pc libvirt-admin.pc
+pkgconfig_DATA = libvirt.pc libvirt-qemu.pc libvirt-lxc.pc

 NEWS: $(top_srcdir)/docs/news.xsl $(top_srcdir)/docs/news.html.in
 	$(AM_V_GEN)if [ -x $(XSLTPROC) ] ; then			\
@@ -66,15 +63,12 @@ $(top_srcdir)/HACKING: $(top_srcdir)/docs/hacking1.xsl \
 	   > $@-t && mv $@-t $@ ; fi;

 rpm: clean
-	@(unset CDPATH ; $(MAKE) dist && rpmbuild -ta $(distdir).tar.xz)
+	@(unset CDPATH ; $(MAKE) dist && rpmbuild -ta $(distdir).tar.gz)

 check-local: all tests

-check-access:
-	@($(MAKE) $(AM_MAKEFLAGS) -C tests check-access)
-
 cov: clean-cov
-	$(MKDIR_P) $(top_builddir)/coverage
+	mkdir $(top_builddir)/coverage
 	$(LCOV) -c -o $(top_builddir)/coverage/libvirt.info.tmp \
 	  -d $(top_builddir)/src  -d $(top_builddir)/daemon \
 	  -d $(top_builddir)/tests
@@ -89,6 +83,9 @@ clean-cov:

 MAINTAINERCLEANFILES = .git-module-status

+# disable this check
+distuninstallcheck:
+
 dist-hook: gen-ChangeLog gen-AUTHORS

 # Generate the ChangeLog file (with all entries since the switch to git)
--- a/Makefile.nonreentrant
+++ b/Makefile.nonreentrant
@@ -113,11 +113,3 @@ NON_REENTRANT += inet_nsap_ntoa
 NON_REENTRANT += inet_ntoa
 NON_REENTRANT += inet_ntop
 NON_REENTRANT += inet_pton
-
-# Separate two nothings by space to get one space in a variable
-space =
-space +=
-# The space needs to be in a variable otherwise it would be ignored.
-# And there must be no spaces around the commas because they would
-# not be ignored, logically.
-NON_REENTRANT_RE=$(subst $(space),|,$(NON_REENTRANT))
--- a/autobuild.sh
+++ b/autobuild.sh
@@ -56,7 +56,7 @@ exec 3>&-
 test "$st" = 0
 test -x /usr/bin/lcov && make cov

-rm -f *.tar.xz
+rm -f *.tar.gz
 make dist

 if test -n "$AUTOBUILD_COUNTER" ; then
--- a/42
+++ b/42
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Print a version string.
-scriptversion=2016-11-03.18; # UTC
+scriptversion=2014-12-08.12; # UTC

 # Bootstrap this package from checked-out sources.

@@ -42,7 +42,7 @@ export LC_ALL

 local_gl_dir=gl

-# Honor $PERL, but work even if there is none.
+# Honour $PERL, but work even if there is none
 PERL="${PERL-perl}"

 me=$0
@@ -418,30 +418,28 @@ sort_ver() { # sort -V is not generally available
  done
 }

-get_version_sed='
-# Move version to start of line.
-s/.*[v ]\([0-9]\)/\1/
-
-# Skip lines that do not start with version.
-/^[0-9]/!d
-
-# Remove characters after the version.
-s/[^.a-z0-9-].*//
-
-# The first component must be digits only.
-s/^\([0-9]*\)[a-z-].*/\1/
-
-#the following essentially does s/5.005/5.5/
-s/\.0*\([1-9]\)/.\1/g
-p
-q'
-
 get_version() {
  app=$1

  $app --version >/dev/null 2>&1 || { $app --version; return 1; }

-  $app --version 2>&1 | sed -n "$get_version_sed"
+  $app --version 2>&1 |
+  sed -n '# Move version to start of line.
+          s/.*[v ]\([0-9]\)/\1/
+
+          # Skip lines that do not start with version.
+          /^[0-9]/!d
+
+          # Remove characters after the version.
+          s/[^.a-z0-9-].*//
+
+          # The first component must be digits only.
+          s/^\([0-9]*\)[a-z-].*/\1/
+
+          #the following essentially does s/5.005/5.5/
+          s/\.0*\([1-9]\)/.\1/g
+          p
+          q'
 }

 check_versions() {
@@ -1023,6 +1021,6 @@ echo "$0: done.  Now you can run './configure'."
 # eval: (add-hook 'write-file-hooks 'time-stamp)
 # time-stamp-start: "scriptversion="
 # time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC0"
+# time-stamp-time-zone: "UTC"
 # time-stamp-end: "; # UTC"
 # End:
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -54,7 +54,6 @@ func
 getaddrinfo
 getcwd-lgpl
 gethostname
-getopt-posix
 getpass
 getpeername
 getsockname
@@ -121,7 +120,6 @@ time_r
 timegm
 ttyname_r
 uname
-unsetenv
 useless-if-before-free
 usleep
 vasprintf
@@ -209,6 +207,7 @@ gzip       -
 libtool    -
 patch      -
 perl       5.5
+perl::XML::XPath -
 pkg-config -
 rpcgen     -
 tar        -
--- a/build-aux/bracket-spacing.pl
+++ b/build-aux/bracket-spacing.pl
@@ -1,6 +1,6 @@
 #!/usr/bin/perl
 #
-# check-spacing.pl: Report any usage of 'function (..args..)'
+# bracket-spacing.pl: Report any usage of 'function (..args..)'
 # Also check for other syntax issues, such as correct use of ';'
 #
 # This library is free software; you can redistribute it and/or
@@ -43,7 +43,7 @@ foreach my $file (@ARGV) {
        $data =~ s/'[";,=]'/'X'/g;

        # Kill any quoted strings
-        $data =~ s,"(?:[^\\\"]|\\.)*","XXX",g;
+        $data =~ s,"([^\\\"]|\\.)*","XXX",g;

        # Kill any C++ style comments
        $data =~ s,//.*$,//,;
@@ -91,8 +91,8 @@ foreach my $file (@ARGV) {
            my $kw = $1;

            # Allow space after keywords only
-            if ($kw =~ /^(?:if|for|while|switch|return)$/) {
-                $tmpdata =~ s/(?:$kw\s\()/XXX(/;
+            if ($kw =~ /^(if|for|while|switch|return)$/) {
+                $tmpdata =~ s/($kw\s\()/XXX(/;
            } else {
                print "Whitespace after non-keyword:\n";
                print "$file:$.: $line";
@@ -101,8 +101,10 @@ foreach my $file (@ARGV) {
            }
        }

-        # Require whitespace immediately after keywords
-        if ($data =~ /\b(?:if|for|while|switch|return)\(/) {
+        # Require whitespace immediately after keywords,
+        # but none after the opening bracket
+        if ($data =~ /\b(if|for|while|switch|return)\(/ ||
+            $data =~ /\b(if|for|while|switch|return)\s+\(\s/) {
            print "No whitespace after keyword:\n";
            print "$file:$.: $line";
            $ret = 1;
@@ -116,10 +118,8 @@ foreach my $file (@ARGV) {
        }

        # Forbid whitespace following ( or prior to )
-        # but allow whitespace before ) on a single line
-        # (optionally followed by a semicolon)
-        if (($data =~ /\s\)/ && not $data =~ /^\s+\);?$/) ||
-            $data =~ /\((?!$)\s/) {
+        if ($data =~ /\S\s+\)/ ||
+            $data =~ /\(\s+\S/) {
            print "Whitespace after '(' or before ')':\n";
            print "$file:$.: $line";
            $ret = 1;
@@ -135,13 +135,10 @@ foreach my $file (@ARGV) {
        #          errno == EINTR)
        #       ;
        #
-        if ($data =~ /\s[;,]/) {
-            unless ($data =~ /\S; ; / ||
-                    $data =~ /^\s+;/) {
-                print "Whitespace before semicolon or comma:\n";
-                print "$file:$.: $line";
-                $ret = 1;
-            }
+        if ($data =~ /[^;\s]\s+[;,]/) {
+            print "Whitespace before (semi)colon:\n";
+            print "$file:$.: $line";
+            $ret = 1;
        }

        # Require EOL, macro line continuation, or whitespace after ";".
@@ -160,8 +157,11 @@ foreach my $file (@ARGV) {
        }

        # Require spaces around assignment '=', compounds and '=='
-        if ($data =~ /[^ ]\b[!<>&|\-+*\/%\^=]?=/ ||
-            $data =~ /=[^= \\\n]/) {
+        # with the exception of virAssertCmpInt()
+        $tmpdata = $data;
+        $tmpdata =~ s/(virAssertCmpInt\(.* ).?=,/$1op,/;
+        if ($tmpdata =~ /[^ ]\b[!<>&|\-+*\/%\^=]?=[^=]/ ||
+            $tmpdata =~ /=[^= \\\n]/) {
            print "Spacing around '=' or '==':\n";
            print "$file:$.: $line";
            $ret = 1;
--- a/build-aux/prohibit-duplicate-header.pl
+++ b/build-aux/prohibit-duplicate-header.pl
@@ -1,26 +0,0 @@
-#!/usr/bin/perl
-
-use strict;
-
-my $file = " ";
-my $ret = 0;
-my %includes = ( );
-my $lineno = 0;
-
-while (<>) {
-    if (not $file eq $ARGV) {
-        %includes = ( );
-        $file = $ARGV;
-        $lineno = 0;
-    }
-    $lineno++;
-    if (/^# *include *[<"]([^>"]*\.h)[">]/) {
-        $includes{$1}++;
-        if ($includes{$1} == 2) {
-            $ret = 1;
-            print STDERR "$ARGV:$lineno: $_";
-            print STDERR "Do not include a header more than once per file\n";
-        }
-    }
-}
-exit $ret;
--- a/cfg.mk
+++ b/cfg.mk
@@ -64,7 +64,6 @@ local-checks-to-skip =			\
  sc_prohibit_quote_without_use		\
  sc_prohibit_quotearg_without_use	\
  sc_prohibit_stat_st_blocks		\
-  sc_prohibit_undesirable_word_seq	\
  sc_root_tests				\
  sc_space_tab				\
  sc_sun_os_names			\
@@ -127,6 +126,7 @@ useless_free_options =				\
  --name=virDomainDiskDefFree			\
  --name=virDomainEventCallbackListFree		\
  --name=virObjectEventQueueFree		\
+  --name=virObjectEventStateFree		\
  --name=virDomainFSDefFree			\
  --name=virDomainGraphicsDefFree		\
  --name=virDomainHostdevDefFree		\
@@ -308,7 +308,7 @@ sc_flags_usage:
 	  | grep -c '\(long\|unsigned\) flags')" != 4 &&		\
 	  { echo '$(ME): new API should use "unsigned int flags"' 1>&2;	\
 	    exit 1; } || :
-	@prohibit=' flags ATTRIBUTE_UNUSED'				\
+	@prohibit=' flags ''ATTRIBUTE_UNUSED'				\
 	halt='flags should be checked with virCheckFlags'		\
 	  $(_sc_search_regexp)
 	@prohibit='^[^@]*([^d] (int|long long)|[^dg] long) flags[;,)]'	\
@@ -351,8 +351,8 @@ sc_prohibit_mkstemp:
 # access with X_OK accepts directories, but we can't exec() those.
 # access with F_OK or R_OK is okay, though.
 sc_prohibit_access_xok:
-	@prohibit='access(at)? *\(.*X_OK'				\
-	halt='use virFileIsExecutable instead of access(,X_OK)'		\
+	@prohibit='access''(at)? *\(.*X_OK'				\
+	halt='use virFileIsExecutable instead of access''(,X_OK)'	\
 	  $(_sc_search_regexp)

 # Similar to the gnulib maint.mk rule for sc_prohibit_strcmp
@@ -361,7 +361,7 @@ snp_ = strncmp *\(.+\)
 sc_prohibit_strncmp:
 	@prohibit='! *strncmp *\(|\<$(snp_) *[!=]=|[!=]= *$(snp_)'	\
 	exclude=':# *define STR(N?EQLEN|PREFIX)\('			\
-	halt='use STREQLEN or STRPREFIX instead of strncmp'		\
+	halt='use STREQLEN or STRPREFIX instead of str''ncmp'		\
 	  $(_sc_search_regexp)

 # strtol and friends are too easy to misuse
@@ -379,7 +379,7 @@ sc_prohibit_strtol:
 # But for plain %s, virAsprintf is overkill compared to strdup.
 sc_prohibit_asprintf:
 	@prohibit='\<v?a[s]printf\>'					\
-	halt='use virAsprintf, not asprintf'				\
+	halt='use virAsprintf, not as'printf				\
 	  $(_sc_search_regexp)
 	@prohibit='virAsprintf.*, *"%s",'				\
 	halt='use VIR_STRDUP instead of virAsprintf with "%s"'		\
@@ -406,7 +406,7 @@ sc_prohibit_risky_id_promotion:
 # since gnulib has more guarantees for snprintf portability
 sc_prohibit_sprintf:
 	@prohibit='\<[s]printf\>'					\
-	halt='use snprintf, not sprintf'				\
+	halt='use snprintf, not s'printf				\
 	  $(_sc_search_regexp)

 sc_prohibit_readlink:
@@ -420,9 +420,9 @@ sc_prohibit_gethostname:
 	  $(_sc_search_regexp)

 sc_prohibit_readdir:
-	@prohibit='\b(read|close|open)dir *\('				\
+	@prohibit='\breaddir *\('					\
 	exclude='exempt from syntax-check'				\
-	halt='use virDirOpen, virDirRead and VIR_DIR_CLOSE'		\
+	halt='use virDirRead, not readdir'				\
 	  $(_sc_search_regexp)

 sc_prohibit_gettext_noop:
@@ -431,36 +431,43 @@ sc_prohibit_gettext_noop:
 	  $(_sc_search_regexp)

 sc_prohibit_VIR_ERR_NO_MEMORY:
-	@prohibit='\<VIR_ERR_NO_MEMORY\>'				\
-	halt='use virReportOOMError, not VIR_ERR_NO_MEMORY'		\
+	@prohibit='\<V''IR_ERR_NO_MEMORY\>'				\
+	halt='use virReportOOMError, not V'IR_ERR_NO_MEMORY		\
 	  $(_sc_search_regexp)

 sc_prohibit_PATH_MAX:
-	@prohibit='\<PATH_MAX\>'				\
-	halt='dynamically allocate paths, do not use PATH_MAX'	\
+	@prohibit='\<P''ATH_MAX\>'				\
+	halt='dynamically allocate paths, do not use P'ATH_MAX	\
 	  $(_sc_search_regexp)

+# Use a subshell for each function, to give the optimal warning message.
 include $(srcdir)/Makefile.nonreentrant
 sc_prohibit_nonreentrant:
-	@prohibit="\\<(${NON_REENTRANT_RE}) *\\("			\
-	halt="use re-entrant functions (usually ending with _r)"	\
-	  $(_sc_search_regexp)
+	@fail=0 ; \
+	for i in $(NON_REENTRANT) ; \
+	do \
+	    (prohibit="\\<$$i *\\("					\
+	     halt="use $${i}_r, not $$i"				\
+	     $(_sc_search_regexp)					\
+	    ) || fail=1;						\
+	done ; \
+	exit $$fail

 sc_prohibit_select:
-	@prohibit='\<select *\('					\
-	halt='use poll(), not select()'					\
+	@prohibit="\\<select *\\("					\
+	halt="use poll(), not se""lect()"				\
 	  $(_sc_search_regexp)

 # Prohibit the inclusion of <ctype.h>.
 sc_prohibit_ctype_h:
 	@prohibit='^# *include  *<ctype\.h>'				\
-	halt='use c-ctype.h instead of ctype.h'				\
+	halt="don't use ctype.h; instead, use c-ctype.h"		\
 	  $(_sc_search_regexp)

 # Insist on correct types for [pug]id.
 sc_correct_id_types:
 	@prohibit='\<(int|long) *[pug]id\>'				\
-	halt='use pid_t for pid, uid_t for uid, gid_t for gid'		\
+	halt="use pid_t for pid, uid_t for uid, gid_t for gid"		\
 	  $(_sc_search_regexp)

 # "const fooPtr a" is the same as "foo * const a", even though it is
@@ -496,12 +503,12 @@ ctype_re = isalnum|isalpha|isascii|isblank|iscntrl|isdigit|isgraph|islower\

 sc_avoid_ctype_macros:
 	@prohibit='\b($(ctype_re)) *\('					\
-	halt='use c-ctype.h instead of ctype macros'			\
+	halt="don't use ctype macros (use c-ctype.h)"			\
 	  $(_sc_search_regexp)

 sc_avoid_strcase:
 	@prohibit='\bstrn?case(cmp|str) *\('				\
-	halt='use c-strcase.h instead of raw strcase functions'		\
+	halt="don't use raw strcase functions (use c-strcase instead)"	\
 	  $(_sc_search_regexp)

 sc_prohibit_virBufferAdd_with_string_literal:
@@ -519,6 +526,13 @@ sc_forbid_manual_xml_indent:
 	halt='use virBufferAdjustIndent instead of spaces when indenting xml' \
 	  $(_sc_search_regexp)

+# Not only do they fail to deal well with ipv6, but the gethostby*
+# functions are also not thread-safe.
+sc_prohibit_gethostby:
+	@prohibit='\<gethostby(addr|name2?) *\('			\
+	halt='use getaddrinfo, not gethostby*'				\
+	  $(_sc_search_regexp)
+
 # dirname and basename from <libgen.h> are not required to be thread-safe
 sc_prohibit_libgen:
 	@prohibit='( (base|dir)name *\(|include .libgen\.h)'		\
@@ -564,7 +578,7 @@ sc_prohibit_int_ijk:

 sc_prohibit_loop_iijjkk:
 	@prohibit='\<(int|unsigned) ([^=]+ )*(ii|jj|kk)\>(\s|,|;)'	\
-	halt='use i, j, k for loop iterators, not ii, jj, kk'		\
+	halt='use i, j, k for loop iterators, not ii, jj, kk' 		\
 	  $(_sc_search_regexp)

 # RHEL 5 gcc can't grok "for (int i..."
@@ -580,11 +594,6 @@ sc_prohibit_int_assign_bool:
 	halt='use bool type for boolean values'				\
 	  $(_sc_search_regexp)

-sc_prohibit_unsigned_pid:
-	@prohibit='\<unsigned\> [^,=;(]+pid'				\
-	halt='use signed type for pid values'				\
-	  $(_sc_search_regexp)
-
 # Many of the function names below came from this filter:
 # git grep -B2 '\<_('|grep -E '\.c- *[[:alpha:]_][[:alnum:]_]* ?\(.*[,;]$' \
 # |sed 's/.*\.c-  *//'|perl -pe 's/ ?\(.*//'|sort -u \
@@ -611,9 +620,8 @@ msg_gen_function += xenapiSessionErrorHandler
 # msg_gen_function += vshPrint
 # msg_gen_function += vshError

-space =
-space +=
-func_re= ($(subst $(space),|,$(msg_gen_function)))
+func_or := $(shell echo $(msg_gen_function)|tr -s ' ' '|')
+func_re := ($(func_or))

 # Look for diagnostics that aren't marked for translation.
 # This won't find any for which error's format string is on a separate line.
@@ -735,7 +743,7 @@ sc_copyright_format:
 	@prohibit='Copyright [^(].*Red 'Hat				\
 	halt='consistently use (C) in Red Hat copyright'		\
 	  $(_sc_search_regexp)
-	@prohibit='\<RedHat\>'						\
+	@prohibit='\<Red''Hat\>'					\
 	halt='spell Red Hat as two words'				\
 	  $(_sc_search_regexp)

@@ -802,7 +810,7 @@ sc_require_enum_last_marker:
 sc_prohibit_semicolon_at_eol_in_python:
 	@prohibit='^[^#].*\;$$'			                        \
 	in_vc_files='\.py$$'						\
-	halt='python does not require to end lines with a semicolon'	\
+	halt="Don't use semicolon at eol in python files"		\
 	  $(_sc_search_regexp)

 # mymain() in test files should use return, not exit, for nicer output
@@ -812,6 +820,30 @@ sc_prohibit_exit_in_tests:
 	halt='use return, not exit(), in tests'				\
 	  $(_sc_search_regexp)

+# Don't include duplicate header in the source (either *.c or *.h)
+sc_prohibit_duplicate_header:
+	@fail=0; for i in $$($(VC_LIST_EXCEPT) | grep '\.[chx]$$'); do	\
+	  awk '/# *include.*\.h/ {					\
+	    match($$0, /[<"][^>"]*[">]/);				\
+	    arr[substr($$0, RSTART + 1, RLENGTH - 2)]++;		\
+	  }								\
+	  END {								\
+	    for (key in arr) {						\
+	      if (arr[key] > 1)	{					\
+		fail=1;							\
+		printf("%d %s are included\n", arr[key], key);		\
+	      }								\
+	    }								\
+	    if (fail == 1) {						\
+	      printf("duplicate header(s) in " FILENAME "\n");		\
+	      exit 1;							\
+	    }								\
+	  }' $$i || fail=1;						\
+	done;								\
+	if test $$fail -eq 1; then					\
+	  { echo '$(ME): avoid duplicate headers' 1>&2; exit 1; }	\
+	fi;
+
 # Don't include "libvirt/*.h" in "" form.
 sc_prohibit_include_public_headers_quote:
 	@prohibit='# *include *"libvirt/.*\.h"'				\
@@ -885,7 +917,7 @@ sc_prohibit_virConnectOpen_in_virsh:
 sc_require_space_before_label:
 	@prohibit='^(   ?)?[_a-zA-Z0-9]+:$$'                           \
 	in_vc_files='\.[ch]$$'                                         \
-	halt='Top-level labels should be indented by one space'        \
+	halt="Top-level labels should be indented by one space"        \
 	  $(_sc_search_regexp)

 # Allow for up to three spaces before the label: this is to avoid running
@@ -894,14 +926,14 @@ sc_require_space_before_label:
 sc_prohibit_space_in_label:
 	@prohibit='^ {0,3}[_a-zA-Z0-9]+ +:$$'                          \
 	in_vc_files='\.[ch]$$'                                         \
-	halt='There should be no space between label name and colon'   \
+	halt="There should be no space between label name and colon"   \
 	  $(_sc_search_regexp)

 # Doesn't catch all cases of mismatched braces across if-else, but it helps
 sc_require_if_else_matching_braces:
 	@prohibit='(  else( if .*\))? {|} else( if .*\))?$$)'		\
 	in_vc_files='\.[chx]$$'						\
-	halt='if one side of if-else uses {}, both sides must use it'	\
+	halt="if one side of if-else uses {}, both sides must use it"	\
 	  $(_sc_search_regexp)

 sc_curly_braces_style:
@@ -961,7 +993,7 @@ sc_prohibit_static_zero_init:
 sc_prohibit_devname:
 	@prohibit='\bdevname\b'	\
 	exclude='sc_prohibit_devname' \
-	halt='avoid using devname as FreeBSD exports the symbol' \
+	halt='avoid using 'devname' as FreeBSD exports the symbol' \
 	  $(_sc_search_regexp)

 sc_prohibit_system_error_with_vir_err:
@@ -975,7 +1007,7 @@ sc_prohibit_system_error_with_vir_err:
 sc_prohibit_virXXXFree:
 	@prohibit='\bvir(Domain|Network|NodeDevice|StorageVol|StoragePool|Stream|Secret|NWFilter|Interface|DomainSnapshot)Free\b'	\
 	exclude='sc_prohibit_virXXXFree' \
-	halt='avoid using virXXXFree, use virObjectUnref instead' \
+	halt='avoid using 'virXXXFree', use 'virObjectUnref' instead' \
 	  $(_sc_search_regexp)

 sc_prohibit_sysconf_pagesize:
@@ -986,12 +1018,17 @@ sc_prohibit_sysconf_pagesize:
 sc_prohibit_pthread_create:
 	@prohibit='\bpthread_create\b' \
 	exclude='sc_prohibit_pthread_create' \
-	halt='avoid using pthread_create, use virThreadCreate instead' \
+	halt="avoid using 'pthread_create', use 'virThreadCreate' instead" \
 	  $(_sc_search_regexp)

 sc_prohibit_not_streq:
-	@prohibit='! *STRN?EQ *\(.*\)'		\
-	halt='Use STRNEQ instead of !STREQ and STREQ instead of !STRNEQ'	\
+	@prohibit='! *STREQ *\(.*\)'		\
+	halt='Use STRNEQ instead of !STREQ'	\
+	  $(_sc_search_regexp)
+
+sc_prohibit_not_strneq:
+	@prohibit='! *STRNEQ *\(.*\)'       \
+	halt='Use STREQ instead of !STRNEQ'	\
 	  $(_sc_search_regexp)

 sc_prohibit_verbose_strcat:
@@ -1000,15 +1037,6 @@ sc_prohibit_verbose_strcat:
 	halt='Use strcat(a, b) instead of strncat(a, b, strlen(b))' \
 	  $(_sc_search_regexp)

-# Ensure that each .c file containing a "main" function also
-# calls virGettextInitialize
-sc_gettext_init:
-	@require='virGettextInitialize *\('					\
-	in_vc_files='\.c$$'						\
-	containing='\<main *('						\
-	halt='the above files do not call virGettextInitialize'		\
-	  $(_sc_search_regexp)
-
 # We don't use this feature of maint.mk.
 prev_version_file = /dev/null

@@ -1056,24 +1084,28 @@ _autogen:

 # regenerate HACKING as part of the syntax-check
 ifneq ($(_gl-Makefile),)
-syntax-check: $(top_srcdir)/HACKING spacing-check test-wrap-argv \
-	prohibit-duplicate-header
+syntax-check: $(top_srcdir)/HACKING bracket-spacing-check test-wrap-argv
 endif

-# Don't include duplicate header in the source (either *.c or *.h)
-prohibit-duplicate-header:
-	$(AM_V_GEN)files=$$($(VC_LIST_EXCEPT) | grep '\.[chx]$$'); \
-	$(PERL) -W $(top_srcdir)/build-aux/prohibit-duplicate-header.pl $$files
-
-spacing-check:
+bracket-spacing-check:
 	$(AM_V_GEN)files=`$(VC_LIST) | grep '\.c$$'`; \
-	$(PERL) $(top_srcdir)/build-aux/check-spacing.pl $$files || \
+	$(PERL) $(top_srcdir)/build-aux/bracket-spacing.pl $$files || \
 	  { echo '$(ME): incorrect formatting, see HACKING for rules' 1>&2; \
 	    exit 1; }

 test-wrap-argv:
 	$(AM_V_GEN)files=`$(VC_LIST) | grep -E '\.(ldargs|args)'`; \
-	$(PERL) $(top_srcdir)/tests/test-wrap-argv.pl --check $$files
+	for file in $$files ; \
+	do \
+	    $(PERL) $(top_srcdir)/tests/test-wrap-argv.pl $$file > $${file}-t ; \
+	    diff $$file $${file}-t; \
+	    res=$$? ; \
+	    rm $${file}-t ; \
+	    test $$res == 0 || { \
+	      echo "$(ME): Incorrect line wrapping in $$file" 1>&2; \
+              echo "$(ME): Use test-wrap-argv.pl to wrap test data files" 1>&2; \
+	      exit 1; } \
+	done

 # sc_po_check can fail if generated files are not built first
 sc_po_check: \
@@ -1101,18 +1133,13 @@ _test1=shunloadtest|virnettlscontexttest|virnettlssessiontest|vircgroupmock
 exclude_file_name_regexp--sc_avoid_write = \
  ^(src/($(_src1))|daemon/libvirtd|tools/virsh-console|tests/($(_test1)))\.c$$

-exclude_file_name_regexp--sc_bindtextdomain = .*
-
-exclude_file_name_regexp--sc_gettext_init = ^(tests|examples)/
-
-exclude_file_name_regexp--sc_copyright_format = \
-	^cfg\.mk$$
+exclude_file_name_regexp--sc_bindtextdomain = ^(tests|examples)/

 exclude_file_name_regexp--sc_copyright_usage = \
  ^COPYING(|\.LESSER)$$

 exclude_file_name_regexp--sc_flags_usage = \
-  ^(cfg\.mk|docs/|src/util/virnetdevtap\.c$$|tests/(vir(cgroup|pci|test|usb)|nss|qemuxml2argv)mock\.c$$)
+  ^(docs/|src/util/virnetdevtap\.c$$|tests/vir(cgroup|pci|usb)mock\.c$$)

 exclude_file_name_regexp--sc_libvirt_unmarked_diagnostics = \
  ^(src/rpc/gendispatch\.pl$$|tests/)
@@ -1120,16 +1147,12 @@ exclude_file_name_regexp--sc_libvirt_unmarked_diagnostics = \
 exclude_file_name_regexp--sc_po_check = ^(docs/|src/rpc/gendispatch\.pl$$)

 exclude_file_name_regexp--sc_prohibit_VIR_ERR_NO_MEMORY = \
-  ^(cfg\.mk|include/libvirt/virterror\.h|daemon/dispatch\.c|src/util/virerror\.c|docs/internals/oomtesting\.html\.in)$$
+  ^(include/libvirt/virterror\.h|daemon/dispatch\.c|src/util/virerror\.c|docs/internals/oomtesting\.html\.in)$$

-exclude_file_name_regexp--sc_prohibit_PATH_MAX = \
-	^cfg\.mk$$
-
-exclude_file_name_regexp--sc_prohibit_access_xok = \
-	^(cfg\.mk|src/util/virutil\.c)$$
+exclude_file_name_regexp--sc_prohibit_access_xok = ^src/util/virutil\.c$$

 exclude_file_name_regexp--sc_prohibit_asprintf = \
-  ^(cfg\.mk|bootstrap.conf$$|examples/|src/util/virstring\.[ch]$$|tests/vircgroupmock\.c$$)
+  ^(bootstrap.conf$$|src/util/virstring\.[ch]$$|tests/vircgroupmock\.c$$)

 exclude_file_name_regexp--sc_prohibit_strdup = \
  ^(docs/|examples/|src/util/virstring\.c|tests/vir(netserverclient|cgroup)mock.c$$)
@@ -1138,7 +1161,7 @@ exclude_file_name_regexp--sc_prohibit_close = \
  (\.p[yl]$$|\.spec\.in$$|^docs/|^(src/util/virfile\.c|src/libvirt-stream\.c|tests/vir.+mock\.c)$$)

 exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF = \
-  (^tests/(qemuhelp|virhostcpu|virpcitest)data/|docs/js/.*\.js|docs/fonts/.*\.woff|\.diff|tests/virconfdata/no-newline\.conf$$)
+  (^tests/(qemuhelp|nodeinfo|virpcitest)data/|\.diff$$)

 _src2=src/(util/vircommand|libvirt|lxc/lxc_controller|locking/lock_daemon|logging/log_daemon)
 exclude_file_name_regexp--sc_prohibit_fork_wrappers = \
@@ -1153,10 +1176,7 @@ exclude_file_name_regexp--sc_prohibit_newline_at_end_of_diagnostic = \
  ^src/rpc/gendispatch\.pl$$

 exclude_file_name_regexp--sc_prohibit_nonreentrant = \
-  ^((po|tests)/|docs/.*(py|js|html\.in)|run.in$$|tools/wireshark/util/genxdrstub\.pl$$)
-
-exclude_file_name_regexp--sc_prohibit_select = \
-	^cfg\.mk$$
+  ^((po|tests)/|docs/.*(py|html\.in)|run.in$$|tools/wireshark/util/genxdrstub\.pl$$)

 exclude_file_name_regexp--sc_prohibit_raw_allocation = \
  ^(docs/hacking\.html\.in|src/util/viralloc\.[ch]|examples/.*|tests/(securityselinuxhelper|vircgroupmock)\.c|tools/wireshark/src/packet-libvirt\.c)$$
@@ -1167,11 +1187,11 @@ exclude_file_name_regexp--sc_prohibit_readlink = \
 exclude_file_name_regexp--sc_prohibit_setuid = ^src/util/virutil\.c$$

 exclude_file_name_regexp--sc_prohibit_sprintf = \
-  ^(cfg\.mk|docs/hacking\.html\.in|.*\.stp|.*\.pl)$$
+  (^docs/hacking\.html\.in|\.stp|\.pl)$$

 exclude_file_name_regexp--sc_prohibit_strncpy = ^src/util/virstring\.c$$

-exclude_file_name_regexp--sc_prohibit_strtol = ^examples/.*$$
+exclude_file_name_regexp--sc_prohibit_strtol = ^examples/dom.*/.*\.c$$

 exclude_file_name_regexp--sc_prohibit_xmlGetProp = ^src/util/virxml\.c$$

@@ -1186,10 +1206,10 @@ exclude_file_name_regexp--sc_require_config_h_first = \
 	^(examples/|tools/virsh-edit\.c$$)

 exclude_file_name_regexp--sc_trailing_blank = \
-  /qemuhelpdata/|/sysinfodata/.*\.data|/virhostcpudata/.*\.cpuinfo$$
+  /qemuhelpdata/|/sysinfodata/.*\.data|/nodeinfodata/.*\.cpuinfo$$

 exclude_file_name_regexp--sc_unmarked_diagnostics = \
-  ^(docs/apibuild.py|tests/virt-aa-helper-test|docs/js/.*\.js)$$
+  ^(docs/apibuild.py|tests/virt-aa-helper-test)$$

 exclude_file_name_regexp--sc_size_of_brackets = cfg.mk

@@ -1205,10 +1225,7 @@ exclude_file_name_regexp--sc_prohibit_include_public_headers_brackets = \
  ^(tools/|examples/|include/libvirt/(virterror|libvirt(-(admin|qemu|lxc))?)\.h$$)

 exclude_file_name_regexp--sc_prohibit_int_ijk = \
-  ^(src/remote_protocol-structs|src/remote/remote_protocol\.x|cfg\.mk|include/libvirt/libvirt.+|src/admin_protocol-structs|src/admin/admin_protocol\.x)$$
-
-exclude_file_name_regexp--sc_prohibit_unsigned_pid = \
-  ^(include/libvirt/.*\.h|src/(qemu/qemu_driver\.c|driver-hypervisor\.h|libvirt(-[a-z]*)?\.c|.*\.x|util/vir(polkit|systemd)\.c)|tests/virpolkittest\.c|tools/virsh-domain\.c)$$
+  ^(src/remote_protocol-structs|src/remote/remote_protocol\.x|cfg\.mk|include/libvirt/libvirt.+)$$

 exclude_file_name_regexp--sc_prohibit_getenv = \
  ^tests/.*\.[ch]$$
@@ -1220,7 +1237,7 @@ exclude_file_name_regexp--sc_prohibit_mixed_case_abbreviations = \
  ^src/(vbox/vbox_CAPI.*.h|esx/esx_vi.(c|h)|esx/esx_storage_backend_iscsi.c)$$

 exclude_file_name_regexp--sc_prohibit_empty_first_line = \
-  ^(README|daemon/THREADS\.txt|src/esx/README|tests/(vmwarever|virhostcpu)data/.*)$$
+  ^(README|daemon/THREADS\.txt|src/esx/README|docs/library.xen|tests/(vmwarever|nodeinfo)data/.*)$$

 exclude_file_name_regexp--sc_prohibit_useless_translation = \
  ^tests/virpolkittest.c
@@ -1237,8 +1254,8 @@ exclude_file_name_regexp--sc_prohibit_sysconf_pagesize = \
 exclude_file_name_regexp--sc_prohibit_pthread_create = \
  ^(cfg\.mk|src/util/virthread\.c|tests/.*)$$

-exclude_file_name_regexp--sc_prohibit_always-defined_macros = \
-  ^tests/virtestmock.c$$
+exclude_file_name_regexp--sc_prohibit_not_streq = \
+  ^tests/.*\.[ch]$$

-exclude_file_name_regexp--sc_prohibit_readdir = \
-  ^tests/.*mock\.c$$
+exclude_file_name_regexp--sc_prohibit_not_strneq = \
+  ^tests/.*\.[ch]$$
--- a/config-post.h
+++ b/config-post.h
@@ -20,7 +20,7 @@
 * Since virt-login-shell will be setuid, we must do everything
 * we can to avoid linking to other libraries. Many of them do
 * unsafe things in functions marked __atttribute__((constructor)).
- * The only way to avoid such deps is to re-compile the
+ * The only way avoid to avoid such deps is to re-compile the
 * functions with the code in question disabled, and for that we
 * must override the main config.h rules. Hence this file :-(
 */
@@ -32,60 +32,14 @@
 # undef HAVE_LIBSASL2
 # undef WITH_CAPNG
 # undef WITH_CURL
-# undef WITH_DBUS
 # undef WITH_DTRACE_PROBES
 # undef WITH_GNUTLS
 # undef WITH_GNUTLS_GCRYPT
-# undef WITH_LIBSSH
 # undef WITH_MACVTAP
 # undef WITH_NUMACTL
 # undef WITH_SASL
 # undef WITH_SSH2
-# undef WITH_SYSTEMD_DAEMON
 # undef WITH_VIRTUALPORT
 # undef WITH_YAJL
 # undef WITH_YAJL2
 #endif
-
-/*
- * With the NSS module it's the same story as virt-login-shell. See the
- * explanation above.
- */
-#ifdef LIBVIRT_NSS
-# undef HAVE_LIBDEVMAPPER_H
-# undef HAVE_LIBNL
-# undef HAVE_LIBNL3
-# undef HAVE_LIBSASL2
-# undef WITH_CAPNG
-# undef WITH_CURL
-# undef WITH_DTRACE_PROBES
-# undef WITH_GNUTLS
-# undef WITH_GNUTLS_GCRYPT
-# undef WITH_LIBSSH
-# undef WITH_MACVTAP
-# undef WITH_NUMACTL
-# undef WITH_SASL
-# undef WITH_SSH2
-# undef WITH_VIRTUALPORT
-# undef WITH_SECDRIVER_SELINUX
-# undef WITH_SECDRIVER_APPARMOR
-# undef WITH_CAPNG
-#endif /* LIBVIRT_NSS */
-
-/*
- * Define __GNUC__ to a sane default if it isn't yet defined.
- * This is done here so that it's included as early as possible; gnulib relies
- * on this to be defined in features.h, which should be included from ctype.h.
- * This doesn't happen on many non-glibc systems.
- * When __GNUC__ is not defined, gnulib defines it to 0, which breaks things.
- */
-#ifdef __GNUC__
-# ifndef __GNUC_PREREQ
-#  if defined __GNUC__ && defined __GNUC_MINOR__
-#   define __GNUC_PREREQ(maj, min)                                        \
-   ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
-#  else
-#   define __GNUC_PREREQ(maj, min) 0
-#  endif
-# endif
-#endif
--- a/configure.ac
+++ b/configure.ac
@@ -16,7 +16,7 @@ dnl You should have received a copy of the GNU Lesser General Public
 dnl License along with this library.  If not, see
 dnl <http://www.gnu.org/licenses/>.

-AC_INIT([libvirt], [2.5.0], [libvir-list@redhat.com], [], [http://libvirt.org])
+AC_INIT([libvirt], [1.3.2], [libvir-list@redhat.com], [], [http://libvirt.org])
 AC_CONFIG_SRCDIR([src/libvirt.c])
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_HEADERS([config.h])
@@ -24,7 +24,7 @@ AH_BOTTOM([#include <config-post.h>])
 AC_CONFIG_MACRO_DIR([m4])
 dnl Make automake keep quiet about wildcards & other GNUmake-isms; also keep
 dnl quiet about the fact that we intentionally cater to automake 1.9
-AM_INIT_AUTOMAKE([-Wno-portability -Wno-obsolete tar-pax no-dist-gzip dist-xz subdir-objects])
+AM_INIT_AUTOMAKE([-Wno-portability -Wno-obsolete tar-ustar subdir-objects])
 dnl older automake's default of ARFLAGS=cru is noisy on newer binutils;
 dnl we don't really need the 'u' even in older toolchains.  Then there is
 dnl older libtool, which spelled it AR_FLAGS
@@ -117,14 +117,13 @@ fi

 dnl Required minimum versions of all libs we depend on
 LIBXML_REQUIRED="2.6.0"
+GNUTLS_REQUIRED="1.0.25"
 POLKIT_REQUIRED="0.6"
 PARTED_REQUIRED="1.8.0"
 DEVMAPPER_REQUIRED=1.0.0
 LIBPCAP_REQUIRED="1.0.0"
 LIBNL_REQUIRED="1.1"
 PARALLELS_SDK_REQUIRED="7.0.22"
-dnl Where we look for daemons and admin binaries during configure
-LIBVIRT_SBIN_PATH="$PATH:/sbin:/usr/sbin:/usr/local/sbin"

 dnl Checks for C compiler.
 AC_PROG_CC
@@ -145,8 +144,6 @@ AC_TYPE_UID_T
 dnl Support building Win32 DLLs (must appear *before* AM_PROG_LIBTOOL)
 AC_LIBTOOL_WIN32_DLL

-AC_HEADER_MAJOR
-
 m4_ifndef([LT_INIT], [
  AM_PROG_LIBTOOL
 ], [
@@ -219,7 +216,6 @@ if test "$with_remote" = "no" ; then
  with_gnutls=no
  with_ssh2=no
  with_sasl=no
-  with_libssh=no
 fi
 # Stateful drivers are useful only when building the daemon.
 if test "$with_libvirtd" = "no" ; then
@@ -249,7 +245,6 @@ LIBVIRT_CHECK_DBUS
 LIBVIRT_CHECK_FUSE
 LIBVIRT_CHECK_GLUSTER
 LIBVIRT_CHECK_HAL
-LIBVIRT_CHECK_LIBSSH
 LIBVIRT_CHECK_NETCF
 LIBVIRT_CHECK_NUMACTL
 LIBVIRT_CHECK_OPENWSMAN
@@ -259,11 +254,10 @@ LIBVIRT_CHECK_SANLOCK
 LIBVIRT_CHECK_SASL
 LIBVIRT_CHECK_SELINUX
 LIBVIRT_CHECK_SSH2
+LIBVIRT_CHECK_SYSTEMD_DAEMON
 LIBVIRT_CHECK_UDEV
 LIBVIRT_CHECK_WIRESHARK
-LIBVIRT_CHECK_NSS
 LIBVIRT_CHECK_YAJL
-LIBVIRT_CHECK_GNUTLS

 AC_MSG_CHECKING([for CPUID instruction])
 AC_COMPILE_IFELSE([AC_LANG_PROGRAM(
@@ -326,16 +320,15 @@ if test "x$lv_cv_pthread_sigmask_works" != xyes; then
  AC_DEFINE([FUNC_PTHREAD_SIGMASK_BROKEN], [1],
    [Define to 1 if pthread_sigmask is not a real function])
 fi
-LIBS=$old_LIBS
+LIBS=$old_libs

 dnl Availability of various common headers (non-fatal if missing).
-AC_CHECK_HEADERS([pwd.h regex.h sys/un.h \
+AC_CHECK_HEADERS([pwd.h paths.h regex.h sys/un.h \
  sys/poll.h syslog.h mntent.h net/ethernet.h linux/magic.h \
  sys/un.h sys/syscall.h sys/sysctl.h netinet/tcp.h ifaddrs.h \
  libtasn1.h sys/ucred.h sys/mount.h])
 dnl Check whether endian provides handy macros.
 AC_CHECK_DECLS([htole64], [], [], [[#include <endian.h>]])
-AC_CHECK_FUNCS([stat stat64 __xstat __xstat64 lstat lstat64 __lxstat __lxstat64])

 dnl We need to decide at configure time if libvirt will use real atomic
 dnl operations ("lock free") or emulated ones with a mutex.
@@ -421,6 +414,10 @@ AC_CHECK_LIB([intl],[gettext],[])
 dnl Do we have rpcgen?
 AC_PATH_PROGS([RPCGEN], [rpcgen portable-rpcgen], [no])
 AM_CONDITIONAL([HAVE_RPCGEN], [test "x$ac_cv_path_RPCGEN" != "xno"])
+dnl Is this GLIBC's buggy rpcgen?
+AM_CONDITIONAL([HAVE_GLIBC_RPCGEN],
+	       [test "x$ac_cv_path_RPCGEN" != "xno" &&
+	        $ac_cv_path_RPCGEN -t </dev/null >/dev/null 2>&1])

 dnl Miscellaneous external programs.
 AC_PATH_PROG([XMLLINT], [xmllint], [/usr/bin/xmllint])
@@ -428,36 +425,35 @@ AC_PATH_PROG([XMLCATALOG], [xmlcatalog], [/usr/bin/xmlcatalog])
 AC_PATH_PROG([XSLTPROC], [xsltproc], [/usr/bin/xsltproc])
 AC_PATH_PROG([AUGPARSE], [augparse], [/usr/bin/augparse])
 AC_PROG_MKDIR_P
-AC_PROG_LN_S

 dnl External programs that we can use if they are available.
 dnl We will hard-code paths to these programs unless we cannot
 dnl detect them, in which case we'll search for the program
 dnl along the $PATH at runtime and fail if it's not there.
 AC_PATH_PROG([DMIDECODE], [dmidecode], [dmidecode],
-	[$LIBVIRT_SBIN_PATH])
+	[/sbin:/usr/sbin:/usr/local/sbin:$PATH])
 AC_PATH_PROG([DNSMASQ], [dnsmasq], [dnsmasq],
-	[$LIBVIRT_SBIN_PATH])
+	[/sbin:/usr/sbin:/usr/local/sbin:$PATH])
 AC_PATH_PROG([RADVD], [radvd], [radvd],
-	[$LIBVIRT_SBIN_PATH])
+	[/sbin:/usr/sbin:/usr/local/sbin:$PATH])
 AC_PATH_PROG([TC], [tc], [tc],
-	[$LIBVIRT_SBIN_PATH])
+    [/sbin:/usr/sbin:/usr/local/sbin:$PATH])
 AC_PATH_PROG([UDEVADM], [udevadm], [],
-	[$LIBVIRT_SBIN_PATH])
+	[/sbin:/usr/sbin:/usr/local/sbin:$PATH])
 AC_PATH_PROG([UDEVSETTLE], [udevsettle], [],
-	[$LIBVIRT_SBIN_PATH])
+	[/sbin:/usr/sbin:/usr/local/sbin:$PATH])
 AC_PATH_PROG([MODPROBE], [modprobe], [modprobe],
-	[$LIBVIRT_SBIN_PATH])
+	[/sbin:/usr/sbin:/usr/local/sbin:$PATH])
 AC_PATH_PROG([RMMOD], [rmmod], [rmmod],
-	[$LIBVIRT_SBIN_PATH])
+	[/sbin:/usr/sbin:/usr/local/sbin:$PATH])
 AC_PATH_PROG([MMCTL], [mm-ctl], [mm-ctl],
-	[$LIBVIRT_SBIN_PATH])
+	[/sbin:/usr/sbin:/usr/local/sbin:$PATH])
 AC_PATH_PROG([OVSVSCTL], [ovs-vsctl], [ovs-vsctl],
-	[$LIBVIRT_SBIN_PATH])
+	[/sbin:/usr/sbin:/usr/local/sbin:$PATH])
 AC_PATH_PROG([SCRUB], [scrub], [scrub],
-	[$LIBVIRT_SBIN_PATH])
+	[/sbin:/usr/sbin:/usr/local/sbin:$PATH])
 AC_PATH_PROG([ADDR2LINE], [addr2line], [addr2line],
-	[$LIBVIRT_SBIN_PATH])
+        [/sbin:/usr/bin:/usr/sbin:/usr/local/sbin:$PATH])

 AC_DEFINE_UNQUOTED([DMIDECODE],["$DMIDECODE"],
        [Location or name of the dmidecode program])
@@ -537,6 +533,10 @@ AC_ARG_WITH([qemu],
  [AS_HELP_STRING([--with-qemu],
    [add QEMU/KVM support @<:@default=yes@:>@])])
 m4_divert_text([DEFAULTS], [with_qemu=yes])
+AC_ARG_WITH([uml],
+  [AS_HELP_STRING([--with-uml],
+    [add UML support @<:@default=check@:>@])])
+m4_divert_text([DEFAULTS], [with_uml=check])
 AC_ARG_WITH([openvz],
  [AS_HELP_STRING([--with-openvz],
    [add OpenVZ support @<:@default=check@:>@])])
@@ -612,7 +612,51 @@ if test x"$enable_debug" = x"yes"; then
   AC_DEFINE([ENABLE_DEBUG], [], [whether debugging is enabled])
 fi

-LIBVIRT_CHECK_INIT_SCRIPT
+
+
+dnl
+dnl init script flavor
+dnl
+AC_MSG_CHECKING([for init script flavor])
+AC_ARG_WITH([init-script],
+  [AS_HELP_STRING([--with-init-script@<:@=STYLE@:>@],
+    [Style of init script to install: redhat, systemd, systemd+redhat,
+     upstart, check, none @<:@default=check@:>@])],
+  [],[with_init_script=check])
+init_redhat=no
+init_systemd=no
+init_upstart=no
+case "$with_init_script" in
+    systemd+redhat)
+       init_redhat=yes
+       init_systemd=yes
+       ;;
+    systemd)
+       init_systemd=yes
+       ;;
+    upstart)
+       init_upstart=yes
+       ;;
+    redhat)
+       init_redhat=yes
+       ;;
+    none)
+       ;;
+    check)
+       if test "$cross_compiling" != yes && test -f /etc/redhat-release; then
+          init_redhat=yes
+          with_init_script=redhat
+       fi
+       ;;
+    *)
+       AC_MSG_ERROR([Unknown initscript flavour $with_init_script])
+    ;;
+esac
+AM_CONDITIONAL([LIBVIRT_INIT_SCRIPT_RED_HAT], test "$init_redhat" = "yes")
+AM_CONDITIONAL([LIBVIRT_INIT_SCRIPT_UPSTART], test "$init_upstart" = "yes")
+AM_CONDITIONAL([LIBVIRT_INIT_SCRIPT_SYSTEMD], test "$init_systemd" = "yes")
+AC_MSG_RESULT($with_init_script)
+

 AC_MSG_CHECKING([for whether to install sysctl config])
 AC_ARG_WITH([sysctl],
@@ -638,16 +682,24 @@ fi
 AM_CONDITIONAL([WITH_SYSCTL], test "$with_sysctl" = "yes")
 AC_MSG_RESULT($with_sysctl)

-AC_PATH_PROG([IP_PATH], [ip], /sbin/ip, [$LIBVIRT_SBIN_PATH])
+dnl RHEL-5 has a peculiar version of Xen, which requires some special casing
+AC_ARG_WITH([rhel5-api],
+	[AS_HELP_STRING([--with-rhel5-api=@<:@ARG@:>@],
+		[build for the RHEL-5 API @<:@default=no@:>@])])
+if test x"$with_rhel5_api" = x"yes"; then
+   AC_DEFINE([WITH_RHEL5_API], [1], [whether building for the RHEL-5 API])
+fi
+
+AC_PATH_PROG([IP_PATH], [ip], /sbin/ip, [/usr/sbin:$PATH])
 AC_DEFINE_UNQUOTED([IP_PATH], "$IP_PATH", [path to ip binary])

-AC_PATH_PROG([IPTABLES_PATH], [iptables], /sbin/iptables, [$LIBVIRT_SBIN_PATH])
+AC_PATH_PROG([IPTABLES_PATH], [iptables], /sbin/iptables, [/usr/sbin:$PATH])
 AC_DEFINE_UNQUOTED([IPTABLES_PATH], "$IPTABLES_PATH", [path to iptables binary])

-AC_PATH_PROG([IP6TABLES_PATH], [ip6tables], /sbin/ip6tables, [$LIBVIRT_SBIN_PATH])
+AC_PATH_PROG([IP6TABLES_PATH], [ip6tables], /sbin/ip6tables, [/usr/sbin:$PATH])
 AC_DEFINE_UNQUOTED([IP6TABLES_PATH], "$IP6TABLES_PATH", [path to ip6tables binary])

-AC_PATH_PROG([EBTABLES_PATH], [ebtables], /sbin/ebtables, [$LIBVIRT_SBIN_PATH])
+AC_PATH_PROG([EBTABLES_PATH], [ebtables], /sbin/ebtables, [/usr/sbin:$PATH])
 AC_DEFINE_UNQUOTED([EBTABLES_PATH], "$EBTABLES_PATH", [path to ebtables binary])


@@ -863,11 +915,6 @@ if test "$with_libxl" != "no" ; then
    fi
 fi

-# LIBXL_API_VERSION 4.4.0 introduced a new parameter to
-# libxl_domain_create_restore for specifying restore parameters.
-# The libxl driver will make use of this new parameter for specifying
-# the Xen migration stream version.
-LIBXL_CFLAGS="$LIBXL_CFLAGS -DLIBXL_API_VERSION=0x040400"
 LIBS="$old_LIBS"
 CFLAGS="$old_CFLAGS"

@@ -1050,12 +1097,6 @@ dnl

 LIBVIRT_CHECK_LOGIN_SHELL

-dnl
-dnl Check for virt-host-validate
-dnl
-
-LIBVIRT_CHECK_HOST_VALIDATE
-
 AM_CONDITIONAL([WITH_SETUID_RPC_CLIENT], [test "$with_lxc$with_login_shell" != "nono"])

 dnl
@@ -1156,25 +1197,108 @@ AC_SUBST([LIBXML_CFLAGS])
 AC_SUBST([LIBXML_LIBS])

 dnl xmlURI structure has query_raw?
-old_CFLAGS="$CFLAGS"
-old_LIBS="$LIBS"
+old_cflags="$CFLAGS"
+old_libs="$LIBS"
 CFLAGS="$CFLAGS $LIBXML_CFLAGS"
 LIBS="$LIBS $LIBXML_LIBS"
 AC_CHECK_MEMBER([struct _xmlURI.query_raw],
 		[AC_DEFINE([HAVE_XMLURI_QUERY_RAW], [], [Have query_raw field in libxml2 xmlURI structure])],,
 		[#include <libxml/uri.h>])
-CFLAGS="$old_CFLAGS"
-LIBS="$old_LIBS"
+CFLAGS="$old_cflags"
+LIBS="$old_libs"

-
-AC_ARG_WITH([tls-priority],
-  [AS_HELP_STRING([--with-tls-priority],
-    [set the default TLS session priority string @<:@default=NORMAL@:>@])],
+dnl GnuTLS library
+AC_ARG_WITH([gnutls],
+  [AS_HELP_STRING([--with-gnutls],
+    [use GNUTLS for encryption @<:@default=check@:>@])],
  [],
-  [with_tls_priority=NORMAL])
+  [with_gnutls=check])

-AC_DEFINE_UNQUOTED([TLS_PRIORITY], ["$with_tls_priority"],
-		   [TLS default priority string])
+
+if test "x$with_gnutls" != "xno"; then
+  if test "x$with_gnutls" != "xyes" && test "x$with_gnutls" != "xcheck"; then
+    GNUTLS_CFLAGS="-I$with_gnutls/include"
+    GNUTLS_LIBS="-L$with_gnutls/lib"
+  fi
+  fail=0
+  old_cflags="$CFLAGS"
+  old_libs="$LIBS"
+  CFLAGS="$CFLAGS $GNUTLS_CFLAGS"
+  LIBS="$LIBS $GNUTLS_LIBS"
+
+  GNUTLS_FOUND=no
+  GNUTLS_GCRYPT=unknown
+  if test -x "$PKG_CONFIG" ; then
+    dnl Triple probe: gnutls < 2.12 only used gcrypt, gnutls >= 3.0 uses
+    dnl only nettle, and versions in between had a configure option.
+    dnl Our goal is to avoid gcrypt if we can prove gnutls uses nettle,
+    dnl but it is a safe fallback to use gcrypt if we can't prove anything.
+    if $PKG_CONFIG --exists 'gnutls >= 3.0'; then
+      GNUTLS_GCRYPT=no
+    elif $PKG_CONFIG --exists 'gnutls >= 2.12'; then
+      GNUTLS_GCRYPT=probe
+    else
+      GNUTLS_GCRYPT=yes
+    fi
+    PKG_CHECK_MODULES(GNUTLS, gnutls >= $GNUTLS_REQUIRED,
+      [GNUTLS_FOUND=yes], [GNUTLS_FOUND=no])
+  fi
+  if test "$GNUTLS_FOUND" = "no"; then
+    dnl pkg-config couldn't help us, assume gcrypt is necessary
+    fail=0
+    GNUTLS_GCRYPT=yes
+    AC_CHECK_HEADER([gnutls/gnutls.h], [], [fail=1])
+    AC_CHECK_LIB([gnutls], [gnutls_handshake],[], [fail=1], [-lgcrypt])
+
+    test $fail = 0 && GNUTLS_FOUND=yes
+
+    GNUTLS_LIBS="$GNUTLS_LIBS -lgnutls"
+  fi
+  if test "$GNUTLS_FOUND" = "no"; then
+    if test "$with_gnutls" = "check"; then
+      with_gnutls=no
+      GNUTLS_LIBS=
+      GNUTLS_CFLAGS=
+    else
+      AC_MSG_ERROR([You must install the GnuTLS library in order to compile and run libvirt])
+    fi
+  else
+    dnl See comments above about when to use gcrypt.
+    if test "$GNUTLS_GCRYPT" = probe; then
+      case `$PKG_CONFIG --libs --static gnutls` in
+        *gcrypt*) GNUTLS_GCRYPT=yes     ;;
+        *nettle*) GNUTLS_GCRYPT=no      ;;
+        *)        GNUTLS_GCRYPT=unknown ;;
+      esac
+    fi
+    if test "$GNUTLS_GCRYPT" = yes || test "$GNUTLS_GCRYPT" = unknown; then
+      GNUTLS_LIBS="$GNUTLS_LIBS -lgcrypt"
+      dnl We're not using gcrypt deprecated features so define
+      dnl GCRYPT_NO_DEPRECATED to avoid deprecated warnings
+      GNUTLS_CFLAGS="$GNUTLS_CFLAGS -DGCRYPT_NO_DEPRECATED"
+      AC_DEFINE_UNQUOTED([WITH_GNUTLS_GCRYPT], 1,
+        [set to 1 if it is known or assumed that GNUTLS uses gcrypt])
+    fi
+
+    dnl gnutls 3.x moved some declarations to a new header
+    AC_CHECK_HEADERS([gnutls/crypto.h], [], [], [[
+      #include <gnutls/gnutls.h>
+    ]])
+
+    with_gnutls=yes
+  fi
+
+  LIBS="$old_libs"
+  CFLAGS="$old_CFLAGS"
+fi
+
+if test "x$with_gnutls" = "xyes" ; then
+  AC_DEFINE_UNQUOTED([WITH_GNUTLS], 1,
+      [whether GNUTLS is available for encryption])
+fi
+AM_CONDITIONAL([WITH_GNUTLS], [test "x$with_gnutls" = "xyes"])
+AC_SUBST([GNUTLS_CFLAGS])
+AC_SUBST([GNUTLS_LIBS])


 dnl PolicyKit library
@@ -1194,7 +1318,7 @@ if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then
  dnl but we use existence of pkcheck binary as a sign that
  dnl we should prefer polkit-1 over polkit-0, so we check
  dnl for it even though we don't ultimately use it
-  AC_PATH_PROG([PKCHECK_PATH],[pkcheck], [], [$LIBVIRT_SBIN_PATH])
+  AC_PATH_PROG([PKCHECK_PATH],[pkcheck], [], [/usr/sbin:$PATH])
  if test "x$PKCHECK_PATH" != "x" ; then
    dnl Found pkcheck, so ensure dbus-devel is present
    if test "x$with_dbus" = "xyes" ; then
@@ -1306,8 +1430,8 @@ if test "$with_selinux" != "yes" ; then
        AC_MSG_ERROR([You must install the libselinux development package and enable SELinux with the --with-selinux=yes in order to compile libvirt --with-secdriver-selinux=yes])
  fi
 elif test "$with_secdriver_selinux" != "no"; then
-  old_CFLAGS="$CFLAGS"
-  old_LIBS="$LIBS"
+  old_cflags="$CFLAGS"
+  old_libs="$LIBS"
  CFLAGS="$CFLAGS $SELINUX_CFLAGS"
  LIBS="$CFLAGS $SELINUX_LIBS"

@@ -1315,8 +1439,8 @@ elif test "$with_secdriver_selinux" != "no"; then
  AC_CHECK_FUNC([selinux_virtual_domain_context_path], [], [fail=1])
  AC_CHECK_FUNC([selinux_virtual_image_context_path], [], [fail=1])
  AC_CHECK_FUNCS([selinux_lxc_contexts_path])
-  CFLAGS="$old_CFLAGS"
-  LIBS="$old_LIBS"
+  CFLAGS="$old_cflags"
+  LIBS="$old_libs"

  if test "$fail" = "1" ; then
    if test "$with_secdriver_selinux" = "check" ; then
@@ -1369,7 +1493,7 @@ AC_ARG_WITH([dtrace],
  [with_dtrace=check])

 if test "$with_dtrace" != "no" ; then
-  AC_PATH_PROG([DTRACE], [dtrace], [], [$LIBVIRT_SBIN_PATH])
+  AC_PATH_PROG([DTRACE], [dtrace], [], [/bin:/usr/bin])
  if test -z "$DTRACE" ; then
    if test "$with_dtrace" = "check"; then
      with_dtrace=no
@@ -1396,7 +1520,7 @@ AC_ARG_WITH([numad],
 if test "$with_numad" != "no" ; then
  fail=0

-  AC_PATH_PROG([NUMAD], [numad], [], [$LIBVIRT_SBIN_PATH])
+  AC_PATH_PROG([NUMAD], [numad], [], [/bin:/usr/bin:/usr/sbin])

  if test "$with_numad" = "check"; then
    test "$with_numactl" = "yes" || fail=1
@@ -1460,7 +1584,27 @@ dnl
 dnl Checks for the UML driver
 dnl

-LIBVIRT_DRIVER_CHECK_UML
+if test "$with_libvirtd" = "no" ; then
+  with_uml=no
+fi
+if test "$with_uml" = "yes" || test "$with_uml" = "check"; then
+    AC_CHECK_HEADER([sys/inotify.h], [
+        with_uml=yes
+    ], [
+        if test "$with_uml" = "check"; then
+            with_uml=no
+            AC_MSG_NOTICE([<sys/inotify.h> is required for the UML driver, disabling it])
+        else
+            AC_MSG_ERROR([The <sys/inotify.h> is required for the UML driver. Upgrade your libc6.])
+        fi
+    ])
+fi
+if test "$with_uml" = "yes" ; then
+    AC_DEFINE_UNQUOTED([WITH_UML], 1, [whether UML driver is enabled])
+fi
+AM_CONDITIONAL([WITH_UML], [test "$with_uml" = "yes"])
+
+

 dnl
 dnl check for PHYP
@@ -1625,9 +1769,9 @@ if test "$with_storage_fs" = "yes" || test "$with_storage_fs" = "check"; then
 fi

 if test "$with_storage_fs" = "yes" || test "$with_storage_fs" = "check"; then
-  AC_PATH_PROG([MOUNT], [mount], [], [$LIBVIRT_SBIN_PATH])
-  AC_PATH_PROG([UMOUNT], [umount], [], [$LIBVIRT_SBIN_PATH])
-  AC_PATH_PROG([MKFS], [mkfs], [], [$LIBVIRT_SBIN_PATH])
+  AC_PATH_PROG([MOUNT], [mount], [], [$PATH:/sbin:/usr/sbin])
+  AC_PATH_PROG([UMOUNT], [umount], [], [$PATH:/sbin:/usr/sbin])
+  AC_PATH_PROG([MKFS], [mkfs], [], [$PATH:/sbin:/usr/sbin])
  if test "$with_storage_fs" = "yes" ; then
    if test -z "$MOUNT" ; then AC_MSG_ERROR([We need mount for FS storage driver]) ; fi
    if test -z "$UMOUNT" ; then AC_MSG_ERROR([We need umount for FS storage driver]) ; fi
@@ -1652,24 +1796,24 @@ if test "$with_storage_fs" = "yes" || test "$with_storage_fs" = "check"; then
 fi
 AM_CONDITIONAL([WITH_STORAGE_FS], [test "$with_storage_fs" = "yes"])
 if test "$with_storage_fs" = "yes"; then
-  AC_PATH_PROG([SHOWMOUNT], [showmount], [], [$LIBVIRT_SBIN_PATH])
+  AC_PATH_PROG([SHOWMOUNT], [showmount], [], [$PATH:/sbin:/usr/sbin])
  AC_DEFINE_UNQUOTED([SHOWMOUNT], ["$SHOWMOUNT"],
    [Location or name of the showmount program])
 fi

 if test "$with_storage_lvm" = "yes" || test "$with_storage_lvm" = "check"; then
-  AC_PATH_PROG([PVCREATE], [pvcreate], [], [$LIBVIRT_SBIN_PATH])
-  AC_PATH_PROG([VGCREATE], [vgcreate], [], [$LIBVIRT_SBIN_PATH])
-  AC_PATH_PROG([LVCREATE], [lvcreate], [], [$LIBVIRT_SBIN_PATH])
-  AC_PATH_PROG([PVREMOVE], [pvremove], [], [$LIBVIRT_SBIN_PATH])
-  AC_PATH_PROG([VGREMOVE], [vgremove], [], [$LIBVIRT_SBIN_PATH])
-  AC_PATH_PROG([LVREMOVE], [lvremove], [], [$LIBVIRT_SBIN_PATH])
-  AC_PATH_PROG([LVCHANGE], [lvchange], [], [$LIBVIRT_SBIN_PATH])
-  AC_PATH_PROG([VGCHANGE], [vgchange], [], [$LIBVIRT_SBIN_PATH])
-  AC_PATH_PROG([VGSCAN], [vgscan], [], [$LIBVIRT_SBIN_PATH])
-  AC_PATH_PROG([PVS], [pvs], [], [$LIBVIRT_SBIN_PATH])
-  AC_PATH_PROG([VGS], [vgs], [], [$LIBVIRT_SBIN_PATH])
-  AC_PATH_PROG([LVS], [lvs], [], [$LIBVIRT_SBIN_PATH])
+  AC_PATH_PROG([PVCREATE], [pvcreate], [], [$PATH:/sbin:/usr/sbin])
+  AC_PATH_PROG([VGCREATE], [vgcreate], [], [$PATH:/sbin:/usr/sbin])
+  AC_PATH_PROG([LVCREATE], [lvcreate], [], [$PATH:/sbin:/usr/sbin])
+  AC_PATH_PROG([PVREMOVE], [pvremove], [], [$PATH:/sbin:/usr/sbin])
+  AC_PATH_PROG([VGREMOVE], [vgremove], [], [$PATH:/sbin:/usr/sbin])
+  AC_PATH_PROG([LVREMOVE], [lvremove], [], [$PATH:/sbin:/usr/sbin])
+  AC_PATH_PROG([LVCHANGE], [lvchange], [], [$PATH:/sbin:/usr/sbin])
+  AC_PATH_PROG([VGCHANGE], [vgchange], [], [$PATH:/sbin:/usr/sbin])
+  AC_PATH_PROG([VGSCAN], [vgscan], [], [$PATH:/sbin:/usr/sbin])
+  AC_PATH_PROG([PVS], [pvs], [], [$PATH:/sbin:/usr/sbin])
+  AC_PATH_PROG([VGS], [vgs], [], [$PATH:/sbin:/usr/sbin])
+  AC_PATH_PROG([LVS], [lvs], [], [$PATH:/sbin:/usr/sbin])

  if test "$with_storage_lvm" = "yes" ; then
    if test -z "$PVCREATE" ; then AC_MSG_ERROR([We need pvcreate for LVM storage driver]) ; fi
@@ -1722,7 +1866,7 @@ AM_CONDITIONAL([WITH_STORAGE_LVM], [test "$with_storage_lvm" = "yes"])


 if test "$with_storage_iscsi" = "yes" || test "$with_storage_iscsi" = "check"; then
-  AC_PATH_PROG([ISCSIADM], [iscsiadm], [], [$LIBVIRT_SBIN_PATH])
+  AC_PATH_PROG([ISCSIADM], [iscsiadm], [], [$PATH:/sbin:/usr/sbin])
  if test "$with_storage_iscsi" = "yes" ; then
    if test -z "$ISCSIADM" ; then AC_MSG_ERROR([We need iscsiadm for iSCSI storage driver]) ; fi
  else
@@ -1742,7 +1886,7 @@ else
 fi
 AM_CONDITIONAL([WITH_STORAGE_ISCSI], [test "$with_storage_iscsi" = "yes"])

-if test "$with_storage_scsi" = "check" || test "$with_storage_scsi" = "yes"; then
+if test "$with_storage_scsi" = "check"; then
   with_storage_scsi=yes

   AC_DEFINE_UNQUOTED([WITH_STORAGE_SCSI], 1,
@@ -1750,16 +1894,13 @@ if test "$with_storage_scsi" = "check" || test "$with_storage_scsi" = "yes"; the
 fi
 AM_CONDITIONAL([WITH_STORAGE_SCSI], [test "$with_storage_scsi" = "yes"])

-if test "$with_storage_mpath" = "check" || test "$with_storage_mpath" = "yes"; then
+if test "$with_storage_mpath" = "check"; then
   if test "$with_linux" = "yes"; then
      with_storage_mpath=yes

      AC_DEFINE_UNQUOTED([WITH_STORAGE_MPATH], 1,
        [whether mpath backend for storage driver is enabled])
   else
-      if test "$with_storage_mpath" = "yes"; then
-        AC_MSG_ERROR([mpath storage is only supported on Linux])
-      fi
      with_storage_mpath=no
   fi
 fi
@@ -1783,7 +1924,7 @@ AC_SUBST([LIBRBD_LIBS])

 if test "$with_storage_sheepdog" = "yes" ||
   test "$with_storage_sheepdog" = "check"; then
-  AC_PATH_PROGS([SHEEPDOGCLI], [collie dog], [], [$LIBVIRT_SBIN_PATH])
+  AC_PATH_PROGS([SHEEPDOGCLI], [collie dog], [], [$PATH:/sbin:/usr/sbin])

  if test "$with_storage_sheepdog" = "yes"; then
    if test -z "$SHEEPDOGCLI"; then
@@ -1822,8 +1963,8 @@ AM_CONDITIONAL([WITH_STORAGE_GLUSTER], [test "$with_storage_gluster" = "yes"])

 if test "$with_storage_zfs" = "yes" ||
   test "$with_storage_zfs" = "check"; then
-  AC_PATH_PROG([ZFS], [zfs], [], [$LIBVIRT_SBIN_PATH])
-  AC_PATH_PROG([ZPOOL], [zpool], [], [$LIBVIRT_SBIN_PATH])
+  AC_PATH_PROG([ZFS], [zfs], [], [$PATH:/sbin:/usr/sbin])
+  AC_PATH_PROG([ZPOOL], [zpool], [], [$PATH:/sbin:/usr/sbin])

  if test "$with_storage_zfs" = "yes"; then
    if test -z "$ZFS" || test -z "$ZPOOL"; then
@@ -1851,7 +1992,7 @@ AM_CONDITIONAL([WITH_STORAGE_ZFS],

 if test "$with_storage_fs" = "yes" ||
   test "$with_storage_gluster" = "yes"; then
-  AC_PATH_PROG([GLUSTER_CLI], [gluster], [], [$LIBVIRT_SBIN_PATH])
+  AC_PATH_PROG([GLUSTER_CLI], [gluster], [], [$PATH:/sbin:/usr/sbin])
  if test "x$GLUSTER_CLI" != "x"; then
      AC_DEFINE_UNQUOTED([GLUSTER_CLI], ["$GLUSTER_CLI"],
        [Location or name of the gluster command line tool])
@@ -1862,25 +2003,44 @@ LIBPARTED_CFLAGS=
 LIBPARTED_LIBS=
 if test "$with_storage_disk" = "yes" ||
   test "$with_storage_disk" = "check"; then
-  AC_PATH_PROG([PARTED], [parted], [], [$LIBVIRT_SBIN_PATH])
+  AC_PATH_PROG([PARTED], [parted], [], [$PATH:/sbin:/usr/sbin])
+  AC_PATH_PROG([DMSETUP], [dmsetup], [], [$PATH:/sbin:/usr/sbin])
  if test -z "$PARTED" ; then
    PARTED_FOUND=no
  else
    PARTED_FOUND=yes
  fi

+  if test -z "$DMSETUP" ; then
+    DMSETUP_FOUND=no
+  else
+    DMSETUP_FOUND=yes
+  fi
+
  if test "$PARTED_FOUND" = "yes" && test "x$PKG_CONFIG" != "x" ; then
    PKG_CHECK_MODULES([LIBPARTED], [libparted >= $PARTED_REQUIRED], [],
      [PARTED_FOUND=no])
  fi
+  if test "$PARTED_FOUND" = "no"; then
+    # RHEL-5 vintage parted is missing pkg-config files
+    save_LIBS="$LIBS"
+    save_CFLAGS="$CFLAGS"
+    PARTED_FOUND=yes
+    AC_CHECK_HEADER([parted/parted.h],,[PARTED_FOUND=no])
+    AC_CHECK_LIB([uuid], [uuid_generate],,[PARTED_FOUND=no])
+    AC_CHECK_LIB([parted], [ped_device_read],,[PARTED_FOUND=no])
+    LIBPARTED_LIBS="-luuid -lparted"
+    LIBS="$save_LIBS"
+    CFLAGS="$save_CFLAGS"
+  fi

  if test "$with_storage_disk" = "yes" &&
-     test "$PARTED_FOUND" != "yes"; then
-    AC_MSG_ERROR([Need parted for disk storage driver])
+     test "$PARTED_FOUND:$DMSETUP_FOUND" != "yes:yes"; then
+    AC_MSG_ERROR([Need both parted and dmsetup for disk storage driver])
  fi

  if test "$with_storage_disk" = "check"; then
-    if test "$PARTED_FOUND" != "yes"; then
+    if test "$PARTED_FOUND:$DMSETUP_FOUND" != "yes:yes"; then
      with_storage_disk=no
    else
      with_storage_disk=yes
@@ -1892,6 +2052,8 @@ if test "$with_storage_disk" = "yes" ||
      [whether Disk backend for storage driver is enabled])
    AC_DEFINE_UNQUOTED([PARTED],["$PARTED"],
      [Location or name of the parted program])
+    AC_DEFINE_UNQUOTED([DMSETUP],["$DMSETUP"],
+      [Location or name of the dmsetup program])
  fi
 fi
 AM_CONDITIONAL([WITH_STORAGE_DISK], [test "$with_storage_disk" = "yes"])
@@ -2524,15 +2686,6 @@ AC_CHECK_MEMBERS([struct if_data.ifi_oqdrops],
 		 [#include <net/if.h>
 		 ])

-AC_CHECK_DECLS([clock_serv_t, host_get_clock_service, clock_get_time],
-               [AC_DEFINE([HAVE_MACH_CLOCK_ROUTINES],
-                          [1],
-                          [whether Mach clock routines are available])],
-               [],
-               [#include <mach/clock.h>
-                #include <mach/mach.h>
-               ])
-
 # Check if we need to look for ifconfig
 if test "$want_ifconfig" = "yes"; then
     AC_PATH_PROG([IFCONFIG_PATH], [ifconfig])
@@ -2590,7 +2743,7 @@ AC_DEFINE_UNQUOTED([base64_encode_alloc],[libvirt_gl_base64_encode_alloc],[Hack
 AC_CONFIG_FILES([run],
                [chmod +x,-w run])
 AC_CONFIG_FILES([\
-        Makefile src/Makefile include/libvirt/Makefile docs/Makefile \
+        Makefile src/Makefile include/Makefile docs/Makefile \
        gnulib/lib/Makefile \
        gnulib/tests/Makefile \
        libvirt.pc \
@@ -2617,7 +2770,7 @@ AC_MSG_NOTICE([Drivers])
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([      Xen: $with_xen])
 AC_MSG_NOTICE([     QEMU: $with_qemu])
-LIBVIRT_DRIVER_RESULT_UML
+AC_MSG_NOTICE([      UML: $with_uml])
 AC_MSG_NOTICE([   OpenVZ: $with_openvz])
 AC_MSG_NOTICE([   VMware: $with_vmware])
 AC_MSG_NOTICE([     VBox: $with_vbox])
@@ -2678,7 +2831,6 @@ LIBVIRT_RESULT_DBUS
 LIBVIRT_RESULT_FUSE
 LIBVIRT_RESULT_GLUSTER
 LIBVIRT_RESULT_HAL
-LIBVIRT_RESULT_LIBSSH
 LIBVIRT_RESULT_NETCF
 LIBVIRT_RESULT_NUMACTL
 LIBVIRT_RESULT_OPENWSMAN
@@ -2688,11 +2840,10 @@ LIBVIRT_RESULT_SANLOCK
 LIBVIRT_RESULT_SASL
 LIBVIRT_RESULT_SELINUX
 LIBVIRT_RESULT_SSH2
+LIBVIRT_RESULT_SYSTEMD_DAEMON
 LIBVIRT_RESULT_UDEV
 LIBVIRT_RESULT_WIRESHARK
-LIBVIRT_RESULT_NSS
 LIBVIRT_RESULT_YAJL
-LIBVIRT_RESULT_GNUTLS
 AC_MSG_NOTICE([  libxml: $LIBXML_CFLAGS $LIBXML_LIBS])
 AC_MSG_NOTICE([  dlopen: $DLOPEN_LIBS])
 if test "$with_hyperv" = "yes" ; then
@@ -2700,6 +2851,11 @@ AC_MSG_NOTICE([openwsman: $OPENWSMAN_CFLAGS $OPENWSMAN_LIBS])
 else
 AC_MSG_NOTICE([openwsman: no])
 fi
+if test "$with_gnutls" != "no" ; then
+AC_MSG_NOTICE([  gnutls: $GNUTLS_CFLAGS $GNUTLS_LIBS])
+else
+AC_MSG_NOTICE([  gnutls: no])
+fi
 AC_MSG_NOTICE([firewalld: $with_firewalld])
 if test "$with_polkit" = "yes" ; then
 if test "$with_polkit0" = "yes" ; then
@@ -2760,19 +2916,17 @@ AC_MSG_NOTICE([        Alloc OOM: $enable_oom])
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([Miscellaneous])
 AC_MSG_NOTICE([])
-AC_MSG_NOTICE([             Debug: $enable_debug])
-AC_MSG_NOTICE([       Use -Werror: $set_werror])
-AC_MSG_NOTICE([     Warning Flags: $WARN_CFLAGS])
-AC_MSG_NOTICE([            DTrace: $with_dtrace])
-AC_MSG_NOTICE([             numad: $with_numad])
-AC_MSG_NOTICE([       XML Catalog: $XML_CATALOG_FILE])
-LIBVIRT_RESULT_INIT_SCRIPT
-AC_MSG_NOTICE([ Char device locks: $with_chrdev_lock_files])
-AC_MSG_NOTICE([    Default Editor: $DEFAULT_EDITOR])
-AC_MSG_NOTICE([      Loader/NVRAM: $with_loader_nvram])
-AC_MSG_NOTICE([  virt-login-shell: $with_login_shell])
-AC_MSG_NOTICE([virt-host-validate: $with_host_validate])
-AC_MSG_NOTICE([      TLS priority: $with_tls_priority])
+AC_MSG_NOTICE([            Debug: $enable_debug])
+AC_MSG_NOTICE([      Use -Werror: $set_werror])
+AC_MSG_NOTICE([    Warning Flags: $WARN_CFLAGS])
+AC_MSG_NOTICE([           DTrace: $with_dtrace])
+AC_MSG_NOTICE([            numad: $with_numad])
+AC_MSG_NOTICE([      XML Catalog: $XML_CATALOG_FILE])
+AC_MSG_NOTICE([      Init script: $with_init_script])
+AC_MSG_NOTICE([Char device locks: $with_chrdev_lock_files])
+AC_MSG_NOTICE([   Default Editor: $DEFAULT_EDITOR])
+AC_MSG_NOTICE([     Loader/NVRAM: $with_loader_nvram])
+AC_MSG_NOTICE([ virt-login-shell: $with_login_shell])
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([Developer Tools])
 AC_MSG_NOTICE([])
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@@ -46,14 +46,6 @@ DAEMON_SOURCES =					\

 LIBVIRTD_CONF_SOURCES = libvirtd-config.c libvirtd-config.h

-PODFILES = \
-	libvirtd.pod \
-	$(NULL)
-
-MANINFILES = \
-	libvirtd.8.in \
-	$(NULL)
-
 DISTCLEANFILES =
 EXTRA_DIST =						\
 	remote_dispatch.h				\
@@ -67,7 +59,7 @@ EXTRA_DIST =						\
 	libvirt.rules					\
 	libvirtd.sasl					\
 	libvirtd.service.in				\
-	virt-guest-shutdown.target		\
+	libvirtd.socket.in				\
 	libvirtd.sysconf				\
 	libvirtd.sysctl					\
 	libvirtd.aug                                    \
@@ -78,8 +70,8 @@ EXTRA_DIST =						\
 	libvirtd.uml.logrotate.in                       \
 	test_libvirtd.aug.in                             \
 	THREADS.txt					\
-	$(PODFILES)					\
-	$(MANINFILES)					\
+	libvirtd.pod.in					\
+	libvirtd.8.in					\
 	$(DAEMON_SOURCES)				\
 	$(LIBVIRTD_CONF_SOURCES)			\
 	$(NULL)
@@ -170,6 +162,13 @@ augeastests_DATA = test_libvirtd.aug

 CLEANFILES += test_libvirtd.aug

+libvirtd.8: $(srcdir)/libvirtd.8.in
+	$(AM_V_GEN)sed \
+	    -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \
+	    -e 's|[@]localstatedir[@]|$(localstatedir)|g' \
+	    < $< > $@-t && \
+	mv $@-t $@
+
 libvirtd_SOURCES = $(DAEMON_SOURCES)

 #-D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_POSIX_C_SOURCE=199506L
@@ -234,10 +233,6 @@ if WITH_VBOX
    libvirtd_LDADD += ../src/libvirt_driver_vbox.la
 endif WITH_VBOX

-if WITH_VZ
-    libvirtd_LDADD += ../src/libvirt_driver_vz.la
-endif WITH_VZ
-
 if WITH_STORAGE
    libvirtd_LDADD += ../src/libvirt_driver_storage.la
 endif WITH_STORAGE
@@ -451,18 +446,18 @@ endif ! LIBVIRT_INIT_SCRIPT_UPSTART
 if LIBVIRT_INIT_SCRIPT_SYSTEMD

 SYSTEMD_UNIT_DIR = $(prefix)/lib/systemd/system
-BUILT_SOURCES += libvirtd.service
+BUILT_SOURCES += libvirtd.service libvirtd.socket

-install-init-systemd: install-sysconfig libvirtd.service
+install-init-systemd: install-sysconfig libvirtd.service libvirtd.socket
 	$(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR)
 	$(INSTALL_DATA) libvirtd.service \
 	  $(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirtd.service
-	$(INSTALL_DATA) $(srcdir)/virt-guest-shutdown.target \
-	  $(DESTDIR)$(SYSTEMD_UNIT_DIR)/virt-guest-shutdown.target
+	$(INSTALL_DATA) libvirtd.socket \
+	  $(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirtd.socket

 uninstall-init-systemd: uninstall-sysconfig
-	rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/virt-guest-shutdown.target
 	rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirtd.service
+	rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirtd.socket
 	rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) || :
 else ! LIBVIRT_INIT_SCRIPT_SYSTEMD
 install-init-systemd:
@@ -486,6 +481,12 @@ libvirtd.service: libvirtd.service.in $(top_builddir)/config.status
 	    < $< > $@-t &&					\
 	    mv $@-t $@

+libvirtd.socket: libvirtd.socket.in $(top_builddir)/config.status
+	$(AM_V_GEN)sed						\
+	    -e 's|[@]runstatedir[@]|$(runstatedir)|g'		\
+	    < $< > $@-t &&					\
+	    mv $@-t $@
+

 check-local: check-augeas

@@ -509,24 +510,12 @@ install-data-local: install-data-sasl
 uninstall-local:: uninstall-data-sasl
 endif ! WITH_LIBVIRTD

-POD2MAN = pod2man -c "Virtualization Support" -r "$(PACKAGE)-$(VERSION)"
+POD2MAN = pod2man -c "Virtualization Support" \
+			-r "$(PACKAGE)-$(VERSION)" -s 8

-%.8.in: %.pod
-	$(AM_V_GEN)$(POD2MAN) --section=8 $< $@-t1 && \
-	if grep 'POD ERROR' $@-t1; then rm $@-t1; exit 1; fi && \
-	sed \
-		-e 's|SYSCONFDIR|\@sysconfdir\@|g' \
-		-e 's|LOCALSTATEDIR|\@localstatedir\@|g' \
-		< $@-t1 > $@-t2 && \
-	rm -f $@-t1 && \
-	mv $@-t2 $@
-
-%.8: %.8.in $(top_srcdir)/configure.ac
-	$(AM_V_GEN)sed \
-		-e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \
-		-e 's|[@]localstatedir[@]|$(localstatedir)|g' \
-		< $< > $@-t && \
-	mv $@-t $@
+$(srcdir)/libvirtd.8.in: libvirtd.pod.in $(top_srcdir)/configure.ac
+	$(AM_V_GEN)$(POD2MAN) --name LIBVIRTD $< $@ \
+	    && if grep 'POD ERROR' $@ ; then rm $@; exit 1; fi

 # This is needed for clients too, so can't wrap in
 # the WITH_LIBVIRTD conditional
@@ -547,4 +536,4 @@ endif ! WITH_SASL

 CLEANFILES += $(BUILT_SOURCES) $(man8_MANS)
 CLEANFILES += *.cov *.gcov .libs/*.gcda .libs/*.gcno *.gcno *.gcda
-MAINTAINERCLEANFILES = $(MANINFILES) $(DAEMON_GENERATED)
+MAINTAINERCLEANFILES = $(srcdir)/libvirtd.8.in $(DAEMON_GENERATED)
--- a/daemon/admin.c
+++ b/daemon/admin.c
@@ -37,7 +37,6 @@
 #include "virnetserver.h"
 #include "virstring.h"
 #include "virthreadjob.h"
-#include "virtypedparam.h"

 #define VIR_FROM_THIS VIR_FROM_ADMIN

@@ -81,32 +80,11 @@ remoteAdmClientInitHook(virNetServerClientPtr client ATTRIBUTE_UNUSED,

 /* Helpers */

-static virNetServerPtr
-get_nonnull_server(virNetDaemonPtr dmn, admin_nonnull_server srv)
-{
-    return virNetDaemonGetServer(dmn, srv.name);
-}
-
 static void
 make_nonnull_server(admin_nonnull_server *srv_dst,
-                    virNetServerPtr srv_src)
+                    virAdmServerPtr srv_src)
 {
-    ignore_value(VIR_STRDUP_QUIET(srv_dst->name, virNetServerGetName(srv_src)));
-}
-
-static virNetServerClientPtr
-get_nonnull_client(virNetServerPtr srv, admin_nonnull_client clnt)
-{
-    return virNetServerGetClient(srv, clnt.id);
-}
-
-static void
-make_nonnull_client(admin_nonnull_client *clt_dst,
-                    virNetServerClientPtr clt_src)
-{
-    clt_dst->id = virNetServerClientGetID(clt_src);
-    clt_dst->timestamp = virNetServerClientGetTimestamp(clt_src);
-    clt_dst->transport = virNetServerClientGetTransport(clt_src);
+    ignore_value(VIR_STRDUP_QUIET(srv_dst->name, srv_src->name));
 }

 /* Functions */
@@ -156,231 +134,48 @@ adminConnectGetLibVersion(virNetDaemonPtr dmn ATTRIBUTE_UNUSED,
 }

 static int
-adminDispatchServerGetThreadpoolParameters(virNetServerPtr server ATTRIBUTE_UNUSED,
-                                           virNetServerClientPtr client,
-                                           virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                                           virNetMessageErrorPtr rerr,
-                                           struct admin_server_get_threadpool_parameters_args *args,
-                                           struct admin_server_get_threadpool_parameters_ret *ret)
+adminDispatchConnectListServers(virNetServerPtr server ATTRIBUTE_UNUSED,
+                                virNetServerClientPtr client,
+                                virNetMessagePtr msg ATTRIBUTE_UNUSED,
+                                virNetMessageErrorPtr rerr ATTRIBUTE_UNUSED,
+                                admin_connect_list_servers_args *args,
+                                admin_connect_list_servers_ret *ret)
 {
+    virAdmServerPtr *servers = NULL;
+    int nservers = 0;
    int rv = -1;
-    virNetServerPtr srv = NULL;
-    virTypedParameterPtr params = NULL;
-    int nparams = 0;
+    size_t i;
    struct daemonAdmClientPrivate *priv =
        virNetServerClientGetPrivateData(client);

-    if (!(srv = virNetDaemonGetServer(priv->dmn, args->srv.name)))
+    if ((nservers =
+            adminDaemonListServers(priv->dmn,
+                                   args->need_results ? &servers : NULL,
+                                   args->flags)) < 0)
        goto cleanup;

-    if (adminServerGetThreadPoolParameters(srv, &params, &nparams,
-                                           args->flags) < 0)
-        goto cleanup;
+    if (servers && nservers) {
+        if (VIR_ALLOC_N(ret->servers.servers_val, nservers) < 0)
+            goto cleanup;

-    if (nparams > ADMIN_SERVER_THREADPOOL_PARAMETERS_MAX) {
-        virReportError(VIR_ERR_INTERNAL_ERROR,
-                       _("Number of threadpool parameters %d exceeds max "
-                         "allowed limit: %d"), nparams,
-                       ADMIN_SERVER_THREADPOOL_PARAMETERS_MAX);
-        goto cleanup;
+        ret->servers.servers_len = nservers;
+        for (i = 0; i < nservers; i++)
+            make_nonnull_server(ret->servers.servers_val + i, servers[i]);
+    } else {
+        ret->servers.servers_len = 0;
+        ret->servers.servers_val = NULL;
    }

-    if (virTypedParamsSerialize(params, nparams,
-                                (virTypedParameterRemotePtr *) &ret->params.params_val,
-                                &ret->params.params_len, 0) < 0)
-        goto cleanup;
-
-    rv = 0;
- cleanup:
-    if (rv < 0)
-        virNetMessageSaveError(rerr);
-
-    virTypedParamsFree(params, nparams);
-    virObjectUnref(srv);
-    return rv;
-}
-
-static int
-adminDispatchServerSetThreadpoolParameters(virNetServerPtr server ATTRIBUTE_UNUSED,
-                                           virNetServerClientPtr client,
-                                           virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                                           virNetMessageErrorPtr rerr,
-                                           struct admin_server_set_threadpool_parameters_args *args)
-{
-    int rv = -1;
-    virNetServerPtr srv = NULL;
-    virTypedParameterPtr params = NULL;
-    int nparams = 0;
-    struct daemonAdmClientPrivate *priv =
-        virNetServerClientGetPrivateData(client);
-
-    if (!(srv = virNetDaemonGetServer(priv->dmn, args->srv.name))) {
-        virReportError(VIR_ERR_NO_SERVER,
-                       _("no server with matching name '%s' found"),
-                       args->srv.name);
-        goto cleanup;
-    }
-
-    if (virTypedParamsDeserialize((virTypedParameterRemotePtr) args->params.params_val,
-                                  args->params.params_len,
-                                  ADMIN_SERVER_THREADPOOL_PARAMETERS_MAX,
-                                  &params,
-                                  &nparams) < 0)
-        goto cleanup;
-
-
-    if (adminServerSetThreadPoolParameters(srv, params,
-                                           nparams, args->flags) < 0)
-        goto cleanup;
-
-    rv = 0;
- cleanup:
-    if (rv < 0)
-        virNetMessageSaveError(rerr);
-
-    virTypedParamsFree(params, nparams);
-    virObjectUnref(srv);
-    return rv;
-}
-
-static int
-adminDispatchClientGetInfo(virNetServerPtr server ATTRIBUTE_UNUSED,
-                           virNetServerClientPtr client,
-                           virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                           virNetMessageErrorPtr rerr,
-                           struct admin_client_get_info_args *args,
-                           struct admin_client_get_info_ret *ret)
-{
-    int rv = -1;
-    virNetServerPtr srv = NULL;
-    virNetServerClientPtr clnt = NULL;
-    virTypedParameterPtr params = NULL;
-    int nparams = 0;
-    struct daemonAdmClientPrivate *priv =
-        virNetServerClientGetPrivateData(client);
-
-    if (!(srv = virNetDaemonGetServer(priv->dmn, args->clnt.srv.name))) {
-        virReportError(VIR_ERR_NO_SERVER,
-                       _("no server with matching name '%s' found"),
-                       args->clnt.srv.name);
-        goto cleanup;
-    }
-
-    if (!(clnt = virNetServerGetClient(srv, args->clnt.id))) {
-        virReportError(VIR_ERR_NO_CLIENT,
-                       _("no client with matching id '%llu' found"),
-                       (unsigned long long) args->clnt.id);
-        goto cleanup;
-    }
-
-    if (adminClientGetInfo(clnt, &params, &nparams, args->flags) < 0)
-        goto cleanup;
-
-    if (nparams > ADMIN_CLIENT_INFO_PARAMETERS_MAX) {
-        virReportError(VIR_ERR_INTERNAL_ERROR,
-                       _("Number of client info parameters %d exceeds max "
-                         "allowed limit: %d"), nparams,
-                       ADMIN_CLIENT_INFO_PARAMETERS_MAX);
-        goto cleanup;
-    }
-
-    if (virTypedParamsSerialize(params, nparams,
-                                (virTypedParameterRemotePtr *) &ret->params.params_val,
-                                &ret->params.params_len,
-                                VIR_TYPED_PARAM_STRING_OKAY) < 0)
-        goto cleanup;
-
+    ret->ret = nservers;
    rv = 0;

 cleanup:
    if (rv < 0)
        virNetMessageSaveError(rerr);
-
-    virTypedParamsFree(params, nparams);
-    virObjectUnref(clnt);
-    virObjectUnref(srv);
-    return rv;
-}
-
-static int
-adminDispatchServerGetClientLimits(virNetServerPtr server ATTRIBUTE_UNUSED,
-                                   virNetServerClientPtr client,
-                                   virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                                   virNetMessageErrorPtr rerr ATTRIBUTE_UNUSED,
-                                   admin_server_get_client_limits_args *args,
-                                   admin_server_get_client_limits_ret *ret)
-{
-    int rv = -1;
-    virNetServerPtr srv = NULL;
-    virTypedParameterPtr params = NULL;
-    int nparams = 0;
-    struct daemonAdmClientPrivate *priv =
-        virNetServerClientGetPrivateData(client);
-
-    if (!(srv = virNetDaemonGetServer(priv->dmn, args->srv.name)))
-        goto cleanup;
-
-    if (adminServerGetClientLimits(srv, &params, &nparams, args->flags) < 0)
-        goto cleanup;
-
-    if (nparams > ADMIN_SERVER_CLIENT_LIMITS_MAX) {
-        virReportError(VIR_ERR_INTERNAL_ERROR,
-                       _("Number of client processing parameters %d exceeds "
-                         "max allowed limit: %d"), nparams,
-                       ADMIN_SERVER_CLIENT_LIMITS_MAX);
-        goto cleanup;
-    }
-
-    if (virTypedParamsSerialize(params, nparams,
-                                (virTypedParameterRemotePtr *) &ret->params.params_val,
-                                &ret->params.params_len, 0) < 0)
-        goto cleanup;
-
-    rv = 0;
- cleanup:
-    if (rv < 0)
-        virNetMessageSaveError(rerr);
-
-    virTypedParamsFree(params, nparams);
-    virObjectUnref(srv);
-    return rv;
-}
-
-static int
-adminDispatchServerSetClientLimits(virNetServerPtr server ATTRIBUTE_UNUSED,
-                                   virNetServerClientPtr client,
-                                   virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                                   virNetMessageErrorPtr rerr ATTRIBUTE_UNUSED,
-                                   admin_server_set_client_limits_args *args)
-{
-    int rv = -1;
-    virNetServerPtr srv = NULL;
-    virTypedParameterPtr params = NULL;
-    int nparams = 0;
-    struct daemonAdmClientPrivate *priv =
-        virNetServerClientGetPrivateData(client);
-
-    if (!(srv = virNetDaemonGetServer(priv->dmn, args->srv.name))) {
-        virReportError(VIR_ERR_NO_SERVER,
-                       _("no server with matching name '%s' found"),
-                       args->srv.name);
-        goto cleanup;
-    }
-
-    if (virTypedParamsDeserialize((virTypedParameterRemotePtr) args->params.params_val,
-        args->params.params_len,
-        ADMIN_SERVER_CLIENT_LIMITS_MAX, &params, &nparams) < 0)
-        goto cleanup;
-
-    if (adminServerSetClientLimits(srv, params, nparams, args->flags) < 0)
-        goto cleanup;
-
-    rv = 0;
- cleanup:
-    if (rv < 0)
-        virNetMessageSaveError(rerr);
-    virTypedParamsFree(params, nparams);
-    virObjectUnref(srv);
+    if (servers && nservers > 0)
+        for (i = 0; i < nservers; i++)
+            virObjectUnref(servers[i]);
+    VIR_FREE(servers);
    return rv;
 }
 #include "admin_dispatch.h"
--- a/daemon/admin_server.c
+++ b/daemon/admin_server.c
@@ -27,364 +27,48 @@
 #include "datatypes.h"
 #include "viralloc.h"
 #include "virerror.h"
-#include "viridentity.h"
 #include "virlog.h"
 #include "virnetdaemon.h"
 #include "virnetserver.h"
 #include "virstring.h"
-#include "virthreadpool.h"
-#include "virtypedparam.h"

 #define VIR_FROM_THIS VIR_FROM_ADMIN

 VIR_LOG_INIT("daemon.admin_server");

 int
-adminConnectListServers(virNetDaemonPtr dmn,
-                        virNetServerPtr **servers,
-                        unsigned int flags)
-{
-    int ret = -1;
-    virNetServerPtr *srvs = NULL;
-
-    virCheckFlags(0, -1);
-
-    if ((ret = virNetDaemonGetServers(dmn, &srvs)) < 0)
-        goto cleanup;
-
-    if (servers) {
-        *servers = srvs;
-        srvs = NULL;
-    }
- cleanup:
-    if (ret > 0)
-        virObjectListFreeCount(srvs, ret);
-    return ret;
-}
-
-virNetServerPtr
-adminConnectLookupServer(virNetDaemonPtr dmn,
-                         const char *name,
-                         unsigned int flags)
-{
-    virCheckFlags(flags, NULL);
-
-    return virNetDaemonGetServer(dmn, name);
-}
-
-int
-adminServerGetThreadPoolParameters(virNetServerPtr srv,
-                                   virTypedParameterPtr *params,
-                                   int *nparams,
-                                   unsigned int flags)
-{
-    int ret = -1;
-    int maxparams = 0;
-    size_t minWorkers;
-    size_t maxWorkers;
-    size_t nWorkers;
-    size_t freeWorkers;
-    size_t nPrioWorkers;
-    size_t jobQueueDepth;
-    virTypedParameterPtr tmpparams = NULL;
-
-    virCheckFlags(0, -1);
-
-    if (virNetServerGetThreadPoolParameters(srv, &minWorkers, &maxWorkers,
-                                            &nWorkers, &freeWorkers,
-                                            &nPrioWorkers,
-                                            &jobQueueDepth) < 0) {
-        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
-                       _("Unable to retrieve threadpool parameters"));
-        goto cleanup;
-    }
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams,
-                              &maxparams, VIR_THREADPOOL_WORKERS_MIN,
-                              minWorkers) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams,
-                              &maxparams, VIR_THREADPOOL_WORKERS_MAX,
-                              maxWorkers) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams,
-                              &maxparams, VIR_THREADPOOL_WORKERS_CURRENT,
-                              nWorkers) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams,
-                              &maxparams, VIR_THREADPOOL_WORKERS_FREE,
-                              freeWorkers) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams,
-                              &maxparams, VIR_THREADPOOL_WORKERS_PRIORITY,
-                              nPrioWorkers) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams,
-                              &maxparams, VIR_THREADPOOL_JOB_QUEUE_DEPTH,
-                              jobQueueDepth) < 0)
-        goto cleanup;
-
-    *params = tmpparams;
-    tmpparams = NULL;
-    ret = 0;
-
- cleanup:
-    virTypedParamsFree(tmpparams, *nparams);
-    return ret;
-}
-
-int
-adminServerSetThreadPoolParameters(virNetServerPtr srv,
-                                   virTypedParameterPtr params,
-                                   int nparams,
-                                   unsigned int flags)
-{
-    long long int minWorkers = -1;
-    long long int maxWorkers = -1;
-    long long int prioWorkers = -1;
-    virTypedParameterPtr param = NULL;
-
-    virCheckFlags(0, -1);
-
-    if (virTypedParamsValidate(params, nparams,
-                               VIR_THREADPOOL_WORKERS_MIN,
-                               VIR_TYPED_PARAM_UINT,
-                               VIR_THREADPOOL_WORKERS_MAX,
-                               VIR_TYPED_PARAM_UINT,
-                               VIR_THREADPOOL_WORKERS_PRIORITY,
-                               VIR_TYPED_PARAM_UINT,
-                               NULL) < 0)
-        return -1;
-
-    if ((param = virTypedParamsGet(params, nparams,
-                                   VIR_THREADPOOL_WORKERS_MIN)))
-        minWorkers = param->value.ui;
-
-    if ((param = virTypedParamsGet(params, nparams,
-                                   VIR_THREADPOOL_WORKERS_MAX)))
-        maxWorkers = param->value.ui;
-
-    if ((param = virTypedParamsGet(params, nparams,
-                                   VIR_THREADPOOL_WORKERS_PRIORITY)))
-        prioWorkers = param->value.ui;
-
-    if (virNetServerSetThreadPoolParameters(srv, minWorkers,
-                                            maxWorkers, prioWorkers) < 0)
-        return -1;
-
-    return 0;
-}
-
-int
-adminServerListClients(virNetServerPtr srv,
-                       virNetServerClientPtr **clients,
+adminDaemonListServers(virNetDaemonPtr dmn,
+                       virAdmServerPtr **servers,
                       unsigned int flags)
 {
    int ret = -1;
-    virNetServerClientPtr *clts;
+    const char **srv_names = NULL;
+    virAdmServerPtr *srvs = NULL;
+    size_t i;
+    ssize_t nsrvs = 0;

    virCheckFlags(0, -1);

-    if ((ret = virNetServerGetClients(srv, &clts)) < 0)
-        return -1;
+    if ((nsrvs = virNetDaemonGetServerNames(dmn, &srv_names)) < 0)
+        goto cleanup;

-    if (clients) {
-        *clients = clts;
-        clts = NULL;
+    if (servers) {
+        if (VIR_ALLOC_N(srvs, nsrvs) < 0)
+            goto cleanup;
+
+        for (i = 0; i < nsrvs; i++) {
+            if (!(srvs[i] = virAdmGetServer(NULL, srv_names[i])))
+                goto cleanup;
+        }
+
+        *servers = srvs;
+        srvs = NULL;
    }

-    virObjectListFreeCount(clts, ret);
-    return ret;
-}
-
-virNetServerClientPtr
-adminServerLookupClient(virNetServerPtr srv,
-                        unsigned long long id,
-                        unsigned int flags)
-{
-    virCheckFlags(0, NULL);
-
-    return virNetServerGetClient(srv, id);
-}
-
-int
-adminClientGetInfo(virNetServerClientPtr client,
-                   virTypedParameterPtr *params,
-                   int *nparams,
-                   unsigned int flags)
-{
-    int ret = -1;
-    int maxparams = 0;
-    bool readonly;
-    char *sock_addr = NULL;
-    const char *attr = NULL;
-    virTypedParameterPtr tmpparams = NULL;
-    virIdentityPtr identity = NULL;
-
-    virCheckFlags(0, -1);
-
-    if (virNetServerClientGetInfo(client, &readonly,
-                                  &sock_addr, &identity) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddBoolean(&tmpparams, nparams, &maxparams,
-                                 VIR_CLIENT_INFO_READONLY,
-                                 readonly) < 0)
-        goto cleanup;
-
-    if (virIdentityGetSASLUserName(identity, &attr) < 0 ||
-        (attr &&
-         virTypedParamsAddString(&tmpparams, nparams, &maxparams,
-                                 VIR_CLIENT_INFO_SASL_USER_NAME,
-                                 attr) < 0))
-        goto cleanup;
-
-    if (!virNetServerClientIsLocal(client)) {
-        if (virTypedParamsAddString(&tmpparams, nparams, &maxparams,
-                                    VIR_CLIENT_INFO_SOCKET_ADDR,
-                                    sock_addr) < 0)
-            goto cleanup;
-
-        if (virIdentityGetX509DName(identity, &attr) < 0 ||
-            (attr &&
-             virTypedParamsAddString(&tmpparams, nparams, &maxparams,
-                                     VIR_CLIENT_INFO_X509_DISTINGUISHED_NAME,
-                                     attr) < 0))
-            goto cleanup;
-    } else {
-        pid_t pid;
-        uid_t uid;
-        gid_t gid;
-        if (virIdentityGetUNIXUserID(identity, &uid) < 0 ||
-            virTypedParamsAddInt(&tmpparams, nparams, &maxparams,
-                                 VIR_CLIENT_INFO_UNIX_USER_ID, uid) < 0)
-            goto cleanup;
-
-        if (virIdentityGetUNIXUserName(identity, &attr) < 0 ||
-            virTypedParamsAddString(&tmpparams, nparams, &maxparams,
-                                    VIR_CLIENT_INFO_UNIX_USER_NAME,
-                                    attr) < 0)
-            goto cleanup;
-
-        if (virIdentityGetUNIXGroupID(identity, &gid) < 0 ||
-            virTypedParamsAddInt(&tmpparams, nparams, &maxparams,
-                                 VIR_CLIENT_INFO_UNIX_GROUP_ID, gid) < 0)
-            goto cleanup;
-
-        if (virIdentityGetUNIXGroupName(identity, &attr) < 0 ||
-            virTypedParamsAddString(&tmpparams, nparams, &maxparams,
-                                    VIR_CLIENT_INFO_UNIX_GROUP_NAME,
-                                    attr) < 0)
-            goto cleanup;
-
-        if (virIdentityGetUNIXProcessID(identity, &pid) < 0 ||
-            virTypedParamsAddInt(&tmpparams, nparams, &maxparams,
-                                 VIR_CLIENT_INFO_UNIX_PROCESS_ID, pid) < 0)
-            goto cleanup;
-    }
-
-    if (virIdentityGetSELinuxContext(identity, &attr) < 0 ||
-        (attr &&
-         virTypedParamsAddString(&tmpparams, nparams, &maxparams,
-                                VIR_CLIENT_INFO_SELINUX_CONTEXT, attr) < 0))
-        goto cleanup;
-
-    *params = tmpparams;
-    tmpparams = NULL;
-    ret = 0;
+    ret = nsrvs;

 cleanup:
-    virObjectUnref(identity);
-    VIR_FREE(sock_addr);
+    VIR_FREE(srv_names);
+    virObjectListFree(srvs);
    return ret;
 }
-
-int adminClientClose(virNetServerClientPtr client,
-                     unsigned int flags)
-{
-    virCheckFlags(0, -1);
-
-    virNetServerClientClose(client);
-    return 0;
-}
-
-int
-adminServerGetClientLimits(virNetServerPtr srv,
-                           virTypedParameterPtr *params,
-                           int *nparams,
-                           unsigned int flags)
-{
-    int ret = -1;
-    int maxparams = 0;
-    virTypedParameterPtr tmpparams = NULL;
-
-    virCheckFlags(0, -1);
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams, &maxparams,
-                              VIR_SERVER_CLIENTS_MAX,
-                              virNetServerGetMaxClients(srv)) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams, &maxparams,
-                              VIR_SERVER_CLIENTS_CURRENT,
-                              virNetServerGetCurrentClients(srv)) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams, &maxparams,
-                              VIR_SERVER_CLIENTS_UNAUTH_MAX,
-                              virNetServerGetMaxUnauthClients(srv)) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams, &maxparams,
-                              VIR_SERVER_CLIENTS_UNAUTH_CURRENT,
-                              virNetServerGetCurrentUnauthClients(srv)) < 0)
-        goto cleanup;
-
-    *params = tmpparams;
-    tmpparams = NULL;
-    ret = 0;
-
- cleanup:
-    virTypedParamsFree(tmpparams, *nparams);
-    return ret;
-}
-
-int
-adminServerSetClientLimits(virNetServerPtr srv,
-                           virTypedParameterPtr params,
-                           int nparams,
-                           unsigned int flags)
-{
-    long long int maxClients = -1;
-    long long int maxClientsUnauth = -1;
-    virTypedParameterPtr param = NULL;
-
-    virCheckFlags(0, -1);
-
-    if (virTypedParamsValidate(params, nparams,
-                               VIR_SERVER_CLIENTS_MAX,
-                               VIR_TYPED_PARAM_UINT,
-                               VIR_SERVER_CLIENTS_UNAUTH_MAX,
-                               VIR_TYPED_PARAM_UINT,
-                               NULL) < 0)
-        return -1;
-
-    if ((param = virTypedParamsGet(params, nparams,
-                                   VIR_SERVER_CLIENTS_MAX)))
-        maxClients = param->value.ui;
-
-    if ((param = virTypedParamsGet(params, nparams,
-                                   VIR_SERVER_CLIENTS_UNAUTH_MAX)))
-        maxClientsUnauth = param->value.ui;
-
-    if (virNetServerSetClientLimits(srv, maxClients,
-                                    maxClientsUnauth) < 0)
-        return -1;
-
-    return 0;
-}
--- a/daemon/admin_server.h
+++ b/daemon/admin_server.h
@@ -25,51 +25,10 @@
 # define __LIBVIRTD_ADMIN_SERVER_H__

 # include "rpc/virnetdaemon.h"
-# include "rpc/virnetserver.h"
-
-int adminConnectListServers(virNetDaemonPtr dmn,
-                            virNetServerPtr **servers,
-                            unsigned int flags);
-
-virNetServerPtr adminConnectLookupServer(virNetDaemonPtr dmn,
-                                         const char *name,
-                                         unsigned int flags);

 int
-adminServerGetThreadPoolParameters(virNetServerPtr srv,
-                                   virTypedParameterPtr *params,
-                                   int *nparams,
-                                   unsigned int flags);
-int
-adminServerSetThreadPoolParameters(virNetServerPtr srv,
-                                   virTypedParameterPtr params,
-                                   int nparams,
-                                   unsigned int flags);
-
-int adminServerListClients(virNetServerPtr srv,
-                           virNetServerClientPtr **clients,
-                           unsigned int flags);
-
-virNetServerClientPtr adminServerLookupClient(virNetServerPtr srv,
-                                              unsigned long long id,
-                                              unsigned int flags);
-
-int adminClientGetInfo(virNetServerClientPtr client,
-                       virTypedParameterPtr *params,
-                       int *nparams,
+adminDaemonListServers(virNetDaemonPtr dmn,
+                       virAdmServerPtr **servers,
                       unsigned int flags);

-int adminClientClose(virNetServerClientPtr client,
-                     unsigned int flags);
-
-int adminServerGetClientLimits(virNetServerPtr srv,
-                               virTypedParameterPtr *params,
-                               int *nparams,
-                               unsigned int flags);
-
-int adminServerSetClientLimits(virNetServerPtr srv,
-                               virTypedParameterPtr params,
-                               int nparams,
-                               unsigned int flags);
-
 #endif /* __LIBVIRTD_ADMIN_SERVER_H__ */
--- a/daemon/libvirtd-config.c
+++ b/daemon/libvirtd-config.c
@@ -39,38 +39,171 @@

 VIR_LOG_INIT("daemon.libvirtd-config");

-
+/* Allocate an array of malloc'd strings from the config file, filename
+ * (used only in diagnostics), using handle "conf".  Upon error, return -1
+ * and free any allocated memory.  Otherwise, save the array in *list_arg
+ * and return 0.
+ */
 static int
-remoteConfigGetAuth(virConfPtr conf,
-                    const char *filename,
-                    const char *key,
-                    int *auth)
+remoteConfigGetStringList(virConfPtr conf, const char *key, char ***list_arg,
+                          const char *filename)
 {
-    char *authstr = NULL;
-
-    if (virConfGetValueString(conf, key, &authstr) < 0)
-        return -1;
-
-    if (!authstr)
+    char **list;
+    virConfValuePtr p = virConfGetValue(conf, key);
+    if (!p)
        return 0;

-    if (STREQ(authstr, "none")) {
-        *auth = VIR_NET_SERVER_SERVICE_AUTH_NONE;
-#if WITH_SASL
-    } else if (STREQ(authstr, "sasl")) {
-        *auth = VIR_NET_SERVER_SERVICE_AUTH_SASL;
-#endif
-    } else if (STREQ(authstr, "polkit")) {
-        *auth = VIR_NET_SERVER_SERVICE_AUTH_POLKIT;
-    } else {
+    switch (p->type) {
+    case VIR_CONF_STRING:
+        if (VIR_ALLOC_N(list, 2) < 0) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                           _("failed to allocate memory for %s config list"),
+                           key);
+            return -1;
+        }
+        if (VIR_STRDUP(list[0], p->str) < 0) {
+            VIR_FREE(list);
+            return -1;
+        }
+        list[1] = NULL;
+        break;
+
+    case VIR_CONF_LIST: {
+        int len = 0;
+        size_t i;
+        virConfValuePtr pp;
+        for (pp = p->list; pp; pp = pp->next)
+            len++;
+        if (VIR_ALLOC_N(list, 1+len) < 0) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                           _("failed to allocate memory for %s config list"),
+                           key);
+            return -1;
+        }
+        for (i = 0, pp = p->list; pp; ++i, pp = pp->next) {
+            if (pp->type != VIR_CONF_STRING) {
+                virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                               _("remoteReadConfigFile: %s: %s:"
+                                 " must be a string or list of strings"),
+                               filename, key);
+                VIR_FREE(list);
+                return -1;
+            }
+            if (VIR_STRDUP(list[i], pp->str) < 0) {
+                size_t j;
+                for (j = 0; j < i; j++)
+                    VIR_FREE(list[j]);
+                VIR_FREE(list);
+                return -1;
+            }
+
+        }
+        list[i] = NULL;
+        break;
+    }
+
+    default:
        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                       _("%s: %s: unsupported auth %s"),
-                       filename, key, authstr);
-        VIR_FREE(authstr);
+                       _("remoteReadConfigFile: %s: %s:"
+                         " must be a string or list of strings"),
+                       filename, key);
+        return -1;
+    }
+
+    *list_arg = list;
+    return 0;
+}
+
+/* A helper function used by each of the following macros.  */
+static int
+checkType(virConfValuePtr p, const char *filename,
+          const char *key, virConfType required_type)
+{
+    if (p->type != required_type) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                       _("remoteReadConfigFile: %s: %s: invalid type:"
+                         " got %s; expected %s"), filename, key,
+                       virConfTypeToString(p->type),
+                       virConfTypeToString(required_type));
+        return -1;
+    }
+    return 0;
+}
+
+/* If there is no config data for the key, #var_name, then do nothing.
+   If there is valid data of type VIR_CONF_STRING, and VIR_STRDUP succeeds,
+   store the result in var_name.  Otherwise, (i.e. invalid type, or VIR_STRDUP
+   failure), give a diagnostic and "goto" the cleanup-and-fail label.  */
+#define GET_CONF_STR(conf, filename, var_name)                          \
+    do {                                                                \
+        virConfValuePtr p = virConfGetValue(conf, #var_name);           \
+        if (p) {                                                        \
+            if (checkType(p, filename, #var_name, VIR_CONF_STRING) < 0) \
+                goto error;                                             \
+            VIR_FREE(data->var_name);                                   \
+            if (VIR_STRDUP(data->var_name, p->str) < 0)                 \
+                goto error;                                             \
+        }                                                               \
+    } while (0)
+
+/* Like GET_CONF_STR, but for signed integral values.  */
+#define GET_CONF_INT(conf, filename, var_name)                          \
+    do {                                                                \
+        virConfValuePtr p = virConfGetValue(conf, #var_name);           \
+        if (p) {                                                        \
+            if (p->type != VIR_CONF_ULONG &&                            \
+                checkType(p, filename, #var_name, VIR_CONF_LONG) < 0)   \
+                goto error;                                             \
+            data->var_name = p->l;                                      \
+        }                                                               \
+    } while (0)
+
+/* Like GET_CONF_STR, but for unsigned integral values.  */
+#define GET_CONF_UINT(conf, filename, var_name)                         \
+    do {                                                                \
+        virConfValuePtr p = virConfGetValue(conf, #var_name);           \
+        if (p) {                                                        \
+            if (checkType(p, filename, #var_name, VIR_CONF_ULONG) < 0)  \
+                goto error;                                             \
+            data->var_name = p->l;                                      \
+        }                                                               \
+    } while (0)
+
+
+
+static int
+remoteConfigGetAuth(virConfPtr conf,
+                    const char *key,
+                    int *auth,
+                    const char *filename)
+{
+    virConfValuePtr p;
+
+    p = virConfGetValue(conf, key);
+    if (!p)
+        return 0;
+
+    if (checkType(p, filename, key, VIR_CONF_STRING) < 0)
+        return -1;
+
+    if (!p->str)
+        return 0;
+
+    if (STREQ(p->str, "none")) {
+        *auth = VIR_NET_SERVER_SERVICE_AUTH_NONE;
+#if WITH_SASL
+    } else if (STREQ(p->str, "sasl")) {
+        *auth = VIR_NET_SERVER_SERVICE_AUTH_SASL;
+#endif
+    } else if (STREQ(p->str, "polkit")) {
+        *auth = VIR_NET_SERVER_SERVICE_AUTH_POLKIT;
+    } else {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                       _("remoteReadConfigFile: %s: %s: unsupported auth %s"),
+                       filename, key, p->str);
        return -1;
    }

-    VIR_FREE(authstr);
    return 0;
 }

@@ -147,7 +280,6 @@ daemonConfigNew(bool privileged ATTRIBUTE_UNUSED)
    data->min_workers = 5;
    data->max_workers = 20;
    data->max_clients = 5000;
-    data->max_queued_clients = 1000;
    data->max_anonymous_clients = 20;

    data->prio_workers = 5;
@@ -234,7 +366,6 @@ daemonConfigFree(struct daemonConfig *data)
        tmp++;
    }
    VIR_FREE(data->sasl_allowed_username_list);
-    VIR_FREE(data->tls_priority);

    VIR_FREE(data->key_file);
    VIR_FREE(data->ca_file);
@@ -242,7 +373,6 @@ daemonConfigFree(struct daemonConfig *data)
    VIR_FREE(data->crl_file);

    VIR_FREE(data->host_uuid);
-    VIR_FREE(data->host_uuid_source);
    VIR_FREE(data->log_filters);
    VIR_FREE(data->log_outputs);

@@ -254,18 +384,13 @@ daemonConfigLoadOptions(struct daemonConfig *data,
                        const char *filename,
                        virConfPtr conf)
 {
-    if (virConfGetValueBool(conf, "listen_tcp", &data->listen_tcp) < 0)
-        goto error;
-    if (virConfGetValueBool(conf, "listen_tls", &data->listen_tls) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "tls_port", &data->tls_port) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "tcp_port", &data->tcp_port) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "listen_addr", &data->listen_addr) < 0)
-        goto error;
+    GET_CONF_UINT(conf, filename, listen_tcp);
+    GET_CONF_UINT(conf, filename, listen_tls);
+    GET_CONF_STR(conf, filename, tls_port);
+    GET_CONF_STR(conf, filename, tcp_port);
+    GET_CONF_STR(conf, filename, listen_addr);

-    if (remoteConfigGetAuth(conf, filename, "auth_unix_rw", &data->auth_unix_rw) < 0)
+    if (remoteConfigGetAuth(conf, "auth_unix_rw", &data->auth_unix_rw, filename) < 0)
        goto error;
 #if WITH_POLKIT
    /* Change default perms to be wide-open if PolicyKit is enabled.
@@ -277,116 +402,76 @@ daemonConfigLoadOptions(struct daemonConfig *data,
            goto error;
    }
 #endif
-    if (remoteConfigGetAuth(conf, filename, "auth_unix_ro", &data->auth_unix_ro) < 0)
+    if (remoteConfigGetAuth(conf, "auth_unix_ro", &data->auth_unix_ro, filename) < 0)
        goto error;
-    if (remoteConfigGetAuth(conf, filename, "auth_tcp", &data->auth_tcp) < 0)
+    if (remoteConfigGetAuth(conf, "auth_tcp", &data->auth_tcp, filename) < 0)
        goto error;
-    if (remoteConfigGetAuth(conf, filename, "auth_tls", &data->auth_tls) < 0)
+    if (remoteConfigGetAuth(conf, "auth_tls", &data->auth_tls, filename) < 0)
        goto error;

-    if (virConfGetValueStringList(conf, "access_drivers", false,
-                                  &data->access_drivers) < 0)
+    if (remoteConfigGetStringList(conf, "access_drivers",
+                                  &data->access_drivers, filename) < 0)
        goto error;

-    if (virConfGetValueString(conf, "unix_sock_group", &data->unix_sock_group) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "unix_sock_admin_perms", &data->unix_sock_admin_perms) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "unix_sock_ro_perms", &data->unix_sock_ro_perms) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "unix_sock_rw_perms", &data->unix_sock_rw_perms) < 0)
-        goto error;
+    GET_CONF_STR(conf, filename, unix_sock_group);
+    GET_CONF_STR(conf, filename, unix_sock_admin_perms);
+    GET_CONF_STR(conf, filename, unix_sock_ro_perms);
+    GET_CONF_STR(conf, filename, unix_sock_rw_perms);

-    if (virConfGetValueString(conf, "unix_sock_dir", &data->unix_sock_dir) < 0)
-        goto error;
+    GET_CONF_STR(conf, filename, unix_sock_dir);

-    if (virConfGetValueBool(conf, "mdns_adv", &data->mdns_adv) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "mdns_name", &data->mdns_name) < 0)
-        goto error;
+    GET_CONF_UINT(conf, filename, mdns_adv);
+    GET_CONF_STR(conf, filename, mdns_name);

-    if (virConfGetValueBool(conf, "tls_no_sanity_certificate", &data->tls_no_sanity_certificate) < 0)
-        goto error;
-    if (virConfGetValueBool(conf, "tls_no_verify_certificate", &data->tls_no_verify_certificate) < 0)
-        goto error;
+    GET_CONF_UINT(conf, filename, tls_no_sanity_certificate);
+    GET_CONF_UINT(conf, filename, tls_no_verify_certificate);

-    if (virConfGetValueString(conf, "key_file", &data->key_file) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "cert_file", &data->cert_file) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "ca_file", &data->ca_file) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "crl_file", &data->crl_file) < 0)
-        goto error;
+    GET_CONF_STR(conf, filename, key_file);
+    GET_CONF_STR(conf, filename, cert_file);
+    GET_CONF_STR(conf, filename, ca_file);
+    GET_CONF_STR(conf, filename, crl_file);

-    if (virConfGetValueStringList(conf, "tls_allowed_dn_list", false,
-                                  &data->tls_allowed_dn_list) < 0)
+    if (remoteConfigGetStringList(conf, "tls_allowed_dn_list",
+                                  &data->tls_allowed_dn_list, filename) < 0)
        goto error;


-    if (virConfGetValueStringList(conf, "sasl_allowed_username_list", false,
-                                  &data->sasl_allowed_username_list) < 0)
+    if (remoteConfigGetStringList(conf, "sasl_allowed_username_list",
+                                  &data->sasl_allowed_username_list, filename) < 0)
        goto error;

-    if (virConfGetValueString(conf, "tls_priority", &data->tls_priority) < 0)
-        goto error;

-    if (virConfGetValueUInt(conf, "min_workers", &data->min_workers) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "max_workers", &data->max_workers) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "max_clients", &data->max_clients) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "max_queued_clients", &data->max_queued_clients) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "max_anonymous_clients", &data->max_anonymous_clients) < 0)
-        goto error;
+    GET_CONF_UINT(conf, filename, min_workers);
+    GET_CONF_UINT(conf, filename, max_workers);
+    GET_CONF_UINT(conf, filename, max_clients);
+    GET_CONF_UINT(conf, filename, max_queued_clients);
+    GET_CONF_UINT(conf, filename, max_anonymous_clients);

-    if (virConfGetValueUInt(conf, "prio_workers", &data->prio_workers) < 0)
-        goto error;
+    GET_CONF_UINT(conf, filename, prio_workers);

-    if (virConfGetValueUInt(conf, "max_requests", &data->max_requests) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "max_client_requests", &data->max_client_requests) < 0)
-        goto error;
+    GET_CONF_INT(conf, filename, max_requests);
+    GET_CONF_UINT(conf, filename, max_client_requests);

-    if (virConfGetValueUInt(conf, "admin_min_workers", &data->admin_min_workers) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "admin_max_workers", &data->admin_max_workers) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "admin_max_clients", &data->admin_max_clients) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "admin_max_queued_clients", &data->admin_max_queued_clients) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "admin_max_client_requests", &data->admin_max_client_requests) < 0)
-        goto error;
+    GET_CONF_UINT(conf, filename, admin_min_workers);
+    GET_CONF_UINT(conf, filename, admin_max_workers);
+    GET_CONF_UINT(conf, filename, admin_max_clients);
+    GET_CONF_UINT(conf, filename, admin_max_queued_clients);
+    GET_CONF_UINT(conf, filename, admin_max_client_requests);

-    if (virConfGetValueUInt(conf, "audit_level", &data->audit_level) < 0)
-        goto error;
-    if (virConfGetValueBool(conf, "audit_logging", &data->audit_logging) < 0)
-        goto error;
+    GET_CONF_UINT(conf, filename, audit_level);
+    GET_CONF_UINT(conf, filename, audit_logging);

-    if (virConfGetValueString(conf, "host_uuid", &data->host_uuid) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "host_uuid_source", &data->host_uuid_source) < 0)
-        goto error;
+    GET_CONF_STR(conf, filename, host_uuid);

-    if (virConfGetValueUInt(conf, "log_level", &data->log_level) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "log_filters", &data->log_filters) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "log_outputs", &data->log_outputs) < 0)
-        goto error;
+    GET_CONF_UINT(conf, filename, log_level);
+    GET_CONF_STR(conf, filename, log_filters);
+    GET_CONF_STR(conf, filename, log_outputs);

-    if (virConfGetValueInt(conf, "keepalive_interval", &data->keepalive_interval) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "keepalive_count", &data->keepalive_count) < 0)
-        goto error;
+    GET_CONF_INT(conf, filename, keepalive_interval);
+    GET_CONF_UINT(conf, filename, keepalive_count);

-    if (virConfGetValueInt(conf, "admin_keepalive_interval", &data->admin_keepalive_interval) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "admin_keepalive_count", &data->admin_keepalive_count) < 0)
-        goto error;
+    GET_CONF_INT(conf, filename, admin_keepalive_interval);
+    GET_CONF_UINT(conf, filename, admin_keepalive_count);

    return 0;

--- a/daemon/libvirtd-config.h
+++ b/daemon/libvirtd-config.h
@@ -28,10 +28,9 @@

 struct daemonConfig {
    char *host_uuid;
-    char *host_uuid_source;

-    bool listen_tls;
-    bool listen_tcp;
+    int listen_tls;
+    int listen_tcp;
    char *listen_addr;
    char *tls_port;
    char *tcp_port;
@@ -49,46 +48,45 @@ struct daemonConfig {

    char **access_drivers;

-    bool mdns_adv;
+    int mdns_adv;
    char *mdns_name;

-    bool tls_no_verify_certificate;
-    bool tls_no_sanity_certificate;
+    int tls_no_verify_certificate;
+    int tls_no_sanity_certificate;
    char **tls_allowed_dn_list;
    char **sasl_allowed_username_list;
-    char *tls_priority;

    char *key_file;
    char *cert_file;
    char *ca_file;
    char *crl_file;

-    unsigned int min_workers;
-    unsigned int max_workers;
-    unsigned int max_clients;
-    unsigned int max_queued_clients;
-    unsigned int max_anonymous_clients;
+    int min_workers;
+    int max_workers;
+    int max_clients;
+    int max_queued_clients;
+    int max_anonymous_clients;

-    unsigned int prio_workers;
+    int prio_workers;

-    unsigned int max_requests;
-    unsigned int max_client_requests;
+    int max_requests;
+    int max_client_requests;

-    unsigned int log_level;
+    int log_level;
    char *log_filters;
    char *log_outputs;

-    unsigned int audit_level;
-    bool audit_logging;
+    int audit_level;
+    int audit_logging;

    int keepalive_interval;
    unsigned int keepalive_count;

-    unsigned int admin_min_workers;
-    unsigned int admin_max_workers;
-    unsigned int admin_max_clients;
-    unsigned int admin_max_queued_clients;
-    unsigned int admin_max_client_requests;
+    int admin_min_workers;
+    int admin_max_workers;
+    int admin_max_clients;
+    int admin_max_queued_clients;
+    int admin_max_client_requests;

    int admin_keepalive_interval;
    unsigned int admin_keepalive_count;
--- a/daemon/libvirtd.aug
+++ b/daemon/libvirtd.aug
@@ -13,7 +13,7 @@ module Libvirtd =

   let str_val = del /\"/ "\"" . store /[^\"]*/ . del /\"/ "\""
   let bool_val = store /0|1/
-   let int_val = store /-?[0-9]+/
+   let int_val = store /[0-9]+/
   let str_array_element = [ seq "el" . str_val ] . del /[ \t\n]*/ ""
   let str_array_val = counter "el" . array_start . ( str_array_element . ( array_sep . str_array_element ) * ) ? . array_end

@@ -53,7 +53,6 @@ module Libvirtd =
                           | str_array_entry "tls_allowed_dn_list"
                           | str_array_entry "sasl_allowed_username_list"
                           | str_array_entry "access_drivers"
-                           | str_entry "tls_priority"

   let processing_entry = int_entry "min_workers"
                        | int_entry "max_workers"
@@ -87,7 +86,6 @@ module Libvirtd =
                             | bool_entry "admin_keepalive_required"

   let misc_entry = str_entry "host_uuid"
-                  | str_entry "host_uuid_source"

   (* Each enty in the config is one of the following three ... *)
   let entry = network_entry
--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
@@ -30,6 +30,7 @@
 #include <getopt.h>
 #include <stdlib.h>
 #include <grp.h>
+#include <locale.h>

 #include "libvirt_internal.h"
 #include "virerror.h"
@@ -57,7 +58,6 @@
 #include "locking/lock_manager.h"
 #include "viraccessmanager.h"
 #include "virutil.h"
-#include "virgettext.h"

 #ifdef WITH_DRIVER_MODULES
 # include "driver.h"
@@ -102,9 +102,6 @@
 #  include "nwfilter/nwfilter_driver.h"
 # endif
 #endif
-#ifdef WITH_VZ
-# include "vz/vz_driver.h"
-#endif

 #include "configmake.h"

@@ -333,8 +330,6 @@ static int daemonErrorLogFilter(virErrorPtr err, int priority)
    case VIR_ERR_NO_DOMAIN_SNAPSHOT:
    case VIR_ERR_OPERATION_INVALID:
    case VIR_ERR_NO_DOMAIN_METADATA:
-    case VIR_ERR_NO_SERVER:
-    case VIR_ERR_NO_CLIENT:
        return VIR_LOG_DEBUG;
    }

@@ -395,9 +390,6 @@ static void daemonInitialize(void)
 # ifdef WITH_BHYVE
    virDriverLoadModule("bhyve");
 # endif
-# ifdef WITH_VZ
-    virDriverLoadModule("vz");
-# endif
 #else
 # ifdef WITH_NETWORK
    networkRegister();
@@ -438,9 +430,6 @@ static void daemonInitialize(void)
 # ifdef WITH_BHYVE
    bhyveRegister();
 # endif
-# ifdef WITH_VZ
-    vzRegister();
-# endif
 #endif
 }

@@ -533,7 +522,8 @@ daemonSetupNetworking(virNetServerPtr srv,
        virNetServerAddService(srv, svcRO, NULL) < 0)
        goto cleanup;

-    if (sock_path_adm) {
+    /* Temporarily disabled */
+    if (sock_path_adm && false) {
        VIR_DEBUG("Registering unix socket %s", sock_path_adm);
        if (!(svcAdm = virNetServerServiceNewUNIX(sock_path_adm,
                                                  unix_sock_adm_mask,
@@ -542,7 +532,7 @@ daemonSetupNetworking(virNetServerPtr srv,
 #if WITH_GNUTLS
                                                  NULL,
 #endif
-                                                  false,
+                                                  true,
                                                  config->admin_max_queued_clients,
                                                  config->admin_max_client_requests)))
            goto cleanup;
@@ -584,7 +574,6 @@ daemonSetupNetworking(virNetServerPtr srv,
                                                       config->cert_file,
                                                       config->key_file,
                                                       (const char *const*)config->tls_allowed_dn_list,
-                                                       config->tls_priority,
                                                       config->tls_no_sanity_certificate ? false : true,
                                                       config->tls_no_verify_certificate ? false : true)))
                    goto cleanup;
@@ -592,7 +581,6 @@ daemonSetupNetworking(virNetServerPtr srv,
                if (!(ctxt = virNetTLSContextNewServerPath(NULL,
                                                           !privileged,
                                                           (const char *const*)config->tls_allowed_dn_list,
-                                                           config->tls_priority,
                                                           config->tls_no_sanity_certificate ? false : true,
                                                           config->tls_no_verify_certificate ? false : true)))
                    goto cleanup;
@@ -691,10 +679,10 @@ daemonSetupLogging(struct daemonConfig *config,
    virLogSetFromEnv();

    if (virLogGetNbFilters() == 0)
-        virLogSetFilters(config->log_filters);
+        virLogParseFilters(config->log_filters);

-    if (config->log_outputs && virLogGetNbOutputs() == 0)
-        virLogSetOutputs(config->log_outputs);
+    if (virLogGetNbOutputs() == 0)
+        virLogParseOutputs(config->log_outputs);

    /*
     * Command line override for --verbose
@@ -721,7 +709,7 @@ daemonSetupLogging(struct daemonConfig *config,

            if (virAsprintf(&tmp, "%d:journald", priority) < 0)
                goto error;
-            virLogSetOutputs(tmp);
+            virLogParseOutputs(tmp);
            VIR_FREE(tmp);
        }
    }
@@ -764,7 +752,7 @@ daemonSetupLogging(struct daemonConfig *config,
            if (virAsprintf(&tmp, "%d:stderr", virLogGetDefaultPriority()) < 0)
                goto error;
        }
-        virLogSetOutputs(tmp);
+        virLogParseOutputs(tmp);
        VIR_FREE(tmp);
    }

@@ -1079,39 +1067,6 @@ static int migrateProfile(void)
    return ret;
 }

-static int
-daemonSetupHostUUID(const struct daemonConfig *config)
-{
-    static const char *machine_id = "/etc/machine-id";
-    char buf[VIR_UUID_STRING_BUFLEN];
-    const char *uuid;
-
-    if (config->host_uuid) {
-        uuid = config->host_uuid;
-    } else if (!config->host_uuid_source ||
-               STREQ(config->host_uuid_source, "smbios")) {
-        /* smbios UUID is fetched on demand in virGetHostUUID */
-        return 0;
-    } else if (STREQ(config->host_uuid_source, "machine-id")) {
-        if (virFileReadBufQuiet(machine_id, buf, sizeof(buf)) < 0) {
-            VIR_ERROR(_("Can't read %s"), machine_id);
-            return -1;
-        }
-
-        uuid = buf;
-    } else {
-        VIR_ERROR(_("invalid UUID source: %s"), config->host_uuid_source);
-        return -1;
-    }
-
-    if (virSetHostUUIDStr(uuid)) {
-        VIR_ERROR(_("invalid host UUID: %s"), uuid);
-        return -1;
-    }
-
-    return 0;
-}
-
 /* Print command-line usage. */
 static void
 daemonUsage(const char *argv0, bool privileged)
@@ -1217,7 +1172,9 @@ int main(int argc, char **argv) {
        {0, 0, 0, 0}
    };

-    if (virGettextInitialize() < 0 ||
+    if (setlocale(LC_ALL, "") == NULL ||
+        bindtextdomain(PACKAGE, LOCALEDIR) == NULL ||
+        textdomain(PACKAGE) == NULL ||
        virInitialize() < 0) {
        fprintf(stderr, _("%s: initialization failed\n"), argv[0]);
        exit(EXIT_FAILURE);
@@ -1316,8 +1273,12 @@ int main(int argc, char **argv) {
    /* Read the config file if it exists*/
    if (remote_config_file &&
        daemonConfigLoadFile(config, remote_config_file, implicit_conf) < 0) {
-        VIR_ERROR(_("Can't load config file: %s: %s"),
-                  virGetLastErrorMessage(), remote_config_file);
+        virErrorPtr err = virGetLastError();
+        if (err && err->message)
+            VIR_ERROR(_("Can't load config file: %s: %s"),
+                      err->message, remote_config_file);
+        else
+            VIR_ERROR(_("Can't load config file: %s"), remote_config_file);
        exit(EXIT_FAILURE);
    }

@@ -1327,8 +1288,9 @@ int main(int argc, char **argv) {
        exit(EXIT_FAILURE);
    }

-    if (daemonSetupHostUUID(config) < 0) {
-        VIR_ERROR(_("Can't setup host uuid"));
+    if (config->host_uuid &&
+        virSetHostUUIDStr(config->host_uuid) < 0) {
+        VIR_ERROR(_("invalid host UUID: %s"), config->host_uuid);
        exit(EXIT_FAILURE);
    }

@@ -1420,8 +1382,7 @@ int main(int argc, char **argv) {
        goto cleanup;
    }

-    if (!(srv = virNetServerNew("libvirtd", 1,
-                                config->min_workers,
+    if (!(srv = virNetServerNew(config->min_workers,
                                config->max_workers,
                                config->prio_workers,
                                config->max_clients,
@@ -1438,7 +1399,7 @@ int main(int argc, char **argv) {
    }

    if (!(dmn = virNetDaemonNew()) ||
-        virNetDaemonAddServer(dmn, srv) < 0) {
+        virNetDaemonAddServer(dmn, "libvirtd", srv) < 0) {
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
    }
@@ -1495,8 +1456,7 @@ int main(int argc, char **argv) {
        goto cleanup;
    }

-    if (!(srvAdm = virNetServerNew("admin", 1,
-                                   config->admin_min_workers,
+    if (!(srvAdm = virNetServerNew(config->admin_min_workers,
                                   config->admin_max_workers,
                                   0,
                                   config->admin_max_clients,
@@ -1512,7 +1472,7 @@ int main(int argc, char **argv) {
        goto cleanup;
    }

-    if (virNetDaemonAddServer(dmn, srvAdm) < 0) {
+    if (virNetDaemonAddServer(dmn, "admin", srvAdm) < 0) {
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
    }
@@ -1628,6 +1588,7 @@ int main(int argc, char **argv) {
    virObjectUnref(qemuProgram);
    virObjectUnref(adminProgram);
    virNetDaemonClose(dmn);
+    virObjectUnref(dmn);
    virObjectUnref(srv);
    virObjectUnref(srvAdm);
    virNetlinkShutdown();
@@ -1657,9 +1618,6 @@ int main(int argc, char **argv) {
        driversInitialized = false;
        virStateCleanup();
    }
-    /* Now that the hypervisor shutdown inhibition functions that use
-     * 'dmn' as a parameter are done, we can finally unref 'dmn' */
-    virObjectUnref(dmn);

    return ret;
 }
--- a/daemon/libvirtd.conf
+++ b/daemon/libvirtd.conf
@@ -77,6 +77,11 @@
 # UNIX socket access controls
 #

+# Beware that if you are changing *any* of these options, and you use
+# socket activation with systemd, you need to adjust the settings in
+# the libvirtd.socket file as well since it could impose a security
+# risk if you rely on file permission checking only.
+
 # Set the UNIX domain socket group ownership. This can be used to
 # allow a 'trusted' set of users access to management capabilities
 # without becoming root.
@@ -242,7 +247,7 @@
 #tls_allowed_dn_list = ["DN1", "DN2"]


-# A whitelist of allowed SASL usernames. The format for username
+# A whitelist of allowed SASL usernames. The format for usernames
 # depends on the SASL authentication mechanism. Kerberos usernames
 # look like username@REALM
 #
@@ -259,13 +264,6 @@
 #sasl_allowed_username_list = ["joe@EXAMPLE.COM", "fred@EXAMPLE.COM" ]


-# Override the compile time default TLS priority string. The
-# default is usually "NORMAL" unless overridden at build time.
-# Only set this is it is desired for libvirt to deviate from
-# the global default settings.
-#
-#tls_priority="NORMAL"
-

 #################################################################
 #
@@ -283,8 +281,8 @@
 #max_queued_clients = 1000

 # The maximum length of queue of accepted but not yet
-# authenticated clients. The default value is 20. Set this to
-# zero to turn this feature off.
+# authenticated clients. The default value is zero, meaning
+# the feature is disabled.
 #max_anonymous_clients = 20

 # The minimum limit sets the number of workers to start up
@@ -417,16 +415,10 @@

 ###################################################################
 # UUID of the host:
-# Host UUID is read from one of the sources specified in host_uuid_source.
-#
-# - 'smbios': fetch the UUID from 'dmidecode -s system-uuid'
-# - 'machine-id': fetch the UUID from /etc/machine-id
-#
-# The host_uuid_source default is 'smbios'. If 'dmidecode' does not provide
-# a valid UUID a temporary UUID will be generated.
-#
-# Another option is to specify host UUID in host_uuid.
-#
+# Provide the UUID of the host here in case the command
+# 'dmidecode -s system-uuid' does not provide a valid uuid. In case
+# 'dmidecode' does not provide a valid UUID and none is provided here, a
+# temporary UUID will be generated.
 # Keep the format of the example UUID below. UUID must not have all digits
 # be the same.

@@ -434,7 +426,6 @@
 # it with the output of the 'uuidgen' command and then
 # uncomment this entry
 #host_uuid = "00000000-0000-0000-0000-000000000000"
-#host_uuid_source = "smbios"

 ###################################################################
 # Keepalive protocol:
--- a/daemon/libvirtd.h
+++ b/daemon/libvirtd.h
@@ -60,11 +60,6 @@ struct daemonClientPrivate {
    size_t nnetworkEventCallbacks;
    daemonClientEventCallbackPtr *qemuEventCallbacks;
    size_t nqemuEventCallbacks;
-    daemonClientEventCallbackPtr *storageEventCallbacks;
-    size_t nstorageEventCallbacks;
-    daemonClientEventCallbackPtr *nodeDeviceEventCallbacks;
-    size_t nnodeDeviceEventCallbacks;
-    bool closeRegistered;

 # if WITH_SASL
    virNetSASLSessionPtr sasl;
--- a/daemon/libvirtd.pod.in
+++ b/daemon/libvirtd.pod.in
@@ -4,7 +4,9 @@ libvirtd - libvirtd management daemon

 =head1 SYNOPSIS

-B<libvirtd> [I<OPTION>]...
+B<libvirtd> [ -dlv ] [ -f config_file ] [ -p pid_file ] [ -t timeout_seconds ]
+
+B<libvirtd> --version

 =head1 DESCRIPTION

--- a/daemon/libvirtd.service.in
+++ b/daemon/libvirtd.service.in
@@ -1,11 +1,5 @@
-# NB we don't use socket activation. When libvirtd starts it will
-# spawn any virtual machines registered for autostart. We want this
-# to occur on every boot, regardless of whether any client connects
-# to a socket. Thus socket activation doesn't have any benefit
-
 [Unit]
 Description=Virtualization daemon
-Requires=virtlogd.socket
 Before=libvirt-guests.service
 After=network.target
 After=dbus.service
--- a/daemon/libvirtd.socket.in
+++ b/daemon/libvirtd.socket.in
@@ -0,0 +1,11 @@
+[Socket]
+ListenStream=@runstatedir@/libvirt/libvirt-sock
+ListenStream=@runstatedir@/libvirt/libvirt-sock-ro
+
+; The following settings must match libvirtd.conf file in order to
+; work as expected because libvirtd can't change them later.
+; SocketMode=0777 is safe only if authentication on the socket is set
+; up.  For further information, please see the libvirtd.conf file.
+SocketMode=0777
+SocketUser=root
+SocketGroup=root
--- a/daemon/remote.c
+++ b/daemon/remote.c
--- a/daemon/stream.c
+++ b/daemon/stream.c
@@ -42,15 +42,15 @@ struct daemonClientStream {

    virStreamPtr st;
    int procedure;
-    unsigned int serial;
+    int serial;

-    bool recvEOF;
-    bool closed;
+    unsigned int recvEOF : 1;
+    unsigned int closed : 1;

    int filterID;

    virNetMessagePtr rx;
-    bool tx;
+    int tx;

    daemonClientStreamPtr next;
 };
@@ -76,8 +76,6 @@ static void
 daemonStreamUpdateEvents(daemonClientStream *stream)
 {
    int newEvents = 0;
-    if (stream->closed)
-        return;
    if (stream->rx)
        newEvents |= VIR_STREAM_EVENT_WRITABLE;
    if (stream->tx && !stream->recvEOF)
@@ -94,14 +92,14 @@ daemonStreamUpdateEvents(daemonClientStream *stream)
 * fast stream, but slow client
 */
 static void
-daemonStreamMessageFinished(virNetMessagePtr msg,
+daemonStreamMessageFinished(virNetMessagePtr msg ATTRIBUTE_UNUSED,
                            void *opaque)
 {
    daemonClientStream *stream = opaque;
-    VIR_DEBUG("stream=%p proc=%d serial=%u",
+    VIR_DEBUG("stream=%p proc=%d serial=%d",
              stream, msg->header.proc, msg->header.serial);

-    stream->tx = true;
+    stream->tx = 1;
    daemonStreamUpdateEvents(stream);

    daemonFreeClientStream(NULL, stream);
@@ -199,8 +197,8 @@ daemonStreamEvent(virStreamPtr st, int events, void *opaque)
        (events & VIR_STREAM_EVENT_HANGUP)) {
        virNetMessagePtr msg;
        events &= ~(VIR_STREAM_EVENT_HANGUP);
-        stream->tx = false;
-        stream->recvEOF = true;
+        stream->tx = 0;
+        stream->recvEOF = 1;
        if (!(msg = virNetMessageNew(false))) {
            daemonRemoveClientStream(client, stream);
            virNetServerClientClose(client);
@@ -229,7 +227,7 @@ daemonStreamEvent(virStreamPtr st, int events, void *opaque)
        virNetMessageError rerr;

        memset(&rerr, 0, sizeof(rerr));
-        stream->closed = true;
+        stream->closed = 1;
        virStreamEventRemoveCallback(stream->st);
        virStreamAbort(stream->st);
        if (events & VIR_STREAM_EVENT_HANGUP)
@@ -295,7 +293,7 @@ daemonStreamFilter(virNetServerClientPtr client ATTRIBUTE_UNUSED,
        msg->header.serial != stream->serial)
        goto cleanup;

-    VIR_DEBUG("Incoming client=%p, rx=%p, serial=%u, proc=%d, status=%d",
+    VIR_DEBUG("Incoming client=%p, rx=%p, serial=%d, proc=%d, status=%d",
              client, stream->rx, msg->header.proc,
              msg->header.serial, msg->header.status);

@@ -326,7 +324,7 @@ daemonCreateClientStream(virNetServerClientPtr client,
    daemonClientStream *stream;
    daemonClientPrivatePtr priv = virNetServerClientGetPrivateData(client);

-    VIR_DEBUG("client=%p, proc=%d, serial=%u, st=%p",
+    VIR_DEBUG("client=%p, proc=%d, serial=%d, st=%p",
              client, header->proc, header->serial, st);

    if (VIR_ALLOC(stream) < 0)
@@ -362,7 +360,7 @@ int daemonFreeClientStream(virNetServerClientPtr client,
    if (stream->refs)
        return 0;

-    VIR_DEBUG("client=%p, proc=%d, serial=%u",
+    VIR_DEBUG("client=%p, proc=%d, serial=%d",
              client, stream->procedure, stream->serial);

    virObjectUnref(stream->prog);
@@ -400,7 +398,7 @@ int daemonAddClientStream(virNetServerClientPtr client,
                          daemonClientStream *stream,
                          bool transmit)
 {
-    VIR_DEBUG("client=%p, proc=%d, serial=%u, st=%p, transmit=%d",
+    VIR_DEBUG("client=%p, proc=%d, serial=%d, st=%p, transmit=%d",
              client, stream->procedure, stream->serial, stream->st, transmit);
    daemonClientPrivatePtr priv = virNetServerClientGetPrivateData(client);

@@ -424,7 +422,7 @@ int daemonAddClientStream(virNetServerClientPtr client,
    }

    if (transmit)
-        stream->tx = true;
+        stream->tx = 1;

    virMutexLock(&priv->lock);
    stream->next = priv->streams;
@@ -444,13 +442,13 @@ int daemonAddClientStream(virNetServerClientPtr client,
 *
 * Removes a stream from the list of active streams for the client
 *
- * Returns 0 if the stream was removed, -1 if it doesn't exist
+ * Returns 0 if the stream was removd, -1 if it doesn't exist
 */
 int
 daemonRemoveClientStream(virNetServerClientPtr client,
                         daemonClientStream *stream)
 {
-    VIR_DEBUG("client=%p, proc=%d, serial=%u, st=%p",
+    VIR_DEBUG("client=%p, proc=%d, serial=%d, st=%p",
              client, stream->procedure, stream->serial, stream->st);
    daemonClientPrivatePtr priv = virNetServerClientGetPrivateData(client);
    daemonClientStream *curr = priv->streams;
@@ -463,7 +461,6 @@ daemonRemoveClientStream(virNetServerClientPtr client,
    }

    if (!stream->closed) {
-        stream->closed = true;
        virStreamEventRemoveCallback(stream->st);
        virStreamAbort(stream->st);
    }
@@ -494,7 +491,6 @@ daemonRemoveAllClientStreams(daemonClientStream *stream)
        tmp = stream->next;

        if (!stream->closed) {
-            stream->closed = true;
            virStreamEventRemoveCallback(stream->st);
            virStreamAbort(stream->st);
        }
@@ -519,7 +515,7 @@ daemonStreamHandleWriteData(virNetServerClientPtr client,
 {
    int ret;

-    VIR_DEBUG("client=%p, stream=%p, proc=%d, serial=%u, len=%zu, offset=%zu",
+    VIR_DEBUG("client=%p, stream=%p, proc=%d, serial=%d, len=%zu, offset=%zu",
              client, stream, msg->header.proc, msg->header.serial,
              msg->bufferLength, msg->bufferOffset);

@@ -542,10 +538,7 @@ daemonStreamHandleWriteData(virNetServerClientPtr client,
        memset(&rerr, 0, sizeof(rerr));

        VIR_INFO("Stream send failed");
-        stream->closed = true;
-        virStreamEventRemoveCallback(stream->st);
-        virStreamAbort(stream->st);
-
+        stream->closed = 1;
        return virNetServerProgramSendReplyError(stream->prog,
                                                 client,
                                                 msg,
@@ -572,10 +565,10 @@ daemonStreamHandleFinish(virNetServerClientPtr client,
 {
    int ret;

-    VIR_DEBUG("client=%p, stream=%p, proc=%d, serial=%u",
+    VIR_DEBUG("client=%p, stream=%p, proc=%d, serial=%d",
              client, stream, msg->header.proc, msg->header.serial);

-    stream->closed = true;
+    stream->closed = 1;
    virStreamEventRemoveCallback(stream->st);
    ret = virStreamFinish(stream->st);

@@ -609,42 +602,31 @@ daemonStreamHandleAbort(virNetServerClientPtr client,
                        daemonClientStream *stream,
                        virNetMessagePtr msg)
 {
-    VIR_DEBUG("client=%p, stream=%p, proc=%d, serial=%u",
+    VIR_DEBUG("client=%p, stream=%p, proc=%d, serial=%d",
              client, stream, msg->header.proc, msg->header.serial);
-    int ret;
-    bool raise_error = false;
+    virNetMessageError rerr;

-    stream->closed = true;
+    memset(&rerr, 0, sizeof(rerr));
+
+    stream->closed = 1;
    virStreamEventRemoveCallback(stream->st);
-    ret = virStreamAbort(stream->st);
+    virStreamAbort(stream->st);

    if (msg->header.status == VIR_NET_ERROR) {
-        VIR_INFO("stream aborted at client request");
-        raise_error = (ret < 0);
+        virReportError(VIR_ERR_RPC,
+                       "%s", _("stream aborted at client request"));
    } else {
+        VIR_WARN("unexpected stream status %d", msg->header.status);
        virReportError(VIR_ERR_RPC,
                       _("stream aborted with unexpected status %d"),
                       msg->header.status);
-        raise_error = true;
    }

-    if (raise_error) {
-        virNetMessageError rerr;
-        memset(&rerr, 0, sizeof(rerr));
-        return virNetServerProgramSendReplyError(remoteProgram,
-                                                 client,
-                                                 msg,
-                                                 &rerr,
-                                                 &msg->header);
-    } else {
-        /* Send zero-length confirm */
-        return virNetServerProgramSendStreamData(stream->prog,
-                                                 client,
-                                                 msg,
-                                                 stream->procedure,
-                                                 stream->serial,
-                                                 NULL, 0);
-    }
+    return virNetServerProgramSendReplyError(remoteProgram,
+                                             client,
+                                             msg,
+                                             &rerr,
+                                             &msg->header);
 }


@@ -727,12 +709,9 @@ static int
 daemonStreamHandleRead(virNetServerClientPtr client,
                       daemonClientStream *stream)
 {
-    virNetMessagePtr msg = NULL;
-    virNetMessageError rerr;
    char *buffer;
    size_t bufferLen = VIR_NET_MESSAGE_LEGACY_PAYLOAD_MAX;
-    int ret = -1;
-    int rv;
+    int ret;

    VIR_DEBUG("client=%p, stream=%p tx=%d closed=%d",
              client, stream, stream->tx, stream->closed);
@@ -749,48 +728,50 @@ daemonStreamHandleRead(virNetServerClientPtr client,
    if (!stream->tx)
        return 0;

-    memset(&rerr, 0, sizeof(rerr));
-
    if (VIR_ALLOC_N(buffer, bufferLen) < 0)
        return -1;

-    if (!(msg = virNetMessageNew(false)))
-        goto cleanup;
-
-    rv = virStreamRecv(stream->st, buffer, bufferLen);
-    if (rv == -2) {
+    ret = virStreamRecv(stream->st, buffer, bufferLen);
+    if (ret == -2) {
        /* Should never get this, since we're only called when we know
         * we're readable, but hey things change... */
-    } else if (rv < 0) {
-        if (virNetServerProgramSendStreamError(remoteProgram,
-                                               client,
-                                               msg,
-                                               &rerr,
-                                               stream->procedure,
-                                               stream->serial) < 0)
-            goto cleanup;
-        msg = NULL;
-    } else {
-        stream->tx = false;
-        if (rv == 0)
-            stream->recvEOF = true;
+        ret = 0;
+    } else if (ret < 0) {
+        virNetMessagePtr msg;
+        virNetMessageError rerr;

-        msg->cb = daemonStreamMessageFinished;
-        msg->opaque = stream;
-        stream->refs++;
-        if (virNetServerProgramSendStreamData(remoteProgram,
-                                              client,
-                                              msg,
-                                              stream->procedure,
-                                              stream->serial,
-                                              buffer, rv) < 0)
-            goto cleanup;
-        msg = NULL;
+        memset(&rerr, 0, sizeof(rerr));
+
+        if (!(msg = virNetMessageNew(false)))
+            ret = -1;
+        else
+            ret = virNetServerProgramSendStreamError(remoteProgram,
+                                                     client,
+                                                     msg,
+                                                     &rerr,
+                                                     stream->procedure,
+                                                     stream->serial);
+    } else {
+        virNetMessagePtr msg;
+        stream->tx = 0;
+        if (ret == 0)
+            stream->recvEOF = 1;
+        if (!(msg = virNetMessageNew(false)))
+            ret = -1;
+
+        if (msg) {
+            msg->cb = daemonStreamMessageFinished;
+            msg->opaque = stream;
+            stream->refs++;
+            ret = virNetServerProgramSendStreamData(remoteProgram,
+                                                    client,
+                                                    msg,
+                                                    stream->procedure,
+                                                    stream->serial,
+                                                    buffer, ret);
+        }
    }

-    ret = 0;
- cleanup:
    VIR_FREE(buffer);
-    virNetMessageFree(msg);
    return ret;
 }
--- a/daemon/stream.h
+++ b/daemon/stream.h
@@ -26,6 +26,8 @@

 # include "libvirtd.h"

+
+
 daemonClientStream *
 daemonCreateClientStream(virNetServerClientPtr client,
                         virStreamPtr st,
--- a/daemon/test_libvirtd.aug.in
+++ b/daemon/test_libvirtd.aug.in
@@ -35,7 +35,6 @@ module Test_libvirtd =
             { "1" = "joe@EXAMPLE.COM" }
             { "2" = "fred@EXAMPLE.COM" }
        }
-        { "tls_priority" = "NORMAL" }
        { "max_clients" = "5000" }
        { "max_queued_clients" = "1000" }
        { "max_anonymous_clients" = "20" }
@@ -56,7 +55,6 @@ module Test_libvirtd =
        { "audit_level" = "2" }
        { "audit_logging" = "1" }
        { "host_uuid" = "00000000-0000-0000-0000-000000000000" }
-        { "host_uuid_source" = "smbios" }
        { "keepalive_interval" = "5" }
        { "keepalive_count" = "5" }
        { "keepalive_required" = "1" }
--- a/daemon/virt-guest-shutdown.target
+++ b/daemon/virt-guest-shutdown.target
@@ -1,3 +0,0 @@
-[Unit]
-Description=Libvirt guests shutdown
-Documentation=http://libvirt.org
--- a/docs/404.html.in
+++ b/docs/404.html.in
@@ -15,5 +15,10 @@
        locate the content on this site or mailing list archives</li>
    </ul>

+    <p class="image">
+      <img src="/libvirtLogo404.png" alt="libvirt Logo"/>
+    </p>
+
+
  </body>
 </html>
--- a/docs/Makefile.am
+++ b/docs/Makefile.am
@@ -16,6 +16,11 @@
 ## License along with this library.  If not, see
 ## <http://www.gnu.org/licenses/>.

+PERL = perl
+
+# The directory containing the source code (if it contains documentation).
+DOC_SOURCE_DIR=../src
+
 DEVHELP_DIR=$(datadir)/gtk-doc/html/libvirt

 apihtml =					\
@@ -23,7 +28,6 @@ apihtml =					\
  $(apihtml_generated)

 apihtml_generated = \
-  html/libvirt-libvirt-common.html		\
  html/libvirt-libvirt-domain.html		\
  html/libvirt-libvirt-domain-snapshot.html	\
  html/libvirt-libvirt-event.html		\
@@ -64,30 +68,20 @@ devhelpcss = devhelp/style.css

 devhelpxsl = devhelp/devhelp.xsl devhelp/html.xsl

-logofiles = \
-  logos/logo-base.svg \
-  logos/logo-square.svg \
-  logos/logo-square-powered.svg \
-  logos/logo-banner-dark.svg \
-  logos/logo-banner-light.svg \
-  logos/logo-square-96.png \
-  logos/logo-square-128.png \
-  logos/logo-square-192.png \
-  logos/logo-square-256.png \
-  logos/logo-square-powered-96.png \
-  logos/logo-square-powered-128.png \
-  logos/logo-square-powered-192.png \
-  logos/logo-square-powered-256.png \
-  logos/logo-banner-dark-256.png \
-  logos/logo-banner-dark-800.png \
-  logos/logo-banner-light-256.png \
-  logos/logo-banner-light-800.png
-
 png = \
  32favicon.png \
+  footer_corner.png \
+  footer_pattern.png \
+  libvirt-header-bg.png \
+  libvirt-header-logo.png \
+  libvirtLogo.png \
+  libvirt-net-logical.png \
+  libvirt-net-physical.png \
  libvirt-daemon-arch.png \
  libvirt-driver-arch.png \
  libvirt-object-model.png \
+  madeWith.png \
+  et.png \
  migration-managed-direct.png \
  migration-managed-p2p.png \
  migration-native.png \
@@ -103,13 +97,15 @@ internals_html_in = \
  $(patsubst $(srcdir)/%,%,$(wildcard $(srcdir)/internals/*.html.in))
 internals_html = $(internals_html_in:%.html.in=%.html)

-# Since we ship pre-built html in the tarball, we must also
-# ship the sources, even when those sources are themselves
-# generated.
-# Generate hvsupport.html first, since it takes one extra step.
-dot_html_in = \
-  hvsupport.html.in \
-  $(notdir $(wildcard $(srcdir)/*.html.in))
+# todo.html is special - it is shipped in the tarball, but we
+# have a dedicated 'todo' target to rebuild it from a proper
+# config file, all other users are able to build it locally.
+# For all other files, since we ship pre-built html in the
+# tarball, we must also ship the sources, even when those
+# sources are themselves generated.
+dot_html_in = $(notdir $(wildcard $(srcdir)/*.html.in)) \
+  todo.html.in \
+  hvsupport.html.in
 dot_html = $(dot_html_in:%.html.in=%.html)

 dot_php_in = $(notdir $(wildcard $(srcdir)/*.php.in))
@@ -138,10 +134,11 @@ apidir = $(pkgdatadir)/api
 api_DATA = \
       libvirt-api.xml \
       libvirt-qemu-api.xml \
-       libvirt-lxc-api.xml \
-       libvirt-admin-api.xml
+       libvirt-lxc-api.xml

 fig = \
+  libvirt-net-logical.fig \
+  libvirt-net-physical.fig \
  libvirt-daemon-arch.fig \
  libvirt-driver-arch.fig \
  libvirt-object-model.fig \
@@ -156,15 +153,15 @@ schema_DATA = $(wildcard $(srcdir)/schemas/*.rng)

 EXTRA_DIST=					\
  apibuild.py genaclperms.pl \
-  site.xsl subsite.xsl newapi.xsl news.xsl page.xsl \
+  site.xsl newapi.xsl news.xsl page.xsl \
  hacking1.xsl hacking2.xsl wrapstring.xsl \
  $(dot_html) $(dot_html_in) $(gif) $(apihtml) $(apipng) \
  $(devhelphtml) $(devhelppng) $(devhelpcss) $(devhelpxsl) \
-  $(xml) $(qemu_xml) $(lxc_xml) $(admin_xml) $(fig) $(png) $(css) \
-  $(logofiles) $(patches) $(dot_php_in) $(dot_php_code_in) $(dot_php)\
+  $(xml) $(qemu_xml) $(lxc_xml) $(fig) $(png) $(css) \
+  $(patches) $(dot_php_in) $(dot_php_code_in) $(dot_php)\
  $(internals_html_in) $(internals_html) \
-  aclperms.htmlinc \
-  hvsupport.pl \
+  sitemap.html.in aclperms.htmlinc \
+  todo.pl hvsupport.pl todo.cfg-example \
  $(schema_DATA)

 acl_generated = aclperms.htmlinc
@@ -191,6 +188,24 @@ admin_api: $(srcdir)/libvirt-admin-api.xml $(srcdir)/libvirt-admin-refs.xml
 web: $(dot_html) $(internals_html) html/index.html devhelp/index.html \
  $(dot_php)

+todo.html.in: todo.pl
+	if [ -f  todo.cfg ]; then \
+		echo "Generating $@"; \
+		$(PERL) $< > $@ \
+		|| { rm $@ && exit 1; }; \
+	else \
+		echo "Stubbing $@"; \
+		printf "%s\n" \
+		  "<html xmlns=\"http://www.w3.org/1999/xhtml\">" \
+		  "<body>" \
+		  "<h1>Todo list unavailable: no config file</h1>" \
+		  "</body></html>" > $@ ; \
+	fi
+
+todo:
+	rm -f todo.html.in
+	$(MAKE) todo.html
+
 hvsupport.html: $(srcdir)/hvsupport.html.in

 $(srcdir)/hvsupport.html.in: $(srcdir)/hvsupport.pl $(api_DATA) \
@@ -200,11 +215,13 @@ $(srcdir)/hvsupport.html.in: $(srcdir)/hvsupport.pl $(api_DATA) \
 	$(AM_V_GEN)$(PERL) $(srcdir)/hvsupport.pl $(top_srcdir)/src > $@ \
 		|| { rm $@ && exit 1; }

+.PHONY: todo
+
 %.png: %.fig
 	convert -rotate 90 $< $@

 %.html.tmp: %.html.in site.xsl subsite.xsl page.xsl \
-		$(acl_generated)
+		sitemap.html.in $(acl_generated)
 	@if [ -x $(XSLTPROC) ] ; then \
 	  echo "Generating $@"; \
 	  name=`echo $@ | sed -e 's/.tmp//'`; \
@@ -230,7 +247,7 @@ $(srcdir)/hvsupport.html.in: $(srcdir)/hvsupport.pl $(api_DATA) \
 	  || { rm $(srcdir)/$@ && exit 1; }; \
 	  else echo "missing XHTML1 DTD"; cat $< > $(srcdir)/$@ ; fi ; fi

-%.php.tmp: %.php.in site.xsl page.xsl
+%.php.tmp: %.php.in site.xsl page.xsl sitemap.html.in
 	@if [ -x $(XSLTPROC) ] ; then \
 	  echo "Generating $@"; \
 	  $(XSLTPROC) --stringparam pagename $(@:.tmp=) --nonet \
@@ -246,7 +263,7 @@ $(srcdir)/hvsupport.html.in: $(srcdir)/hvsupport.pl $(api_DATA) \

 $(apihtml_generated): html/index.html

-html/index.html: libvirt-api.xml newapi.xsl page.xsl
+html/index.html: libvirt-api.xml newapi.xsl page.xsl sitemap.html.in
 	$(AM_V_GEN)if [ -x $(XSLTPROC) ] ; then \
 	  $(XSLTPROC) --nonet -o $(srcdir)/ \
 	  --stringparam builddir '$(abs_top_builddir)' \
@@ -310,7 +327,7 @@ $(APIBUILD_STAMP): $(srcdir)/apibuild.py \
 		$(top_srcdir)/src/util/virerror.c \
 		$(top_srcdir)/src/util/virevent.c \
 		$(top_srcdir)/src/util/virtypedparam.c
-	$(AM_V_GEN)srcdir=$(srcdir) builddir=$(builddir) $(PYTHON) $(APIBUILD)
+	$(AM_V_GEN)srcdir=$(srcdir) $(PYTHON) $(APIBUILD)
 	touch $@


@@ -321,7 +338,8 @@ clean-local:
 	rm -f *~ *.bak *.hierarchy *.signals *-unused.txt *.html

 maintainer-clean-local: clean-local
-	rm -rf $(srcdir)/libvirt-api.xml $(srcdir)/libvirt-refs.xml
+	rm -rf $(srcdir)/libvirt-api.xml $(srcdir)/libvirt-refs.xml \
+		todo.html.in
 	rm -rf $(srcdir)/libvirt-qemu-api.xml $(srcdir)/libvirt-qemu-refs.xml
 	rm -rf $(srcdir)/libvirt-lxc-api.xml $(srcdir)/libvirt-lxc-refs.xml
 	rm -rf $(srcdir)/libvirt-admin-api.xml $(srcdir)/libvirt-admin-refs.xml
@@ -333,9 +351,6 @@ install-data-local:
 	$(mkinstalldirs) $(DESTDIR)$(HTML_DIR)
 	for f in $(css) $(dot_html) $(gif) $(png); do \
 	  $(INSTALL) -m 0644 $(srcdir)/$$f $(DESTDIR)$(HTML_DIR); done
-	$(mkinstalldirs) $(DESTDIR)$(HTML_DIR)/logos
-	for f in $(logofiles); do \
-	  $(INSTALL) -m 0644 $(srcdir)/$$f $(DESTDIR)$(HTML_DIR)/logos; done
 	$(mkinstalldirs) $(DESTDIR)$(HTML_DIR)/html
 	for h in $(apihtml); do \
 	  $(INSTALL) -m 0644 $(srcdir)/$$h $(DESTDIR)$(HTML_DIR)/html; done
@@ -348,19 +363,11 @@ install-data-local:
 	for file in $(devhelphtml) $(devhelppng) $(devhelpcss); do \
 	    $(INSTALL) -m 0644 $(srcdir)/$${file} $(DESTDIR)$(DEVHELP_DIR) ; \
 	done
+	$(INSTALL_DATA) $(srcdir)/libvirtLogo.png $(DESTDIR)$(pkgdatadir)

 uninstall-local:
-	for f in $(css) $(dot_html) $(gif) $(png); do \
-	  rm -f $(DESTDIR)$(HTML_DIR)/$$f; \
-	done
-	for f in $(logofiles); do \
-	  rm -f $(DESTDIR)$(HTML_DIR)/$$f; \
-	done
 	for h in $(apihtml); do rm -f $(DESTDIR)$(HTML_DIR)/$$h; done
 	for p in $(apipng); do rm -f $(DESTDIR)$(HTML_DIR)/$$p; done
-	for f in $(internals_html); do \
-	  rm -f $(DESTDIR)$(HTML_DIR)/$$f; \
-	done
 	for f in $(devhelphtml) $(devhelppng) $(devhelpcss); do \
 	  rm -f $(DESTDIR)$(DEVHELP_DIR)/$$(basename $$f); \
 	done
--- a/docs/aclpolkit.html.in
+++ b/docs/aclpolkit.html.in
@@ -224,10 +224,6 @@
          <td>secret_usage_target</td>
          <td>Name of the associated iSCSI target, if any</td>
        </tr>
-        <tr>
-          <td>secret_usage_name</td>
-          <td>Name of the associated TLS secret, if any</td>
-        </tr>
      </tbody>
    </table>

@@ -334,9 +330,9 @@
    </p>

    <pre>
-polkit.addRule(function(action, subject) {
-  ....logic to check 'action' and 'subject'...
-});
+      polkit.addRule(function(action, subject) {
+        ....logic to check 'action' and 'subject'...
+      });
    </pre>

    <p>
--- a/docs/apibuild.py
+++ b/docs/apibuild.py
@@ -21,7 +21,6 @@ debugsym=None
 # C parser analysis code
 #
 included_files = {
-  "libvirt-common.h": "header with general libvirt API definitions",
  "libvirt-domain.h": "header with general libvirt API definitions",
  "libvirt-domain-snapshot.h": "header with general libvirt API definitions",
  "libvirt-event.h": "header with general libvirt API definitions",
@@ -112,12 +111,6 @@ ignored_macros = {
  "_virMemoryParameter": "backward compatibility macro for virTypedParameter",
 }

-# macros that should be completely skipped
-hidden_macros = {
-  "VIR_DEPRECATED": "internal macro to mark deprecated apis",
-  "VIR_EXPORT_VAR": "internal macro to mark exported vars",
-}
-
 def escape(raw):
    raw = string.replace(raw, '&', '&amp;')
    raw = string.replace(raw, '<', '&lt;')
@@ -240,11 +233,6 @@ class index:
        self.references = {}
        self.info = {}

-    def warning(self, msg):
-        global warnings
-        warnings = warnings + 1
-        print msg
-
    def add_ref(self, name, header, module, static, type, lineno, info=None, extra=None, conditionals = None):
        if name[0:2] == '__':
            return None
@@ -1046,11 +1034,6 @@ class CParser:
                    name = string.split(name, '(') [0]
                except:
                    pass
-
-                # skip hidden macros
-                if name in hidden_macros:
-                    return token
-
                strValue = None
                if len(lst) == 1 and lst[0][0] == '"' and lst[0][-1] == '"':
                    strValue = lst[0][1:-1]
@@ -1398,8 +1381,7 @@ class CParser:
                    token = self.token()
                    while token[0] != "sep" or (token[1] != ',' and
                          token[1] != '}'):
-                        # We might be dealing with '1U << 12' here
-                        value = value + re.sub("^(\d+)U$","\\1", token[1])
+                        value = value + token[1]
                        token = self.token()
                else:
                    try:
@@ -2267,7 +2249,6 @@ class docBuilder:
        if name == debugsym and not quiet:
            print "=>", id

-        # NB: this is consumed by a regex in 'getAPIFilenames' in hvsupport.pl
        output.write("    <%s name='%s' file='%s' module='%s'>\n" % (id.type,
                     name, self.modulename_file(id.header),
                     self.modulename_file(id.module)))
@@ -2586,64 +2567,52 @@ class docBuilder:
        output.close()


-class app:
-    def warning(self, msg):
-        global warnings
-        warnings = warnings + 1
-        print msg
-
-    def rebuild(self, name):
-        if name not in ["libvirt", "libvirt-qemu", "libvirt-lxc", "libvirt-admin"]:
-            self.warning("rebuild() failed, unknown module %s" % name)
-            return None
-        builder = None
-        srcdir = os.path.abspath((os.environ["srcdir"]))
-        builddir = os.path.abspath((os.environ["builddir"]))
-        if srcdir == builddir:
-            builddir = None
-        if glob.glob(srcdir + "/../src/libvirt.c") != [] :
-            if not quiet:
-                print "Rebuilding API description for %s" % name
-            dirs = [srcdir + "/../src",
-                    srcdir + "/../src/util",
-                    srcdir + "/../include/libvirt"]
-            if (builddir and
-                not os.path.exists(srcdir + "/../include/libvirt/libvirt-common.h")):
-                dirs.append(builddir + "/../include/libvirt")
-            builder = docBuilder(name, srcdir, dirs, [])
-        elif glob.glob("src/libvirt.c") != [] :
-            if not quiet:
-                print "Rebuilding API description for %s" % name
-            builder = docBuilder(name, srcdir,
-                                 ["src", "src/util", "include/libvirt"],
-                                 [])
-        else:
-            self.warning("rebuild() failed, unable to guess the module")
-            return None
-        builder.scan()
-        builder.analyze()
-        builder.serialize()
-        return builder
-
-    #
-    # for debugging the parser
-    #
-    def parse(self, filename):
-        parser = CParser(filename)
-        idx = parser.parse()
-        return idx
+def rebuild(name):
+    if name not in ["libvirt", "libvirt-qemu", "libvirt-lxc", "libvirt-admin"]:
+        self.warning("rebuild() failed, unknown module %s") % name
+        return None
+    builder = None
+    srcdir = os.environ["srcdir"]
+    if glob.glob(srcdir + "/../src/libvirt.c") != [] :
+        if not quiet:
+            print "Rebuilding API description for %s" % name
+        dirs = [srcdir + "/../src",
+                srcdir + "/../src/util",
+                srcdir + "/../include/libvirt"]
+        if glob.glob(srcdir + "/../include/libvirt/libvirt.h") == [] :
+            dirs.append("../include/libvirt")
+        builder = docBuilder(name, srcdir, dirs, [])
+    elif glob.glob("src/libvirt.c") != [] :
+        if not quiet:
+            print "Rebuilding API description for %s" % name
+        builder = docBuilder(name, srcdir,
+                             ["src", "src/util", "include/libvirt"],
+                             [])
+    else:
+        self.warning("rebuild() failed, unable to guess the module")
+        return None
+    builder.scan()
+    builder.analyze()
+    builder.serialize()
+    return builder

+#
+# for debugging the parser
+#
+def parse(filename):
+    parser = CParser(filename)
+    idx = parser.parse()
+    return idx

 if __name__ == "__main__":
-    app = app()
    if len(sys.argv) > 1:
        debug = 1
-        app.parse(sys.argv[1])
+        parse(sys.argv[1])
    else:
-        app.rebuild("libvirt")
-        app.rebuild("libvirt-qemu")
-        app.rebuild("libvirt-lxc")
-        app.rebuild("libvirt-admin")
+        rebuild("libvirt")
+        rebuild("libvirt-qemu")
+        rebuild("libvirt-lxc")
+        rebuild("libvirt-admin")
    if warnings > 0:
        sys.exit(2)
    else:
--- a/docs/apps.html.in
+++ b/docs/apps.html.in
@@ -2,7 +2,7 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
  <body>
-    <h1>Applications using libvirt</h1>
+    <h1>Applications using <strong>libvirt</strong></h1>

    <p>
      This page provides an illustration of the wide variety of
@@ -19,15 +19,12 @@
      be added here, or simply send a patch against the documentation
      in the libvirt.git docs subdirectory.
      If your application uses libvirt as its API,
-      the following graphics are available for your website to advertise
+      the following graphic is available for your website to advertise
      support for libvirt:
    </p>

    <p class="image">
-      <img src="logos/logo-square-powered-96.png" alt="libvirt powered"/>
-      <img src="logos/logo-square-powered-128.png" alt="libvirt powered"/>
-      <img src="logos/logo-square-powered-192.png" alt="libvirt powered"/>
-      <img src="logos/logo-square-powered-256.png" alt="libvirt powered"/>
+      <img src="madeWith.png" alt="Made with libvirt"/>
    </p>

    <h2><a name="clientserver">Client/Server applications</a></h2>
@@ -211,17 +208,6 @@
        to remote consoles supporting the VNC protocol. Also provides
        an optional mozilla browser plugin.
      </dd>
-      <dt><a href="http://f1ash.github.io/qt-virt-manager">qt-virt-manager</a></dt>
-      <dd>
-        The Qt GUI for create and control VMs and another virtual entities
-        (aka networks, storages, interfaces, secrets, network filters).
-        Contains integrated LXC/SPICE/VNC viewer for accessing the graphical or
-        text console associated with a virtual machine or container.
-      </dd>
-      <dt><a href="http://f1ash.github.io/qt-virt-manager/#virtual-machines-viewer">qt-remote-viewer</a></dt>
-      <dd>
-        The Qt VNC/SPICE viewer for access to remote desktops or VMs.
-      </dd>
    </dl>

    <h2><a name="iaas">Infrastructure as a Service (IaaS)</a></h2>
@@ -365,14 +351,6 @@
        your Xen or QEMU/KVM guests, or to integrate with your existing Nagios
        installation.
      </dd>
-      <dt><a href="http://www.pcp.io/man/man1/pmdalibvirt.1.html" shape="rect">PCP</a></dt>
-      <dd>
-        The PCP libvirt PMDA (plugin) is part of the
-        <a href="http://pcp.io/" shape="rect">PCP</a> toolkit and provides
-        hypervisor and guest information and complete set of guest performance
-        metrics. It supports pCPU, vCPU, memory, block device, network interface,
-        and performance event metrics for each virtual guest.
-      </dd>
      <dt><a href="http://community.zenoss.org/docs/DOC-4687">Zenoss</a></dt>
      <dd>
        The Zenoss libvirt Zenpack adds support for monitoring virtualization
@@ -426,14 +404,6 @@
        infrastructure. You can deploy a new service just dragging and
        dropping a VM.
      </dd>
-      <dt><a href="https://kimchi-project.github.io/kimchi/">Kimchi</a></dt>
-      <dd>
-        Kimchi is an HTML5 based management tool for KVM. It is designed to
-        make it as easy as possible to get started with KVM and create your first guest.
-
-        Kimchi manages KVM guests through libvirt. The management interface is accessed
-        over the web using a browser that supports HTML5.
-      </dd>
      <dt><a href="http://ovirt.org/">oVirt</a></dt>
      <dd>
        oVirt provides the ability to manage large numbers of virtual
--- a/docs/archdomain.html.in
+++ b/docs/archdomain.html.in
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+    <h1>Domain management architecture</h1>
+  </body>
+</html>
--- a/docs/archnetwork.html.in
+++ b/docs/archnetwork.html.in
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+    <h1>Network management architecture</h1>
+
+    <ul id="toc"></ul>
+
+    <h2><a name="architecture">Architecture illustration</a></h2>
+
+    <p>
+      The diagrams below illustrate some of the network configurations
+      enabled by the libvirt networking APIs
+    </p>
+
+    <ul>
+      <li><strong>VLAN 1</strong>. This virtual network has connectivity
+        to <code>LAN 2</code> with traffic forwarded and NATed.
+      </li>
+      <li><strong>VLAN 2</strong>. This virtual network is completely
+        isolated from any physical LAN.
+      </li>
+      <li><strong>Guest A</strong>. The first network interface is bridged
+        to the physical <code>LAN 1</code>. The second interface is connected
+        to a virtual network <code>VLAN 1</code>.
+      </li>
+      <li><strong>Guest B</strong>. The first network interface is connected
+        to a virtual network <code>VLAN 1</code>, giving it limited NAT
+        based connectivity to LAN2. It has a second network interface
+        connected to <code>VLAN 2</code>. It acts a router allowing limited
+        traffic between the two VLANs, thus giving <code>Guest C</code>
+        connectivity to the physical <code>LAN 2</code>.
+        </li>
+      <li><strong>Guest C</strong>. The only network interface is connected
+        to a virtual network <code>VLAN 2</code>. It has no direct connectivity
+        to a physical LAN, relying on <code>Guest B</code> to route traffic
+        on its behalf.
+      </li>
+    </ul>
+
+    <h3><a name="logical">Logical diagram</a></h3>
+
+    <p class="image">
+      <img src="libvirt-net-logical.png" alt="Logical network architecture"/>
+    </p>
+
+    <h3><a name="physical">Physical diagram</a></h3>
+
+    <p class="image">
+      <img src="libvirt-net-physical.png" alt="Physical network architecture"/>
+    </p>
+
+  </body>
+</html>
--- a/docs/archnode.html.in
+++ b/docs/archnode.html.in
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+    <h1>Node device management architecture</h1>
+  </body>
+</html>
--- a/docs/archstorage.html.in
+++ b/docs/archstorage.html.in
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+    <h1>Storage management architecture</h1>
+
+    <p>
+      The storage management APIs are based around 2 core concepts
+    </p>
+    <ol>
+      <li>
+        <strong>Volume</strong> - a single storage volume which can
+        be assigned to a guest, or used for creating further pools. A
+        volume is either a block device, a raw file, or a special format
+        file.
+      </li>
+      <li>
+        <strong>Pool</strong> - provides a means for taking a chunk
+        of storage and carving it up into volumes. A pool can be used to
+        manage things such as a physical disk, a NFS server, a iSCSI target,
+        a host adapter, an LVM group.
+      </li>
+    </ol>
+
+    <p>
+      These two concepts are mapped through to two libvirt objects, a
+      <code>virStorageVolPtr</code> and a <code>virStoragePoolPtr</code>,
+      each with a collection of APIs for their management.
+    </p>
+
+  </body>
+</html>
--- a/docs/auditlog.html.in
+++ b/docs/auditlog.html.in
@@ -57,13 +57,13 @@
    </p>

    <dl>
-      <dt><code>pid</code></dt>
+      <dt>pid</dt>
      <dd>Process ID of the libvirtd daemon generating the audit record.</dd>
-      <dt><code>uid</code></dt>
+      <dt>uid</dt>
      <dd>User ID of the libvirtd daemon process generating the audit record.</dd>
-      <dt><code>subj</code></dt>
+      <dt>subj</dt>
      <dd>Security context of the libvirtd daemon process generating the audit record.</dd>
-      <dt><code>msg</code></dt>
+      <dt>msg</dt>
      <dd>String containing a list of key=value pairs specific to the type of audit record being reported.</dd>
    </dl>

@@ -72,21 +72,21 @@
    </p>

    <dl>
-      <dt><code>virt</code></dt>
+      <dt>virt</dt>
      <dd>Type of virtualization driver used. One of <code>qemu</code> or <code>lxc</code></dd>
-      <dt><code>vm</code></dt>
+      <dt>vm</dt>
      <dd>Host driver unique name of the guest</dd>
-      <dt><code>uuid</code></dt>
+      <dt>uuid</dt>
      <dd>Globally unique identifier for the guest</dd>
-      <dt><code>exe</code></dt>
+      <dt>exe</dt>
      <dd>Path of the libvirtd daemon</dd>
-      <dt><code>hostname</code></dt>
+      <dt>hostname</dt>
      <dd>Currently unused</dd>
-      <dt><code>addr</code></dt>
+      <dt>addr</dt>
      <dd>Currently unused</dd>
-      <dt><code>terminal</code></dt>
+      <dt>terminal</dt>
      <dd>Currently unused</dd>
-      <dt><code>res</code></dt>
+      <dt>res</dt>
      <dd>Result of the action, either <code>success</code> or <code>failed</code></dd>
    </dl>

@@ -98,15 +98,15 @@
    </p>

    <dl>
-      <dt><code>op</code></dt>
+      <dt>op</dt>
      <dd>Type of operation performed. One of <code>start</code>, <code>stop</code> or <code>init</code></dd>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the operation to happen</dd>
-      <dt><code>vm-pid</code></dt>
+      <dt>vm-pid</dt>
      <dd>ID of the primary/leading process associated with the guest</dd>
-      <dt><code>init-pid</code></dt>
+      <dt>init-pid</dt>
      <dd>ID of the <code>init</code> process in a container. Only if <code>op=init</code> and <code>virt=lxc</code></dd>
-      <dt><code>pid-ns</code></dt>
+      <dt>pid-ns</dt>
      <dd>Namespace ID of the <code>init</code> process in a container. Only if <code>op=init</code> and <code>virt=lxc</code></dd>
    </dl>

@@ -118,11 +118,11 @@
    </p>

    <dl>
-      <dt><code>model</code></dt>
+      <dt>model</dt>
      <dd>The security driver type. One of <code>selinux</code> or <code>apparmor</code></dd>
-      <dt><code>vm-ctx</code></dt>
+      <dt>vm-ctx</dt>
      <dd>Security context for the guest process</dd>
-      <dt><code>img-ctx</code></dt>
+      <dt>img-ctx</dt>
      <dd>Security context for the guest disk images and other assigned host resources</dd>
    </dl>

@@ -144,13 +144,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>vcpu</code></dd>
-      <dt><code>old-vcpu</code></dt>
+      <dt>old-vcpu</dt>
      <dd>Original vCPU count, or 0</dd>
-      <dt><code>new-vcpu</code></dt>
+      <dt>new-vcpu</dt>
      <dd>Updated vCPU count</dd>
    </dl>

@@ -162,13 +162,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>mem</code></dd>
-      <dt><code>old-mem</code></dt>
+      <dt>old-mem</dt>
      <dd>Original memory size in bytes, or 0</dd>
-      <dt><code>new-mem</code></dt>
+      <dt>new-mem</dt>
      <dd>Updated memory size in bytes</dd>
    </dl>

@@ -178,13 +178,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>disk</code></dd>
-      <dt><code>old-disk</code></dt>
+      <dt>old-disk</dt>
      <dd>Original host file or device path acting as the disk backing file</dd>
-      <dt><code>new-disk</code></dt>
+      <dt>new-disk</dt>
      <dd>Updated host file or device path acting as the disk backing file</dd>
    </dl>

@@ -195,13 +195,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>net</code></dd>
-      <dt><code>old-net</code></dt>
+      <dt>old-net</dt>
      <dd>Original MAC address of the guest network interface</dd>
-      <dt><code>new-net</code></dt>
+      <dt>new-net</dt>
      <dd>Updated MAC address of the guest network interface</dd>
    </dl>

@@ -211,13 +211,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>net</code></dd>
-      <dt><code>net</code></dt>
+      <dt>net</dt>
      <dd>MAC address of the host network interface</dd>
-      <dt><code>rdev</code></dt>
+      <dt>rdev</dt>
      <dd>Name of the host network interface</dd>
    </dl>

@@ -227,13 +227,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>fs</code></dd>
-      <dt><code>old-fs</code></dt>
+      <dt>old-fs</dt>
      <dd>Original host directory, file or device path backing the filesystem </dd>
-      <dt><code>new-fs</code></dt>
+      <dt>new-fs</dt>
      <dd>Updated host directory, file or device path backing the filesystem</dd>
    </dl>

@@ -243,15 +243,15 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>hostdev</code> or <code>dev</code></dd>
-      <dt><code>dev</code></dt>
+      <dt>dev</dt>
      <dd>The unique bus identifier of the USB, PCI or SCSI device, if <code>resrc=dev</code></dd>
-      <dt><code>disk</code></dt>
+      <dt>disk</dt>
      <dd>The path of the block device assigned to the guest, if <code>resrc=hostdev</code></dd>
-      <dt><code>chardev</code></dt>
+      <dt>chardev</dt>
      <dd>The path of the character device assigned to the guest, if <code>resrc=hostdev</code></dd>
    </dl>

@@ -261,11 +261,11 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>tpm</code></dd>
-      <dt><code>device</code></dt>
+      <dt>device</dt>
      <dd>The path of the host TPM device assigned to the guest</dd>
    </dl>

@@ -275,13 +275,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>rng</code></dd>
-      <dt><code>old-rng</code></dt>
+      <dt>old-rng</dt>
      <dd>Original path of the host entropy source for the RNG</dd>
-      <dt><code>new-rng</code></dt>
+      <dt>new-rng</dt>
      <dd>Updated path of the host entropy source for the RNG</dd>
    </dl>

@@ -291,13 +291,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>chardev</code></dd>
-      <dt><code>old-chardev</code></dt>
+      <dt>old-chardev</dt>
      <dd>Original path of the backing character device for given emulated device</dd>
-      <dt><code>new-chardev</code></dt>
+      <dt>new-chardev</dt>
      <dd>Updated path of the backing character device for given emulated device</dd>
    </dl>

@@ -307,15 +307,15 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>smartcard</code></dd>
-      <dt><code>old-smartcard</code></dt>
+      <dt>old-smartcard</dt>
      <dd>Original path of the backing character device, certificate store or
          "nss-smartcard-device" for host smartcard passthrough.
      </dd>
-      <dt><code>new-smartcard</code></dt>
+      <dt>new-smartcard</dt>
      <dd>Updated path of the backing character device, certificate store or
          "nss-smartcard-device" for host smartcard passthrough.
      </dd>
@@ -327,13 +327,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>redir</code></dd>
-      <dt><code>bus</code></dt>
+      <dt>bus</dt>
      <dd>The bus type, only <code>usb</code> allowed</dd>
-      <dt><code>device</code></dt>
+      <dt>device</dt>
      <dd>The device type, only <code>USB redir</code> allowed</dd>
    </dl>

@@ -344,32 +344,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>cgroup</code></dd>
-      <dt><code>cgroup</code></dt>
+      <dt>cgroup</dt>
      <dd>The name of the cgroup controller</dd>
    </dl>

-
-    <h4><a name="typeresourceshmem">Shared memory</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>shmem</code></dd>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>size</code></dt>
-      <dd>The size of the shared memory region</dd>
-      <dt><code>shmem</code></dt>
-      <dd>Name of the shared memory region</dd>
-      <dt><code>source</code></dt>
-      <dd>Path of the backing character device for given emulated device</dd>
-    </dl>
-
  </body>
 </html>
--- a/docs/auth.html.in
+++ b/docs/auth.html.in
@@ -76,11 +76,7 @@ password=letmein

 [credentials-dev]
 username=joe
-password=hello
-
-[credentials-defgrp]
-username=defuser
-password=defpw</pre>
+password=hello</pre>

    <p>
      The second set of groups provide mappings of credentials to
@@ -94,8 +90,7 @@ credentials=$CREDENTIALS</pre>

    <p>
      For example, following the previous example, here is how to
-      map some machines. For convenience libvirt supports a default
-      mapping of credentials to machines:
+      list some machines
    </p>

    <pre>
@@ -111,15 +106,8 @@ credentials=test
 [auth-libvirt-prod1.example.com]
 credentials=prod

-[auth-libvirt-default]
-credentials=defgrp
-
 [auth-esx-dev1.example.com]
-credentials=dev
-
-[auth-esx-default]
-credentials=defgrp</pre>
-
+credentials=dev</pre>

    <p>
      The following service types are known to libvirt
--- a/docs/bindings.html.in
+++ b/docs/bindings.html.in
@@ -14,10 +14,6 @@
        <strong>C#</strong>: Arnaud Champion develops
        <a href="csharp.html">C# bindings</a>.
      </li>
-     <li>
-        <strong>Go</strong>: Kyle Kelley et al. are developing
-        <a href="https://github.com/rgbkrk/libvirt-go">Go bindings</a>.
-      </li>
      <li>
        <strong>Java</strong>: Daniel Veillard develops
        <a href="java.html">Java bindings</a>.
--- a/docs/cgroups.html.in
+++ b/docs/cgroups.html.in
@@ -221,11 +221,11 @@ $ROOT
    </p>

    <pre>
-...
-&lt;resource&gt;
-  &lt;partition&gt;/machine/production&lt;/partition&gt;
-&lt;/resource&gt;
-...
+  ...
+  &lt;resource&gt;
+    &lt;partition&gt;/machine/production&lt;/partition&gt;
+  &lt;/resource&gt;
+  ...
    </pre>

    <p>
--- a/docs/compiling.html.in
+++ b/docs/compiling.html.in
@@ -13,9 +13,9 @@
    </p>

    <pre>
-$ xz -c libvirt-x.x.x.tar.xz | tar xvf -
-$ cd libvirt-x.x.x
-$ ./configure</pre>
+      $ gunzip -c libvirt-x.x.x.tar.gz | tar xvf -
+      $ cd libvirt-x.x.x
+      $ ./configure</pre>

    <p>
      The <i>configure</i> script can be given options to change its default
@@ -28,7 +28,7 @@ $ ./configure</pre>
    </p>

    <pre>
-$ ./configure <i>--help</i></pre>
+      $ ./configure <i>--help</i></pre>

    <p>
      When you have determined which options you want to use (if any),
@@ -49,9 +49,9 @@ $ ./configure <i>--help</i></pre>
    </p>

    <pre>
-$ ./configure <i>[possible options]</i>
-$ make
-$ <b>sudo</b> <i>make install</i></pre>
+      $ ./configure <i>[possible options]</i>
+      $ make
+      $ <b>sudo</b> <i>make install</i></pre>

    <p>
      At this point you <b>may</b> have to run ldconfig or a similar utility
@@ -91,7 +91,7 @@ $ <b>sudo</b> <i>make install</i></pre>
      drive or manual download, and run this any time libvirt.git
      updates the commit stored in the .gnulib submodule:</p>
    <pre>
-$ GNULIB_SRCDIR=/path/to/gnulib ./autogen.sh --no-git
+      $ GNULIB_SRCDIR=/path/to/gnulib ./autogen.sh --no-git
    </pre>

    <p>To build &amp; install libvirt to your home
@@ -99,9 +99,9 @@ $ GNULIB_SRCDIR=/path/to/gnulib ./autogen.sh --no-git
    </p>

    <pre>
-$ ./autogen.sh --prefix=$HOME/usr
-$ make
-$ <b>sudo</b> make install</pre>
+      $ ./autogen.sh --prefix=$HOME/usr
+      $ make
+      $ <b>sudo</b> make install</pre>

    <p>
      Be aware though, that binaries built with a custom prefix will not
@@ -111,8 +111,8 @@ $ <b>sudo</b> make install</pre>
    </p>

    <pre>
-$ ./autogen.sh --system
-$ make
+      $ ./autogen.sh --system
+      $ make
    </pre>

    <p>
@@ -123,9 +123,9 @@ $ make
    </p>

    <pre>
-$ su -
-# service libvirtd stop  (or systemctl stop libvirtd.service)
-# /home/to/your/checkout/daemon/libvirtd
+      $ su -
+      # service libvirtd stop  (or systemctl stop libvirtd.service)
+      # /home/to/your/checkout/daemon/libvirtd
    </pre>

    <p>
@@ -134,7 +134,7 @@ $ su -
    </p>

    <pre>
-$ ./run ./tools/virsh ....
+      $ ./run ./tools/virsh ....
    </pre>
  </body>
 </html>
--- a/docs/contact.html.in
+++ b/docs/contact.html.in
@@ -2,7 +2,7 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
  <body>
-    <h1>Contacting the project contributors</h1>
+    <h1>Contacting the development team</h1>

    <ul id="toc"></ul>

@@ -24,7 +24,7 @@
      There are three mailing-lists:
    </p>

-    <dl class="mail">
+    <dl>
      <dt><a href="https://www.redhat.com/mailman/listinfo/libvir-list">libvir-list@redhat.com</a> (for development)</dt>
      <dd>
        Archives at <a href="https://www.redhat.com/archives/libvir-list">https://www.redhat.com/archives/libvir-list</a>
--- a/docs/contribute.html.in
+++ b/docs/contribute.html.in
@@ -1,140 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Contributing to libvirt</h1>
-
-    <p>
-      This page provides guidance on how to contribute to the
-      libvirt project
-    </p>
-
-    <ul id="toc"></ul>
-
-    <h2><a name="skills">Contributions required</a></h2>
-
-    <p>
-      The libvirt project is always looking for new contributors to
-      participate in ongoing activities. While code development is a
-      major part of the project, assistance is needed in many other
-      areas including documentation writing, bug triage, testing,
-      application integration, website / wiki content management,
-      translation, branding, social media and more. The only
-      requirement is an interest in virtualization and desire to
-      help.
-    </p>
-
-    <p>
-      The following is a non-exhaustive list of areas in which
-      people can contribute to libvirt. If you have ideas for
-      other contributions feel free to follow them.
-    </p>
-
-    <ul>
-      <li><strong>Software development</strong>. The core library / daemon (and
-        thus the bulk of coding) is written in C, but there are
-        language bindings written in Python, Perl, Java, Ruby,
-        Php, OCaml and Go. There are also higher level wrappers
-        mapping libvirt into other object frameworks, such GLib,
-        CIM and SNMP</li>
-      <li><strong>Translation</strong>. All the libvirt modules aim to support
-        translations where appropriate. All translation is
-        handling outside of the normal libvirt review process,
-        using the <a href="http://fedora.zanata.org">Fedora
-        instance</a> of the Zanata tool. Thus people wishing
-        to contribute to translation should join the Fedora
-        translation team</li>
-      <li><strong>Documentation</strong>. There are docbook guides on various
-        aspects of libvirt, particularly application development
-        guides for the C library and Python, and a virsh command
-        reference. There is thus scope for work by people who are
-        familiar with using or developing against libvirt, to
-        write further content for these guides. There is also a
-        need for people to review existing content for copy editing
-        and identifying gaps in the docs</li>
-      <li><strong>Website / wiki curation</strong>. The bulk of the website is
-        maintained in the primary GIT repository, while the wiki
-        site uses mediawiki. In both cases there is a need for
-        people to both write new content and curate existing
-        content to identify outdated information, improve its
-        organization and target gaps.</li>
-      <li><strong>Testing</strong>. There are a number of tests suites that can run
-        automated tests against libvirt. The coverage of the tests
-        is never complete, so there is a need for people to create
-        new test suites and / or provide environments to actually
-        run the tests in a variety of deployment scenarios.</li>
-      <li><strong>Code analysis</strong>. The libvirt project has access to the coverity
-        tool to run static analysis against the codebase, however,
-        there are other types of code analysis that can be useful.
-        In particular fuzzing of the inputs can be very effective
-        at identifying problematic edge cases.</li>
-      <li><strong>Security handling</strong>. Downstream (operating system) vendors
-        who distribute libvirt may wish to propose a person to
-        be part of the security handling team, to get early access
-        to information about forthcoming vulnerability fixes.</li>
-      <li><strong>Evangalism</strong>. Work done by the project is of no benefit
-        unless the (potential) user community knows that it
-        exists. Thus it is critically important to the health
-        and future growth of the project, that there are a people
-        who evangalise the work created by the project. This can
-        take many forms, writing blog posts (about usage of features,
-        personal user experiances, areas for future work, and more),
-        syndicating docs and blogs via social media, giving user
-        group and/or conference talks about libvirt.</li>
-      <li><strong>User assistance</strong>. Since documentation
-        is never perfect, there are inevitably cases where users
-        will struggle to attain a deployment goal they have, or
-        run into trouble with managing an existing deployment.
-        While some users may be able to contact a software vendor
-        to obtain support, it is common to rely on community help
-        forums such as <a href="contact.html#email">libvirt users
-          mailing list</a>, or sites such as
-        <a href="http://stackoverflow.com/questions/tagged/libvirt">stackoverflow.</a>
-        People who are familiar with libvirt and have ability &amp;
-        desire to help other users are encouraged to participate in
-        these help forums.</li>
-    </ul>
-
-    <h2><a name="comms">Communication</a></h2>
-
-    <p>
-      For full details on contacting other project contributors
-      read the <a href="contact.html">contact</a> page. There
-      are two main channels that libvirt uses for communication
-      between contributors:
-    </p>
-
-    <h3><a name="email">Mailing lists</a></h3>
-
-    <p>
-      The project has a number of
-      <a href="contact.html#email">mailing lists</a> for
-      general communication between contributors.
-      In general any design discussions and review
-      of contributions will take place on the mailing
-      lists, so it is important for all contributors
-      to follow the traffic.
-    </p>
-
-    <h3><a name="irc">Instant messaging / chat</a></h3>
-
-    <p>
-      Contributors to libvirt are encouraged to join the
-      <a href="contact.html#irc">IRC channel</a> used by
-      the project, where they can have live conversations
-      with others members.
-    </p>
-
-    <h2><a name="outreach">Student / outreach coding programs</a></h2>
-
-    <p>
-      Since 2016, the libvirt project directly participates as an
-      organization in the <a href="http://wiki.libvirt.org/page/Google_Summer_of_Code_Ideas">Google Summer of Code program</a>. Prior to
-      this the project had a number of students in the program
-      via a joint application with the QEMU project. People are
-      encouraged to look at both the libvirt and QEMU programs
-      to identify potentially interesting projects to work on.
-    </p>
-
-  </body>
-</html>
--- a/docs/deployment.html.in
+++ b/docs/deployment.html.in
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+    <h1>Deployment</h1>
+
+    <ul id="toc"></ul>
+
+    <h2><a name="packages">Pre-packaged releases</a></h2>
+
+    <p>
+      The libvirt API is now available in all major Linux distributions,
+      so the simplest deployment approach is to use your distributions'
+      package management software to install the <code>libvirt</code>
+      module.
+    </p>
+
+    <h2><a name="tarball">Self-built releases</a></h2>
+
+    <p>
+      libvirt uses GNU autotools for its build system, so deployment
+      follows the usual process of <code>configure; make ; make install</code>
+    </p>
+
+    <pre>
+
+      # ./configure --prefix=$HOME/usr
+      # make
+      # make install
+    </pre>
+
+    <h2><a name="git">Built from GIT</a></h2>
+
+    <p>
+      When building from GIT it is necessary to generate the autotools
+      support files. This requires having <code>autoconf</code>,
+      <code>automake</code>, <code>libtool</code> and <code>intltool</code>
+      installed. The process can be automated with the <code>autogen.sh</code>
+      script.
+    </p>
+
+    <pre>
+
+      # ./autogen.sh --prefix=$HOME/usr
+      # make
+      # make install
+    </pre>
+
+  </body>
+</html>
--- a/docs/devguide.html.in
+++ b/docs/devguide.html.in
@@ -28,14 +28,14 @@
    </p>

    <pre>
-# C language
-$ git clone <a href="http://libvirt.org/git/?p=libvirt-appdev-guide.git">git://libvirt.org/libvirt-appdev-guide.git</a>
+      # C language
+      $ git clone <a href="http://libvirt.org/git/?p=libvirt-appdev-guide.git">git://libvirt.org/libvirt-appdev-guide.git</a>

-# Python language
-$ git clone <a href="http://libvirt.org/git/?p=libvirt-appdev-guide-python.git">git://libvirt.org/libvirt-appdev-guide-python.git</a>
+      # Python language
+      $ git clone <a href="http://libvirt.org/git/?p=libvirt-appdev-guide-python.git">git://libvirt.org/libvirt-appdev-guide-python.git</a>

-# Publican Style/Theme
-$ git clone <a href="http://libvirt.org/git/?p=libvirt-publican.git">git://libvirt.org/libvirt-publican.git</a>
+      # Publican Style/Theme
+      $ git clone <a href="http://libvirt.org/git/?p=libvirt-publican.git">git://libvirt.org/libvirt-publican.git</a>
    </pre>

  </body>
--- a/docs/docs.html.in
+++ b/docs/docs.html.in
@@ -1,166 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
-  <body class="docs">
-    <div class="panel">
-      <h2>Deployment / operation</h2>
-
-      <dl>
-        <dt><a href="apps.html">Applications</a></dt>
-        <dd>Applications known to use libvirt</dd>
-
-        <dt><a href="windows.html">Windows</a></dt>
-        <dd>Downloads for Windows</dd>
-
-        <dt><a href="migration.html">Migration</a></dt>
-        <dd>Migrating guests between machines</dd>
-
-        <dt><a href="remote.html">Remote access</a></dt>
-        <dd>Enable remote access over TCP</dd>
-
-        <dt><a href="auth.html">Authentication</a></dt>
-        <dd>Configure authentication for the libvirt daemon</dd>
-
-        <dt><a href="acl.html">Access control</a></dt>
-        <dd>Configure access control libvirt APIs with <a href="aclpolkit.html">polkit</a></dd>
-
-        <dt><a href="logging.html">Logging</a></dt>
-        <dd>The library and the daemon logging support</dd>
-
-        <dt><a href="auditlog.html">Audit log</a></dt>
-        <dd>Audit trail logs for host operations</dd>
-
-        <dt><a href="firewall.html">Firewall</a></dt>
-        <dd>Firewall and network filter configuration</dd>
-
-        <dt><a href="hooks.html">Hooks</a></dt>
-        <dd>Hooks for system specific management</dd>
-
-        <dt><a href="nss.html">NSS module</a></dt>
-        <dd>Enable domain host name translation to IP addresses</dd>
-
-        <dt><a href="http://wiki.libvirt.org/page/FAQ">FAQ</a></dt>
-        <dd>Frequently asked questions</dd>
-      </dl>
-
-    </div>
-
-    <div class="panel">
-      <h2>Application development</h2>
-      <dl>
-        <dt><a href="devguide.html">Development Guide</a></dt>
-        <dd>A guide and reference for developing with libvirt</dd>
-
-        <dt><a href="virshcmdref.html">Virsh Commands</a></dt>
-        <dd>Command reference for virsh</dd>
-
-        <dt><a href="bindings.html">Language bindings</a></dt>
-        <dd>Bindings of the libvirt API for
-          <a href="csharp.html">c#</a>,
-          <a href="https://github.com/rgbkrk/libvirt-go">go</a>,
-          <a href="java.html">java</a>,
-          <a href="http://libvirt.org/ocaml/">ocaml</a>.
-          <a href="http://search.cpan.org/dist/Sys-Virt/">perl</a>,
-          <a href="python.html">python</a>,
-          <a href="php.html">php</a>,
-          <a href="http://libvirt.org/ruby/">ruby</a></dd>
-
-
-        <dt><a href="format.html">XML schemas</a></dt>
-        <dd>Description of the XML schemas for
-          <a href="formatdomain.html">domains</a>,
-          <a href="formatnetwork.html">networks</a>,
-          <a href="formatnwfilter.html">network filtering</a>,
-          <a href="formatstorage.html">storage</a>,
-          <a href="formatstorageencryption.html">storage encryption</a>,
-          <a href="formatcaps.html">capabilities</a>,
-          <a href="formatdomaincaps.html">domain capabilities</a>,
-          <a href="formatnode.html">node devices</a>,
-          <a href="formatsecret.html">secrets</a>,
-          <a href="formatsnapshot.html">snapshots</a></dd>
-
-        <dt><a href="uri.html">URI format</a></dt>
-        <dd>The URI formats used for connecting to libvirt</dd>
-
-        <dt><a href="locking.html">Disk locking</a></dt>
-        <dd>Ensuring exclusive guest access to disks with
-          <a href="locking-lockd.html">virtlockd</a> or
-          <a href="locking-sanlock.html">Sanlock</a></dd>
-
-        <dt><a href="cgroups.html">CGroups</a></dt>
-        <dd>Control groups integration</dd>
-
-        <dt><a href="html/index.html">API reference</a></dt>
-        <dd>Reference manual for the C public API, split in
-          <a href="html/libvirt-libvirt-common.html">common</a>,
-          <a href="html/libvirt-libvirt-domain.html">domain</a>,
-          <a href="html/libvirt-libvirt-domain-snapshot.html">domain snapshot</a>,
-          <a href="html/libvirt-virterror.html">error</a>,
-          <a href="html/libvirt-libvirt-event.html">event</a>,
-          <a href="html/libvirt-libvirt-host.html">host</a>,
-          <a href="html/libvirt-libvirt-interface.html">interface</a>,
-          <a href="html/libvirt-libvirt-network.html">network</a>,
-          <a href="html/libvirt-libvirt-nodedev.html">node device</a>,
-          <a href="html/libvirt-libvirt-nwfilter.html">network filter</a>,
-          <a href="html/libvirt-libvirt-secret.html">secret</a>,
-          <a href="html/libvirt-libvirt-storage.html">storage</a>,
-          <a href="html/libvirt-libvirt-stream.html">stream</a>
-        </dd>
-
-        <dt><a href="drivers.html">Drivers</a></dt>
-        <dd>Hypervisor specific driver information</dd>
-
-        <dt><a href="hvsupport.html">Driver support</a></dt>
-        <dd>matrix of API support per hypervisor per release</dd>
-
-        <dt><a href="secureusage.html">Secure usage</a></dt>
-        <dd>Secure usage of the libvirt APIs</dd>
-      </dl>
-    </div>
-
-    <div class="panel">
-      <h2>Project development</h2>
-      <dl>
-        <dt><a href="hacking.html">Contributor guidelines</a></dt>
-        <dd>General hacking guidelines for contributors</dd>
-
-        <dt><a href="bugs.html">Bug reports</a></dt>
-        <dd>How and where to report bugs and request features</dd>
-
-        <dt><a href="compiling.html">Compiling</a></dt>
-        <dd>How to compile libvirt</dd>
-
-        <dt><a href="goals.html">Goals</a></dt>
-        <dd>Terminology and goals of libvirt API</dd>
-
-        <dt><a href="api.html">API concepts</a></dt>
-        <dd>The libvirt API concepts</dd>
-
-        <dt><a href="api_extension.html">API extensions</a></dt>
-        <dd>Adding new public libvirt APIs</dd>
-
-        <dt><a href="internals/eventloop.html">Event loop and worker pool</a></dt>
-        <dd>Libvirt's event loop and worker pool mode</dd>
-
-        <dt><a href="internals/command.html">Spawning commands</a></dt>
-        <dd>Spawning commands from libvirt driver code</dd>
-
-        <dt><a href="internals/rpc.html">RPC protocol &amp; APIs</a></dt>
-        <dd>RPC protocol information and API / dispatch guide</dd>
-
-        <dt><a href="internals/locking.html">Lock managers</a></dt>
-        <dd>Use lock managers to protect disk content</dd>
-
-        <dt><a href="internals/oomtesting.html">Out of memory testing</a></dt>
-        <dd>Simulating OOM conditions in the test suite</dd>
-
-        <dt><a href="testsuites.html">Functional testing</a></dt>
-        <dd>Testing libvirt with <a href="testtck.html">TCK test suite</a> and
-         <a href="testapi.html">Libvirt-test-API</a></dd>
-      </dl>
-    </div>
-
-    <br class="clear"/>
-
+  <body>
+    <h1>Documentation</h1>
  </body>
 </html>
--- a/docs/downloads.html.in
+++ b/docs/downloads.html.in
@@ -6,337 +6,15 @@

    <ul id="toc"></ul>

-    <h2><a name="releases">Project modules</a></h2>
+    <h2><a name="releases">Official Releases</a></h2>

    <p>
-      The libvirt project maintains a number of inter-related modules beyond
-      the core C library/daemon.
-    </p>
-
-    <table class="top_table downloads">
-      <thead>
-        <tr>
-          <th>Module</th>
-          <th>Releases</th>
-          <th>GIT Repo</th>
-          <th>GIT Mirrors</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>libvirt</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/">ftp</a>
-            <a href="http://libvirt.org/sources/">http</a>
-            <a href="https://libvirt.org/sources/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt">github</a>
-          </td>
-        </tr>
-        <tr>
-          <th colspan="7">Language bindings</th>
-        </tr>
-        <tr>
-          <td>C#</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/csharp/">ftp</a>
-            <a href="http://libvirt.org/sources/csharp/">http</a>
-            <a href="https://libvirt.org/sources/csharp/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-csharp.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-csharp">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-csharp">github</a>
-          </td>
-        </tr>
-        <tr>
-          <td>Java</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/java/">ftp</a>
-            <a href="http://libvirt.org/sources/java/">http</a>
-            <a href="https://libvirt.org/sources/java/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-java.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-java">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-java">github</a>
-          </td>
-        </tr>
-        <tr>
-          <td>OCaml</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/ocaml/">ftp</a>
-            <a href="http://libvirt.org/sources/ocaml/">http</a>
-            <a href="https://libvirt.org/sources/ocaml/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-ocaml.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-ocaml">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-ocaml">github</a>
-          </td>
-        </tr>
-        <tr>
-          <td>Perl (Sys::Virt)</td>
-          <td>
-            <a href="http://search.cpan.org/dist/Sys-Virt/">cpan</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-perl.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-perl">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-perl">github</a>
-          </td>
-        </tr>
-        <tr>
-          <td>PHP</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/php/">ftp</a>
-            <a href="http://libvirt.org/sources/php/">http</a>
-            <a href="https://libvirt.org/sources/php/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-php.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-php">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-php">github</a>
-          </td>
-        </tr>
-        <tr>
-          <td>Python</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/python/">ftp</a>
-            <a href="http://libvirt.org/sources/python/">http</a>
-            <a href="https://libvirt.org/sources/python/">https</a>
-            <a href="https://pypi.python.org/pypi/libvirt-python">pypi</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-python.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-python">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-python">github</a>
-          </td>
-        </tr>
-        <tr>
-          <td>Ruby</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/ruby/">ftp</a>
-            <a href="http://libvirt.org/sources/ruby/">http</a>
-            <a href="https://libvirt.org/sources/ruby/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=ruby-libvirt.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/ruby-libvirt">gitlab</a>
-            <a href="https://github.com/libvirt/ruby-libvirt">github</a>
-          </td>
-        </tr>
-        <tr>
-          <th colspan="7">Integration modules</th>
-        </tr>
-        <tr>
-          <td>GLib / GConfig / GObject</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/glib/">ftp</a>
-            <a href="http://libvirt.org/sources/glib/">http</a>
-            <a href="https://libvirt.org/sources/glib/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-glib.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-glib">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-glib">github</a>
-          </td>
-        </tr>
-        <tr>
-          <td>CIM provider</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/CIM/">ftp</a>
-            <a href="http://libvirt.org/sources/CIM/">http</a>
-            <a href="https://libvirt.org/sources/CIM/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-cim.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-cim">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-cim">github</a>
-          </td>
-        </tr>
-        <tr>
-          <td>CIM utils</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/CIM/">ftp</a>
-            <a href="http://libvirt.org/sources/CIM/">http</a>
-            <a href="https://libvirt.org/sources/CIM/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libcmpiutil.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libcmpiutil">gitlab</a>
-            <a href="https://github.com/libvirt/libcmpiutil">github</a>
-          </td>
-        </tr>
-        <tr>
-          <td>SNMP</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/snmp/">ftp</a>
-            <a href="http://libvirt.org/sources/snmp/">http</a>
-            <a href="https://libvirt.org/sources/snmp/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-snmp.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-snmp">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-snmp">github</a>
-          </td>
-        </tr>
-        <tr>
-          <td>Application Sandbox</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/sandbox/">ftp</a>
-            <a href="http://libvirt.org/sources/sandbox/">http</a>
-            <a href="https://libvirt.org/sources/sandbox/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-sandbox.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-sandbox">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-sandbox">github</a>
-          </td>
-        </tr>
-        <tr>
-          <th colspan="7">Testing</th>
-        </tr>
-        <tr>
-          <td>TCK</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/tck/">ftp</a>
-            <a href="http://libvirt.org/sources/tck/">http</a>
-            <a href="https://libvirt.org/sources/tck/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-tck.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-tck">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-tck">github</a>
-          </td>
-        </tr>
-        <tr>
-          <td>Test API</td>
-          <td></td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-test-API.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-test-API">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-test-API">github</a>
-          </td>
-        </tr>
-        <tr>
-          <td>Jenkins Config</td>
-          <td></td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-jenkins-ci.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-jenkins-ci">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-jenkins-ci">github</a>
-          </td>
-        </tr>
-        <tr>
-          <td>CIM Test</td>
-          <td></td>
-          <td>
-            <a href="http://libvirt.org/git/?p=cimtest.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/cimtest">gitlab</a>
-            <a href="https://github.com/libvirt/cimtest">github</a>
-          </td>
-        </tr>
-        <tr>
-          <th colspan="7">Documentation</th>
-        </tr>
-        <tr>
-          <td>Publican Brand</td>
-          <td></td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-publican.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-publican">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-publican">github</a>
-          </td>
-        </tr>
-        <tr>
-          <td>App Development Guide</td>
-          <td></td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-appdev-guide.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-appdev-guide">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-appdev-guide">github</a>
-          </td>
-        </tr>
-        <tr>
-          <td>App Development Guide Python</td>
-          <td></td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-appdev-guide-python.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-appdev-guide-python">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-appdev-guide-python">github</a>
-          </td>
-        </tr>
-        <tr>
-          <td>virsh Command Reference</td>
-          <td></td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-virshcmdref.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-virshcmdref">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-virshcmdref">github</a>
-          </td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h2>Primary download site</h2>
-
-    <p>
-      Most modules have releases made available for download on the project
-      site, via FTP, HTTP or HTTPS. Some modules are instead made available
-      at alternative locations, for example, the Perl binding is made
-      available only on CPAN.
+      The latest versions of the libvirt C library can be downloaded from:
    </p>

    <ul>
      <li><a href="ftp://libvirt.org/libvirt/">libvirt.org FTP server</a></li>
      <li><a href="http://libvirt.org/sources/">libvirt.org HTTP server</a></li>
-      <li><a href="https://libvirt.org/sources/">libvirt.org HTTPS server</a></li>
    </ul>

    <h2><a name="hourly">Hourly development snapshots</a></h2>
@@ -350,77 +28,24 @@
    </p>

    <ul>
-      <li><a href="ftp://libvirt.org/libvirt/libvirt-git-snapshot.tar.xz">libvirt.org FTP server</a></li>
-      <li><a href="http://libvirt.org/sources/libvirt-git-snapshot.tar.xz">libvirt.org HTTP server</a></li>
+      <li><a href="ftp://libvirt.org/libvirt/libvirt-git-snapshot.tar.gz">libvirt.org FTP server</a></li>
+      <li><a href="http://libvirt.org/sources/libvirt-git-snapshot.tar.gz">libvirt.org HTTP server</a></li>
    </ul>

-    <h2><a name="schedule">Primary release schedule</a></h2>
-
-    <p>
-      The core libvirt module follows a time based plan, with releases made
-      once a month on the 1st of each month give or take a few days. The only
-      exception is at the start of the year where there are two 6 weeks gaps
-      (first release in the middle of Jan, then skip the Feb release), giving
-      a total of 11 releases a year. The Python and Perl modules will aim to
-      release at the same time as the core libvirt module. Other modules have
-      independant ad-hoc releases with no fixed time schedle.
-    </p>
-
-    <h2><a name="numbering">Release numbering</a></h2>
-
-    <p>
-      Since libvirt 2.0.0, a time based version numbering rule
-      is applied to the core library releases. As such, the changes
-      in version number have do not have any implications with respect
-      to the scope of features or bugfixes included, the stability of
-      the code, or the API / ABI compatibility (libvirt API / ABI is
-      guaranteed stable forever). The rules applied for changing the
-      libvirt version number are:
-    </p>
-
-    <dl>
-      <dt><code>major</code></dt>
-      <dd>incremented by 1 for the first release of the year (the
-        Jan 15th release)</dd>
-      <dt><code>minor</code></dt>
-      <dd>reset to 0 with every major increment, otherwise incremented by 1
-        for each monthly release from git master</dd>
-      <dt><code>micro</code></dt>
-      <dd>always 0 for releases from git master, incremented by 1
-        for each stable maintenance release</dd>
-    </dl>
-
-    <p>
-      Prior to 2.0.0, the major/minor numbers were incremented
-      fairly arbitrarily, and maintenance releases appended a
-      fourth digit. The language bindings will aim to use the
-      same version number as the most recent core library API
-      they support. The other modules have their own distinct
-      release numbering sequence, though they generally aim
-      to follow the above rules for incrementing major/minor/micro
-      digits.
-    </p>
-
    <h2><a name="maintenance">Maintenance releases</a></h2>
    <p>
-      In the git repository are several stable maintenance branches
-      for the core library, matching the
-      pattern <code>v<i>major</i>.<i>minor</i>-maint</code>;
+      In the git repository are several stable maintenance branches,
+      matching the
+      pattern <code>v<i>major</i>.<i>minor</i>.<i>micro</i>-maint</code>;
      these branches are forked off the corresponding
-      <code>v<i>major</i>.<i>minor</i>.0</code> formal
+      <code>v<i>major</i>.<i>minor</i>.<i>micro</i></code> formal
      release, and may have further releases of the
-      form <code>v<i>major</i>.<i>minor</i>.<i>micro</i></code>.
+      form <code>v<i>major</i>.<i>minor</i>.<i>micro</i>.<i>rel</i></code>.
      These maintenance branches should only contain bug fixes, and no
      new features, backported from the master branch, and are
      supported as long as at least one downstream distribution
      expresses interest in a given branch.  These maintenance
-      branches are considered during CVE analysis. In contrast
-      to the primary releases which are made once a month, there
-      is no formal schedule for the maintenance releases, which
-      are made whenever there is a need to make available key
-      bugfixes to downstream consumers. The language bindings
-      and other modules generally do not provide stable branch
-      releases.
+      branches are considered during CVE analysis.
    </p>

    <p>
@@ -432,16 +57,22 @@
    <h2><a name="git">GIT source repository</a></h2>

    <p>
-      All modules maintained by the libvirt project have their primary
-      source available in the <a href="http://libvirt.org/git/">project GIT server</a>.
-      Each module can be cloned anonymously using:
+      Libvirt code source is now maintained in a <a href="http://git-scm.com/">git</a>
+      repository available on <a href="http://libvirt.org/git/">libvirt.org</a>:
    </p>

    <pre>
-git clone git://libvirt.org/[module name].git</pre>
+      git clone git://libvirt.org/libvirt.git</pre>

    <p>
-      In addition to this primary repository, there are the following read-only git
+      It can also be browsed at:
+    </p>
+
+    <pre>
+      <a href="http://libvirt.org/git/?p=libvirt.git;a=summary">http://libvirt.org/git/?p=libvirt.git;a=summary</a></pre>
+
+    <p>
+      In addition to this repository, there are the following read-only git
      repositories which mirror the master one. Note that we currently do not
      use the full set of features on these mirrors (e.g. pull requests on
      GitHub, so please don't use them). All patch review and discussion only
@@ -450,8 +81,58 @@ git clone git://libvirt.org/[module name].git</pre>
    </p>

    <pre>
-<a href="https://github.com/libvirt/">https://github.com/libvirt/</a>
-<a href="https://gitlab.com/libvirt/libvirt">https://gitlab.com/libvirt/</a></pre>
+      <a href="https://github.com/libvirt/libvirt">https://github.com/libvirt/libvirt</a>
+      <a href="http://repo.or.cz/w/libvirt.git">http://repo.or.cz/w/libvirt.git</a>
+      <a href="https://gitlab.com/libvirt/libvirt">https://gitlab.com/libvirt/libvirt</a></pre>

+    <br />
+
+    <h1>libvirt Application Development Guide</h1>
+
+    <p>
+      The guide is both a learning tool for developing with libvirt and an
+      API reference document. It is a work in progress, composed by a
+      professional author from contributions written by members of the
+      libvirt team.
+    </p>
+
+    <p>
+      Contributions to the guide are <b>VERY</b> welcome. If you'd like to get
+      your name on this and demonstrate your virtualisation prowess, a solid
+      contribution to the content here will do it. :)
+    </p>
+
+    <h2><a name="appdevpdf">Application Development Guide PDF</a></h2>
+
+    <p>
+      PDF download is available here:
+    </p>
+
+    <ul>
+      <li><a href="http://libvirt.org/guide/pdf/Application_Development_Guide.pdf">libvirt App Dev Guide</a> (PDF)</li>
+    </ul>
+
+    <h2><a name="appdevgit">Application Development Guide source GIT repository</a></h2>
+
+    <p>
+      The source is also in a git repository:
+    </p>
+
+    <pre>
+      git clone git://libvirt.org/libvirt-appdev-guide.git</pre>
+
+    <p>
+      Browsable at:
+    </p>
+
+    <pre>
+      <a href="http://libvirt.org/git/?p=libvirt-appdev-guide.git;a=summary">http://libvirt.org/git/?p=libvirt-appdev-guide.git;a=summary</a></pre>
+
+    <br />
+
+    <p>
+      Once you've have obtained the libvirt source code, you can compile it
+      using the <a href="compiling.html">instructions here</a>.
+    </p>
  </body>
 </html>
--- a/docs/drvbhyve.html.in
+++ b/docs/drvbhyve.html.in
@@ -154,13 +154,13 @@ the following to the domain XML (<span class="since">Since 1.2.4</span>):
 </p>

 <pre>
-...
-&lt;devices&gt;
-  &lt;serial type="nmdm"&gt;
-    &lt;source master="/dev/nmdm0A" slave="/dev/nmdm0B"/&gt;
-  &lt;/serial&gt;
-&lt;/devices&gt;
-...</pre>
+  ...
+  &lt;devices&gt;
+    &lt;serial type="nmdm"&gt;
+      &lt;source master="/dev/nmdm0A" slave="/dev/nmdm0B"/&gt;
+    &lt;/serial&gt;
+  &lt;/devices&gt;
+  ...</pre>


 <p>Make sure to load the <code>nmdm</code> kernel module if you plan to use that.</p>
@@ -219,12 +219,12 @@ tweak them.</p>
 An example of domain XML device entry for that will look like:</p>

 <pre>
-...
-&lt;disk type='volume' device='disk'&gt;
-  &lt;source pool='zfspool' volume='vol1'/&gt;
-  &lt;target dev='vdb' bus='virtio'/&gt;
-&lt;/disk&gt;
-...</pre>
+  ...
+  &lt;disk type='volume' device='disk'&gt;
+    &lt;source pool='zfspool' volume='vol1'/&gt;
+    &lt;target dev='vdb' bus='virtio'/&gt;
+  &lt;/disk&gt;
+  ...</pre>

 <p>Please refer to the <a href="storage.html">Storage documentation</a> for more details on storage
 management.</p>
@@ -241,10 +241,10 @@ the first disk in the domain (either <code>cdrom</code>- or
 attempt to boot from the first partition in the disk image.</p>

 <pre>
-...
-&lt;bootloader&gt;/usr/local/sbin/grub-bhyve&lt;/bootloader&gt;
-&lt;bootloader_args&gt;...&lt;/bootloader_args&gt;
-...
+  ...
+    &lt;bootloader&gt;/usr/local/sbin/grub-bhyve&lt;/bootloader&gt;
+    &lt;bootloader_args&gt;...&lt;/bootloader_args&gt;
+  ...
 </pre>

 <p>Caveat: <code>bootloader_args</code> does not support any quoting.
--- a/docs/drvesx.html.in
+++ b/docs/drvesx.html.in
@@ -467,14 +467,14 @@ ethernet0.checkMACAddress = "false"
        Here a domain XML snippet:
    </p>
 <pre>
-...
-&lt;disk type='file' device='disk'&gt;
-  &lt;source file='[local-storage] Fedora11/Fedora11.vmdk'/&gt;
-  &lt;target dev='sda' bus='scsi'/&gt;
-  &lt;address type='drive' controller='0' bus='0' unit='0'/&gt;
-&lt;/disk&gt;
-&lt;controller type='scsi' index='0' model='<strong>lsilogic</strong>'/&gt;
-...
+    ...
+    &lt;disk type='file' device='disk'&gt;
+      &lt;source file='[local-storage] Fedora11/Fedora11.vmdk'/&gt;
+      &lt;target dev='sda' bus='scsi'/&gt;
+      &lt;address type='drive' controller='0' bus='0' unit='0'/&gt;
+    &lt;/disk&gt;
+    &lt;controller type='scsi' index='0' model='<strong>lsilogic</strong>'/&gt;
+    ...
 </pre>
    <p>
        The controller element is supported <span class="since">since 0.8.2</span>.
@@ -482,13 +482,13 @@ ethernet0.checkMACAddress = "false"
        specify the SCSI controller model. This attribute usage is deprecated now.
    </p>
 <pre>
-...
-&lt;disk type='file' device='disk'&gt;
-  &lt;driver name='<strong>lsilogic</strong>'/&gt;
-  &lt;source file='[local-storage] Fedora11/Fedora11.vmdk'/&gt;
-  &lt;target dev='sda' bus='scsi'/&gt;
-&lt;/disk&gt;
-...
+    ...
+    &lt;disk type='file' device='disk'&gt;
+      &lt;driver name='<strong>lsilogic</strong>'/&gt;
+      &lt;source file='[local-storage] Fedora11/Fedora11.vmdk'/&gt;
+      &lt;target dev='sda' bus='scsi'/&gt;
+    &lt;/disk&gt;
+    ...
 </pre>


@@ -513,13 +513,13 @@ ethernet0.checkMACAddress = "false"
        Here a domain XML snippet:
    </p>
 <pre>
-...
-&lt;interface type='bridge'&gt;
-  &lt;mac address='00:50:56:25:48:c7'/&gt;
-  &lt;source bridge='VM Network'/&gt;
-  &lt;model type='<strong>e1000</strong>'/&gt;
-&lt;/interface&gt;
-...
+    ...
+    &lt;interface type='bridge'&gt;
+      &lt;mac address='00:50:56:25:48:c7'/&gt;
+      &lt;source bridge='VM Network'/&gt;
+      &lt;model type='<strong>e1000</strong>'/&gt;
+    &lt;/interface&gt;
+    ...
 </pre>


--- a/docs/drvlxc.html.in
+++ b/docs/drvlxc.html.in
@@ -62,12 +62,12 @@ would use the following XML
 </p>

 <pre>
-&lt;os&gt;
-  &lt;type arch='x86_64'&gt;exe&lt;/type&gt;
-  &lt;init&gt;/bin/systemd&lt;/init&gt;
-  &lt;initarg&gt;--unit&lt;/initarg&gt;
-  &lt;initarg&gt;emergency.service&lt;/initarg&gt;
-&lt;/os&gt;
+  &lt;os&gt;
+    &lt;type arch='x86_64'&gt;exe&lt;/type&gt;
+    &lt;init&gt;/bin/systemd&lt;/init&gt;
+    &lt;initarg&gt;--unit&lt;/initarg&gt;
+    &lt;initarg&gt;emergency.service&lt;/initarg&gt;
+  &lt;/os&gt;
 </pre>

 <h3><a name="envvars">Environment variables</a></h3>
@@ -80,15 +80,15 @@ to be provided by all container technologies on Linux.
 </p>

 <dl>
-<dt><code>container</code></dt>
+<dt>container</dt>
 <dd>The fixed string <code>libvirt-lxc</code> to identify libvirt as the creator</dd>
-<dt><code>container_uuid</code></dt>
+<dt>container_uuid</dt>
 <dd>The UUID assigned to the container by libvirt</dd>
-<dt><code>PATH</code></dt>
+<dt>PATH</dt>
 <dd>The fixed string <code>/bin:/usr/bin</code></dd>
-<dt><code>TERM</code></dt>
+<dt>TERM</dt>
 <dd>The fixed string <code>linux</code></dd>
-<dt><code>HOME</code></dt>
+<dt>HOME</dt>
 <dd>The fixed string <code>/</code></dd>
 </dl>

@@ -98,11 +98,11 @@ environment variables are also provided
 </p>

 <dl>
-<dt><code>LIBVIRT_LXC_NAME</code></dt>
+<dt>LIBVIRT_LXC_NAME</dt>
 <dd>The name assigned to the container by libvirt</dd>
-<dt><code>LIBVIRT_LXC_UUID</code></dt>
+<dt>LIBVIRT_LXC_UUID</dt>
 <dd>The UUID assigned to the container by libvirt</dd>
-<dt><code>LIBVIRT_LXC_CMDLINE</code></dt>
+<dt>LIBVIRT_LXC_CMDLINE</dt>
 <dd>The unparsed command line arguments specified in the container configuration.
 Use of this is discouraged, in favour of passing arguments directly to the
 container init process via the <code>initarg</code> config element.</dd>
@@ -611,10 +611,6 @@ ignored.
 &lt;/domain&gt;
 </pre>

-<p>
-The use of namespace passthrough requires libvirt >= 1.2.19
-</p>
-
 <h2><a name="usage">Container usage / management</a></h2>

 <p>
--- a/docs/et.png
+++ b/docs/et.png
--- a/docs/fonts/LICENSE.md
+++ b/docs/fonts/LICENSE.md
@@ -1,90 +0,0 @@
-## License
-
-Copyright (C) 2015 Red Hat, Inc.,
-
-This Font Software is licensed under the SIL Open Font License, Version 1.1.
-This license is copied below, and is also available with a FAQ at:
-http://scripts.sil.org/OFL
-
-
-#### SIL OPEN FONT LICENSE
-Version 1.1 - 26 February 2007
-
---
-
-#### PREAMBLE
-The goals of the Open Font License (OFL) are to stimulate worldwide development
-of collaborative font projects, to support the font creation efforts of
-academic and linguistic communities, and to provide a free and open framework
-in which fonts may be shared and improved in partnership with others.
-
-The OFL allows the licensed fonts to be used, studied, modified and
-redistributed freely as long as they are not sold by themselves. The fonts,
-including any derivative works, can be bundled, embedded, redistributed and/or
-sold with any software provided that any reserved names are not used by
-derivative works. The fonts and derivatives, however, cannot be released under
-any other type of license. The requirement for fonts to remain under this
-license does not apply to any document created using the fonts or their
-derivatives.
-
-#### DEFINITIONS
-“Font Software” refers to the set of files released by the Copyright Holder(s)
-under this license and clearly marked as such. This may include source files,
-build scripts and documentation.
-
-“Reserved Font Name” refers to any names specified as such after the copyright
-statement(s).
-
-“Original Version” refers to the collection of Font Software components as
-distributed by the Copyright Holder(s).
-
-“Modified Version” refers to any derivative made by adding to, deleting, or
-substituting—in part or in whole—any of the components of the Original Version,
-by changing formats or by porting the Font Software to a new environment.
-
-“Author” refers to any designer, engineer, programmer, technical writer or
-other person who contributed to the Font Software.
-
-#### PERMISSION & CONDITIONS
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-the Font Software, to use, study, copy, merge, embed, modify, redistribute, and
-sell modified and unmodified copies of the Font Software, subject to the
-following conditions:
-
-1) Neither the Font Software nor any of its individual components, in Original
-or Modified Versions, may be sold by itself.
-
-2) Original or Modified Versions of the Font Software may be bundled,
-redistributed and/or sold with any software, provided that each copy contains
-the above copyright notice and this license. These can be included either as
-stand-alone text files, human-readable headers or in the appropriate machine-
-readable metadata fields within text or binary files as long as those fields
-can be easily viewed by the user.
-
-3) No Modified Version of the Font Software may use the Reserved Font Name(s)
-unless explicit written permission is granted by the corresponding Copyright
-Holder. This restriction only applies to the primary font name as presented to
-the users.
-
-4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font Software
-shall not be used to promote, endorse or advertise any Modified Version, except
-to acknowledge the contribution(s) of the Copyright Holder(s) and the Author(s)
-or with their explicit written permission.
-
-5) The Font Software, modified or unmodified, in part or in whole, must be
-distributed entirely under this license, and must not be distributed under any
-other license. The requirement for fonts to remain under this license does not
-apply to any document created using the Font Software.
-
-#### TERMINATION
-This license becomes null and void if any of the above conditions are not met.
-
-#### DISCLAIMER
-THE FONT SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF COPYRIGHT, PATENT,
-TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE FOR
-ANY CLAIM, DAMAGES OR OTHER LIABILITY, INCLUDING ANY GENERAL, SPECIAL,
-INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, WHETHER IN AN ACTION OF
-CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF THE USE OR INABILITY TO USE
-THE FONT SOFTWARE OR FROM OTHER DEALINGS IN THE FONT SOFTWARE.
--- a/docs/fonts/overpass-bold-italic.woff
+++ b/docs/fonts/overpass-bold-italic.woff
--- a/docs/fonts/overpass-bold.woff
+++ b/docs/fonts/overpass-bold.woff
--- a/docs/fonts/overpass-italic.woff
+++ b/docs/fonts/overpass-italic.woff
--- a/docs/fonts/overpass-light-italic.woff
+++ b/docs/fonts/overpass-light-italic.woff
--- a/docs/fonts/overpass-light.woff
+++ b/docs/fonts/overpass-light.woff
--- a/docs/fonts/overpass-mono-bold.woff
+++ b/docs/fonts/overpass-mono-bold.woff
--- a/docs/fonts/overpass-mono-light.woff
+++ b/docs/fonts/overpass-mono-light.woff
--- a/docs/fonts/overpass-mono-regular.woff
+++ b/docs/fonts/overpass-mono-regular.woff
--- a/docs/fonts/overpass-mono-semibold.woff
+++ b/docs/fonts/overpass-mono-semibold.woff
--- a/docs/fonts/overpass-regular.woff
+++ b/docs/fonts/overpass-regular.woff
--- a/docs/fonts/stylesheet.css
+++ b/docs/fonts/stylesheet.css
@@ -1,62 +0,0 @@
-@font-face {
-	font-family: 'LibvirtOverpass';
-	src: url('overpass-regular.woff') format('woff');
-	font-weight: normal;
-	font-style: normal;
-}
-
-@font-face {
-	font-family: 'LibvirtOverpass';
-	src: url('overpass-italic.woff') format('woff');
-	font-weight: normal;
-	font-style: italic;
-}
-
-@font-face {
-	font-family: 'LibvirtOverpass';
-	src: url('overpass-bold.woff') format('woff');
-	font-weight: bold;
-	font-style: normal;
-}
-
-@font-face {
-	font-family: 'LibvirtOverpass';
-	src: url('overpass-bold-italic.woff') format('woff');
-	font-weight: bold;
-	font-style: italic;
-}
-
-@font-face {
-	font-family: 'LibvirtOverpassLight';
-	src: url('overpass-light.woff') format('woff');
-	font-weight: 300;
-	font-style: normal;
-}
-
-@font-face {
-	font-family: 'LibvirtOverpassLight';
-	src: url('overpass-light-italic.woff') format('woff');
-	font-weight: 300;
-	font-style: italic;
-}
-
-@font-face {
-	font-family: 'LibvirtOverpassMono';
-	src: url('overpass-mono-regular.woff') format('woff');
-	font-weight: normal;
-	font-style: normal;
-}
-
-@font-face {
-	font-family: 'LibvirtOverpassMono';
-	src: url('overpass-mono-bold.woff') format('woff');
-	font-weight: bold;
-	font-style: normal;
-}
-
-@font-face {
-	font-family: 'LibvirtOverpassMonoLight';
-	src: url('overpass-mono-light.woff') format('woff');
-	font-weight: 300;
-	font-style: normal;
-}
--- a/docs/footer_corner.png
+++ b/docs/footer_corner.png
--- a/docs/footer_pattern.png
+++ b/docs/footer_pattern.png
--- a/docs/format.html.in
+++ b/docs/format.html.in
@@ -2,43 +2,9 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
  <body>
-    <h1>XML Format</h1>
+    <h1 >XML Format</h1>


-    <p>
-      Objects in the libvirt API are configured using XML documents to allow
-      for ease of extension in future releases. Each XML document has an
-      associated Relax-NG schema that can be used to validate documents
-      prior to usage.
-    </p>
-
-
-    <ul>
-      <li><a href="formatdomain.html" shape="rect">Domains</a></li>
-      <li><a href="formatnetwork.html" shape="rect">Networks</a></li>
-      <li><a href="formatnwfilter.html" shape="rect">Network filtering</a></li>
-      <li><a href="formatstorage.html" shape="rect">Storage</a></li>
-      <li><a href="formatstorageencryption.html" shape="rect">Storage encryption</a></li>
-      <li><a href="formatcaps.html" shape="rect">Capabilities</a></li>
-      <li><a href="formatdomaincaps.html" shape="rect">Domain capabilities</a></li>
-      <li><a href="formatnode.html" shape="rect">Node devices</a></li>
-      <li><a href="formatsecret.html" shape="rect">Secrets</a></li>
-      <li><a href="formatsnapshot.html" shape="rect">Snapshots</a></li>
-    </ul>
-
-    <h2>Command line validation</h2>
-
-    <p>
-      The <code>virt-xml-validate</code> tool provides a simple command line
-      for validating XML documents prior to giving them to libvirt. It uses
-      the locally instaled RNG schema documents. It will auto-detect which
-      schema to use for validation based on the name of the top level element
-      in the input document. Thus it merely requires the XML document filename
-      to be passed on the command line
-    </p>
-
-    <pre>
-$ virt-xml-validate /path/to/XML/file</pre>

  </body>
 </html>
--- a/docs/formatcaps.html.in
+++ b/docs/formatcaps.html.in
@@ -13,7 +13,7 @@
    interface has been added in 0.2.1 allowing to list the set of supported
    virtualization capabilities on the host:</p>

-    <pre>char * virConnectGetCapabilities (virConnectPtr conn);</pre>
+    <pre>    char * virConnectGetCapabilities (virConnectPtr conn);</pre>

    <p>The value returned is an XML document listing the virtualization
    capabilities of the host and virtualization engine to which
@@ -73,19 +73,19 @@
        <dd>This expresses what kind of operating system the hypervisor
        is able to run. Possible values are:
        <dl>
-          <dt><code>xen</code></dt>
+          <dt>xen</dt>
          <dd>for XEN</dd>

-          <dt><code>linux</code></dt>
+          <dt>linux</dt>
          <dd>legacy alias for <code>xen</code></dd>

-          <dt><code>hvm</code></dt>
+          <dt>hvm</dt>
          <dd>Unmodified operating system</dd>

-          <dt><code>exe</code></dt>
+          <dt>exe</dt>
          <dd>Container based virtualization</dd>

-          <dt><code>uml</code></dt>
+          <dt>uml</dt>
          <dd>User Mode Linux</dd>
        </dl>
        </dd>
@@ -97,37 +97,37 @@
        <dd>This optional element encases possible features that can be used
          with a guest of described type.  Possible subelements are:
          <dl>
-            <dt><code>pae</code></dt><dd>If present, 32-bit guests can use PAE
+            <dt>pae</dt><dd>If present, 32-bit guests can use PAE
              address space extensions, <span class="since">since
              0.4.1</span></dd>
-            <dt><code>nonpae</code></dt><dd>If present, 32-bit guests can be run
+            <dt>nonpae</dt><dd>If present, 32-bit guests can be run
              without requiring PAE, <span class="since">since
              0.4.1</span></dd>
-            <dt><code>ia64_be</code></dt><dd>If present, IA64 guests can be run in
+            <dt>ia64_be</dt><dd>If present, IA64 guests can be run in
              big-endian mode, <span class="since">since 0.4.1</span></dd>
-            <dt><code>acpi</code></dt><dd>If this element is present,
+            <dt>acpi</dt><dd>If this element is present,
              the <code>default</code> attribute describes whether the
              hypervisor exposes ACPI to the guest by default, and
              the <code>toggle</code> attribute describes whether the
              user can override this
              default. <span class="since">Since 0.4.1</span></dd>
-            <dt><code>apic</code></dt><dd>If this element is present,
+            <dt>apic</dt><dd>If this element is present,
              the <code>default</code> attribute describes whether the
              hypervisor exposes APIC to the guest by default, and
              the <code>toggle</code> attribute describes whether the
              user can override this
              default. <span class="since">Since 0.4.1</span></dd>
-            <dt><code>cpuselection</code></dt><dd>If this element is present, the
+            <dt>cpuselection</dt><dd>If this element is present, the
              hypervisor supports the <code>&lt;cpu&gt;</code> element
              within a domain definition for fine-grained control over
              the CPU presented to the
              guest. <span class="since">Since 0.7.5</span></dd>
-            <dt><code>deviceboot</code></dt><dd>If this element is present,
+            <dt>deviceboot</dt><dd>If this element is present,
              the <code>&lt;boot order='...'/&gt;</code> element can
              be used inside devices, rather than the older boot
              specification by category. <span class="since">Since
              0.8.8</span></dd>
-            <dt><code>disksnapshot</code></dt><dd>If this element is present,
+            <dt>disksnapshot</dt><dd>If this element is present,
              the <code>default</code> attribute describes whether
              external disk snapshots are supported.  If absent,
              external snapshots may still be supported, but it
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
--- a/docs/formatdomaincaps.html.in
+++ b/docs/formatdomaincaps.html.in
@@ -61,18 +61,18 @@
 &lt;/domainCapabilities&gt;
 </pre>
    <dl>
-      <dt><code>path</code></dt>
+      <dt>path</dt>
      <dd>The full path to the emulator binary.</dd>

-      <dt><code>domain</code></dt>
+      <dt>domain</dt>
      <dd>Describes the <a href="formatdomain.html#elements">virtualization
          type</a> (or so called domain type).</dd>

-      <dt><code>machine</code></dt>
+      <dt>machine</dt>
      <dd>The domain's <a href="formatdomain.html#elementsOSBIOS">machine
          type</a>.</dd>

-      <dt><code>arch</code></dt>
+      <dt>arch</dt>
      <dd>The domain's <a href="formatdomain.html#elementsOSBIOS">
          architecture</a>.</dd>

@@ -92,7 +92,7 @@
 </pre>

    <dl>
-      <dt><code>vcpu</code></dt>
+      <dt>vcpu</dt>
      <dd>The maximum number of supported virtual CPUs</dd>
    </dl>

@@ -126,91 +126,26 @@
    <p>For the <code>loader</code> element, the following can occur:</p>

    <dl>
-      <dt><code>value</code></dt>
+      <dt>value</dt>
      <dd>List of known loader paths. Currently this is only used
      to advertise known locations of OVMF binaries for qemu. Binaries
      will only be listed if they actually exist on disk.</dd>

-      <dt><code>type</code></dt>
+      <dt>type</dt>
      <dd>Whether loader is a typical BIOS (<code>rom</code>) or
      an UEFI binary (<code>pflash</code>). This refers to
      <code>type</code> attribute of the &lt;loader/&gt;
      element.</dd>

-      <dt><code>readonly</code></dt>
+      <dt>readonly</dt>
      <dd>Options for the <code>readonly</code> attribute of the
      &lt;loader/&gt; element.</dd>
    </dl>

-    <h3><a name="elementsCPU">CPU configuration</a></h3>
-
-    <p>
-      The <code>cpu</code> element exposes options usable for configuring
-      <a href="formatdomain.html#elementsCPU">guest CPUs</a>.
-    </p>
-
-<pre>
-&lt;domainCapabilities&gt;
-  ...
-  &lt;cpu&gt;
-    &lt;mode name='host-passthrough' supported='yes'/&gt;
-    &lt;mode name='host-model' supported='yes'&gt;
-      &lt;model fallback='allow'&gt;Broadwell&lt;/model&gt;
-      &lt;vendor&gt;Intel&lt;/vendor&gt;
-      &lt;feature policy='disable' name='aes'/&gt;
-      &lt;feature policy='require' name='vmx'/&gt;
-    &lt;/mode&gt;
-    &lt;mode name='custom' supported='yes'&gt;
-      &lt;model usable='no'&gt;Broadwell&lt;/model&gt;
-      &lt;model usable='yes'&gt;Broadwell-noTSX&lt;/model&gt;
-      &lt;model usable='no'&gt;Haswell&lt;/model&gt;
-      ...
-    &lt;/mode&gt;
-  &lt;/cpu&gt;
-  ...
-&lt;domainCapabilities&gt;
-</pre>
-
-    <p>
-      Each CPU mode understood by libvirt is described with a
-      <code>mode</code> element which tells whether the particular mode
-      is supported and provides (when applicable) more details about it:
-    </p>
-
-    <dl>
-      <dt><code>host-passthrough</code></dt>
-      <dd>No mode specific details are provided.</dd>
-
-      <dt><code>host-model</code></dt>
-      <dd>
-        If <code>host-model</code> is supported by the hypervisor, the
-        <code>mode</code> describes the guest CPU which will be used when
-        starting a domain with <code>host-model</code> CPU. The hypervisor
-        specifics (such as unsupported CPU models or features, machine type,
-        etc.) may be accounted for in this guest CPU specification and thus
-        the CPU can be different from the one shown in host capabilities XML.
-        This is indicated by the <code>fallback</code> attribute of the
-        <code>model</code> sub element: <code>allow</code> means not all
-        specifics were accounted for and thus the CPU a guest will see may
-        be different; <code>forbid</code> indicates that the CPU a guest will
-        see should match this CPU definition.
-      </dd>
-
-      <dt><code>custom</code></dt>
-      <dd>
-        The <code>mode</code> element contains a list of supported CPU
-        models, each described by a dedicated <code>model</code> element.
-        The <code>usable</code> attribute specifies whether the model can
-        be used on the host. A special value <code>unknown</code> indicates
-        libvirt does not have enough information to provide the usability
-        data.
-      </dd>
-    </dl>
-
    <h3><a name="elementsDevices">Devices</a></h3>

    <p>
-      Another set of XML elements describe the supported devices and their
+      The final set of XML elements describe the supported devices and their
      capabilities. All devices occur as children of the main
      <code>devices</code> element.
    </p>
@@ -240,7 +175,7 @@
    <code>floppy</code>, or <code>lun</code>.</p>

    <h4><a name="elementsDisks">Hard drives, floppy disks, CDROMs</a></h4>
-    <p>Disk capabilities are exposed under the <code>disk</code> element. For
+    <p>Disk capabilities are exposed under <code>disk</code> element. For
    instance:</p>

 <pre>
@@ -272,72 +207,15 @@
 </pre>

    <dl>
-      <dt><code>diskDevice</code></dt>
+      <dt>diskDevice</dt>
      <dd>Options for the <code>device</code> attribute of the &lt;disk/&gt;
      element.</dd>

-      <dt><code>bus</code></dt>
+      <dt>bus</dt>
      <dd>Options for the <code>bus</code> attribute of the &lt;target/&gt;
      element for a &lt;disk/&gt;.</dd>
    </dl>

-
-    <h4><a name="elementsGraphics">Graphical framebuffers</a></h4>
-    <p>Graphics device capabilities are exposed under the
-    <code>graphics</code> element. For instance:</p>
-
-<pre>
-&lt;domainCapabilities&gt;
-  ...
-  &lt;devices&gt;
-    &lt;graphics supported='yes'&gt;
-      &lt;enum name='type'&gt;
-        &lt;value&gt;sdl&lt;/value&gt;
-        &lt;value&gt;vnc&lt;/value&gt;
-        &lt;value&gt;spice&lt;/value&gt;
-      &lt;/enum&gt;
-    &lt;/graphics&gt;
-    ...
-  &lt;/devices&gt;
-&lt;/domainCapabilities&gt;
-</pre>
-
-    <dl>
-      <dt><code>type</code></dt>
-      <dd>Options for the <code>type</code> attribute of the &lt;graphics/&gt;
-      element.</dd>
-    </dl>
-
-
-    <h4><a name="elementsVideo">Video device</a></h4>
-    <p>Video device capabilities are exposed under the
-    <code>video</code> element. For instance:</p>
-
-<pre>
-&lt;domainCapabilities&gt;
-  ...
-  &lt;devices&gt;
-    &lt;video supported='yes'&gt;
-      &lt;enum name='modelType'&gt;
-        &lt;value&gt;vga&lt;/value&gt;
-        &lt;value&gt;cirrus&lt;/value&gt;
-        &lt;value&gt;vmvga&lt;/value&gt;
-        &lt;value&gt;qxl&lt;/value&gt;
-        &lt;value&gt;virtio&lt;/value&gt;
-      &lt;/enum&gt;
-    &lt;/video&gt;
-    ...
-  &lt;/devices&gt;
-&lt;/domainCapabilities&gt;
-</pre>
-
-    <dl>
-      <dt><code>modelType</code></dt>
-      <dd>Options for the <code>type</code> attribute of the
-      &lt;video&gt;&lt;model&gt; element.</dd>
-    </dl>
-
-
    <h4><a name="elementsHostDev">Host device assignment</a></h4>
    <p>Some host devices can be passed through to a guest (e.g. USB, PCI and
    SCSI). Well, only if the following is enabled:</p>
@@ -379,66 +257,25 @@
 </pre>

    <dl>
-      <dt><code>mode</code></dt>
+      <dt>mode</dt>
      <dd>Options for the <code>mode</code> attribute of the &lt;hostdev/&gt;
      element.</dd>

-      <dt><code>startupPolicy</code></dt>
+      <dt>startupPolicy</dt>
      <dd>Options for the <code>startupPolicy</code> attribute of the
      &lt;hostdev/&gt; element.</dd>

-      <dt><code>subsysType</code></dt>
+      <dt>subsysType</dt>
      <dd>Options for the <code>type</code> attribute of the &lt;hostdev/&gt;
      element in case of <code>mode="subsystem"</code>.</dd>

-      <dt><code>capsType</code></dt>
+      <dt>capsType</dt>
      <dd>Options for the <code>type</code> attribute of the &lt;hostdev/&gt;
      element in case of <code>mode="capabilities"</code>.</dd>

-      <dt><code>pciBackend</code></dt>
+      <dt>pciBackend</dt>
      <dd>Options for the <code>name</code> attribute of the &lt;driver/&gt;
      element.</dd>
    </dl>
-
-    <h3><a name="elementsFeatures">Features</a></h3>
-
-    <p>One more set of XML elements describe the supported features and
-    their capabilities. All features occur as children of the main
-    <code>features</code> element.</p>
-
-<pre>
-&lt;domainCapabilities&gt;
-  ...
-  &lt;features&gt;
-    &lt;gic supported='yes'&gt;
-      &lt;enum name='version'&gt;
-        &lt;value&gt;2&lt;/value&gt;
-        &lt;value&gt;3&lt;/value&gt;
-      &lt;/enum&gt;
-    &lt;/gic&gt;
-  &lt;/features&gt;
-&lt;/domainCapabilities&gt;
-</pre>
-
-    <p>Reported capabilities are expressed as an enumerated list of
-    possible values for each of the elements or attributes. For example, the
-    <code>gic</code> element has an attribute <code>version</code> which can
-    support the values <code>2</code> or <code>3</code>.</p>
-
-    <p>For information about the purpose of each feature, see the
-    <a href="formatdomain.html#elementsFeatures">relevant section</a> in
-    the domain XML documentation.
-    </p>
-
-    <h4><a name="elementsGIC">GIC capabilities</a></h4>
-
-    <p>GIC capabilities are exposed under the <code>gic</code> element.</p>
-
-    <dl>
-      <dt><code>version</code></dt>
-      <dd>Options for the <code>version</code> attribute of the
-      <code>gic</code> element.</dd>
-    </dl>
-
  </body>
 </html>
--- a/docs/formatnetwork.html.in
+++ b/docs/formatnetwork.html.in
@@ -35,14 +35,10 @@
    </p>

    <pre>
-&lt;network ipv6='yes' trustGuestRxFilters='no'&gt;
-  &lt;name&gt;default&lt;/name&gt;
-  &lt;uuid&gt;3e3fce45-4f53-4fa7-bb32-11f34168b82b&lt;/uuid&gt;
-  &lt;metadata&gt;
-    &lt;app1:foo xmlns:app1="http://app1.org/app1/"&gt;..&lt;/app1:foo&gt;
-    &lt;app2:bar xmlns:app2="http://app1.org/app2/"&gt;..&lt;/app2:bar&gt;
-  &lt;/metadata&gt;
-  ...</pre>
+      &lt;network ipv6='yes' trustGuestRxFilters='no'&gt;
+        &lt;name&gt;default&lt;/name&gt;
+        &lt;uuid&gt;3e3fce45-4f53-4fa7-bb32-11f34168b82b&lt;/uuid&gt;
+        ...</pre>

    <dl>
      <dt><code>name</code></dt>
@@ -58,20 +54,13 @@
        The format must be RFC 4122 compliant, eg <code>3e3fce45-4f53-4fa7-bb32-11f34168b82b</code>.
        If omitted when defining/creating a new network, a random
        UUID is generated. <span class="since">Since 0.3.0</span></dd>
-      <dd>The <code>metadata</code> node can be used by applications to
-        store custom metadata in the form of XML nodes/trees. Applications
-        must use custom namespaces on their XML nodes/trees, with only
-        one top-level element per namespace (if the application needs
-        structure, they should have sub-elements to their namespace
-        element). <span class="since">Since 2.1.0</span></dd>
-      <dt><code>ipv6</code></dt>
-      <dd>When set to <code>yes</code>, the optional parameter
-        <code>ipv6</code> enables
+      <dt><code>ipv6='yes'</code></dt>
+      <dd>The new, optional parameter <code>ipv6='yes'</code> enables
        a network definition with no IPv6 gateway addresses specified
        to have guest-to-guest communications.  For further information,
        see the example below for the example with no gateway addresses.
        <span class="since">Since 1.0.1</span></dd>
-      <dt><code>trustGuestRxFilters</code></dt>
+      <dt><code>trustGuestRxFilters='yes'</code></dt>
      <dd>The optional parameter <code>trustGuestRxFilters</code> can
        be used to set that attribute of the same name for each domain
        interface connected to this network (<span class="since">since
@@ -91,11 +80,11 @@
    </p>

    <pre>
-...
-&lt;bridge name="virbr0" stp="on" delay="5" macTableManager="libvirt"/&gt;
-&lt;domain name="example.com" localOnly="no"/&gt;
-&lt;forward mode="nat" dev="eth0"/&gt;
-...</pre>
+        ...
+        &lt;bridge name="virbr0" stp="on" delay="5" macTableManager="libvirt"/&gt;
+        &lt;domain name="example.com" localOnly="no"/&gt;
+        &lt;forward mode="nat" dev="eth0"/&gt;
+        ...</pre>

    <dl>
      <dt><code>bridge</code></dt>
@@ -260,28 +249,6 @@
            <span class="since">Since 0.4.2</span>
          </dd>

-          <dt><code>open</code></dt>
-          <dd>
-            As with mode='route', guest network traffic will be
-            forwarded to the physical network via the host's IP
-            routing stack, but there will be no firewall rules added
-            to either enable or prevent any of this traffic. When
-            forward='open' is set, the <code>dev</code> attribute
-            cannot be set (because the forward dev is enforced with
-            firewall rules, and the purpose of forward='open' is to
-            have a forwarding mode where libvirt doesn't add any
-            firewall rules).  This mode presumes that the local LAN
-            router has suitable routing table entries to return
-            traffic to this host, and that some other management
-            system has been used to put in place any necessary
-            firewall rules. Although no firewall rules will be added
-            for the network, it is of course still possible to add
-            restrictions for specific guests using
-            <a href="formatnwfilter.html">nwfilter rules</a> on the
-            guests' interfaces.)
-            <span class="since">Since 2.2.0</span>
-          </dd>
-
          <dt><code>bridge</code></dt>
          <dd>
            This network describes either 1) an existing host bridge
@@ -640,47 +607,31 @@
 </pre>

    <p>
-      If (and only if) the network connection used by the guest
-      supports VLAN tagging transparent to the guest, an
-      optional <code>&lt;vlan&gt;</code> element can specify one or
-      more VLAN tags to apply to the guest's network
-      traffic <span class="since">Since 0.10.0</span>. Network
-      connections that support guest-transparent VLAN tagging include
-      1) type='bridge' interfaces connected to an Open vSwitch bridge
-      <span class="since">Since 0.10.0</span>, 2) SRIOV Virtual
-      Functions (VF) used via type='hostdev' (direct device
-      assignment) <span class="since">Since 0.10.0</span>, and 3)
-      SRIOV VFs used via type='direct' with mode='passthrough'
-      (macvtap "passthru" mode) <span class="since">Since
-      1.3.5</span>. All other connection types, including standard
+      If (and only if) the network type supports vlan tagging
+      transparent to the guest, an optional <code>&lt;vlan&gt;</code>
+      element can specify one or more vlan tags to apply to the
+      traffic of all guests using this
+      network <span class="since">Since 0.10.0</span>. (openvswitch
+      and type='hostdev' SR-IOV networks do support transparent vlan
+      tagging of guest traffic; everything else, including standard
      linux bridges and libvirt's own virtual networks, <b>do not</b>
      support it. 802.1Qbh (vn-link) and 802.1Qbg (VEPA) switches
      provide their own way (outside of libvirt) to tag guest traffic
-      onto a specific VLAN. Each tag is given in a
-      separate <code>&lt;tag&gt;</code> subelement
-      of <code>&lt;vlan&gt;</code> (for example: <code>&lt;tag
-      id='42'/&gt;</code>). For VLAN trunking of multiple tags (which
-      is supported only on Open vSwitch connections),
-      multiple <code>&lt;tag&gt;</code> subelements can be specified,
-      which implies that the user wants to do VLAN trunking on the
-      interface for all the specified tags. In the case that VLAN
-      trunking of a single tag is desired, the optional
-      attribute <code>trunk='yes'</code> can be added to the toplevel
-      <code>&lt;vlan&gt;</code> element to differentiate trunking of a
-      single tag from normal tagging.
+      onto specific vlans.) As expected, the <code>tag</code>
+      attribute specifies which vlan tag to use. If a network has more
+      than one <code>&lt;vlan&gt;</code> element defined, it is
+      assumed that the user wants to do VLAN trunking using all the
+      specified tags. In the case that vlan trunking with a single tag
+      is desired, the optional attribute <code>trunk='yes'</code> can
+      be added to the vlan element.
    </p>
    <p>
-      For network connections using Open vSwitch it is also possible
-      to configure 'native-tagged' and 'native-untagged' VLAN modes
-      <span class="since">Since 1.1.0.</span> This is done with the
-      optional <code>nativeMode</code> attribute on
-      the <code>&lt;tag&gt;</code> subelement: <code>nativeMode</code>
-      may be set to 'tagged' or 'untagged'. The <code>id</code>
-      attribute of the <code>&lt;tag&gt;</code> subelement
-      containing <code>nativeMode</code> sets which VLAN is considered
-      to be the "native" VLAN for this interface, and
-      the <code>nativeMode</code> attribute determines whether or not
-      traffic for that VLAN will be tagged.
+      For network connections using openvswitch it is possible to
+      configure the 'native-tagged' and 'native-untagged' vlan modes
+      <span class="since">Since 1.1.0</span>. This uses the optional
+      <code>nativeMode</code> attribute on the <code>&lt;tag&gt;</code>
+      element: <code>nativeMode</code> may be set to 'tagged' or
+      'untagged'. The id attribute of the element sets the native vlan.
    </p>
    <p>
      <code>&lt;vlan&gt;</code> elements can also be specified in
@@ -815,18 +766,18 @@
    </p>

    <pre>
-...
-  &lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt;
-    &lt;dhcp&gt;
-      &lt;range start="192.168.122.128" end="192.168.122.254" /&gt;
-    &lt;/dhcp&gt;
-  &lt;/ip&gt;
-  &lt;route address="192.168.222.0" prefix="24" gateway="192.168.122.2" /&gt;
-  &lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" /&gt;
-  &lt;route family="ipv6" address="2001:db8:ca2:3::" prefix="64" gateway="2001:db8:ca2:2::2"/&gt;
-  &lt;route family="ipv6" address="2001:db9:4:1::" prefix="64" gateway="2001:db8:ca2:2::3" metric='2'&gt;
-  &lt;/route&gt;
-...
+      ...
+        &lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt;
+          &lt;dhcp&gt;
+            &lt;range start="192.168.122.128" end="192.168.122.254" /&gt;
+          &lt;/dhcp&gt;
+        &lt;/ip&gt;
+        &lt;route address="192.168.222.0" prefix="24" gateway="192.168.122.2" /&gt;
+        &lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" /&gt;
+        &lt;route family="ipv6" address="2001:db8:ca2:3::" prefix="64" gateway="2001:db8:ca2:2::2"/&gt;
+        &lt;route family="ipv6" address="2001:db9:4:1::" prefix="64" gateway="2001:db8:ca2:2::3" metric='2'&gt;
+        &lt;/route&gt;
+      ...
    </pre>

    <h3><a name="elementsAddress">Addressing</a></h3>
@@ -841,30 +792,29 @@
    </p>

    <pre>
-...
-&lt;mac address='00:16:3E:5D:C7:9E'/&gt;
-&lt;domain name="example.com"/&gt;
-&lt;dns&gt;
-  &lt;txt name="example" value="example value" /&gt;
-  &lt;forwarder addr="8.8.8.8"/&gt;
-  &lt;forwarder domain='example.com' addr="8.8.4.4"/&gt;
-  &lt;forwarder domain='www.example.com'/&gt;
-  &lt;srv service='name' protocol='tcp' domain='test-domain-name' target='.' port='1024' priority='10' weight='10'/&gt;
-  &lt;host ip='192.168.122.2'&gt;
-    &lt;hostname&gt;myhost&lt;/hostname&gt;
-    &lt;hostname&gt;myhostalias&lt;/hostname&gt;
-  &lt;/host&gt;
-&lt;/dns&gt;
-&lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt;
-  &lt;dhcp&gt;
-    &lt;range start="192.168.122.100" end="192.168.122.254" /&gt;
-    &lt;host mac="00:16:3e:77:e2:ed" name="foo.example.com" ip="192.168.122.10" /&gt;
-    &lt;host mac="00:16:3e:3e:a9:1a" name="bar.example.com" ip="192.168.122.11" /&gt;
-  &lt;/dhcp&gt;
-&lt;/ip&gt;
-&lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" /&gt;
-&lt;route family="ipv6" address="2001:db9:ca1:1::" prefix="64" gateway="2001:db8:ca2:2::2" /&gt;
-</pre>
+        ...
+        &lt;mac address='00:16:3E:5D:C7:9E'/&gt;
+        &lt;domain name="example.com"/&gt;
+        &lt;dns&gt;
+          &lt;txt name="example" value="example value" /&gt;
+          &lt;forwarder addr="8.8.8.8"/&gt;
+          &lt;forwarder addr="8.8.4.4"/&gt;
+          &lt;srv service='name' protocol='tcp' domain='test-domain-name' target='.' port='1024' priority='10' weight='10'/&gt;
+          &lt;host ip='192.168.122.2'&gt;
+            &lt;hostname&gt;myhost&lt;/hostname&gt;
+            &lt;hostname&gt;myhostalias&lt;/hostname&gt;
+          &lt;/host&gt;
+        &lt;/dns&gt;
+        &lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt;
+          &lt;dhcp&gt;
+            &lt;range start="192.168.122.100" end="192.168.122.254" /&gt;
+            &lt;host mac="00:16:3e:77:e2:ed" name="foo.example.com" ip="192.168.122.10" /&gt;
+            &lt;host mac="00:16:3e:3e:a9:1a" name="bar.example.com" ip="192.168.122.11" /&gt;
+          &lt;/dhcp&gt;
+        &lt;/ip&gt;
+        &lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" /&gt;
+        &lt;route family="ipv6" address="2001:db9:ca1:1::" prefix="64" gateway="2001:db8:ca2:2::2" /&gt;
+      &lt;/network&gt;</pre>

    <dl>
      <dt><code>mac</code></dt>
@@ -886,18 +836,6 @@
        information for the virtual network's DNS
        server <span class="since">Since 0.9.3</span>.

-        <p>
-          The dns element can have an optional <code>enable</code>
-          attribute <span class="since">Since 2.2.0</span>.
-          If <code>enable</code> is "no", then no DNS server will be
-          setup by libvirt for this network (and any other
-          configuration in <code>&lt;dns&gt;</code> will be ignored).
-          If <code>enable</code> is "yes" or unspecified (including
-          the complete absence of any <code>&lt;dns&gt;</code>
-          element) then a DNS server will be setup by libvirt to
-          listen on all IP addresses specified in the network's
-          configuration.
-        </p>
        <p>
          The dns element
          can have an optional <code>forwardPlainNames</code>
@@ -916,25 +854,12 @@
        Currently supported sub-elements of <code>&lt;dns&gt;</code> are:
        <dl>
          <dt><code>forwarder</code></dt>
-          <dd>The dns element can have 0 or
-            more <code>&lt;forwarder&gt;</code> elements.  Each
-            forwarder element defines an alternate DNS server to use
-            for some, or all, DNS requests sent to this network's DNS
-            server. There are two attributes - <code>domain</code>,
-            and <code>addr</code>; at least one of these must be
-            specified in any <code>&lt;forwarder&gt;</code>
-            element. If both <code>domain</code> and <code>addr</code>
-            are specified, then all requests that match the given
-            domain will be forwarded to the DNS server at addr. If
-            only <code>domain</code> is specified, then all matching
-            domains will be resolved locally (or via the host's
-            standard DNS forwarding if they can't be resolved
-            locally). If an <code>addr</code> is specified by itself,
-            then all DNS requests to the network's DNS server will be
-            forwarded to the DNS server at that address with no
-            exceptions. <code>addr</code> <span class="since">Since
-            1.1.3</span>, <code>domain</code> <span class="since">Since
-            2.2.0</span>.
+          <dd>A <code>dns</code> element can have 0 or
+            more <code>forwarder</code> elements.  Each forwarder
+            element defines an IP address to be used as forwarder in
+            DNS server configuration. The addr attribute is required
+            and defines the IP address of every
+            forwarder. <span class="since">Since 1.1.3</span>
          </dd>
          <dt><code>txt</code></dt>
          <dd>A <code>dns</code> element can have 0 or more <code>txt</code> elements.
@@ -1074,17 +999,17 @@
    </p>

    <pre>
-&lt;network&gt;
-  &lt;name&gt;default&lt;/name&gt;
-  &lt;bridge name="virbr0" /&gt;
-  &lt;forward mode="nat"/&gt;
-  &lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt;
-    &lt;dhcp&gt;
-      &lt;range start="192.168.122.2" end="192.168.122.254" /&gt;
-    &lt;/dhcp&gt;
-  &lt;/ip&gt;
-  &lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" /&gt;
-&lt;/network&gt;</pre>
+      &lt;network&gt;
+        &lt;name&gt;default&lt;/name&gt;
+        &lt;bridge name="virbr0" /&gt;
+        &lt;forward mode="nat"/&gt;
+        &lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt;
+          &lt;dhcp&gt;
+            &lt;range start="192.168.122.2" end="192.168.122.254" /&gt;
+          &lt;/dhcp&gt;
+        &lt;/ip&gt;
+        &lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" /&gt;
+      &lt;/network&gt;</pre>


    <p>
@@ -1093,21 +1018,21 @@
    </p>

    <pre>
-&lt;network&gt;
-  &lt;name&gt;default6&lt;/name&gt;
-  &lt;bridge name="virbr0" /&gt;
-  &lt;forward mode="nat"/&gt;
-  &lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt;
-    &lt;dhcp&gt;
-      &lt;range start="192.168.122.2" end="192.168.122.254" /&gt;
-    &lt;/dhcp&gt;
-  &lt;/ip&gt;
-  &lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" &gt;
-    &lt;dhcp&gt;
-      &lt;range start="2001:db8:ca2:2:1::10" end="2001:db8:ca2:2:1::ff" /&gt;
-    &lt;/dhcp&gt;
-  &lt;/ip&gt;
-&lt;/network&gt;</pre>
+      &lt;network&gt;
+        &lt;name&gt;default6&lt;/name&gt;
+        &lt;bridge name="virbr0" /&gt;
+        &lt;forward mode="nat"/&gt;
+        &lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt;
+          &lt;dhcp&gt;
+            &lt;range start="192.168.122.2" end="192.168.122.254" /&gt;
+          &lt;/dhcp&gt;
+        &lt;/ip&gt;
+        &lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" &gt;
+          &lt;dhcp&gt;
+            &lt;range start="2001:db8:ca2:2:1::10" end="2001:db8:ca2:2:1::ff" /&gt;
+          &lt;/dhcp&gt;
+        &lt;/ip&gt;
+      &lt;/network&gt;</pre>

    <h3><a name="examplesRoute">Routed network config</a></h3>

@@ -1121,17 +1046,17 @@
    </p>

    <pre>
-&lt;network&gt;
-  &lt;name&gt;local&lt;/name&gt;
-  &lt;bridge name="virbr1" /&gt;
-  &lt;forward mode="route" dev="eth1"/&gt;
-  &lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt;
-    &lt;dhcp&gt;
-      &lt;range start="192.168.122.2" end="192.168.122.254" /&gt;
-    &lt;/dhcp&gt;
-  &lt;/ip&gt;
-  &lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" /&gt;
-&lt;/network&gt;</pre>
+      &lt;network&gt;
+        &lt;name&gt;local&lt;/name&gt;
+        &lt;bridge name="virbr1" /&gt;
+        &lt;forward mode="route" dev="eth1"/&gt;
+        &lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt;
+          &lt;dhcp&gt;
+            &lt;range start="192.168.122.2" end="192.168.122.254" /&gt;
+          &lt;/dhcp&gt;
+        &lt;/ip&gt;
+        &lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" /&gt;
+      &lt;/network&gt;</pre>

    <p>
      Below is another IPv6 variation.  Instead of a dhcp range being
@@ -1144,24 +1069,24 @@
    </p>

    <pre>
-&lt;network&gt;
-  &lt;name&gt;local6&lt;/name&gt;
-  &lt;bridge name="virbr1" /&gt;
-  &lt;forward mode="route" dev="eth1"/&gt;
-  &lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt;
-    &lt;dhcp&gt;
-      &lt;range start="192.168.122.2" end="192.168.122.254" /&gt;
-    &lt;/dhcp&gt;
-  &lt;/ip&gt;
-  &lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" &gt;
-    &lt;dhcp&gt;
-      &lt;host name="paul"   ip="2001:db8:ca2:2:3::1" /&gt;
-      &lt;host id="0:1:0:1:18:aa:62:fe:0:16:3e:44:55:66"    ip="2001:db8:ca2:2:3::2" /&gt;
-      &lt;host id="0:3:0:1:0:16:3e:11:22:33" name="ralph"  ip="2001:db8:ca2:2:3::3" /&gt;
-      &lt;host id="0:4:7e:7d:f0:7d:a8:bc:c5:d2:13:32:11:ed:16:ea:84:63" name="badbob" ip="2001:db8:ca2:2:3::4" /&gt;
-    &lt;/dhcp&gt;
-  &lt;/ip&gt;
-&lt;/network&gt;</pre>
+      &lt;network&gt;
+        &lt;name&gt;local6&lt;/name&gt;
+        &lt;bridge name="virbr1" /&gt;
+        &lt;forward mode="route" dev="eth1"/&gt;
+        &lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt;
+          &lt;dhcp&gt;
+            &lt;range start="192.168.122.2" end="192.168.122.254" /&gt;
+          &lt;/dhcp&gt;
+        &lt;/ip&gt;
+        &lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" &gt;
+          &lt;dhcp&gt;
+            &lt;host name="paul"   ip="2001:db8:ca2:2:3::1" /&gt;
+            &lt;host id="0:1:0:1:18:aa:62:fe:0:16:3e:44:55:66"    ip="2001:db8:ca2:2:3::2" /&gt;
+            &lt;host id="0:3:0:1:0:16:3e:11:22:33" name="ralph"  ip="2001:db8:ca2:2:3::3" /&gt;
+            &lt;host id="0:4:7e:7d:f0:7d:a8:bc:c5:d2:13:32:11:ed:16:ea:84:63" name="badbob" ip="2001:db8:ca2:2:3::4" /&gt;
+          &lt;/dhcp&gt;
+        &lt;/ip&gt;
+      &lt;/network&gt;</pre>

    <p>
      Below is yet another IPv6 variation.  This variation has only
@@ -1176,19 +1101,19 @@
    </p>

    <pre>
-&lt;network&gt;
-  &lt;name&gt;net7&lt;/name&gt;
-  &lt;bridge name="virbr7" /&gt;
-  &lt;forward mode="route"/&gt;
-  &lt;ip family="ipv6" address="2001:db8:ca2:7::1" prefix="64" &gt;
-    &lt;dhcp&gt;
-      &lt;range start="2001:db8:ca2:7::100" end="2001:db8:ca2::1ff" /&gt;
-      &lt;host id="0:4:7e:7d:f0:7d:a8:bc:c5:d2:13:32:11:ed:16:ea:84:63" name="lucas" ip="2001:db8:ca2:2:3::4" /&gt;
-    &lt;/dhcp&gt;
-  &lt;/ip&gt;
-  &lt;route family="ipv6" address="2001:db8:ca2:8::" prefix="64" gateway="2001:db8:ca2:7::4" &gt;
-  &lt;/route&gt;
-&lt;/network&gt;</pre>
+      &lt;network&gt;
+        &lt;name&gt;net7&lt;/name&gt;
+        &lt;bridge name="virbr7" /&gt;
+        &lt;forward mode="route"/&gt;
+        &lt;ip family="ipv6" address="2001:db8:ca2:7::1" prefix="64" &gt;
+          &lt;dhcp&gt;
+            &lt;range start="2001:db8:ca2:7::100" end="2001:db8:ca2::1ff" /&gt;
+            &lt;host id="0:4:7e:7d:f0:7d:a8:bc:c5:d2:13:32:11:ed:16:ea:84:63" name="lucas" ip="2001:db8:ca2:2:3::4" /&gt;
+          &lt;/dhcp&gt;
+        &lt;/ip&gt;
+        &lt;route family="ipv6" address="2001:db8:ca2:8::" prefix="64" gateway="2001:db8:ca2:7::4" &gt;
+        &lt;/route&gt;
+      &lt;/network&gt;</pre>

    <h3><a name="examplesPrivate">Isolated network config</a></h3>

@@ -1201,16 +1126,16 @@
    </p>

    <pre>
-&lt;network&gt;
-  &lt;name&gt;private&lt;/name&gt;
-  &lt;bridge name="virbr2" /&gt;
-  &lt;ip address="192.168.152.1" netmask="255.255.255.0"&gt;
-    &lt;dhcp&gt;
-      &lt;range start="192.168.152.2" end="192.168.152.254" /&gt;
-    &lt;/dhcp&gt;
-  &lt;/ip&gt;
-  &lt;ip family="ipv6" address="2001:db8:ca2:3::1" prefix="64" /&gt;
-&lt;/network&gt;</pre>
+      &lt;network&gt;
+        &lt;name&gt;private&lt;/name&gt;
+        &lt;bridge name="virbr2" /&gt;
+        &lt;ip address="192.168.152.1" netmask="255.255.255.0"&gt;
+          &lt;dhcp&gt;
+            &lt;range start="192.168.152.2" end="192.168.152.254" /&gt;
+          &lt;/dhcp&gt;
+        &lt;/ip&gt;
+        &lt;ip family="ipv6" address="2001:db8:ca2:3::1" prefix="64" /&gt;
+      &lt;/network&gt;</pre>

    <h3><a name="examplesPrivate6">Isolated IPv6 network config</a></h3>

@@ -1224,18 +1149,18 @@
    </p>

    <pre>
-&lt;network&gt;
-  &lt;name&gt;sixnet&lt;/name&gt;
-  &lt;bridge name="virbr6" /&gt;
-  &lt;ip family="ipv6" address="2001:db8:ca2:6::1" prefix="64" &gt;
-    &lt;dhcp&gt;
-      &lt;host name="peter"   ip="2001:db8:ca2:6:6::1" /&gt;
-      &lt;host id="0:1:0:1:18:aa:62:fe:0:16:3e:44:55:66" ip="2001:db8:ca2:6:6::2" /&gt;
-      &lt;host id="0:3:0:1:0:16:3e:11:22:33" name="dariusz" ip="2001:db8:ca2:6:6::3" /&gt;
-      &lt;host id="0:4:7e:7d:f0:7d:a8:bc:c5:d2:13:32:11:ed:16:ea:84:63" name="anita" ip="2001:db8:ca2:6:6::4" /&gt;
-    &lt;/dhcp&gt;
-  &lt;/ip&gt;
-&lt;/network&gt;</pre>
+      &lt;network&gt;
+        &lt;name&gt;sixnet&lt;/name&gt;
+        &lt;bridge name="virbr6" /&gt;
+        &lt;ip family="ipv6" address="2001:db8:ca2:6::1" prefix="64" &gt;
+          &lt;dhcp&gt;
+            &lt;host name="peter"   ip="2001:db8:ca2:6:6::1" /&gt;
+            &lt;host id="0:1:0:1:18:aa:62:fe:0:16:3e:44:55:66" ip="2001:db8:ca2:6:6::2" /&gt;
+            &lt;host id="0:3:0:1:0:16:3e:11:22:33" name="dariusz" ip="2001:db8:ca2:6:6::3" /&gt;
+            &lt;host id="0:4:7e:7d:f0:7d:a8:bc:c5:d2:13:32:11:ed:16:ea:84:63" name="anita" ip="2001:db8:ca2:6:6::4" /&gt;
+          &lt;/dhcp&gt;
+        &lt;/ip&gt;
+      &lt;/network&gt;</pre>

    <h3><a name="examplesBridge">Using an existing host bridge</a></h3>

@@ -1249,11 +1174,11 @@
    </p>

    <pre>
-&lt;network&gt;
-  &lt;name&gt;host-bridge&lt;/name&gt;
-  &lt;forward mode="bridge"/&gt;
-  &lt;bridge name="br0"/&gt;
-&lt;/network&gt;</pre>
+      &lt;network&gt;
+        &lt;name&gt;host-bridge&lt;/name&gt;
+        &lt;forward mode="bridge"/&gt;
+        &lt;bridge name="br0"/&gt;
+      &lt;/network&gt;</pre>

    <h3><a name="examplesDirect">Using a macvtap "direct" connection</a></h3>

@@ -1279,16 +1204,16 @@
    </p>

    <pre>
-&lt;network&gt;
-  &lt;name&gt;direct-macvtap&lt;/name&gt;
-  &lt;forward mode="bridge"&gt;
-    &lt;interface dev="eth20"/&gt;
-    &lt;interface dev="eth21"/&gt;
-    &lt;interface dev="eth22"/&gt;
-    &lt;interface dev="eth23"/&gt;
-    &lt;interface dev="eth24"/&gt;
-  &lt;/forward&gt;
-&lt;/network&gt;</pre>
+      &lt;network&gt;
+        &lt;name&gt;direct-macvtap&lt;/name&gt;
+        &lt;forward mode="bridge"&gt;
+          &lt;interface dev="eth20"/&gt;
+          &lt;interface dev="eth21"/&gt;
+          &lt;interface dev="eth22"/&gt;
+          &lt;interface dev="eth23"/&gt;
+          &lt;interface dev="eth24"/&gt;
+        &lt;/forward&gt;
+      &lt;/network&gt;</pre>

    <h3><a name="examplesNoGateway">Network config with no gateway addresses</a></h3>

@@ -1303,12 +1228,12 @@
    </p>

    <pre>
-&lt;network ipv6='yes'&gt;
-  &lt;name&gt;nogw&lt;/name&gt;
-  &lt;uuid&gt;7a3b7497-1ec7-8aef-6d5c-38dff9109e93&lt;/uuid&gt;
-  &lt;bridge name="virbr2" stp="on" delay="0" /&gt;
-  &lt;mac address='00:16:3E:5D:C7:9E'/&gt;
-&lt;/network&gt;</pre>
+      &lt;network ipv6='yes'&gt;
+        &lt;name&gt;nogw&lt;/name&gt;
+        &lt;uuid&gt;7a3b7497-1ec7-8aef-6d5c-38dff9109e93&lt;/uuid&gt;
+        &lt;bridge name="virbr2" stp="on" delay="0" /&gt;
+        &lt;mac address='00:16:3E:5D:C7:9E'/&gt;
+      &lt;/network&gt;</pre>

  </body>
 </html>
--- a/docs/formatnode.html.in
+++ b/docs/formatnode.html.in
@@ -97,38 +97,27 @@
              <dd>
                This optional element can occur multiple times. If it
                exists, it has a mandatory <code>type</code> attribute
-                which will be set to:
-                <dl>
-                  <dt><code>physical_function</code></dt>
-                  <dd>
-                    That means there will be a single <code>address</code>
-                    subelement which contains the PCI address of the SRIOV
-                    Physical Function (PF) that is the parent of this device
-                    (and this device is, by implication, an SRIOV Virtual
-                    Function (VF)).
-                  </dd>
-                  <dt><code>virtual_function</code></dt>
-                  <dd>
-                    In this case this device is an SRIOV PF, and the capability
-                    element will have a list of <code>address</code>
-                    subelements, one for each VF on this PF. If the host system
-                    supports reporting it (via the "sriov_maxvfs" file in the
-                    device's sysfs directory) the capability element will also
-                    have an attribute named <code>maxCount</code> which is the
-                    maximum number of SRIOV VFs supported by this device, which
-                    could be higher than the number of VFs that are curently
-                    active <span class="since">since 1.3.0</span>; in this case,
-                    even if there are currently no active VFs the
-                    virtual_functions capabililty will still be shown.
-                  </dd>
-                  <dt><code>pci-bridge</code> or <code>cardbus-bridge</code></dt>
-                  <dd>
-                    This shows merely that the lower 7 bits of PCI header type
-                    have either value of 1 or 2 respectively.  Usually this
-                    means such device cannot be used for PCI passthrough.
-                    <span class="since">Since 1.3.3</span>
-                  </dd>
-                </dl>
+                which will be set to
+                either <code>physical_function</code>
+                or <code>virtual_functions</code>. If the type
+                is <code>physical_function</code>, there will be a
+                single <code>address</code> subelement which contains
+                the PCI address of the SRIOV Physical Function (PF)
+                that is the parent of this device (and this device is,
+                by implication, an SRIOV Virtual Function (VF)). If
+                the type is <code>virtual_functions</code>, then this
+                device is an SRIOV PF, and the capability element will
+                have a list of <code>address</code> subelements, one
+                for each VF on this PF. If the host system supports
+                reporting it (via the "sriov_maxvfs" file in the
+                device's sysfs directory) the capability element will
+                also have an attribute named <code>maxCount</code>
+                which is the maximum number of SRIOV VFs supported by
+                this device, which could be higher than the number of
+                VFs that are curently active <span class="since">since
+                1.3.0</span>; in this case, even if there are
+                currently no active VFs the virtual_functions
+                capabililty will still be shown.
              </dd>
              <dt><code>numa</code></dt>
              <dd>
--- a/docs/formatnwfilter.html.in
+++ b/docs/formatnwfilter.html.in
@@ -61,14 +61,14 @@
    the filter <code>clean-traffic</code>.
    </p>
 <pre>
-...
-&lt;devices&gt;
-  &lt;interface type='bridge'&gt;
-    &lt;mac address='00:16:3e:5d:c7:9e'/&gt;
-    &lt;filterref filter='clean-traffic'/&gt;
-  &lt;/interface&gt;
-&lt;/devices&gt;
-...</pre>
+  ...
+  &lt;devices&gt;
+    &lt;interface type='bridge'&gt;
+      &lt;mac address='00:16:3e:5d:c7:9e'/&gt;
+      &lt;filterref filter='clean-traffic'/&gt;
+    &lt;/interface&gt;
+  &lt;/devices&gt;
+  ...</pre>

    <p>
    Network filters are written in XML and may either contain references
@@ -91,16 +91,16 @@
    the parameter <code>IP</code> and a dotted IP address as value.
    </p>
 <pre>
-...
-&lt;devices&gt;
-  &lt;interface type='bridge'&gt;
-    &lt;mac address='00:16:3e:5d:c7:9e'/&gt;
-    &lt;filterref filter='clean-traffic'&gt;
-      &lt;parameter name='IP' value='10.0.0.1'/&gt;
-    &lt;/filterref&gt;
-  &lt;/interface&gt;
-&lt;/devices&gt;
-...</pre>
+  ...
+  &lt;devices&gt;
+    &lt;interface type='bridge'&gt;
+      &lt;mac address='00:16:3e:5d:c7:9e'/&gt;
+      &lt;filterref filter='clean-traffic'&gt;
+        &lt;parameter name='IP' value='10.0.0.1'/&gt;
+      &lt;/filterref&gt;
+    &lt;/interface&gt;
+  &lt;/devices&gt;
+  ...</pre>

    <p>
      In this particular example, the <code>clean-traffic</code> network
@@ -285,18 +285,18 @@
      providing multiple elements for the IP variable is:
    </p>
 <pre>
-...
-&lt;devices&gt;
-  &lt;interface type='bridge'&gt;
-    &lt;mac address='00:16:3e:5d:c7:9e'/&gt;
-    &lt;filterref filter='clean-traffic'&gt;
-      &lt;parameter name='IP' value='10.0.0.1'/&gt;
-      &lt;parameter name='IP' value='10.0.0.2'/&gt;
-      &lt;parameter name='IP' value='10.0.0.3'/&gt;
-    &lt;/filterref&gt;
-  &lt;/interface&gt;
-&lt;/devices&gt;
-...</pre>
+  ...
+  &lt;devices&gt;
+    &lt;interface type='bridge'&gt;
+      &lt;mac address='00:16:3e:5d:c7:9e'/&gt;
+      &lt;filterref filter='clean-traffic'&gt;
+        &lt;parameter name='IP' value='10.0.0.1'/&gt;
+        &lt;parameter name='IP' value='10.0.0.2'/&gt;
+        &lt;parameter name='IP' value='10.0.0.3'/&gt;
+      &lt;/filterref&gt;
+    &lt;/interface&gt;
+  &lt;/devices&gt;
+  ...</pre>
    <p>
      This then allows filters to enable multiple IP addresses
      per interface. Therefore, with the list
@@ -304,11 +304,11 @@
      individual filtering rules, one for each IP address.
    </p>
 <pre>
-...
-&lt;rule action='accept' direction='in' priority='500'&gt;
-  &lt;tcp srpipaddr='$IP'/&gt;
-&lt;/rule&gt;
-...
+  ...
+  &lt;rule action='accept' direction='in' priority='500'&gt;
+    &lt;tcp srpipaddr='$IP'/&gt;
+  &lt;/rule&gt;
+  ...
 </pre>
    <p>
      <span class="since">Since 0.9.10</span> it is possible to access
@@ -317,11 +317,11 @@
      of the variable DSTPORTS.
    </p>
 <pre>
-...
-&lt;rule action='accept' direction='in' priority='500'&gt;
-  &lt;udp dstportstart='$DSTPORTS[1]'/&gt;
-&lt;/rule&gt;
-...
+  ...
+  &lt;rule action='accept' direction='in' priority='500'&gt;
+    &lt;udp dstportstart='$DSTPORTS[1]'/&gt;
+  &lt;/rule&gt;
+  ...
 </pre>
    <p>
      <span class="since">Since 0.9.10</span> it is possible to create
@@ -336,29 +336,29 @@
      iterators to access their elements.
    </p>
 <pre>
-...
-&lt;rule action='accept' direction='in' priority='500'&gt;
-  &lt;ip srcipaddr='$SRCIPADDRESSES[@1]' dstportstart='$DSTPORTS[@2]'/&gt;
-&lt;/rule&gt;
-...
+  ...
+  &lt;rule action='accept' direction='in' priority='500'&gt;
+    &lt;ip srcipaddr='$SRCIPADDRESSES[@1]' dstportstart='$DSTPORTS[@2]'/&gt;
+  &lt;/rule&gt;
+  ...
 </pre>

    <p>
      In an example we assign concrete values to SRCIPADDRESSES and DSTPORTS
    </p>
 <pre>
-SRCIPADDRESSES = [ 10.0.0.1, 11.1.2.3 ]
-DSTPORTS = [ 80, 8080 ]
+  SRCIPADDRESSES = [ 10.0.0.1, 11.1.2.3 ]
+  DSTPORTS = [ 80, 8080 ]
 </pre>
    <p>
      Accessing the variables using $SRCIPADDRESSES[@1] and $DSTPORTS[@2] would
      then result in all combinations of addresses and ports being created:
    </p>
 <pre>
-10.0.0.1, 80
-10.0.0.1, 8080
-11.1.2.3, 80
-11.1.2.3, 8080
+  10.0.0.1, 80
+  10.0.0.1, 8080
+  11.1.2.3, 80
+  11.1.2.3, 8080
 </pre>
    <p>
      Accessing the same variables using a single iterator, for example by using
@@ -366,8 +366,8 @@ DSTPORTS = [ 80, 8080 ]
      parallel access to both lists and result in the following combinations:
    </p>
 <pre>
-10.0.0.1, 80
-11.1.2.3, 8080
+  10.0.0.1, 80
+  11.1.2.3, 8080
 </pre>
    <p>
      Further, the notation of $VARIABLE is short-hand for $VARIABLE[@0]. The
@@ -440,12 +440,12 @@ DSTPORTS = [ 80, 8080 ]
       using the DHCP snooping method:
    </p>
 <pre>
-&lt;interface type='bridge'&gt;
-  &lt;source bridge='virbr0'/&gt;
-  &lt;filterref filter='clean-traffic'&gt;
-    &lt;parameter name='CTRL_IP_LEARNING' value='dhcp'/&gt;
-  &lt;/filterref&gt;
-&lt;/interface&gt;
+    &lt;interface type='bridge'&gt;
+      &lt;source bridge='virbr0'/&gt;
+      &lt;filterref filter='clean-traffic'&gt;
+        &lt;parameter name='CTRL_IP_LEARNING' value='dhcp'/&gt;
+      &lt;/filterref&gt;
+    &lt;/interface&gt;
 </pre>

    <h3><a name="nwfelemsReservedVars">Reserved Variables</a></h3>
@@ -658,10 +658,10 @@ DSTPORTS = [ 80, 8080 ]
    </p>
 <pre>
 [...]
-&lt;rule action='drop' direction='in'&gt;
-  &lt;protocol match='no' attribute1='value1' attribute2='value2'/&gt;
-  &lt;protocol attribute3='value3'/&gt;
-&lt;/rule&gt;
+  &lt;rule action='drop' direction='in'&gt;
+    &lt;protocol match='no' attribute1='value1' attribute2='value2'/&gt;
+    &lt;protocol attribute3='value3'/&gt;
+  &lt;/rule&gt;
 [...]
 </pre>
    <p>
@@ -1779,9 +1779,9 @@ DSTPORTS = [ 80, 8080 ]
      <br/><br/>
    </p>

-    <h5><a name="nwfelemsRulesProtoMiscv6">ESP, AH, UDPLITE, 'ALL' over IPv6</a></h5>
+    <h5><a name="nwfelemsRulesProtoMiscv6">IGMP, ESP, AH, UDPLITE, 'ALL' over IPv6</a></h5>
    <p>
-      Protocol ID: <code>esp-ipv6</code>, <code>ah-ipv6</code>, <code>udplite-ipv6</code>, <code>all-ipv6</code>
+      Protocol ID: <code>igmp-ipv6</code>, <code>esp-ipv6</code>, <code>ah-ipv6</code>, <code>udplite-ipv6</code>, <code>all-ipv6</code>
      <br/>
      Note: The chain parameter is ignored for this type of traffic
      and should either be omitted or set to <code>root</code>.
@@ -1896,11 +1896,11 @@ DSTPORTS = [ 80, 8080 ]
     turned off for incoming connections to TCP port 12345.
    </p>
 <pre>
-[...]
-&lt;rule direction='in' action='accept' statematch='false'&gt;
-  &lt;tcp dstportstart='12345'/&gt;
-&lt;/rule&gt;
-[...]
+   [...]
+    &lt;rule direction='in' action='accept' statematch='false'&gt;
+      &lt;tcp dstportstart='12345'/&gt;
+    &lt;/rule&gt;
+   [...]
 </pre>
    <p>
     This now allows incoming traffic to TCP port 12345, but would also
@@ -1918,26 +1918,26 @@ DSTPORTS = [ 80, 8080 ]
     time, the following XML fragment can be used to achieve this.
    </p>
 <pre>
-[...]
-&lt;rule action='drop' direction='in' priority='400'&gt;
-  &lt;tcp connlimit-above='1'/&gt;
-&lt;/rule&gt;
-&lt;rule action='accept' direction='in' priority='500'&gt;
-  &lt;tcp dstportstart='22'/&gt;
-&lt;/rule&gt;
-&lt;rule action='drop' direction='out' priority='400'&gt;
-  &lt;icmp connlimit-above='1'/&gt;
-&lt;/rule&gt;
-&lt;rule action='accept' direction='out' priority='500'&gt;
-  &lt;icmp/&gt;
-&lt;/rule&gt;
-&lt;rule action='accept' direction='out' priority='500'&gt;
-  &lt;udp dstportstart='53'/&gt;
-&lt;/rule&gt;
-&lt;rule action='drop' direction='inout' priority='1000'&gt;
-  &lt;all/&gt;
-&lt;/rule&gt;
-[...]
+  [...]
+  &lt;rule action='drop' direction='in' priority='400'&gt;
+    &lt;tcp connlimit-above='1'/&gt;
+  &lt;/rule&gt;
+  &lt;rule action='accept' direction='in' priority='500'&gt;
+    &lt;tcp dstportstart='22'/&gt;
+  &lt;/rule&gt;
+  &lt;rule action='drop' direction='out' priority='400'&gt;
+    &lt;icmp connlimit-above='1'/&gt;
+  &lt;/rule&gt;
+  &lt;rule action='accept' direction='out' priority='500'&gt;
+    &lt;icmp/&gt;
+  &lt;/rule&gt;
+  &lt;rule action='accept' direction='out' priority='500'&gt;
+    &lt;udp dstportstart='53'/&gt;
+  &lt;/rule&gt;
+  &lt;rule action='drop' direction='inout' priority='1000'&gt;
+    &lt;all/&gt;
+  &lt;/rule&gt;
+  [...]
 </pre>
    <p>
     Note that the rule for the limit has to logically appear
@@ -1958,7 +1958,7 @@ DSTPORTS = [ 80, 8080 ]
    </p>

 <pre>
-echo 3 > /proc/sys/net/netfilter/nf_conntrack_icmp_timeout
+  echo 3 > /proc/sys/net/netfilter/nf_conntrack_icmp_timeout
 </pre>
    <p>
      sets the ICMP connection tracking timeout to 3 seconds. The
@@ -2201,12 +2201,12 @@ echo 3 > /proc/sys/net/netfilter/nf_conntrack_icmp_timeout
     the domain XML of the <code>test</code> VM could then look like this:
    </p>
 <pre>
-[...]
-&lt;interface type='bridge'&gt;
-  &lt;source bridge='mybridge'/&gt;
-  &lt;filterref filter='test-eth0'/&gt;
-&lt;/interface&gt;
-[...]
+   [...]
+    &lt;interface type='bridge'&gt;
+      &lt;source bridge='mybridge'/&gt;
+      &lt;filterref filter='test-eth0'/&gt;
+    &lt;/interface&gt;
+   [...]
 </pre>

    <p>
@@ -2216,15 +2216,15 @@ echo 3 > /proc/sys/net/netfilter/nf_conntrack_icmp_timeout
     <code>ICMP</code> rule can be replaced with the following two rules:
    </p>
 <pre>
-&lt;!-- enable outgoing ICMP echo requests--&gt;
-&lt;rule action='accept' direction='out'&gt;
-  &lt;icmp type='8'/&gt;
-&lt;/rule&gt;
+  &lt;!-- enable outgoing ICMP echo requests--&gt;
+  &lt;rule action='accept' direction='out'&gt;
+    &lt;icmp type='8'/&gt;
+  &lt;/rule&gt;

-&lt;!-- enable incoming ICMP echo replies--&gt;
-&lt;rule action='accept' direction='in'&gt;
-  &lt;icmp type='0'/&gt;
-&lt;/rule&gt;
+  &lt;!-- enable incoming ICMP echo replies--&gt;
+  &lt;rule action='accept' direction='in'&gt;
+    &lt;icmp type='0'/&gt;
+  &lt;/rule&gt;
 </pre>

    <h3><a name="nwfwriteexample2nd">Second example custom filter</a></h3>
@@ -2326,9 +2326,9 @@ echo 3 > /proc/sys/net/netfilter/nf_conntrack_icmp_timeout
     the ftp connection with the VM is established.
    </p>
 <pre>
-modprobe nf_conntrack_ftp   # where available  or
+    modprobe nf_conntrack_ftp   # where available  or

-modprobe ip_conntrack_ftp   # if above is not available
+    modprobe ip_conntrack_ftp   # if above is not available
 </pre>
    <p>
     If other protocols than ftp are to be used in conjunction with the
--- a/docs/formatsecret.html.in
+++ b/docs/formatsecret.html.in
@@ -41,83 +41,53 @@
      <dd>
        Specifies what this secret is used for.  A mandatory
        <code>type</code> attribute specifies the usage category, currently
-        only <code>volume</code>, <code>ceph</code>, <code>iscsi</code>,
-        and <code>tls</code> are defined. Specific usage categories
-        are described below.
+        only <code>volume</code>, <code>ceph</code> and <code>iscsi</code>
+        are defined. Specific usage categories are described below.
      </dd>
    </dl>

    <h3><a name="VolumeUsageType">Usage type "volume"</a></h3>

    <p>
-      This secret is associated with a volume, whether the format is either
-      for a "qcow" or a "luks" encrypted volume. Each volume will have a
-      unique secret associated with it and it is safe to delete the
-      secret after the volume is deleted. The
-      <code>&lt;usage type='volume'&gt;</code> element must contain a
-      single <code>volume</code> element that specifies the path of the volume
+      This secret is associated with a volume, and it is safe to delete the
+      secret after the volume is deleted.  The <code>&lt;usage
+      type='volume'&gt;</code> element must contain a
+      single <code>volume</code> element that specifies the key of the volume
      this secret is associated with. For example, create a volume-secret.xml
      file as follows:
    </p>

    <pre>
-&lt;secret ephemeral='no' private='yes'&gt;
-   &lt;description&gt;Super secret name of my first puppy&lt;/description&gt;
-   &lt;uuid&gt;0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f&lt;/uuid&gt;
-   &lt;usage type='volume'&gt;
-      &lt;volume&gt;/var/lib/libvirt/images/puppyname.img&lt;/volume&gt;
-   &lt;/usage&gt;
-&lt;/secret&gt;
+      &lt;secret ephemeral='no' private='yes'&gt;
+         &lt;description&gt;Super secret name of my first puppy&lt;/description&gt;
+         &lt;uuid&gt;0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f&lt;/uuid&gt;
+         &lt;usage type='volume'&gt;
+            &lt;volume&gt;/var/lib/libvirt/images/puppyname.img&lt;/volume&gt;
+         &lt;/usage&gt;
+      &lt;/secret&gt;
    </pre>

    <p>
-      Define the secret and set the passphrase as follows:
+      Define the secret and set the pass phrase as follows:
    </p>
    <pre>
-# virsh secret-define volume-secret.xml
-Secret 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f created
-#
-# MYSECRET=`printf %s "open sesame" | base64`
-# virsh secret-set-value 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f $MYSECRET
-Secret value set
-#
+      # virsh secret-define volume-secret.xml
+      Secret 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f created
+      #
+      # MYSECRET=`printf %s "open sesame" | base64`
+      # virsh secret-set-value 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f $MYSECRET
+      Secret value set
+      #
    </pre>

    <p>
-      The volume type secret can be supplied in domain XML for a qcow storage
-      volume <a href="formatstorageencryption.html">encryption</a> as follows:
+      The volume type secret can then be used in the XML for a storage volume
+      <a href="formatstorageencryption.html">encryption</a> as follows:
    </p>
    <pre>
-&lt;encryption format='qcow'&gt;
-  &lt;secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/&gt;
-&lt;/encryption&gt;
-    </pre>
-
-    <p>
-      The volume type secret can be supplied either in volume XML during
-      creation of a <a href="formatstorage.html#StorageVol">storage volume</a>
-      in order to provide the passphrase to encrypt the volume or in
-      domain XML <a href="formatdomain.html#elementsDisks">disk device</a>
-      in order to provide the passphrase to decrypt the volume,
-      <span class="since">since 2.1.0</span>. An example follows:
-    </p>
-    <pre>
-# cat luks-secret.xml
-&lt;secret ephemeral='no' private='yes'&gt;
-   &lt;description&gt;LUKS Sample Secret&lt;/description&gt;
-   &lt;uuid&gt;f52a81b2-424e-490c-823d-6bd4235bc57&lt;/uuid&gt;
-   &lt;usage type='volume'&gt;
-      &lt;volume&gt;/var/lib/libvirt/images/luks-sample.img&lt;/volume&gt;
-   &lt;/usage&gt;
-&lt;/secret&gt;
-
-# virsh secret-define luks-secret.xml
-Secret f52a81b2-424e-490c-823d-6bd4235bc57 created
-#
-# MYSECRET=`printf %s "letmein" | base64`
-# virsh secret-set-value f52a81b2-424e-490c-823d-6bd4235bc57 $MYSECRET
-Secret value set
-#
+      &lt;encryption format='qcow'&gt;
+        &lt;secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/&gt;
+      &lt;/encryption&gt;
    </pre>

    <h3><a name="CephUsageType">Usage type "ceph"</a></h3>
@@ -134,12 +104,12 @@ Secret value set
    </p>

    <pre>
-&lt;secret ephemeral='no' private='yes'&gt;
-   &lt;description&gt;CEPH passphrase example&lt;/description&gt;
-   &lt;usage type='ceph'&gt;
-      &lt;name&gt;ceph_example&lt;/name&gt;
-   &lt;/usage&gt;
-&lt;/secret&gt;
+      &lt;secret ephemeral='no' private='yes'&gt;
+         &lt;description&gt;CEPH passphrase example&lt;/description&gt;
+         &lt;usage type='ceph'&gt;
+            &lt;name&gt;ceph_example&lt;/name&gt;
+         &lt;/usage&gt;
+      &lt;/secret&gt;
    </pre>

    <p>
@@ -149,19 +119,19 @@ Secret value set
      chosen secret pass phrase.
    </p>
    <pre>
-# virsh secret-define ceph-secret.xml
-Secret 1b40a534-8301-45d5-b1aa-11894ebb1735 created
-#
-# virsh secret-list
- UUID                                 Usage
-----------------------------------------------------------
- 1b40a534-8301-45d5-b1aa-11894ebb1735 cephx ceph_example
-#
-# CEPHPHRASE=`printf %s "pass phrase" | base64`
-# virsh secret-set-value 1b40a534-8301-45d5-b1aa-11894ebb1735 $CEPHPHRASE
-Secret value set
+      # virsh secret-define ceph-secret.xml
+      Secret 1b40a534-8301-45d5-b1aa-11894ebb1735 created
+      #
+      # virsh secret-list
+      UUID                                 Usage
+      -----------------------------------------------------------
+      1b40a534-8301-45d5-b1aa-11894ebb1735 cephx ceph_example
+      #
+      # CEPHPHRASE=`printf %s "pass phrase" | base64`
+      # virsh secret-set-value 1b40a534-8301-45d5-b1aa-11894ebb1735 $CEPHPHRASE
+      Secret value set

-#
+      #
    </pre>

    <p>
@@ -171,9 +141,9 @@ Secret value set
      element as follows:
    </p>
    <pre>
-&lt;auth username='myname'&gt;
-  &lt;secret type='ceph' usage='ceph_example'/&gt;
-&lt;/auth&gt;
+      &lt;auth username='myname'&gt;
+        &lt;secret type='ceph' usage='ceph_example'/&gt;
+      &lt;/auth&gt;
    </pre>

    <p>
@@ -182,9 +152,9 @@ Secret value set
      <code>&lt;source&gt;</code> element as follows:
    </p>
    <pre>
-&lt;auth type='ceph' username='myname'&gt;
-  &lt;secret usage='ceph_example'/&gt;
-&lt;/auth&gt;
+      &lt;auth type='ceph' username='myname'&gt;
+        &lt;secret usage='ceph_example'/&gt;
+      &lt;/auth&gt;
    </pre>

    <h3><a name="iSCSIUsageType">Usage type "iscsi"</a></h3>
@@ -203,11 +173,11 @@ Secret value set
      authentication file:
    </p>
      <pre>
-&lt;target iqn.2013-07.com.example:iscsi-pool&gt;
-backing-store /home/tgtd/iscsi-pool/disk1
-backing-store /home/tgtd/iscsi-pool/disk2
-incominguser myname mysecret
-&lt;/target&gt;
+      &lt;target iqn.2013-07.com.example:iscsi-pool&gt;
+      backing-store /home/tgtd/iscsi-pool/disk1
+      backing-store /home/tgtd/iscsi-pool/disk2
+      incominguser myname mysecret
+      &lt;/target&gt;
      </pre>
    <p>
      Define an iscsi-secret.xml file to describe the secret. Use the
@@ -219,12 +189,12 @@ incominguser myname mysecret
      or disk XML description.
    </p>
    <pre>
-&lt;secret ephemeral='no' private='yes'&gt;
-   &lt;description&gt;Passphrase for the iSCSI example.com server&lt;/description&gt;
-   &lt;usage type='iscsi'&gt;
-      &lt;target&gt;libvirtiscsi&lt;/target&gt;
-   &lt;/usage&gt;
-&lt;/secret&gt;
+      &lt;secret ephemeral='no' private='yes'&gt;
+         &lt;description&gt;Passphrase for the iSCSI example.com server&lt;/description&gt;
+         &lt;usage type='iscsi'&gt;
+            &lt;target&gt;libvirtiscsi&lt;/target&gt;
+         &lt;/usage&gt;
+      &lt;/secret&gt;
    </pre>

    <p>
@@ -235,18 +205,18 @@ incominguser myname mysecret
      used in the iSCSI authentication configuration file.
    </p>
    <pre>
-# virsh secret-define secret.xml
-Secret c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 created
+      # virsh secret-define secret.xml
+      Secret c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 created

-# virsh secret-list
- UUID                                 Usage
-----------------------------------------------------------
- c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 iscsi libvirtiscsi
+      # virsh secret-list
+      UUID                                 Usage
+      -----------------------------------------------------------
+      c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 iscsi libvirtiscsi

-# MYSECRET=`printf %s "mysecret" | base64`
-# virsh secret-set-value c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 $MYSECRET
-Secret value set
-#
+      # MYSECRET=`printf %s "mysecret" | base64`
+      # virsh secret-set-value c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 $MYSECRET
+      Secret value set
+      #
    </pre>

    <p>
@@ -256,9 +226,9 @@ Secret value set
      element as follows:
    </p>
    <pre>
-&lt;auth username='myname'&gt;
-  &lt;secret type='iscsi' usage='libvirtiscsi'/&gt;
-&lt;/auth&gt;
+      &lt;auth username='myname'&gt;
+        &lt;secret type='iscsi' usage='libvirtiscsi'/&gt;
+      &lt;/auth&gt;
    </pre>

    <p>
@@ -267,64 +237,9 @@ Secret value set
      <code>&lt;source&gt;</code> element as follows:
    </p>
    <pre>
-&lt;auth type='chap' username='myname'&gt;
-  &lt;secret usage='libvirtiscsi'/&gt;
-&lt;/auth&gt;
+      &lt;auth type='chap' username='myname'&gt;
+        &lt;secret usage='libvirtiscsi'/&gt;
+      &lt;/auth&gt;
    </pre>
-
-    <h3><a name="tlsUsageType">Usage type "tls"</a></h3>
-
-    <p>
-      This secret may be used in order to provide the passphrase for the
-      private key used to provide TLS credentials.
-      The <code>&lt;usage type='tls'&gt;</code> element must contain a
-      single <code>name</code> element that specifies a usage name
-      for the secret.
-      <span class="since">Since 2.3.0</span>.
-      The following is an example of the expected XML and processing to
-      define the secret:
-    </p>
-
-    <pre>
-# cat tls-secret.xml
-&lt;secret ephemeral='no' private='yes'&gt;
-   &lt;description&gt;sample tls secret&lt;/description&gt;
-   &lt;usage type='tls'&gt;
-      &lt;name&gt;TLS_example&lt;/name&gt;
-   &lt;/usage&gt;
-&lt;/secret&gt;
-
-# virsh secret-define tls-secret.xml
-Secret 718c71bd-67b5-4a2b-87ec-a24e8ca200dc created
-
-# virsh secret-list
- UUID                                 Usage
-----------------------------------------------------------
- 718c71bd-67b5-4a2b-87ec-a24e8ca200dc  tls TLS_example
-#
-
-    </pre>
-
-    <p>
-      A secret may also be defined via the
-      <a href="html/libvirt-libvirt-secret.html#virSecretDefineXML">
-       <code>virSecretDefineXML</code></a> API.
-
-      Once the secret is defined, a secret value will need to be set. The
-      secret would be the passphrase used to access the TLS credentials.
-      The following is a simple example of using
-      <code>virsh secret-set-value</code> to set the secret value. The
-      <a href="html/libvirt-libvirt-secret.html#virSecretSetValue">
-      <code>virSecretSetValue</code></a> API may also be used to set
-      a more secure secret without using printable/readable characters.
-    </p>
-
-    <pre>
-# MYSECRET=`printf %s "letmein" | base64`
-# virsh secret-set-value 718c71bd-67b5-4a2b-87ec-a24e8ca200dc $MYSECRET
-Secret value set
-
-    </pre>
-
  </body>
 </html>
--- a/docs/formatstorage.html.in
+++ b/docs/formatstorage.html.in
@@ -31,13 +31,13 @@
    <h3><a name="StoragePoolFirst">General metadata</a></h3>

    <pre>
-&lt;pool type="iscsi"&gt;
-  &lt;name&gt;virtimages&lt;/name&gt;
-  &lt;uuid&gt;3e3fce45-4f53-4fa7-bb32-11f34168b82b&lt;/uuid&gt;
-  &lt;allocation&gt;10000000&lt;/allocation&gt;
-  &lt;capacity&gt;50000000&lt;/capacity&gt;
-  &lt;available&gt;40000000&lt;/available&gt;
-  ...</pre>
+      &lt;pool type="iscsi"&gt;
+        &lt;name&gt;virtimages&lt;/name&gt;
+        &lt;uuid&gt;3e3fce45-4f53-4fa7-bb32-11f34168b82b&lt;/uuid&gt;
+        &lt;allocation&gt;10000000&lt;/allocation&gt;
+        &lt;capacity&gt;50000000&lt;/capacity&gt;
+        &lt;available&gt;40000000&lt;/available&gt;
+        ...</pre>

    <dl>
      <dt><code>name</code></dt>
@@ -75,50 +75,50 @@
    </p>

    <pre>
-...
-&lt;source&gt;
-  &lt;host name="iscsi.example.com"/&gt;
-  &lt;device path="iqn.2013-06.com.example:iscsi-pool"/&gt;
-  &lt;auth type='chap' username='myname'&gt;
-    &lt;secret usage='mycluster_myname'/&gt;
-  &lt;/auth&gt;
-  &lt;vendor name="Acme"/&gt;
-  &lt;product name="model"/&gt;
-&lt;/source&gt;
-...</pre>
+        ...
+        &lt;source&gt;
+          &lt;host name="iscsi.example.com"/&gt;
+          &lt;device path="iqn.2013-06.com.example:iscsi-pool"/&gt;
+          &lt;auth type='chap' username='myname'&gt;
+            &lt;secret usage='mycluster_myname'/&gt;
+          &lt;/auth&gt;
+          &lt;vendor name="Acme"/&gt;
+          &lt;product name="model"/&gt;
+        &lt;/source&gt;
+        ...</pre>

    <pre>
-...
-&lt;source&gt;
-  &lt;device path='/dev/mapper/mpatha' part_separator='no'/&gt;
-  &lt;format type='gpt'/&gt;
-&lt;/source&gt;
-...</pre>
+        ...
+        &lt;source&gt;
+          &lt;device path='/dev/mapper/mpatha' part_separator='no'/&gt;
+          &lt;format type='gpt'/&gt;
+        &lt;/source&gt;
+        ...</pre>

    <pre>
-...
-&lt;source&gt;
-  &lt;adapter type='scsi_host' name='scsi_host1'/&gt;
-&lt;/source&gt;
-...</pre>
+        ...
+        &lt;source&gt;
+          &lt;adapter type='scsi_host' name='scsi_host1'/&gt;
+        &lt;/source&gt;
+        ...</pre>

    <pre>
-...
-&lt;source&gt;
-  &lt;adapter type='scsi_host'&gt;
-    &lt;parentaddr unique_id='1'&gt;
-      &lt;address domain='0x0000' bus='0x00' slot='0x1f' addr='0x2'/&gt;
-    &lt;/parentaddr&gt;
-  &lt;/adapter&gt;
-&lt;/source&gt;
-...</pre>
+        ...
+        &lt;source&gt;
+          &lt;adapter type='scsi_host'&gt;
+            &lt;parentaddr unique_id='1'&gt;
+              &lt;address domain='0x0000' bus='0x00' slot='0x1f' addr='0x2'/&gt;
+            &lt;/parentaddr&gt;
+          &lt;/adapter&gt;
+        &lt;/source&gt;
+        ...</pre>

    <pre>
-...
-&lt;source&gt;
-  &lt;adapter type='fc_host' parent='scsi_host5' wwnn='20000000c9831b4b' wwpn='10000000c9831b4b'/&gt;
-&lt;/source&gt;
-...</pre>
+        ...
+        &lt;source&gt;
+          &lt;adapter type='fc_host' parent='scsi_host5' wwnn='20000000c9831b4b' wwpn='10000000c9831b4b'/&gt;
+        &lt;/source&gt;
+        ...</pre>

    <dl>
      <dt><code>device</code></dt>
@@ -134,11 +134,19 @@
        <code>path</code> may be supplied. Valid values for the attribute
        may be either "yes" or "no". This attribute is to be used for a
        <code>disk</code> pool type using a <code>path</code> to a
-        device mapper multipath device. Setting the attribute to "yes"
-        causes libvirt to attempt to generate and find target volume path's
-        using a "p" separator. The default algorithm used by device mapper
-        is to add the "p" separator only when the source device path ends
-        with a number.
+        device mapper multipath device configured to utilize either
+        'user_friendly_names' or a custom 'alias' name in the
+        /etc/multipath.conf. The attribute directs libvirt to not
+        generate device volume names with the partition character "p".
+        By default, when libvirt generates the partition names for
+        device mapper multipath devices it will add a "p" path separator
+        to the device name before adding the partition number. For example,
+        a <code>device path</code> of '/dev/mapper/mpatha' libvirt would
+        generate partition names of '/dev/mapper/mpathap1',
+        '/dev/mapper/mpathap2', etc. for each partition found. With
+        this attribute set to "no", libvirt will not append the "p" to
+        the name unless it ends with a number thus generating names
+        of '/dev/mapper/mpatha1', '/dev/mapper/mpatha2', etc.
        <span class="since">Since 1.3.1</span></p></dd>
      <dt><code>dir</code></dt>
      <dd>Provides the source for pools backed by directories (pool
@@ -387,25 +395,25 @@
    </p>

    <pre>
-  ...
-  &lt;target&gt;
-    &lt;path&gt;/dev/disk/by-path&lt;/path&gt;
-    &lt;permissions&gt;
-      &lt;owner&gt;107&lt;/owner&gt;
-      &lt;group&gt;107&lt;/group&gt;
-      &lt;mode&gt;0744&lt;/mode&gt;
-      &lt;label&gt;virt_image_t&lt;/label&gt;
-    &lt;/permissions&gt;
-    &lt;timestamps&gt;
-      &lt;atime&gt;1341933637.273190990&lt;/atime&gt;
-      &lt;mtime&gt;1341930622.047245868&lt;/mtime&gt;
-      &lt;ctime&gt;1341930622.047245868&lt;/ctime&gt;
-    &lt;/timestamps&gt;
-    &lt;encryption type='...'&gt;
-      ...
-    &lt;/encryption&gt;
-  &lt;/target&gt;
-&lt;/pool&gt;</pre>
+        ...
+        &lt;target&gt;
+          &lt;path&gt;/dev/disk/by-path&lt;/path&gt;
+          &lt;permissions&gt;
+            &lt;owner&gt;107&lt;/owner&gt;
+            &lt;group&gt;107&lt;/group&gt;
+            &lt;mode&gt;0744&lt;/mode&gt;
+            &lt;label&gt;virt_image_t&lt;/label&gt;
+          &lt;/permissions&gt;
+          &lt;timestamps&gt;
+            &lt;atime&gt;1341933637.273190990&lt;/atime&gt;
+            &lt;mtime&gt;1341930622.047245868&lt;/mtime&gt;
+            &lt;ctime&gt;1341930622.047245868&lt;/ctime&gt;
+          &lt;/timestamps&gt;
+          &lt;encryption type='...'&gt;
+            ...
+          &lt;/encryption&gt;
+        &lt;/target&gt;
+      &lt;/pool&gt;</pre>

    <dl>
      <dt><code>path</code></dt>
@@ -486,7 +494,7 @@
      A storage volume will generally be either a file or a device
      node; <span class="since">since 1.2.0</span>, an optional
      output-only attribute <code>type</code> lists the actual type
-      (file, block, dir, network, netdir or ploop), which is also available
+      (file, block, dir, network, or netdir), which is also available
      from <code>virStorageVolGetInfo()</code>.  The storage volume
      XML format is available <span class="since">since 0.4.1</span>
    </p>
@@ -494,12 +502,12 @@
    <h3><a name="StorageVolFirst">General metadata</a></h3>

    <pre>
-&lt;volume type='file'&gt;
-  &lt;name&gt;sparse.img&lt;/name&gt;
-  &lt;key&gt;/var/lib/xen/images/sparse.img&lt;/key&gt;
-  &lt;allocation&gt;0&lt;/allocation&gt;
-  &lt;capacity unit="T"&gt;1&lt;/capacity&gt;
-  ...</pre>
+      &lt;volume type='file'&gt;
+        &lt;name&gt;sparse.img&lt;/name&gt;
+        &lt;key&gt;/var/lib/xen/images/sparse.img&lt;/key&gt;
+        &lt;allocation&gt;0&lt;/allocation&gt;
+        &lt;capacity unit="T"&gt;1&lt;/capacity&gt;
+        ...</pre>

    <dl>
      <dt><code>name</code></dt>
@@ -575,22 +583,22 @@
    </p>

    <pre>
-...
-&lt;target&gt;
-  &lt;path&gt;/var/lib/virt/images/sparse.img&lt;/path&gt;
-  &lt;format type='qcow2'/&gt;
-  &lt;permissions&gt;
-    &lt;owner&gt;107&lt;/owner&gt;
-    &lt;group&gt;107&lt;/group&gt;
-    &lt;mode&gt;0744&lt;/mode&gt;
-    &lt;label&gt;virt_image_t&lt;/label&gt;
-  &lt;/permissions&gt;
-  &lt;compat&gt;1.1&lt;/compat&gt;
-  &lt;nocow/&gt;
-  &lt;features&gt;
-    &lt;lazy_refcounts/&gt;
-  &lt;/features&gt;
-&lt;/target&gt;</pre>
+        ...
+        &lt;target&gt;
+          &lt;path&gt;/var/lib/virt/images/sparse.img&lt;/path&gt;
+          &lt;format type='qcow2'/&gt;
+          &lt;permissions&gt;
+            &lt;owner&gt;107&lt;/owner&gt;
+            &lt;group&gt;107&lt;/group&gt;
+            &lt;mode&gt;0744&lt;/mode&gt;
+            &lt;label&gt;virt_image_t&lt;/label&gt;
+          &lt;/permissions&gt;
+          &lt;compat&gt;1.1&lt;/compat&gt;
+          &lt;nocow/&gt;
+          &lt;features&gt;
+            &lt;lazy_refcounts/&gt;
+          &lt;/features&gt;
+        &lt;/target&gt;</pre>

    <dl>
      <dt><code>path</code></dt>
@@ -665,18 +673,18 @@
    </p>

    <pre>
-  ...
-  &lt;backingStore&gt;
-    &lt;path&gt;/var/lib/virt/images/master.img&lt;/path&gt;
-    &lt;format type='raw'/&gt;
-    &lt;permissions&gt;
-      &lt;owner&gt;107&lt;/owner&gt;
-      &lt;group&gt;107&lt;/group&gt;
-      &lt;mode&gt;0744&lt;/mode&gt;
-      &lt;label&gt;virt_image_t&lt;/label&gt;
-    &lt;/permissions&gt;
-  &lt;/backingStore&gt;
-&lt;/volume&gt;</pre>
+        ...
+        &lt;backingStore&gt;
+          &lt;path&gt;/var/lib/virt/images/master.img&lt;/path&gt;
+          &lt;format type='raw'/&gt;
+          &lt;permissions&gt;
+            &lt;owner&gt;107&lt;/owner&gt;
+            &lt;group&gt;107&lt;/group&gt;
+            &lt;mode&gt;0744&lt;/mode&gt;
+            &lt;label&gt;virt_image_t&lt;/label&gt;
+          &lt;/permissions&gt;
+        &lt;/backingStore&gt;
+      &lt;/volume&gt;</pre>

    <dl>
      <dt><code>path</code></dt>
@@ -711,62 +719,46 @@
    <h3><a name="exampleFile">File based storage pool</a></h3>

    <pre>
-&lt;pool type="dir"&gt;
-  &lt;name&gt;virtimages&lt;/name&gt;
-  &lt;target&gt;
-    &lt;path&gt;/var/lib/virt/images&lt;/path&gt;
-  &lt;/target&gt;
-&lt;/pool&gt;</pre>
+      &lt;pool type="dir"&gt;
+        &lt;name&gt;virtimages&lt;/name&gt;
+        &lt;target&gt;
+          &lt;path&gt;/var/lib/virt/images&lt;/path&gt;
+        &lt;/target&gt;
+      &lt;/pool&gt;</pre>

    <h3><a name="exampleISCSI">iSCSI based storage pool</a></h3>

    <pre>
-&lt;pool type="iscsi"&gt;
-  &lt;name&gt;virtimages&lt;/name&gt;
-  &lt;source&gt;
-    &lt;host name="iscsi.example.com"/&gt;
-    &lt;device path="iqn.2013-06.com.example:iscsi-pool"/&gt;
-    &lt;auth type='chap' username='myuser'&gt;
-      &lt;secret usage='libvirtiscsi'/&gt;
-    &lt;/auth&gt;
-  &lt;/source&gt;
-  &lt;target&gt;
-    &lt;path&gt;/dev/disk/by-path&lt;/path&gt;
-  &lt;/target&gt;
-&lt;/pool&gt;</pre>
+      &lt;pool type="iscsi"&gt;
+        &lt;name&gt;virtimages&lt;/name&gt;
+        &lt;source&gt;
+          &lt;host name="iscsi.example.com"/&gt;
+          &lt;device path="iqn.2013-06.com.example:iscsi-pool"/&gt;
+          &lt;auth type='chap' username='myuser'&gt;
+            &lt;secret usage='libvirtiscsi'/&gt;
+          &lt;/auth&gt;
+        &lt;/source&gt;
+        &lt;target&gt;
+          &lt;path&gt;/dev/disk/by-path&lt;/path&gt;
+        &lt;/target&gt;
+      &lt;/pool&gt;</pre>

    <h3><a name="exampleVol">Storage volume</a></h3>

    <pre>
-&lt;volume&gt;
-  &lt;name&gt;sparse.img&lt;/name&gt;
-  &lt;allocation&gt;0&lt;/allocation&gt;
-  &lt;capacity unit="T"&gt;1&lt;/capacity&gt;
-  &lt;target&gt;
-    &lt;path&gt;/var/lib/virt/images/sparse.img&lt;/path&gt;
-    &lt;permissions&gt;
-      &lt;owner&gt;107&lt;/owner&gt;
-      &lt;group&gt;107&lt;/group&gt;
-      &lt;mode&gt;0744&lt;/mode&gt;
-      &lt;label&gt;virt_image_t&lt;/label&gt;
-    &lt;/permissions&gt;
-  &lt;/target&gt;
-&lt;/volume&gt;</pre>
-
-    <h3><a name="exampleLuks">Storage volume using LUKS</a></h3>
-
-    <pre>
-&lt;volume&gt;
-  &lt;name&gt;MyLuks.img&lt;/name&gt;
-  &lt;capacity unit="G"&gt;5&lt;/capacity&gt;
-  &lt;target&gt;
-    &lt;path&gt;/var/lib/virt/images/MyLuks.img&lt;/path&gt;
-    &lt;format type='raw'/&gt;
-    &lt;encryption format='luks'&gt;
-      &lt;secret type='passphrase' uuid='f52a81b2-424e-490c-823d-6bd4235bc572'/&gt;
-    &lt;/encryption&gt;
-  &lt;/target&gt;
-&lt;/volume&gt;
-    </pre>
+      &lt;volume&gt;
+        &lt;name&gt;sparse.img&lt;/name&gt;
+        &lt;allocation&gt;0&lt;/allocation&gt;
+        &lt;capacity unit="T"&gt;1&lt;/capacity&gt;
+        &lt;target&gt;
+          &lt;path&gt;/var/lib/virt/images/sparse.img&lt;/path&gt;
+          &lt;permissions&gt;
+            &lt;owner&gt;107&lt;/owner&gt;
+            &lt;group&gt;107&lt;/group&gt;
+            &lt;mode&gt;0744&lt;/mode&gt;
+            &lt;label&gt;virt_image_t&lt;/label&gt;
+          &lt;/permissions&gt;
+        &lt;/target&gt;
+      &lt;/volume&gt;</pre>
  </body>
 </html>
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -25,14 +25,10 @@
    <p>
      The <code>encryption</code> tag can currently contain a sequence of
      <code>secret</code> tags, each with mandatory attributes <code>type</code>
-      and either <code>uuid</code> or <code>usage</code>
-      (<span class="since">since 2.1.0</span>). The only currently defined
-      value of <code>type</code> is <code>volume</code>. The
-      <code>uuid</code> is "uuid" of the <code>secret</code> while
-      <code>usage</code> is the "usage" subelement field.
-      A secret value can be set in libvirt by the
-      <a href="html/libvirt-libvirt-secret.html#virSecretSetValue">
-      <code>virSecretSetValue</code></a> API. Alternatively, if supported
+      and <code>uuid</code>.  The only currently defined value of
+      <code>type</code> is <code>passphrase</code>.  <code>uuid</code>
+      refers to a secret known to libvirt.  libvirt can use a secret value
+      previously set using <code>virSecretSetValue()</code>, or, if supported
      by the particular volume format and driver, automatically generate a
      secret value at the time of volume creation, and store it using the
      specified <code>uuid</code>.
@@ -40,7 +36,7 @@
    <h3><a name="StorageEncryptionDefault">"default" format</a></h3>
    <p>
      <code>&lt;encryption format="default"/&gt;</code> can be specified only
-      when creating a qcow volume.  If the volume is successfully created, the
+      when creating a volume.  If the volume is successfully created, the
      encryption formats, parameters and secrets will be auto-generated by
      libvirt and the attached <code>encryption</code> tag will be updated.
      The unmodified contents of the <code>encryption</code> tag can be used
@@ -56,112 +52,16 @@
      the <code>secret</code> element is not present during volume creation,
      a secret is automatically generated and attached to the volume.
    </p>
-    <h3><a name="StorageEncryptionLuks">"luks" format</a></h3>
-    <p>
-      The <code>luks</code> format is specific to a luks encrypted volume
-      and the secret is used in order to either encrypt during volume creation
-      or decrypt the volume for usage by the domain. A single
-      <code>&lt;secret type='passphrase'...&gt;</code> element is expected.
-      <span class="since">Since 2.1.0</span>.
-    </p>
-    <p>
-      For volume creation, it is possible to specify the encryption
-      algorithm used to encrypt the luks volume. The following two
-      optional elements may be provided for that purpose. It is hypervisor
-      dependent as to which algorithms are supported. The default algorithm
-      used by the storage driver backend when using qemu-img to create
-      the volume is 'aes-256-cbc' using 'essiv' for initialization vector
-      generation and 'sha256' hash algorithm for both the cipher and the
-      initialization vector generation.
-    </p>

-    <dl>
-      <dt><code>cipher</code></dt>
-      <dd>This element describes the cipher algorithm to be used to either
-          encrypt or decrypt the luks volume. This element has the following
-          attributes:
-          <dl>
-            <dt><code>name</code></dt>
-            <dd>The name of the cipher algorithm used for data encryption,
-            such as 'aes', 'des', 'cast5', 'serpent', 'twofish', etc.
-            Support of the specific algorithm is storage driver
-            implementation dependent.</dd>
-            <dt><code>size</code></dt>
-            <dd>The size of the cipher in bits, such as '256', '192', '128',
-            etc. Support of the specific size for a specific cipher is
-            hypervisor dependent.</dd>
-            <dt><code>mode</code></dt>
-            <dd>An optional cipher algorithm mode such as 'cbc', 'xts',
-            'ecb', etc. Support of the specific cipher mode is
-            hypervisor dependent.</dd>
-            <dt><code>hash</code></dt>
-            <dd>An optional master key hash algorithm such as 'md5', 'sha1',
-            'sha256', etc. Support of the specific hash algorithm is
-            hypervisor dependent.</dd>
-          </dl>
-      </dd>
-      <dt><code>ivgen</code></dt>
-      <dd>This optional element describes the initialization vector
-          generation algorithm used in conjunction with the
-          <code>cipher</code>. If the <code>cipher</code> is not provided,
-          then an error will be generated by the parser.
-          <dl>
-            <dt><code>name</code></dt>
-            <dd>The name of the algorithm, such as 'plain', 'plain64',
-            'essiv', etc. Support of the specific algorithm is hypervisor
-            dependent.</dd>
-            <dt><code>hash</code></dt>
-            <dd>An optional hash algorithm such as 'md5', 'sha1', 'sha256',
-            etc. Support of the specific ivgen hash algorithm is hypervisor
-            dependent.</dd>
-          </dl>
-      </dd>
-    </dl>
-
-
-    <h2><a name="example">Examples</a></h2>
+    <h2><a name="example">Example</a></h2>

    <p>
      Here is a simple example, specifying use of the <code>qcow</code> format:
    </p>

    <pre>
-&lt;encryption format='qcow'&gt;
-   &lt;secret type='passphrase' uuid='c1f11a6d-8c5d-4a3e-ac7a-4e171c5e0d4a' /&gt;
-&lt;/encryption&gt;</pre>
-
-    <p>
-      Assuming a <a href="formatsecret.html#VolumeUsageType">
-      <code>luks volume type secret</code></a> is already defined,
-      a simple example specifying use of the <code>luks</code> format
-      for either volume creation without a specific cipher being defined or
-      as part of a domain volume definition:
-    </p>
-    <pre>
-&lt;encryption format='luks'&gt;
-  &lt;secret type='passphrase' uuid='f52a81b2-424e-490c-823d-6bd4235bc572'/&gt;
-&lt;/encryption&gt;
-    </pre>
-
-    <p>
-      Here is an example specifying use of the <code>luks</code> format for
-      a specific cipher algorithm for volume creation:
-    </p>
-    <pre>
-&lt;volume&gt;
-  &lt;name&gt;twofish.luks&lt;/name&gt;
-  &lt;capacity unit='G'&gt;5&lt;/capacity&gt;
-  &lt;target&gt;
-    &lt;path&gt;/var/lib/libvirt/images/demo.luks&lt;/path&gt;
-    &lt;format type='raw'/&gt;
-    &lt;encryption format='luks'&gt;
-       &lt;secret type='passphrase' uuid='f52a81b2-424e-490c-823d-6bd4235bc572'/&gt;
-       &lt;cipher name='twofish' size='256' mode='cbc' hash='sha256'/&gt;
-       &lt;ivgen name='plain64' hash='sha256'/&gt;
-    &lt;/encryption&gt;
-  &lt;/target&gt;
-&lt;/volume&gt;
-    </pre>
-
+      &lt;encryption format='qcow'&gt;
+         &lt;secret type='passphrase' uuid='c1f11a6d-8c5d-4a3e-ac7a-4e171c5e0d4a' /&gt;
+      &lt;/encryption&gt;</pre>
  </body>
 </html>
--- a/docs/generic.css
+++ b/docs/generic.css
@@ -2,8 +2,9 @@ body {
  margin: 0em;
  padding: 0px;
  color: rgb(0,0,0);
+  font-family: Verdana, Arial, Helvetica, sans-serif;
+  font-size: smaller;
  background: #ffffff;
-  font-family: LibvirtOverpass;
 }

 p, ul, ol, dl {
@@ -11,75 +12,61 @@ p, ul, ol, dl {
  margin: 0px;
 }

-p {
+ol,ul {
+  margin-left: 3em;
+}
+
+ol,ul,dl,p {
  margin-top: 1em;
  margin-bottom: 1em;
 }

-ul, ol {
-  margin-left: 2em;
+p:first-line {
+  margin-right: 1em;
 }

-dt {
+div.body p:first-letter {
+  font-size: 1.2em;
+  font-weight: bold;
+}
+
+h1,h2,h3,h4,h5,h6 {
+  font-weight: bold;
+  margin: 0px;
+  padding: 0px;
+  margin-top: 0.5em;
+}
+
+div.footer {
+  margin-top: 1em;
+}
+
+h1 {
+  font-size: 2em;
+}
+h2 {
+  font-size: 1.6em;
+}
+h3 {
+  font-size: 1.4em;
+}
+h4 {
+  font-size: 1.2em;
+}
+h5 {
+  font-size: 1em;
+}
+h6 {
+  font-size: 0.8em;
+}
+
+dl dt {
  margin-left: 1em;
  margin-right: 2em;
 }

-dt code {
-  font-weight: bold;
-}
-
 dl dd {
  margin-left: 2em;
  margin-right: 2em;
  margin-bottom: 0.5em;
 }
-
-h1, h2, h3, h4, h5, h6 {
-  font-weight: bold;
-  margin: 0px;
-  padding: 0px;
-  margin-bottom: 0.25em;
-}
-
-h1 {
-  margin-top: 0em;
-  font-size: 1.6em;
-}
-
-h2 {
-  margin-top: 1.0em;
-  font-size: 1.4em;
-}
-
-h3 {
-  margin-top: 1.0em;
-  font-size: 1.2em;
-}
-
-h4 {
-  margin-top: 1.0em;
-  font-size: 1.1em;
-}
-
-h5 {
-  margin-top: 0.75em;
-  font-size: 1em;
-}
-
-h6 {
-  margin-top: 0.75em;
-  font-size: 0.8em;
-}
-
-code, pre {
-  font-family: LibvirtOverpassMono;
-}
-
-dd code, p code {
-  background-color: #eeeeee;
-}
-
-pre {
-  font-size: 90%;
-}
--- a/docs/hacking.html.in
+++ b/docs/hacking.html.in
@@ -23,10 +23,20 @@
        automatically pulls the latest version of each translation
        file from zanata.</li>

-      <li><p>Post patches using "git send-email", with git rename
+      <li><p>Post patches in unified diff format, with git rename
        detection enabled.  You need a one-time setup of:</p>
 <pre>
  git config diff.renames true
+</pre>
+        <p>After that, a command similar to this should work:</p>
+<pre>
+  diff -urp libvirt.orig/ libvirt.modified/ &gt; libvirt-myfeature.patch
+</pre>
+        <p>
+          or:
+        </p>
+<pre>
+  git diff &gt; libvirt-myfeature.patch
 </pre>
        <p>Also, for code motion patches, you may find that <code>git
        diff --patience</code> provides an easier-to-read patch.
@@ -179,19 +189,6 @@
          under gdb or Valgrind.
        </p>

-        <p>When running our test suite it may happen that the test result is
-        nondeterministic because of the test suite relying on a particular file
-        in the system being accessible or having some specific value. To catch
-        this kind of errors, the test suite has a module for that prints any
-        path touched that fulfils constraints described above
-        into a file. To enable it just set
-        <code>VIR_TEST_FILE_ACCESS</code> environment variable.
-        Then <code>VIR_TEST_FILE_ACCESS_OUTPUT</code> environment
-        variable can alter location where the file is stored.</p>
-<pre>
-  VIR_TEST_FILE_ACCESS=1 VIR_TEST_FILE_ACCESS_OUTPUT="/tmp/file_access.txt" ./qemuxml2argvtest
-</pre>
-
      </li>
      <li><p>The Valgrind test should produce similar output to
          <code>make check</code>. If the output has traces within libvirt
--- a/docs/hooks.html.in
+++ b/docs/hooks.html.in
@@ -17,10 +17,8 @@
          (<span class="since">since 0.8.0</span>)<br/><br/></li>
      <li>A QEMU guest is started or stopped
         (<span class="since">since 0.8.0</span>)<br/><br/></li>
-      <li>An LXC guest is started or stopped
+         <li>An LXC guest is started or stopped
         (<span class="since">since 0.8.0</span>)<br/><br/></li>
-      <li>A libxl-handled Xen guest is started or stopped
-         (<span class="since">since 2.1.0</span>)<br/><br/></li>
      <li>A network is started or stopped or an interface is
          plugged/unplugged to/from the network
          (<span class="since">since 1.2.2</span>)<br/><br/></li>
@@ -43,7 +41,7 @@
    <br/>

    <h2><a name="names">Script names</a></h2>
-    <p>At present, there are five hook scripts that can be called:</p>
+    <p>At present, there are three hook scripts that can be called:</p>
    <ul>
      <li><code>/etc/libvirt/hooks/daemon</code><br/><br/>
          Executed when the libvirt daemon is started, stopped, or reloads
@@ -52,9 +50,6 @@
          Executed when a QEMU guest is started, stopped, or migrated<br/><br/></li>
      <li><code>/etc/libvirt/hooks/lxc</code><br /><br/>
          Executed when an LXC guest is started or stopped</li>
-      <li><code>/etc/libvirt/hooks/libxl</code><br/><br/>
-          Executed when a libxl-handled Xen guest is started, stopped, or
-          migrated<br/><br/></li>
      <li><code>/etc/libvirt/hooks/network</code><br/><br/>
          Executed when a network is started or stopped or an
          interface is plugged/unplugged to/from the network</li>
@@ -240,50 +235,6 @@
      </li>
    </ul>

-    <h5><a name="libxl">/etc/libvirt/hooks/libxl</a></h5>
-    <ul>
-      <li>Before a Xen guest is started using libxl driver, the libxl hook
-        script is called in three locations; if any location fails, the guest
-        is not started.  The first location, <span class="since">since
-        2.1.0</span>, is before libvirt performs any resource
-        labeling, and the hook can allocate resources not managed by
-        libvirt.  This is called as:<br/>
-        <pre>/etc/libvirt/hooks/libxl guest_name prepare begin -</pre>
-        The second location, available <span class="since">Since
-        2.1.0</span>, occurs after libvirt has finished labeling
-        all resources, but has not yet started the guest, called as:<br/>
-        <pre>/etc/libvirt/hooks/libxl guest_name start begin -</pre>
-        The third location, <span class="since">2.1.0</span>,
-        occurs after the domain has successfully started up:<br/>
-        <pre>/etc/libvirt/hooks/libxl guest_name started begin -</pre>
-      </li>
-      <li>When a libxl-handled Xen guest is stopped, the libxl hook script
-        is called in two locations, to match the startup.
-        First, <span class="since">since 2.1.0</span>, the hook is
-        called before libvirt restores any labels:<br/>
-        <pre>/etc/libvirt/hooks/libxl guest_name stopped end -</pre>
-        Then, after libvirt has released all resources, the hook is
-        called again, <span class="since">since 2.1.0</span>, to allow
-        any additional resource cleanup:<br/>
-        <pre>/etc/libvirt/hooks/libxl guest_name release end -</pre></li>
-      <li><span class="since">Since 2.1.0</span>, the libxl hook script
-        is also called at the beginning of incoming migration. It is called
-        as: <pre>/etc/libvirt/hooks/libxl guest_name migrate begin -</pre>
-        with domain XML sent to standard input of the script. In this case,
-        the script acts as a filter and is supposed to modify the domain
-        XML and print it out on its standard output. Empty output is
-        identical to copying the input XML without changing it. In case the
-        script returns failure or the output XML is not valid, incoming
-        migration will be canceled. This hook may be used, e.g., to change
-        location of disk images for incoming domains.</li>
-      <li><span class="since">Since 2.1.0</span>, the libxl hook script
-        is also called when the libvirtd daemon restarts and reconnects
-        to previously running Xen domains. If the script fails, the
-        existing Xen domains will be killed off. It is called as:
-        <pre>/etc/libvirt/hooks/libxl guest_name reconnect begin -</pre>
-      </li>
-    </ul>
-
    <h5><a name="network">/etc/libvirt/hooks/network</a></h5>
    <ul>
      <li><span class="since">Since 1.2.2</span>, before a network is started,
@@ -299,8 +250,6 @@
          <pre>/etc/libvirt/hooks/network network_name plugged begin -</pre>
        Please note, that in this case, the script is passed both network and
        domain XMLs on its stdin.</li>
-      <li>When network is updated, the hook script is called as:<br/>
-          <pre>/etc/libvirt/hooks/network network_name updated begin -</pre></li>
      <li>When the domain from previous case is shutting down, the interface
        is unplugged. This leads to another script invocation:<br/>
          <pre>/etc/libvirt/hooks/network network_name unplugged begin -</pre>
--- a/docs/hvsupport.pl
+++ b/docs/hvsupport.pl
@@ -4,6 +4,8 @@ use strict;
 use warnings;

 use File::Find;
+use XML::XPath;
+use XML::XPath::XMLParser;

 die "syntax: $0 SRCDIR\n" unless int(@ARGV) == 1;

@@ -42,91 +44,136 @@ find({
            push @srcs, $_ if $_ !~ /vbox_driver\.c/;
        }
    }, no_chdir => 1}, $srcdir);
+my $line;

-# Map API functions to the header and documentation files they're in
-# so that we can generate proper hyperlinks to their documentation.
-#
-# The function names are grep'd from the XML output of apibuild.py.
-sub getAPIFilenames {
-    my $filename = shift;
-
-    my %files;
-    my $line;
-
-    open FILE, "<", $filename or die "cannot read $filename: $!";
-
-    while (defined($line = <FILE>)) {
-        if ($line =~ /function name='([^']+)' file='([^']+)'/) {
-            $files{$1} = $2;
-        }
-    }
-
-    close FILE;
-
-    if (keys %files == 0) {
-        die "No functions found in $filename. Has the apibuild.py output changed?";
-    }
-    return \%files;
-}
-
-sub parseSymsFile {
-    my $apisref = shift;
-    my $prefix = shift;
-    my $filename = shift;
-    my $xmlfilename = shift;
-
-    my $line;
-    my $vers;
-    my $prevvers;
-
-    my $filenames = getAPIFilenames($xmlfilename);
-
-    open FILE, "<$filename"
-        or die "cannot read $filename: $!";
-
-    while (defined($line = <FILE>)) {
-        chomp $line;
-        next if $line =~ /^\s*#/;
-        next if $line =~ /^\s*$/;
-        next if $line =~ /^\s*(global|local):/;
-        if ($line =~ /^\s*${prefix}_(\d+\.\d+\.\d+)\s*{\s*$/) {
-            if (defined $vers) {
-                die "malformed syms file";
-            }
-            $vers = $1;
-        } elsif ($line =~ /\s*}\s*;\s*$/) {
-            if (defined $prevvers) {
-                die "malformed syms file";
-            }
-            $prevvers = $vers;
-            $vers = undef;
-        } elsif ($line =~ /\s*}\s*${prefix}_(\d+\.\d+\.\d+)\s*;\s*$/) {
-            if ($1 ne $prevvers) {
-                die "malformed syms file $1 != $vers";
-            }
-            $prevvers = $vers;
-            $vers = undef;
-        } elsif ($line =~ /\s*(\w+)\s*;\s*$/) {
-            $$apisref{$1} = {};
-            $$apisref{$1}->{vers} = $vers;
-            $$apisref{$1}->{file} = $$filenames{$1};
-        } else {
-            die "unexpected data $line\n";
-        }
-    }
-
-    close FILE;
-}
+# Get the list of all public APIs and their corresponding version

 my %apis;
-# Get the list of all public APIs and their corresponding version
-parseSymsFile(\%apis, "LIBVIRT", $symslibvirt, "$srcdir/../docs/libvirt-api.xml");
+open FILE, "<$symslibvirt"
+    or die "cannot read $symslibvirt: $!";
+
+my $vers;
+my $prevvers;
+my $apixpath = XML::XPath->new(filename => "$srcdir/../docs/libvirt-api.xml");
+while (defined($line = <FILE>)) {
+    chomp $line;
+    next if $line =~ /^\s*#/;
+    next if $line =~ /^\s*$/;
+    next if $line =~ /^\s*(global|local):/;
+    if ($line =~ /^\s*LIBVIRT_(\d+\.\d+\.\d+)\s*{\s*$/) {
+        if (defined $vers) {
+            die "malformed syms file";
+        }
+        $vers = $1;
+    } elsif ($line =~ /\s*}\s*;\s*$/) {
+        if (defined $prevvers) {
+            die "malformed syms file";
+        }
+        $prevvers = $vers;
+        $vers = undef;
+    } elsif ($line =~ /\s*}\s*LIBVIRT_(\d+\.\d+\.\d+)\s*;\s*$/) {
+        if ($1 ne $prevvers) {
+            die "malformed syms file $1 != $vers";
+        }
+        $prevvers = $vers;
+        $vers = undef;
+    } elsif ($line =~ /\s*(\w+)\s*;\s*$/) {
+        my $file = $apixpath->find("/api/symbols/function[\@name='$1']/\@file");
+        $apis{$1} = {};
+        $apis{$1}->{vers} = $vers;
+        $apis{$1}->{file} = $file;
+    } else {
+        die "unexpected data $line\n";
+    }
+}
+
+close FILE;
+

 # And the same for the QEMU specific APIs
-parseSymsFile(\%apis, "LIBVIRT_QEMU", $symsqemu, "$srcdir/../docs/libvirt-qemu-api.xml");
+
+open FILE, "<$symsqemu"
+    or die "cannot read $symsqemu: $!";
+
+$prevvers = undef;
+$vers = undef;
+$apixpath = XML::XPath->new(filename => "$srcdir/../docs/libvirt-qemu-api.xml");
+while (defined($line = <FILE>)) {
+    chomp $line;
+    next if $line =~ /^\s*#/;
+    next if $line =~ /^\s*$/;
+    next if $line =~ /^\s*(global|local):/;
+    if ($line =~ /^\s*LIBVIRT_QEMU_(\d+\.\d+\.\d+)\s*{\s*$/) {
+        if (defined $vers) {
+            die "malformed syms file";
+        }
+        $vers = $1;
+    } elsif ($line =~ /\s*}\s*;\s*$/) {
+        if (defined $prevvers) {
+            die "malformed syms file";
+        }
+        $prevvers = $vers;
+        $vers = undef;
+    } elsif ($line =~ /\s*}\s*LIBVIRT_QEMU_(\d+\.\d+\.\d+)\s*;\s*$/) {
+        if ($1 ne $prevvers) {
+            die "malformed syms file $1 != $vers";
+        }
+        $prevvers = $vers;
+        $vers = undef;
+    } elsif ($line =~ /\s*(\w+)\s*;\s*$/) {
+        my $file = $apixpath->find("/api/symbols/function[\@name='$1']/\@file");
+        $apis{$1} = {};
+        $apis{$1}->{vers} = $vers;
+        $apis{$1}->{file} = $file;
+    } else {
+        die "unexpected data $line\n";
+    }
+}
+
+close FILE;
+

 # And the same for the LXC specific APIs
-parseSymsFile(\%apis, "LIBVIRT_LXC", $symslxc, "$srcdir/../docs/libvirt-lxc-api.xml");
+
+open FILE, "<$symslxc"
+    or die "cannot read $symslxc: $!";
+
+$prevvers = undef;
+$vers = undef;
+$apixpath = XML::XPath->new(filename => "$srcdir/../docs/libvirt-lxc-api.xml");
+while (defined($line = <FILE>)) {
+    chomp $line;
+    next if $line =~ /^\s*#/;
+    next if $line =~ /^\s*$/;
+    next if $line =~ /^\s*(global|local):/;
+    if ($line =~ /^\s*LIBVIRT_LXC_(\d+\.\d+\.\d+)\s*{\s*$/) {
+        if (defined $vers) {
+            die "malformed syms file";
+        }
+        $vers = $1;
+    } elsif ($line =~ /\s*}\s*;\s*$/) {
+        if (defined $prevvers) {
+            die "malformed syms file";
+        }
+        $prevvers = $vers;
+        $vers = undef;
+    } elsif ($line =~ /\s*}\s*LIBVIRT_LXC_(\d+\.\d+\.\d+)\s*;\s*$/) {
+        if ($1 ne $prevvers) {
+            die "malformed syms file $1 != $vers";
+        }
+        $prevvers = $vers;
+        $vers = undef;
+    } elsif ($line =~ /\s*(\w+)\s*;\s*$/) {
+        my $file = $apixpath->find("/api/symbols/function[\@name='$1']/\@file");
+        $apis{$1} = {};
+        $apis{$1}->{vers} = $vers;
+        $apis{$1}->{file} = $file;
+    } else {
+        die "unexpected data $line\n";
+    }
+}
+
+close FILE;


 # Some special things which aren't public APIs,
@@ -159,8 +206,6 @@ $apis{virDomainMigrateConfirm3Params}->{vers} = "1.1.0";
 # and driver struct fields. This lets us later match
 # update the driver impls with the public APis.

-my $line;
-
 # Group name -> hash of APIs { fields -> api name }
 my %groups;
 my $ingrp;
@@ -207,30 +252,28 @@ foreach my $src (@srcs) {
    open FILE, "<$src" or
        die "cannot read $src: $!";

-    my $groups_regex = join("|", keys %groups);
    $ingrp = undef;
    my $impl;
    while (defined($line = <FILE>)) {
        if (!$ingrp) {
-            # skip non-matching lines early to save time
-            next if not $line =~ /$groups_regex/;
+            foreach my $grp (keys %groups) {
+                if ($line =~ /^\s*(?:static\s+)?$grp\s+(\w+)\s*=\s*{/ ||
+                    $line =~ /^\s*(?:static\s+)?$grp\s+NAME\(\w+\)\s*=\s*{/) {
+                    $ingrp = $grp;
+                    $impl = $src;

-            if ($line =~ /^\s*(?:static\s+)?($groups_regex)\s+(\w+)\s*=\s*{/ ||
-                $line =~ /^\s*(?:static\s+)?($groups_regex)\s+NAME\(\w+\)\s*=\s*{/) {
-                $ingrp = $1;
-                $impl = $src;
+                    if ($impl =~ m,.*/node_device_(\w+)\.c,) {
+                        $impl = $1;
+                    } else {
+                        $impl =~ s,.*/(\w+?)_((\w+)_)?(\w+)\.c,$1,;
+                    }

-                if ($impl =~ m,.*/node_device_(\w+)\.c,) {
-                    $impl = $1;
-                } else {
-                    $impl =~ s,.*/(\w+?)_((\w+)_)?(\w+)\.c,$1,;
+                    if ($groups{$ingrp}->{drivers}->{$impl}) {
+                        die "Group $ingrp already contains $impl";
+                    }
+
+                    $groups{$ingrp}->{drivers}->{$impl} = {};
                }
-
-                if ($groups{$ingrp}->{drivers}->{$impl}) {
-                    die "Group $ingrp already contains $impl";
-                }
-
-                $groups{$ingrp}->{drivers}->{$impl} = {};
            }

        } else {
@@ -334,7 +377,10 @@ print <<EOF;
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
-<body class="hvsupport">
+<head>
+<title>libvirt API support matrix</title>
+</head>
+<body>
 <h1>libvirt API support matrix</h1>

 <ul id="toc"></ul>
--- a/docs/index.html.in
+++ b/docs/index.html.in
@@ -1,89 +1,103 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <script type="text/javascript" src="js/jquery-3.1.1.min.js"></script>
-    <script type="text/javascript" src="js/moment.min.js"></script>
-    <script type="text/javascript" src="js/jquery.rss.min.js"></script>
-
-    <script type="text/javascript">
-      <!--
-      jQuery(function($) {
-        $("#planet").rss("http://planet.virt-tools.org/atom.xml", {
-          ssl: true,
-          layoutTemplate: '<dl>{entries}</dl>',
-          entryTemplate: '<dt><a href="{url}">{title}</a></dt><dd>by {author} on {date}</li>',
-          dateFormat: 'DD MMM YYYY'
-        })
-      })
-      // -->
-    </script>
-  </head>
-  <body class="index">
+  <body>
    <h1>The virtualization API</h1>

-    <div class="panel">
-      <h2>Introduction</h2>
-      <p>
-        The libvirt project:
-      </p>
-      <ul>
-        <li>is a toolkit to manage virtualization hosts</li>
-        <li>is accessible from C, Python, Perl, Java and more</li>
-        <li>is licensed under open source licenses</li>
-        <li>supports <a href="drvqemu.html">KVM</a>,
-          <a href="drvqemu.html">QEMU</a>, <a href="drvxen.html">Xen</a>,
-          <a href="drvvirtuozzo.html">Virtuozzo</a>,
-          <a href="drvesx.html">VMWare ESX</a>,
-          <a href="drvlxc.html">LXC</a>,
-          <a href="drvbhyve.html">BHyve</a> and
-          <a href="drivers.html">more</a></li>
-        <li>targets Linux, FreeBSD, <a href="windows.html">Windows</a> and OS-X</li>
-        <li>is used by many <a href="apps.html">applications</a></li>
-      </ul>
-    </div>
+    <h2>libvirt is:</h2>

-    <div class="panel">
-      <h2>Quick Links</h2>
+    <ul>
+      <li>
+        A toolkit to interact with the virtualization capabilities
+        of recent versions of Linux (and other OSes), see our
+        <a href="goals.html">project goals</a> for details.
+      </li>
+      <li>
+        Free software available under the
+        <a href="http://www.opensource.org/licenses/lgpl-license.html">GNU
+          Lesser General Public License</a>.
+      </li>

-      <dl>
-        <dt><a href="contribute.html">New contributors</a></dt>
-        <dd>Get involved in the libvirt community &amp; student outreach programs</dd>
+      <li>
+        A long term stable C API
+      </li>
+      <li>
+        A set of bindings for common languages
+      </li>
+      <li>
+        A <a href="CIM/">CIM provider</a> for the DMTF virtualization schema
+      </li>
+      <li>
+        A <a href="/qpid/">QMF agent</a> for the AMQP/QPid messaging system
+      </li>
+      <li>
+        A <a href="governance.html">technical meritocracy</a>, in which
+        participants gain influence over a project through recognition
+        of their contributions.
+      </li>
+    </ul>

-        <dt><a href="securityprocess.html">Security vulnerabilities</a></dt>
-        <dd>Report vulnerabilities to the libvirt security response team</dd>
+    <h2>libvirt supports:</h2>

-        <dt><a href="bugs.html">Bug reporting</a></dt>
-        <dd>View and report bugs in libvirt packages</dd>
+    <ul>
+      <li>
+        The <a href="http://libvirt.org/drvqemu.html">KVM/QEMU</a> Linux hypervisor
+      </li>
+      <li>
+        The <a href="http://libvirt.org/drvxen.html">Xen</a> hypervisor
+        on Linux and Solaris hosts.
+      </li>
+      <li>
+        The <a href="http://libvirt.org/drvlxc.html">LXC</a> Linux container system
+      </li>
+      <li>
+        The <a href="http://libvirt.org/drvopenvz.html">OpenVZ</a> Linux container system
+      </li>
+      <li>
+        The <a href="http://libvirt.org/drvuml.html">User Mode Linux</a> paravirtualized kernel
+      </li>
+      <li>
+        The <a href="http://libvirt.org/drvvbox.html">VirtualBox</a> hypervisor
+      </li>
+      <li>
+        The <a href="http://libvirt.org/drvesx.html">VMware ESX and GSX</a> hypervisors
+      </li>
+      <li>
+        The <a href="http://libvirt.org/drvvmware.html">VMware Workstation and Player</a> hypervisors
+      </li>
+      <li>
+        The <a href="http://libvirt.org/drvhyperv.html">Microsoft Hyper-V</a> hypervisor
+      </li>
+      <li>
+        The <a href="http://libvirt.org/drvphyp.html">IBM PowerVM</a> hypervisor
+      </li>
+      <li>
+        The <a href="http://libvirt.org/drvvirtuozzo.html">Virtuozzo</a> hypervisor
+      </li>
+      <li>
+        The <a href="http://libvirt.org/drvbhyve.html">Bhyve</a> hypervisor
+      </li>
+      <li>
+        Virtual networks using bridging, NAT, VEPA and VN-LINK.
+      </li>
+      <li>
+        Storage on IDE/SCSI/USB disks, FibreChannel, LVM, iSCSI, NFS and filesystems
+      </li>
+    </ul>

-        <dt><a href="format.html">XML configuration</a></dt>
-        <dd>Description of the XML schemas for
-          <a href="formatdomain.html" shape="rect">domains</a>,
-          <a href="formatnetwork.html" shape="rect">networks</a>,
-          <a href="formatnwfilter.html" shape="rect">network filtering</a>,
-          <a href="formatstorage.html" shape="rect">storage</a>,
-          <a href="formatstorageencryption.html" shape="rect">storage encryption</a>,
-          <a href="formatcaps.html" shape="rect">capabilities</a>,
-          <a href="formatdomaincaps.html" shape="rect">domain capabilities</a>,
-          <a href="formatnode.html" shape="rect">node devices</a>,
-          <a href="formatsecret.html" shape="rect">secrets</a>,
-          <a href="formatsnapshot.html" shape="rect">snapshots</a></dd>
-        <dt><a href="http://wiki.libvirt.org">Wiki</a></dt>
-        <dd>Read further community contributed content</dd>
-      </dl>
-    </div>
+    <h2>libvirt provides:</h2>

-    <div class="panel">
-      <h2>Blog Planet</h2>
-      <div id="planet">
-      </div>
-
-      <p>
-        Read more on the <a href="http://planet.virt-tools.org/">Virt Tools blog planet</a>
-      </p>
-    </div>
-
-    <br class="clear"/>
+    <ul>
+      <li>Remote management using TLS encryption and x509 certificates</li>
+      <li>Remote management authenticating with Kerberos and SASL</li>
+      <li>Local access control using PolicyKit</li>
+      <li>Zero-conf discovery using Avahi multicast-DNS</li>
+      <li>Management of virtual machines, virtual networks and storage</li>
+      <li>Portable client API for Linux, Solaris and Windows</li>
+    </ul>

+    <p class="image">
+      <img src="libvirtLogo.png" alt="libvirt Logo"/>
+    </p>
  </body>
 </html>
--- a/docs/internals.html.in
+++ b/docs/internals.html.in
@@ -14,7 +14,6 @@
      <li>Introduction to basic rules and guidelines for
      <a href="hacking.html">hacking</a> on libvirt code</li>
      <li>Guide to adding <a href="api_extension.html">public APIs</a></li>
-      <li>Insight into libvirt <a href="internals/eventloop.html">event loop and worker pool</a></li>
      <li>Approach for <a href="internals/command.html">spawning commands</a>
      from libvirt driver code</li>
      <li>The libvirt <a href="internals/rpc.html">RPC infrastructure</a></li>
--- a/docs/internals/command.html.in
+++ b/docs/internals/command.html.in
@@ -83,7 +83,7 @@
    </p>

 <pre>
-virCommandPtr cmd = virCommandNew("/usr/bin/dnsmasq");
+  virCommandPtr cmd = virCommandNew("/usr/bin/dnsmasq");
 </pre>

    <p>
@@ -100,7 +100,7 @@ virCommandPtr cmd = virCommandNew("/usr/bin/dnsmasq");
    </p>

 <pre>
-virCommandAddArg(cmd, "-strict-order");
+  virCommandAddArg(cmd, "-strict-order");
 </pre>

    <p>
@@ -109,7 +109,7 @@ virCommandAddArg(cmd, "-strict-order");
    </p>

 <pre>
-virCommandAddArgPair(cmd, "--conf-file", "/etc/dnsmasq.conf");
+  virCommandAddArgPair(cmd, "--conf-file", "/etc/dnsmasq.conf");
 </pre>

    <p>
@@ -118,7 +118,7 @@ virCommandAddArgPair(cmd, "--conf-file", "/etc/dnsmasq.conf");
    </p>

 <pre>
-virCommandAddArgFormat(cmd, "%d", count);
+  virCommandAddArgFormat(cmd, "%d", count);
 </pre>

    <p>
@@ -127,11 +127,11 @@ virCommandAddArgFormat(cmd, "%d", count);
    </p>

 <pre>
-const char *const args[] = {
-    "--strict-order", "--except-interface", "lo", NULL
-};
-virCommandAddArgSet(cmd, args);
-virCommandAddArgList(cmd, "--domain", "localdomain", NULL);
+  const char *const args[] = {
+      "--strict-order", "--except-interface", "lo", NULL
+  };
+  virCommandAddArgSet(cmd, args);
+  virCommandAddArgList(cmd, "--domain", "localdomain", NULL);
 </pre>

    <p>
@@ -140,14 +140,14 @@ virCommandAddArgList(cmd, "--domain", "localdomain", NULL);
    </p>

 <pre>
-const char *const args[] = {
-    "/usr/bin/dnsmasq",
-    "--strict-order", "--except-interface",
-    "lo", "--domain", "localdomain", NULL
-};
-virCommandPtr cmd1 = virCommandNewArgs(cmd, args);
-virCommandPtr cmd2 = virCommandNewArgList("/usr/bin/dnsmasq",
-                                          "--domain", "localdomain", NULL);
+  const char *const args[] = {
+      "/usr/bin/dnsmasq",
+      "--strict-order", "--except-interface",
+      "lo", "--domain", "localdomain", NULL
+  };
+  virCommandPtr cmd1 = virCommandNewArgs(cmd, args);
+  virCommandPtr cmd2 = virCommandNewArgList("/usr/bin/dnsmasq",
+                                            "--domain", "localdomain", NULL);
 </pre>

    <h3><a name="env">Setting up the environment</a></h3>
@@ -163,7 +163,7 @@ virCommandPtr cmd2 = virCommandNewArgList("/usr/bin/dnsmasq",
    </p>

 <pre>
-virCommandAddEnvPassCommon(cmd);
+  virCommandAddEnvPassCommon(cmd);
 </pre>

    <p>
@@ -177,8 +177,8 @@ virCommandAddEnvPassCommon(cmd);
    </p>

 <pre>
-virCommandAddEnvPass(cmd, "DISPLAY");
-virCommandAddEnvPass(cmd, "XAUTHORITY");
+  virCommandAddEnvPass(cmd, "DISPLAY");
+  virCommandAddEnvPass(cmd, "XAUTHORITY");
 </pre>

    <p>
@@ -187,7 +187,7 @@ virCommandAddEnvPass(cmd, "XAUTHORITY");
    </p>

 <pre>
-virCommandAddEnvPair(cmd, "TERM", "xterm");
+  virCommandAddEnvPair(cmd, "TERM", "xterm");
 </pre>

    <p>
@@ -196,7 +196,7 @@ virCommandAddEnvPair(cmd, "TERM", "xterm");
    </p>

 <pre>
-virCommandAddEnvString(cmd, "TERM=xterm");
+  virCommandAddEnvString(cmd, "TERM=xterm");
 </pre>

    <h3><a name="misc">Miscellaneous other options</a></h3>
@@ -210,7 +210,7 @@ virCommandAddEnvString(cmd, "TERM=xterm");
    </p>

 <pre>
-virCommandDaemonize(cmd);
+  virCommandDaemonize(cmd);
 </pre>

    <p>
@@ -221,7 +221,7 @@ virCommandDaemonize(cmd);
    </p>

 <pre>
-virCommandSetPidFile(cmd, "/var/run/dnsmasq.pid");
+  virCommandSetPidFile(cmd, "/var/run/dnsmasq.pid");
 </pre>

    <p>
@@ -240,7 +240,7 @@ virCommandSetPidFile(cmd, "/var/run/dnsmasq.pid");
    </p>

 <pre>
-virCommandClearCaps(cmd);
+  virCommandClearCaps(cmd);
 </pre>

    <h3><a name="fds">Managing file handles</a></h3>
@@ -256,13 +256,13 @@ virCommandClearCaps(cmd);
    </p>

 <pre>
-int sharedfd = open("cmd.log", "w+");
-int childfd = open("conf.txt", "r");
-virCommandPassFD(cmd, sharedfd, 0);
-virCommandPassFD(cmd, childfd,
-                 VIR_COMMAND_PASS_FD_CLOSE_PARENT);
-if (VIR_CLOSE(sharedfd) &lt; 0)
-    goto cleanup;
+  int sharedfd = open("cmd.log", "w+");
+  int childfd = open("conf.txt", "r");
+  virCommandPassFD(cmd, sharedfd, 0);
+  virCommandPassFD(cmd, childfd,
+                   VIR_COMMAND_PASS_FD_CLOSE_PARENT);
+  if (VIR_CLOSE(sharedfd) &lt; 0)
+      goto cleanup;
 </pre>

    <p>
@@ -282,7 +282,7 @@ if (VIR_CLOSE(sharedfd) &lt; 0)
    </p>

 <pre>
-virCommandSetInputFD(cmd, 7);
+  virCommandSetInputFD(cmd, 7);
 </pre>

    <p>
@@ -291,10 +291,10 @@ virCommandSetInputFD(cmd, 7);
    </p>

 <pre>
-int outfd = open("out.log", "w+");
-int errfd = open("err.log", "w+");
-virCommandSetOutputFD(cmd, &amp;outfd);
-virCommandSetErrorFD(cmd, &amp;errfd);
+  int outfd = open("out.log", "w+");
+  int errfd = open("err.log", "w+");
+  virCommandSetOutputFD(cmd, &amp;outfd);
+  virCommandSetErrorFD(cmd, &amp;errfd);
 </pre>

    <p>
@@ -304,10 +304,10 @@ virCommandSetErrorFD(cmd, &amp;errfd);
    </p>

 <pre>
-int outfd = -1;
-int errfd = -1
-virCommandSetOutputFD(cmd, &amp;outfd);
-virCommandSetErrorFD(cmd, &amp;errfd);
+  int outfd = -1;
+  int errfd = -1
+  virCommandSetOutputFD(cmd, &amp;outfd);
+  virCommandSetErrorFD(cmd, &amp;errfd);
 </pre>

    <p>
@@ -326,7 +326,7 @@ virCommandSetErrorFD(cmd, &amp;errfd);
    </p>

 <pre>
-virCommandNonblockingFDs(cmd);
+  virCommandNonblockingFDs(cmd);
 </pre>

    <h3><a name="buffers">Feeding &amp; capturing strings to/from the child</a></h3>
@@ -350,8 +350,8 @@ virCommandNonblockingFDs(cmd);
    </p>

 <pre>
-const char *input = "Hello World\n";
-virCommandSetInputBuffer(cmd, input);
+  const char *input = "Hello World\n";
+  virCommandSetInputBuffer(cmd, input);
 </pre>

    <p>
@@ -362,9 +362,9 @@ virCommandSetInputBuffer(cmd, input);
    </p>

 <pre>
-char *output = NULL, *errors = NULL;
-virCommandSetOutputBuffer(cmd, &amp;output);
-virCommandSetErrorBuffer(cmd, &amp;errors);
+  char *output = NULL, *errors = NULL;
+  virCommandSetOutputBuffer(cmd, &amp;output);
+  virCommandSetErrorBuffer(cmd, &amp;errors);
 </pre>

    <p>
@@ -392,7 +392,7 @@ virCommandSetErrorBuffer(cmd, &amp;errors);
    </p>

 <pre>
-virCommandSetWorkingDirectory(cmd, LOCALSTATEDIR);
+  virCommandSetWorkingDirectory(cmd, LOCALSTATEDIR);
 </pre>

    <h3><a name="hooks">Any additional hooks</a></h3>
@@ -406,7 +406,7 @@ virCommandSetWorkingDirectory(cmd, LOCALSTATEDIR);
    </p>

 <pre>
-virCommandSetPreExecHook(cmd, hook, opaque);
+  virCommandSetPreExecHook(cmd, hook, opaque);
 </pre>

    <h3><a name="logging">Logging commands</a></h3>
@@ -418,20 +418,20 @@ virCommandSetPreExecHook(cmd, hook, opaque);
    </p>

 <pre>
-int logfd = ...;
-char *timestamp = virTimestamp();
-char *string = NULL;
+  int logfd = ...;
+  char *timestamp = virTimestamp();
+  char *string = NULL;

-dprintf(logfd, "%s: ", timestamp);
-VIR_FREE(timestamp);
-virCommandWriteArgLog(cmd, logfd);
+  dprintf(logfd, "%s: ", timestamp);
+  VIR_FREE(timestamp);
+  virCommandWriteArgLog(cmd, logfd);

-string = virCommandToString(cmd);
-if (string)
-    VIR_DEBUG("about to run %s", string);
-VIR_FREE(string);
-if (virCommandRun(cmd, NULL) &lt; 0)
-    return -1;
+  string = virCommandToString(cmd);
+  if (string)
+      VIR_DEBUG("about to run %s", string);
+  VIR_FREE(string);
+  if (virCommandRun(cmd, NULL) &lt; 0)
+      return -1;
 </pre>

    <h3><a name="sync">Running commands synchronously</a></h3>
@@ -443,8 +443,8 @@ if (virCommandRun(cmd, NULL) &lt; 0)
    </p>

 <pre>
-if (virCommandRun(cmd, NULL) &lt; 0)
-   return -1;
+  if (virCommandRun(cmd, NULL) &lt; 0)
+     return -1;
 </pre>

    <p>
@@ -465,19 +465,19 @@ if (virCommandRun(cmd, NULL) &lt; 0)
    </p>

 <pre>
-int status;
-if (virCommandRun(cmd, &amp;status) &lt; 0)
-    return -1;
-if (status == 1) {
-  ...do stuff...
-}
+  int status;
+  if (virCommandRun(cmd, &amp;status) &lt; 0)
+      return -1;
+  if (status == 1) {
+    ...do stuff...
+  }

-virCommandRawStatus(cmd2);
-if (virCommandRun(cmd2, &amp;status) &lt; 0)
-    return -1;
-if (WIFEXITED(status) &amp;&amp; WEXITSTATUS(status) == 1) {
-  ...do stuff...
-}
+  virCommandRawStatus(cmd2);
+  if (virCommandRun(cmd2, &amp;status) &lt; 0)
+      return -1;
+  if (WIFEXITED(status) &amp;&amp; WEXITSTATUS(status) == 1) {
+    ...do stuff...
+  }
 </pre>

    <h3><a name="async">Running commands asynchronously</a></h3>
@@ -490,19 +490,19 @@ if (WIFEXITED(status) &amp;&amp; WEXITSTATUS(status) == 1) {
    </p>

 <pre>
-pid_t pid;
-if (virCommandRunAsync(cmd, &amp;pid) &lt; 0)
-   return -1;
+  pid_t pid;
+  if (virCommandRunAsync(cmd, &amp;pid) &lt; 0)
+     return -1;

-... do something while pid is running ...
+  ... do something while pid is running ...

-int status;
-if (virCommandWait(cmd, &amp;status) &lt; 0)
-   return -1;
+  int status;
+  if (virCommandWait(cmd, &amp;status) &lt; 0)
+     return -1;

-if (WEXITSTATUS(status)...) {
-   ..do stuff..
-}
+  if (WEXITSTATUS(status)...) {
+     ..do stuff..
+  }
 </pre>

    <p>
@@ -540,7 +540,7 @@ if (WEXITSTATUS(status)...) {
    </p>

 <pre>
-virCommandFree(cmd);
+  virCommandFree(cmd);
 </pre>

    <p>
--- a/docs/internals/eventloop.html.in
+++ b/docs/internals/eventloop.html.in
@@ -1,106 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Libvirt's event loop</h1>
-
-    <ul id="toc"></ul>
-
-    <p>
-      This page describes the event loop approach used in
-      libvirt. Both server and client.
-    </p>
-
-    <h2><a name="event_loop">Event driven programming</a></h2>
-
-    <p>Traditionally, a program simply ran once, then terminated.
-    This type of program was very common in the early days of
-    computing, and lacked any form of user interactivity. This is
-    still used frequently, particularly in small one purpose
-    programs.</p>
-
-    <p>However, that approach is not suitable for all the types
-    of applications. For instance graphical applications spend
-    most of their run time waiting for an input from user. Only
-    after it happened (in our example a button was clicked, a key
-    pressed, etc.) an event is generated to which they respond
-    by executing desired function. If generalized, this is how
-    many long running programs (daemons) work. Even those who are
-    not waiting for direct user input and have no graphical
-    interface. Such as Libvirt.</p>
-
-    <img alt="event loop" src="http://libvirt.org/git/?p=libvirt-media.git;a=blob_plain;f=png/event_loop_simple.png;hb=HEAD"/>
-
-    <p>In Libvirt this approach is used in combination with
-    <code>poll(2)</code> as all the communication with its
-    clients (and domains it manages too) happens through sockets.
-    Therefore whenever new client connects, it is given exclusive
-    file descriptor which is then watched for incoming events,
-    e.g. messages. </p>
-
-    <h2><a name="api">The event loop API</a></h2>
-
-    <p>To work with event loop from our code we have plenty of
-    APIs.</p>
-
-    <ul>
-      <li><code>virEventAddHandle</code>: Registers a
-        callback for monitoring file handle events.</li>
-      <li><code>virEventUpdateHandle</code>: Change set of events
-        monitored file handle is being watched for.</li>
-      <li><code>virEventRemoveHandle</code>: Unregisters
-        previously registered file handle so that it is no
-        longer monitored for any events.</li>
-      <li><code>virEventAddTimeout</code>: Registers a
-        callback for timer event.</li>
-      <li><code>virEventUpdateTimeout</code>: Changes frequency
-        for a timer.</li>
-      <li><code>virEventRemoveTimeout</code>: Unregisters
-        a timer.</li>
-    </ul>
-
-    <p>For more information on these APIs continue reading <a
-    href="../html/libvirt-libvirt-event.html">here</a>.</p>
-
-    <h2><a name="worker_pool">Worker pool</a></h2>
-
-    <p>Looking back at the image above we can see one big
-    limitation. While processing a message event loop is blocked
-    and for an outside observer unresponsive. This is not
-    acceptable for Libvirt. Therefore we have came up with the
-    following solution.</p>
-
-    <img alt="event loop" src="http://libvirt.org/git/?p=libvirt-media.git;a=blob_plain;f=png/event_loop_worker.png;hb=HEAD"/>
-
-    <p>The event loop does only necessary minimum and hand over
-    message processing to another thread. In fact, there can be
-    as many processing threads as configured increasing
-    processing power.</p>
-
-    <p>To break this high level description into smaller pieces,
-    here is what happens when user calls an API:</p>
-    <ol>
-      <li>User (or management application) calls a Libvirt API.
-      Depending on the connection URI, this may or may not
-      involve server. Well, for the sake of our
-      demonstration we assume the former.</li>
-      <li>Remote driver encodes the API among it's arguments
-      into an <a href="rpc.html">RPC message</a> and sends
-      it to the server.</li>
-      <li>Here, server is waiting in <code>poll(2)</code> for
-      an event, like incoming message.</li>
-      <li>As soon as the first bytes of message are received,
-      even loop wakes up and server starts reading the
-      whole message.</li>
-      <li>Once fully read, the event loop notifies threads
-      known as worker threads from which one picks the incoming
-      message, decodes and process it.</li>
-      <li>As soon as API execution is finished, a reply is sent
-      to the client.</li>
-    </ol>
-
-    <p>In case that there's no free worker to process an incoming
-    message in step 5, message is placed at the end of a message
-    queue and is processed in next iteration.</p>
-  </body>
-</html>
--- a/docs/internals/locking.html.in
+++ b/docs/internals/locking.html.in
@@ -122,7 +122,7 @@
    </p>

    <pre>
-#include &lt;libvirt/plugins/lock_manager.h&gt;
+      #include &lt;libvirt/plugins/lock_manager.h&gt;
    </pre>

    <p>
@@ -141,7 +141,7 @@
    </p>

    <pre>
-lockManager="sanlock"
+      lockManager="sanlock"
    </pre>

    <p>
@@ -169,40 +169,40 @@ lockManager="sanlock"
    </p>

    <pre>
-virLockManagerParam params[] = {
-  { .type = VIR_LOCK_MANAGER_PARAM_TYPE_UUID,
-    .key = "uuid",
-  },
-  { .type = VIR_LOCK_MANAGER_PARAM_TYPE_STRING,
-    .key = "name",
-    .value = { .str = dom->def->name },
-  },
-  { .type = VIR_LOCK_MANAGER_PARAM_TYPE_UINT,
-    .key = "id",
-    .value = { .i = dom->def->id },
-  },
-  { .type = VIR_LOCK_MANAGER_PARAM_TYPE_UINT,
-    .key = "pid",
-    .value = { .i = dom->pid },
-  },
-  { .type = VIR_LOCK_MANAGER_PARAM_TYPE_CSTRING,
-    .key = "uri",
-    .value = { .cstr = driver->uri },
-  },
-};
-mgr = virLockManagerNew(lockPlugin,
-                        VIR_LOCK_MANAGER_TYPE_DOMAIN,
-                        ARRAY_CARDINALITY(params),
-                        params,
-                        0)));
+      virLockManagerParam params[] = {
+        { .type = VIR_LOCK_MANAGER_PARAM_TYPE_UUID,
+          .key = "uuid",
+        },
+        { .type = VIR_LOCK_MANAGER_PARAM_TYPE_STRING,
+          .key = "name",
+          .value = { .str = dom->def->name },
+        },
+        { .type = VIR_LOCK_MANAGER_PARAM_TYPE_UINT,
+          .key = "id",
+          .value = { .i = dom->def->id },
+        },
+        { .type = VIR_LOCK_MANAGER_PARAM_TYPE_UINT,
+          .key = "pid",
+          .value = { .i = dom->pid },
+        },
+        { .type = VIR_LOCK_MANAGER_PARAM_TYPE_CSTRING,
+          .key = "uri",
+          .value = { .cstr = driver->uri },
+        },
+      };
+      mgr = virLockManagerNew(lockPlugin,
+                              VIR_LOCK_MANAGER_TYPE_DOMAIN,
+                              ARRAY_CARDINALITY(params),
+                              params,
+                              0)));

-foreach (initial disks)
-    virLockManagerAddResource(mgr,
-                              VIR_LOCK_MANAGER_RESOURCE_TYPE_DISK,
-                              $path, 0, NULL, $flags);
+      foreach (initial disks)
+          virLockManagerAddResource(mgr,
+                                    VIR_LOCK_MANAGER_RESOURCE_TYPE_DISK,
+                                    $path, 0, NULL, $flags);

-if (virLockManagerAcquire(lock, NULL, 0) &lt; 0);
-  ...abort...
+      if (virLockManagerAcquire(lock, NULL, 0) &lt; 0);
+        ...abort...
    </pre>

    <h3><a name="usageLockAttach">Lock release</a></h3>
@@ -214,40 +214,40 @@ if (virLockManagerAcquire(lock, NULL, 0) &lt; 0);
    </p>

    <pre>
-char *state = NULL;
-virLockManagerParam params[] = {
-  { .type = VIR_LOCK_MANAGER_PARAM_TYPE_UUID,
-    .key = "uuid",
-  },
-  { .type = VIR_LOCK_MANAGER_PARAM_TYPE_STRING,
-    .key = "name",
-    .value = { .str = dom->def->name },
-  },
-  { .type = VIR_LOCK_MANAGER_PARAM_TYPE_UINT,
-    .key = "id",
-    .value = { .i = dom->def->id },
-  },
-  { .type = VIR_LOCK_MANAGER_PARAM_TYPE_UINT,
-    .key = "pid",
-    .value = { .i = dom->pid },
-  },
-  { .type = VIR_LOCK_MANAGER_PARAM_TYPE_CSTRING,
-    .key = "uri",
-    .value = { .cstr = driver->uri },
-  },
-};
-mgr = virLockManagerNew(lockPlugin,
-                        VIR_LOCK_MANAGER_TYPE_DOMAIN,
-                        ARRAY_CARDINALITY(params),
-                        params,
-                        0)));
+      char *state = NULL;
+      virLockManagerParam params[] = {
+        { .type = VIR_LOCK_MANAGER_PARAM_TYPE_UUID,
+          .key = "uuid",
+        },
+        { .type = VIR_LOCK_MANAGER_PARAM_TYPE_STRING,
+          .key = "name",
+          .value = { .str = dom->def->name },
+        },
+        { .type = VIR_LOCK_MANAGER_PARAM_TYPE_UINT,
+          .key = "id",
+          .value = { .i = dom->def->id },
+        },
+        { .type = VIR_LOCK_MANAGER_PARAM_TYPE_UINT,
+          .key = "pid",
+          .value = { .i = dom->pid },
+        },
+        { .type = VIR_LOCK_MANAGER_PARAM_TYPE_CSTRING,
+          .key = "uri",
+          .value = { .cstr = driver->uri },
+        },
+      };
+      mgr = virLockManagerNew(lockPlugin,
+                              VIR_LOCK_MANAGER_TYPE_DOMAIN,
+                              ARRAY_CARDINALITY(params),
+                              params,
+                              0)));

-foreach (initial disks)
-    virLockManagerAddResource(mgr,
-                              VIR_LOCK_MANAGER_RESOURCE_TYPE_DISK,
-                              $path, 0, NULL, $flags);
+      foreach (initial disks)
+          virLockManagerAddResource(mgr,
+                                    VIR_LOCK_MANAGER_RESOURCE_TYPE_DISK,
+                                    $path, 0, NULL, $flags);

-virLockManagerRelease(mgr, &amp; state, 0);
+      virLockManagerRelease(mgr, &amp; state, 0);
    </pre>

    <p>
--- a/docs/internals/rpc.html.in
+++ b/docs/internals/rpc.html.in
@@ -210,13 +210,13 @@
    </p>

    <pre>
-       +--+-----------------------+-----------+
-C --&gt;  |38| 8 | 1 | 3 | 0 | 1 | 0 | .o.oOo.o. |  --&gt; S  (call)
-       +--+-----------------------+-----------+
+          +--+-----------------------+-----------+
+   C --&gt;  |38| 8 | 1 | 3 | 0 | 1 | 0 | .o.oOo.o. |  --&gt; S  (call)
+          +--+-----------------------+-----------+

-       +--+-----------------------+--------+
-C &lt;--  |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo |  &lt;-- S  (reply)
-       +--+-----------------------+--------+
+          +--+-----------------------+--------+
+   C &lt;--  |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo |  &lt;-- S  (reply)
+          +--+-----------------------+--------+
    </pre>

    <h4><a name="wireexamplescallerr">Method call with error</a></h4>
@@ -226,13 +226,13 @@ C &lt;--  |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo |  &lt;-- S  (reply)
    </p>

    <pre>
-       +--+-----------------------+-----------+
-C --&gt;  |38| 8 | 1 | 3 | 0 | 1 | 0 | .o.oOo.o. |  --&gt; S   (call)
-       +--+-----------------------+-----------+
+          +--+-----------------------+-----------+
+   C --&gt;  |38| 8 | 1 | 3 | 0 | 1 | 0 | .o.oOo.o. |  --&gt; S   (call)
+          +--+-----------------------+-----------+

-       +--+-----------------------+--------------------------+
-C &lt;--  |48| 8 | 1 | 3 | 2 | 1 | 0 | .o.oOo.o.oOo.o.oOo.o.oOo |  &lt;-- S  (error)
-       +--+-----------------------+--------------------------+
+          +--+-----------------------+--------------------------+
+   C &lt;--  |48| 8 | 1 | 3 | 2 | 1 | 0 | .o.oOo.o.oOo.o.oOo.o.oOo |  &lt;-- S  (error)
+          +--+-----------------------+--------------------------+
    </pre>

    <h4><a name="wireexamplescallup">Method call with upload stream</a></h4>
@@ -243,33 +243,33 @@ C &lt;--  |48| 8 | 1 | 3 | 2 | 1 | 0 | .o.oOo.o.oOo.o.oOo.o.oOo |  &lt;-- S  (er
    </p>

    <pre>
-       +--+-----------------------+-----------+
-C --&gt;  |38| 8 | 1 | 3 | 0 | 1 | 0 | .o.oOo.o. |  --&gt; S  (call)
-       +--+-----------------------+-----------+
+          +--+-----------------------+-----------+
+   C --&gt;  |38| 8 | 1 | 3 | 0 | 1 | 0 | .o.oOo.o. |  --&gt; S  (call)
+          +--+-----------------------+-----------+

-       +--+-----------------------+--------+
-C &lt;--  |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo |  &lt;-- S  (reply)
-       +--+-----------------------+--------+
+          +--+-----------------------+--------+
+   C &lt;--  |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo |  &lt;-- S  (reply)
+          +--+-----------------------+--------+

-       +--+-----------------------+-------------....-------+
-C --&gt;  |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. |  --&gt; S  (stream data up)
-       +--+-----------------------+-------------....-------+
-       +--+-----------------------+-------------....-------+
-C --&gt;  |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. |  --&gt; S  (stream data up)
-       +--+-----------------------+-------------....-------+
-       +--+-----------------------+-------------....-------+
-C --&gt;  |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. |  --&gt; S  (stream data up)
-       +--+-----------------------+-------------....-------+
-       ...
-       +--+-----------------------+-------------....-------+
-C --&gt;  |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. |  --&gt; S  (stream data up)
-       +--+-----------------------+-------------....-------+
-       +--+-----------------------+
-C --&gt;  |24| 8 | 1 | 3 | 3 | 1 | 0 | --&gt; S  (stream finish)
-       +--+-----------------------+
-       +--+-----------------------+
-C &lt;--  |24| 8 | 1 | 3 | 3 | 1 | 0 | &lt;-- S  (stream finish)
-       +--+-----------------------+
+          +--+-----------------------+-------------....-------+
+   C --&gt;  |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. |  --&gt; S  (stream data up)
+          +--+-----------------------+-------------....-------+
+          +--+-----------------------+-------------....-------+
+   C --&gt;  |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. |  --&gt; S  (stream data up)
+          +--+-----------------------+-------------....-------+
+          +--+-----------------------+-------------....-------+
+   C --&gt;  |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. |  --&gt; S  (stream data up)
+          +--+-----------------------+-------------....-------+
+          ...
+          +--+-----------------------+-------------....-------+
+   C --&gt;  |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. |  --&gt; S  (stream data up)
+          +--+-----------------------+-------------....-------+
+          +--+-----------------------+
+   C --&gt;  |24| 8 | 1 | 3 | 3 | 1 | 0 | --&gt; S  (stream finish)
+          +--+-----------------------+
+          +--+-----------------------+
+   C &lt;--  |24| 8 | 1 | 3 | 3 | 1 | 0 | &lt;-- S  (stream finish)
+          +--+-----------------------+
    </pre>

    <h4><a name="wireexamplescallbi">Method call bidirectional stream</a></h4>
@@ -280,80 +280,80 @@ C &lt;--  |24| 8 | 1 | 3 | 3 | 1 | 0 | &lt;-- S  (stream finish)
    </p>

    <pre>
-       +--+-----------------------+-----------+
-C --&gt;  |38| 8 | 1 | 3 | 0 | 1 | 0 | .o.oOo.o. |  --&gt; S  (call)
-       +--+-----------------------+-----------+
+          +--+-----------------------+-----------+
+   C --&gt;  |38| 8 | 1 | 3 | 0 | 1 | 0 | .o.oOo.o. |  --&gt; S  (call)
+          +--+-----------------------+-----------+

-       +--+-----------------------+--------+
-C &lt;--  |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo |  &lt;-- S  (reply)
-       +--+-----------------------+--------+
+          +--+-----------------------+--------+
+   C &lt;--  |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo |  &lt;-- S  (reply)
+          +--+-----------------------+--------+

-       +--+-----------------------+-------------....-------+
-C --&gt;  |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. |  --&gt; S  (stream data up)
-       +--+-----------------------+-------------....-------+
-       +--+-----------------------+-------------....-------+
-C --&gt;  |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. |  --&gt; S  (stream data up)
-       +--+-----------------------+-------------....-------+
-       +--+-----------------------+-------------....-------+
-C &lt;--  |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. |  &lt;-- S  (stream data down)
-       +--+-----------------------+-------------....-------+
-       +--+-----------------------+-------------....-------+
-C --&gt;  |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. |  --&gt; S  (stream data up)
-       +--+-----------------------+-------------....-------+
-       +--+-----------------------+-------------....-------+
-C --&gt;  |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. |  --&gt; S  (stream data up)
-       +--+-----------------------+-------------....-------+
-       +--+-----------------------+-------------....-------+
-C &lt;--  |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. |  &lt;-- S  (stream data down)
-       +--+-----------------------+-------------....-------+
-       +--+-----------------------+-------------....-------+
-C &lt;--  |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. |  &lt;-- S  (stream data down)
-       +--+-----------------------+-------------....-------+
-       +--+-----------------------+-------------....-------+
-C &lt;--  |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. |  &lt;-- S  (stream data down)
-       +--+-----------------------+-------------....-------+
-       +--+-----------------------+-------------....-------+
-C --&gt;  |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. |  --&gt; S  (stream data up)
-       +--+-----------------------+-------------....-------+
-       ..
-       +--+-----------------------+-------------....-------+
-C --&gt;  |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. |  --&gt; S  (stream data up)
-       +--+-----------------------+-------------....-------+
-       +--+-----------------------+
-C --&gt;  |24| 8 | 1 | 3 | 3 | 1 | 0 | --&gt; S  (stream finish)
-       +--+-----------------------+
-       +--+-----------------------+
-C &lt;--  |24| 8 | 1 | 3 | 3 | 1 | 0 | &lt;-- S  (stream finish)
-       +--+-----------------------+
+          +--+-----------------------+-------------....-------+
+   C --&gt;  |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. |  --&gt; S  (stream data up)
+          +--+-----------------------+-------------....-------+
+          +--+-----------------------+-------------....-------+
+   C --&gt;  |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. |  --&gt; S  (stream data up)
+          +--+-----------------------+-------------....-------+
+          +--+-----------------------+-------------....-------+
+   C &lt;--  |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. |  &lt;-- S  (stream data down)
+          +--+-----------------------+-------------....-------+
+          +--+-----------------------+-------------....-------+
+   C --&gt;  |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. |  --&gt; S  (stream data up)
+          +--+-----------------------+-------------....-------+
+          +--+-----------------------+-------------....-------+
+   C --&gt;  |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. |  --&gt; S  (stream data up)
+          +--+-----------------------+-------------....-------+
+          +--+-----------------------+-------------....-------+
+   C &lt;--  |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. |  &lt;-- S  (stream data down)
+          +--+-----------------------+-------------....-------+
+          +--+-----------------------+-------------....-------+
+   C &lt;--  |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. |  &lt;-- S  (stream data down)
+          +--+-----------------------+-------------....-------+
+          +--+-----------------------+-------------....-------+
+   C &lt;--  |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. |  &lt;-- S  (stream data down)
+          +--+-----------------------+-------------....-------+
+          +--+-----------------------+-------------....-------+
+   C --&gt;  |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. |  --&gt; S  (stream data up)
+          +--+-----------------------+-------------....-------+
+          ..
+          +--+-----------------------+-------------....-------+
+   C --&gt;  |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. |  --&gt; S  (stream data up)
+          +--+-----------------------+-------------....-------+
+          +--+-----------------------+
+   C --&gt;  |24| 8 | 1 | 3 | 3 | 1 | 0 | --&gt; S  (stream finish)
+          +--+-----------------------+
+          +--+-----------------------+
+   C &lt;--  |24| 8 | 1 | 3 | 3 | 1 | 0 | &lt;-- S  (stream finish)
+          +--+-----------------------+
    </pre>


    <h4><a name="wireexamplescallmany">Method calls overlapping</a></h4>
    <pre>
-       +--+-----------------------+-----------+
-C --&gt;  |38| 8 | 1 | 3 | 0 | 1 | 0 | .o.oOo.o. |  --&gt; S  (call 1)
-       +--+-----------------------+-----------+
-       +--+-----------------------+-----------+
-C --&gt;  |38| 8 | 1 | 3 | 0 | 2 | 0 | .o.oOo.o. |  --&gt; S  (call 2)
-       +--+-----------------------+-----------+
-       +--+-----------------------+--------+
-C &lt;--  |32| 8 | 1 | 3 | 1 | 2 | 0 | .o.oOo |  &lt;-- S  (reply 2)
-       +--+-----------------------+--------+
-       +--+-----------------------+-----------+
-C --&gt;  |38| 8 | 1 | 3 | 0 | 3 | 0 | .o.oOo.o. |  --&gt; S  (call 3)
-       +--+-----------------------+-----------+
-       +--+-----------------------+--------+
-C &lt;--  |32| 8 | 1 | 3 | 1 | 3 | 0 | .o.oOo |  &lt;-- S  (reply 3)
-       +--+-----------------------+--------+
-       +--+-----------------------+-----------+
-C --&gt;  |38| 8 | 1 | 3 | 0 | 4 | 0 | .o.oOo.o. |  --&gt; S  (call 4)
-       +--+-----------------------+-----------+
-       +--+-----------------------+--------+
-C &lt;--  |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo |  &lt;-- S  (reply 1)
-       +--+-----------------------+--------+
-       +--+-----------------------+--------+
-C &lt;--  |32| 8 | 1 | 3 | 1 | 4 | 0 | .o.oOo |  &lt;-- S  (reply 4)
-       +--+-----------------------+--------+
+          +--+-----------------------+-----------+
+   C --&gt;  |38| 8 | 1 | 3 | 0 | 1 | 0 | .o.oOo.o. |  --&gt; S  (call 1)
+          +--+-----------------------+-----------+
+          +--+-----------------------+-----------+
+   C --&gt;  |38| 8 | 1 | 3 | 0 | 2 | 0 | .o.oOo.o. |  --&gt; S  (call 2)
+          +--+-----------------------+-----------+
+          +--+-----------------------+--------+
+   C &lt;--  |32| 8 | 1 | 3 | 1 | 2 | 0 | .o.oOo |  &lt;-- S  (reply 2)
+          +--+-----------------------+--------+
+          +--+-----------------------+-----------+
+   C --&gt;  |38| 8 | 1 | 3 | 0 | 3 | 0 | .o.oOo.o. |  --&gt; S  (call 3)
+          +--+-----------------------+-----------+
+          +--+-----------------------+--------+
+   C &lt;--  |32| 8 | 1 | 3 | 1 | 3 | 0 | .o.oOo |  &lt;-- S  (reply 3)
+          +--+-----------------------+--------+
+          +--+-----------------------+-----------+
+   C --&gt;  |38| 8 | 1 | 3 | 0 | 4 | 0 | .o.oOo.o. |  --&gt; S  (call 4)
+          +--+-----------------------+-----------+
+          +--+-----------------------+--------+
+   C &lt;--  |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo |  &lt;-- S  (reply 1)
+          +--+-----------------------+--------+
+          +--+-----------------------+--------+
+   C &lt;--  |32| 8 | 1 | 3 | 1 | 4 | 0 | .o.oOo |  &lt;-- S  (reply 4)
+          +--+-----------------------+--------+
    </pre>

    <h4><a name="wireexamplescallfd">Method call with passed FD</a></h4>
@@ -368,13 +368,13 @@ C &lt;--  |32| 8 | 1 | 3 | 1 | 4 | 0 | .o.oOo |  &lt;-- S  (reply 4)
    </p>

    <pre>
-       +--+-----------------------+---------------+-------+
-C --&gt;  |44| 8 | 1 | 3 | 0 | 1 | 0 | 2 | .o.oOo.o. | 0 | 0 |  --&gt; S  (call)
-       +--+-----------------------+---------------+-------+
+          +--+-----------------------+---------------+-------+
+   C --&gt;  |44| 8 | 1 | 3 | 0 | 1 | 0 | 2 | .o.oOo.o. | 0 | 0 |  --&gt; S  (call)
+          +--+-----------------------+---------------+-------+

-       +--+-----------------------+--------+
-C &lt;--  |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo |  &lt;-- S  (reply)
-       +--+-----------------------+--------+
+          +--+-----------------------+--------+
+   C &lt;--  |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo |  &lt;-- S  (reply)
+          +--+-----------------------+--------+
    </pre>


--- a/docs/intro.html.in
+++ b/docs/intro.html.in
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+    <h1>Architecture</h1>
+    <p>Libvirt is a C toolkit manage the virtualization capabilities
+    of recent versions of Linux (and other OSes).</p>
+    <p>To avoid ambiguity about the goals, terms and specific concepts used
+    in libvirt documentation please see the <a href="goals.html">Goal
+    section</a>.
+    </p>
+  </body>
+</html>
--- a/docs/js/jquery-3.1.1.min.js
+++ b/docs/js/jquery-3.1.1.min.js
--- a/docs/js/jquery.rss.min.js
+++ b/docs/js/jquery.rss.min.js
@@ -1,11 +0,0 @@
-(function(d){var e=function(a,b,c,f){this.target=a;this.url=b;this.html=[];this.effectQueue=[];this.options=d.extend({ssl:!1,host:"www.feedrapp.info",limit:null,key:null,layoutTemplate:"<ul>{entries}</ul>",entryTemplate:'<li><a href="{url}">[{author}@{date}] {title}</a><br/>{shortBodyPlain}</li>',tokens:{},outputMode:"json",dateFormat:"dddd MMM Do",dateLocale:"en",effect:"show",offsetStart:!1,offsetEnd:!1,error:function(){console.log("jQuery RSS: url doesn't link to RSS-Feed")},onData:function(){},
-success:function(){}},c||{});this.options.ssl&&"www.feedrapp.info"===this.options.host&&(this.options.host="feedrapp.herokuapp.com");this.callback=f||this.options.success};e.htmlTags="doctype,html,head,title,base,link,meta,style,script,noscript,body,article,nav,aside,section,header,footer,h1-h6,hgroup,address,p,hr,pre,blockquote,ol,ul,li,dl,dt,dd,figure,figcaption,div,table,caption,thead,tbody,tfoot,tr,th,td,col,colgroup,form,fieldset,legend,label,input,button,select,datalist,optgroup,option,textarea,keygen,output,progress,meter,details,summary,command,menu,del,ins,img,iframe,embed,object,param,video,audio,source,canvas,track,map,area,a,em,strong,i,b,u,s,small,abbr,q,cite,dfn,sub,sup,time,code,kbd,samp,var,mark,bdi,bdo,ruby,rt,rp,span,br,wbr".split(",");
-e.prototype.load=function(a){var b="http"+(this.options.ssl?"s":"")+"://"+this.options.host+"?callback=?&q="+encodeURIComponent(this.url);this.options.offsetStart&&this.options.offsetEnd&&(this.options.limit=this.options.offsetEnd);null!==this.options.limit&&(b+="&num="+this.options.limit);null!==this.options.key&&(b+="&key="+this.options.key);d.getJSON(b,a)};e.prototype.render=function(){var a=this;this.load(function(b){try{a.feed=b.responseData.feed,a.entries=b.responseData.feed.entries}catch(c){return a.entries=
-[],a.feed=null,a.options.error.call(a)}b=a.generateHTMLForEntries();a.target.append(b.layout);if(0!==b.entries.length){d.isFunction(a.options.onData)&&a.options.onData.call(a);var f=d(b.layout).is("entries")?b.layout:d("entries",b.layout);a.appendEntriesAndApplyEffects(f,b.entries)}0<a.effectQueue.length?a.executeEffectQueue(a.callback):d.isFunction(a.callback)&&a.callback.call(a)})};e.prototype.appendEntriesAndApplyEffects=function(a,b){var c=this;d.each(b,function(b,e){var d=c.wrapContent(e);"show"===
-c.options.effect?a.before(d):(d.css({display:"none"}),a.before(d),c.applyEffect(d,c.options.effect))});a.remove()};e.prototype.generateHTMLForEntries=function(){var a=this,b={entries:[],layout:null};d(this.entries).each(function(){var c=a.options.offsetStart,f=a.options.offsetEnd;c&&f?index>=c&&index<=f&&a.isRelevant(this,b.entries)&&(c=a.evaluateStringForEntry(a.options.entryTemplate,this),b.entries.push(c)):a.isRelevant(this,b.entries)&&(c=a.evaluateStringForEntry(a.options.entryTemplate,this),
-b.entries.push(c))});b.layout=this.options.entryTemplate?this.wrapContent(this.options.layoutTemplate.replace("{entries}","<entries></entries>")):this.wrapContent("<div><entries></entries></div>");return b};e.prototype.wrapContent=function(a){return 0!==d.trim(a).indexOf("<")?d("<div>"+a+"</div>"):d(a)};e.prototype.applyEffect=function(a,b,c){switch(b){case "slide":a.slideDown("slow",c);break;case "slideFast":a.slideDown(c);break;case "slideSynced":this.effectQueue.push({element:a,effect:"slide"});
-break;case "slideFastSynced":this.effectQueue.push({element:a,effect:"slideFast"})}};e.prototype.executeEffectQueue=function(a){var b=this;this.effectQueue.reverse();var c=function(){var f=b.effectQueue.pop();f?b.applyEffect(f.element,f.effect,c):a&&a()};c()};e.prototype.evaluateStringForEntry=function(a,b){var c=a,f=this;d(a.match(/(\{.*?\})/g)).each(function(){var a=this.toString();c=c.replace(a,f.getValueForToken(a,b))});return c};e.prototype.isRelevant=function(a,b){var c=this.getTokenMap(a);
-return this.options.filter?this.options.filterLimit&&this.options.filterLimit===b.length?!1:this.options.filter(a,c):!0};e.prototype.getFormattedDate=function(a){if(this.options.dateFormatFunction)return this.options.dateFormatFunction(a);return"undefined"!==typeof moment?(a=moment(new Date(a)),a=a.locale?a.locale(this.options.dateLocale):a.lang(this.options.dateLocale),a.format(this.options.dateFormat)):a};e.prototype.getTokenMap=function(a){if(!this.feedTokens){var b=JSON.parse(JSON.stringify(this.feed));
-delete b.entries;this.feedTokens=b}return d.extend({feed:this.feedTokens,url:a.link,author:a.author,date:this.getFormattedDate(a.publishedDate),title:a.title,body:a.content,shortBody:a.contentSnippet,bodyPlain:function(a){for(var a=a.content.replace(/<script[\\r\\\s\S]*<\/script>/mgi,"").replace(/<\/?[^>]+>/gi,""),b=0;b<e.htmlTags.length;b++)a=a.replace(RegExp("<"+e.htmlTags[b],"gi"),"");return a}(a),shortBodyPlain:a.contentSnippet.replace(/<\/?[^>]+>/gi,""),index:d.inArray(a,this.entries),totalEntries:this.entries.length,
-teaserImage:function(a){try{return a.content.match(/(<img.*?>)/gi)[0]}catch(b){return""}}(a),teaserImageUrl:function(a){try{return a.content.match(/(<img.*?>)/gi)[0].match(/src="(.*?)"/)[1]}catch(b){return""}}(a)},this.options.tokens)};e.prototype.getValueForToken=function(a,b){var c=this.getTokenMap(b),d=a.replace(/[\{\}]/g,""),d=c[d];if("undefined"!==typeof d)return"function"===typeof d?d(b,c):d;throw Error("Unknown token: "+a+", url:"+this.url);};d.fn.rss=function(a,b,c){(new e(this,a,b,c)).render();
-return this}})(jQuery);
--- a/docs/js/moment.min.js
+++ b/docs/js/moment.min.js
--- a/docs/library.xen
+++ b/docs/library.xen
@@ -0,0 +1,100 @@
+
+          About a libxen library
+	  ======================
+
+Functional description:
+-----------------------
+
+  Small C library to be able to control Xen Linux guest, i.e.
+    provide the following operations for Xen guest domains running Linux
+    from domain 0 code linked to the library (running as root):
+     - start
+     - stop
+     - suspend
+     - resume
+     - monitor
+  More advanced features should be allowed as future extensions, but
+  are not expected to be provided in first shipment.
+
+  Open enough Licence that customers can link their apps to it (LGPL)
+
+  Small and contained enough that we can use it as a way to
+  provide API and ABI stability in spite if the evolution of Xen
+  existing API and hypervisor calls.
+
+The current state of Xen userland:
+----------------------------------
+
+  the existing Xen 3.0 userland code is mostly based on tiny C functions
+using direct hypervisor calls (or /proc/xen/ interfaces) and a lot of
+Python code on top driving the hypervisor.
+  The C code is relatively hairy, functions with 10 parameters or more
+are not uncommon, and it is very low level usually without comment about
+the function or its arguments. They are usually only called once in the
+whole tree by the python bindings. In essence it looks like the Xen project
+was not implemented with the idea of reusing that part of the code by
+applications.
+  Indeed most of the userland code coming with Xen is built on Python,
+like xend the xen daemon running on domain 0 or the xenstored daemon which
+manage the state of the domains launched.
+
+Rebuilding a library ?:
+-----------------------
+
+  Providing a library at the C level to drive domain execution is in a
+very large part a rimplementation of existing code but in a different way
+and somehow with different goals for the code. The existing Licence (GPL)
+makes it uneasy, we can't copy GPL code to put it in a LGPL'ed library,
+and rewriting everything while looking at the Xen code will inevitably
+lead to code similarities especially with this kind of system code. Plus
+we will still need to run xend and probably xenstored to not diverge
+completely from Xen existing code base.
+
+The IBM way:
+------------
+
+  Here is supposition about code that I can't instanciate except by looking
+at said code but it looks that IBM also needed a C programmatic API to
+manage the Xen domain definitions. Their solution was to build (Rusty
+Russell did this) an LGPL C API connecting directly to the xenstore
+daemon (./tools/xenstore/*). In a way this is quite more fragile as it depends
+on the whole existing stack of the Xen code, but it isolate the API
+from the implementation details of the current Xen source (API in
+./tools/xenstore/xs.h). The goal seems to be more about testing and controlling
+the xen store daemon, but it shows a different approach to decouple client
+API/ABI from the Xen existing code.
+
+Open question:
+---------------
+
+  To what extent should libxen be a rewrite or an isolation layer around
+some of the existing code ?
+
+  Rewrite:
+
+    Pros:
+     - avoid the GPL Licence problem potentially more users
+     - allow do build a cleaner more stable layer
+     - the existing code is frightening
+    Cons:
+     - awful lot of work debugging very hard
+     - will still require existing Xen code to be running
+     - splitting interfaces is hard politically and lower the
+       Open Source efforts toward the project
+
+  Wrappers on top of existing code:
+
+    Pros:
+     - much smaller code rewrite
+     - benefits from the bugfixes injected by other patchers upstream
+    Cons:
+     - Licence constraint GPL only for apps
+     - API/ABI isolation may not be easier in that way
+
+  Potentially the API could be implemented as a layer on top of the existing
+libxc C code library and then progressively migrating out the existing
+dependence to Xen code as the interfaces stabilize.
+
+Daniel Veillard <veillard@redhat.com>
+
+Mon Oct 24 18:40:19 CEST 2005
--- a/docs/libvirt-header-bg.png
+++ b/docs/libvirt-header-bg.png
--- a/docs/libvirt-header-logo.png
+++ b/docs/libvirt-header-logo.png
--- a/docs/libvirt-net-logical.fig
+++ b/docs/libvirt-net-logical.fig
@@ -0,0 +1,159 @@
+#FIG 3.2
+Landscape
+Center
+Inches
+Letter
+100.00
+Single
+-2
+1200 2
+6 675 8400 4650 8625
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 675 8400 4650 8400
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 675 8475 4650 8475
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 675 8550 4650 8550
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 675 8625 4650 8625
+-6
+6 7575 8400 11550 8625
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 7575 8400 11550 8400
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 7575 8475 11550 8475
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 7575 8550 11550 8550
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 7575 8625 11550 8625
+-6
+6 9000 7125 9600 7425
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 9000 7125 9600 7125 9600 7425 9000 7425 9000 7125
+4 0 0 50 -1 16 12 0.0000 4 135 360 9075 7350 eth1\001
+-6
+6 1950 1200 3600 2325
+6 2100 2025 2625 2325
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 2100 2025 2625 2025 2625 2325 2100 2325 2100 2025
+4 0 0 50 -1 16 12 0.0000 4 135 360 2175 2250 eth0\001
+-6
+6 2850 2025 3375 2325
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 2850 2025 3375 2025 3375 2325 2850 2325 2850 2025
+4 0 0 50 -1 16 12 0.0000 4 135 360 2925 2250 eth1\001
+-6
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 1950 1200 3600 1200 3600 2025 1950 2025 1950 1200
+4 0 0 50 -1 16 12 0.0000 4 135 675 2025 1425 Guest A\001
+-6
+6 4575 1200 6225 2325
+6 4725 2025 5250 2325
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 4725 2025 5250 2025 5250 2325 4725 2325 4725 2025
+4 0 0 50 -1 16 12 0.0000 4 135 360 4800 2250 eth0\001
+-6
+6 5475 2025 6000 2325
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 5475 2025 6000 2025 6000 2325 5475 2325 5475 2025
+4 0 0 50 -1 16 12 0.0000 4 135 360 5550 2250 eth1\001
+-6
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 4575 1200 6225 1200 6225 2025 4575 2025 4575 1200
+2 3 0 1 0 7 50 -1 -1 0.000 0 0 0 0 0 5
+	 5325 1800 5475 1650 5325 1500 5175 1650 5325 1800
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 3
+	 5175 1650 4950 1650 4950 2025
+	 0.000 1.000 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 3
+	 5475 1650 5700 1650 5700 2025
+	 0.000 1.000 0.000
+4 0 0 50 -1 16 12 0.0000 4 135 660 4650 1425 Guest B\001
+4 0 0 50 -1 16 12 0.0000 4 135 420 5550 1575 FWD\001
+-6
+6 7575 1200 9225 2325
+6 7725 2025 8250 2325
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 7725 2025 8250 2025 8250 2325 7725 2325 7725 2025
+4 0 0 50 -1 16 12 0.0000 4 135 360 7800 2250 eth0\001
+-6
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 7575 1200 9225 1200 9225 2025 7575 2025 7575 1200
+4 0 0 50 -1 16 12 0.0000 4 135 675 7650 1425 Guest C\001
+-6
+6 8025 4950 8625 5250
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 8025 4950 8625 4950 8625 5250 8025 5250 8025 4950
+4 0 0 50 -1 16 12 0.0000 4 135 480 8100 5175 virbr1\001
+-6
+6 2550 7125 3150 7425
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 2550 7125 3150 7125 3150 7425 2550 7425 2550 7125
+4 0 0 50 -1 16 12 0.0000 4 180 465 2625 7350 peth0\001
+-6
+6 2475 3675 6450 3900
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 2475 3675 6450 3675
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 2475 3750 6450 3750
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 2475 3825 6450 3825
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 2475 3900 6450 3900
+-6
+6 7500 3675 11475 3900
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 7500 3675 11475 3675
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 7500 3750 11475 3750
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 7500 3825 11475 3825
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 7500 3900 11475 3900
+-6
+6 3675 4950 4275 5250
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 3675 4950 4275 4950 4275 5250 3675 5250 3675 4950
+4 0 0 50 -1 16 12 0.0000 4 135 480 3750 5175 virbr0\001
+-6
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 2850 7425 2850 8400
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 9300 7425 9300 8400
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 1725 5250 10275 5250 10275 7125 1725 7125 1725 5250
+2 3 0 1 0 7 50 -1 -1 0.000 0 0 0 0 0 5
+	 4875 6450 5100 6225 4875 6000 4650 6225 4875 6450
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 4
+	 2325 2325 2325 3375 825 5400 1125 8400
+	 0.000 1.000 1.000 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 4
+	 5700 2325 5700 2925 7875 2925 7950 3675
+	 0.000 1.000 1.000 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 4
+	 7950 2325 7950 2850 8475 2850 8925 3675
+	 0.000 1.000 1.000 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 4
+	 3075 2325 3075 3150 3525 3150 3525 3675
+	 0.000 1.000 1.000 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 4
+	 4950 2325 4950 3225 4650 3225 4500 3675
+	 0.000 1.000 1.000 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 4
+	 4875 6450 4875 6825 9225 6525 9225 7125
+	 0.000 1.000 1.000 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 4
+	 3600 3900 3675 4500 4050 4500 4050 4950
+	 0.000 1.000 1.000 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 4
+	 3975 5250 3975 5625 4875 5625 4875 6000
+	 0.000 1.000 1.000 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 4
+	 8775 3900 8700 4500 8325 4500 8325 4950
+	 0.000 1.000 1.000 0.000
+4 0 0 50 -1 16 12 0.0000 4 135 360 825 8850 lan1\001
+4 0 0 50 -1 16 12 0.0000 4 135 360 7725 8850 lan2\001
+4 0 0 50 -1 16 12 0.0000 4 135 465 2550 4125 vlan1\001
+4 0 0 50 -1 16 12 0.0000 4 135 465 7575 4125 vlan2\001
+4 0 0 50 -1 16 12 0.0000 4 135 420 5100 6075 FWD\001
+4 0 0 50 -1 16 12 0.0000 4 135 570 1800 5475 Host A\001
--- a/docs/libvirt-net-logical.png
+++ b/docs/libvirt-net-logical.png
--- a/docs/libvirt-net-physical.fig
+++ b/docs/libvirt-net-physical.fig
@@ -0,0 +1,139 @@
+#FIG 3.2
+Landscape
+Center
+Inches
+Letter
+100.00
+Single
+-2
+1200 2
+6 675 8400 4650 8625
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 675 8400 4650 8400
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 675 8475 4650 8475
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 675 8550 4650 8550
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 675 8625 4650 8625
+-6
+6 7575 8400 11550 8625
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 7575 8400 11550 8400
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 7575 8475 11550 8475
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 7575 8550 11550 8550
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 7575 8625 11550 8625
+-6
+6 9000 7125 9600 7425
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 9000 7125 9600 7125 9600 7425 9000 7425 9000 7125
+4 0 0 50 -1 16 12 0.0000 4 135 360 9075 7350 eth1\001
+-6
+6 2550 7125 3150 7425
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 2550 7125 3150 7125 3150 7425 2550 7425 2550 7125
+4 0 0 50 -1 16 12 0.0000 4 180 465 2625 7350 peth0\001
+-6
+6 1950 1200 3600 2325
+6 2100 2025 2625 2325
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 2100 2025 2625 2025 2625 2325 2100 2325 2100 2025
+4 0 0 50 -1 16 12 0.0000 4 135 360 2175 2250 eth0\001
+-6
+6 2850 2025 3375 2325
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 2850 2025 3375 2025 3375 2325 2850 2325 2850 2025
+4 0 0 50 -1 16 12 0.0000 4 135 360 2925 2250 eth1\001
+-6
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 1950 1200 3600 1200 3600 2025 1950 2025 1950 1200
+4 0 0 50 -1 16 12 0.0000 4 135 675 2025 1425 Guest A\001
+-6
+6 4575 1200 6225 2325
+6 4725 2025 5250 2325
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 4725 2025 5250 2025 5250 2325 4725 2325 4725 2025
+4 0 0 50 -1 16 12 0.0000 4 135 360 4800 2250 eth0\001
+-6
+6 5475 2025 6000 2325
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 5475 2025 6000 2025 6000 2325 5475 2325 5475 2025
+4 0 0 50 -1 16 12 0.0000 4 135 360 5550 2250 eth1\001
+-6
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 4575 1200 6225 1200 6225 2025 4575 2025 4575 1200
+2 3 0 1 0 7 50 -1 -1 0.000 0 0 0 0 0 5
+	 5325 1800 5475 1650 5325 1500 5175 1650 5325 1800
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 3
+	 5175 1650 4950 1650 4950 2025
+	 0.000 1.000 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 3
+	 5475 1650 5700 1650 5700 2025
+	 0.000 1.000 0.000
+4 0 0 50 -1 16 12 0.0000 4 135 660 4650 1425 Guest B\001
+4 0 0 50 -1 16 12 0.0000 4 135 420 5550 1575 FWD\001
+-6
+6 7575 1200 9225 2325
+6 7725 2025 8250 2325
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 7725 2025 8250 2025 8250 2325 7725 2325 7725 2025
+4 0 0 50 -1 16 12 0.0000 4 135 360 7800 2250 eth0\001
+-6
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 7575 1200 9225 1200 9225 2025 7575 2025 7575 1200
+4 0 0 50 -1 16 12 0.0000 4 135 675 7650 1425 Guest C\001
+-6
+6 4950 4275 6225 4725
+2 4 0 1 0 7 50 -1 -1 0.000 0 0 7 0 0 5
+	 6225 4725 6225 4275 4950 4275 4950 4725 6225 4725
+4 0 0 50 -1 16 12 0.0000 4 180 1080 5025 4575 Bridge virbr0\001
+-6
+6 2400 4275 3750 4725
+2 4 0 1 0 7 50 -1 -1 0.000 0 0 7 0 0 5
+	 3750 4725 3750 4275 2400 4275 2400 4725 3750 4725
+4 0 0 50 -1 16 12 0.0000 4 180 960 2475 4575 Bridge eth0\001
+-6
+6 7725 4275 9000 4725
+2 4 0 1 0 7 50 -1 -1 0.000 0 0 7 0 0 5
+	 9000 4725 9000 4275 7725 4275 7725 4725 9000 4725
+4 0 0 50 -1 16 12 0.0000 4 180 1080 7800 4575 Bridge virbr1\001
+-6
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 2850 7425 2850 8400
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 9300 7425 9300 8400
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 1800 825 10275 825 10275 7125 1800 7125 1800 825
+2 3 0 1 0 7 50 -1 -1 0.000 0 0 0 0 0 5
+	 6675 5850 6900 5625 6675 5400 6450 5625 6675 5850
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 4
+	 2325 2325 2325 3375 3000 3375 3000 4275
+	 0.000 1.000 1.000 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 4
+	 3000 4725 3000 5625 2850 5625 2850 7125
+	 0.000 1.000 1.000 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 4
+	 5700 2325 5700 2925 8250 2925 8250 4275
+	 0.000 1.000 1.000 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 4
+	 7950 2325 7950 2850 8475 2850 8475 4275
+	 0.000 1.000 1.000 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 4
+	 3075 2325 3075 3450 5550 3450 5550 4275
+	 0.000 1.000 1.000 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 4
+	 4950 2325 4950 3225 5700 3225 5700 4275
+	 0.000 1.000 1.000 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 4
+	 5550 4725 5400 5100 6675 5175 6675 5400
+	 0.000 1.000 1.000 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 4
+	 6675 5850 6675 6300 9225 6000 9225 7125
+	 0.000 1.000 1.000 0.000
+4 0 0 50 -1 16 12 0.0000 4 135 360 825 8850 lan1\001
+4 0 0 50 -1 16 12 0.0000 4 135 360 7725 8850 lan2\001
+4 0 0 50 -1 16 12 0.0000 4 135 570 1875 1050 Host A\001
+4 0 0 50 -1 16 12 0.0000 4 135 420 5850 5700 FWD\001
--- a/docs/libvirt-net-physical.png
+++ b/docs/libvirt-net-physical.png
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Ján Tomko	e433008df4	api: disallow virConnectGetDomainCapabilities on read-only connections This API can be used to execute arbitrary emulators. Forbid it on read-only connections. Fixes: CVE-2019-10167 Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> (cherry picked from commit `8afa68bac0`) Signed-off-by: Ján Tomko <jtomko@redhat.com>	2019-06-24 10:26:37 +02:00
Ján Tomko	221397df7a	api: disallow virDomainSaveImageGetXMLDesc on read-only connections The virDomainSaveImageGetXMLDesc API is taking a path parameter, which can point to any path on the system. This file will then be read and parsed by libvirtd running with root privileges. Forbid it on read-only connections. Fixes: CVE-2019-10161 Reported-by: Matthias Gerstner <mgerstner@suse.de> Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> (cherry picked from commit `aed6a032ce`) Signed-off-by: Ján Tomko <jtomko@redhat.com> Conflicts: src/libvirt-domain.c src/remote/remote_protocol.x Upstream commit `12a51f372` which introduced the VIR_DOMAIN_SAVE_IMAGE_XML_SECURE alias for VIR_DOMAIN_XML_SECURE is not backported. Just skip the commit since we now disallow the whole API on read-only connections, regardless of the flag. Signed-off-by: Ján Tomko <jtomko@redhat.com>	2019-06-24 10:26:37 +02:00
Pavel Hrdina	69acd088d6	build: add GCC 6.0 -Wlogical-op workaround fdstream.c: In function 'virFDStreamWrite': fdstream.c:390:29: error: logical 'or' of equal expressions [-Werror=logical-op] if (errno == EAGAIN \|\| errno == EWOULDBLOCK) { ^~ Fedora rawhide now uses gcc 6.0 and there is a bug with -Wlogical-op producing false warnings. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69602 Use GCC pragma push/pop and ignore -Wlogical-op for GCC that supports push/pop pragma and also has this bug. Signed-off-by: Pavel Hrdina <phrdina@redhat.com> (cherry picked from commit `d713a6b120`)	2016-10-03 18:30:26 +02:00
Michal Privoznik	b1bae2976d	Initialize couple of variables. While trying to build with -Os couple of compile errors showed up. conf/domain_conf.c: In function 'virDomainChrRemove': conf/domain_conf.c:13666:24: error: 'ret' may be used uninitialized in this function [-Werror=maybe-uninitialized] virDomainChrDefPtr ret, **arrPtr = NULL; ^ Compiler fails to see that @ret is used only if set in the loop, but whatever, there's no harm in initializing the variable. In vboxAttachDrivesNew and _vboxAttachDrivesOld compiler thinks that @rc may be used uninitialized. Well, not directly, but maybe after some optimization. Yet again, no harm in initializing a variable. In file included from ./util/virthread.h:26:0, from ./datatypes.h:28, from vbox/vbox_tmpl.c:43, from vbox/vbox_V3_1.c:37: vbox/vbox_tmpl.c: In function '_vboxAttachDrivesOld': ./util/virerror.h:181:5: error: 'rc' may be used uninitialized in this function [-Werror=maybe-uninitialized] virReportErrorHelper(VIR_FROM_THIS, code, __FILE__, \ ^ In file included from vbox/vbox_V3_1.c:37:0: vbox/vbox_tmpl.c:1041:14: note: 'rc' was declared here nsresult rc; ^ Yet again, one uninitialized variable: qemu/qemu_driver.c: In function 'qemuDomainBlockCommit': qemu/qemu_driver.c:17194:9: error: 'baseSource' may be used uninitialized in this function [-Werror=maybe-uninitialized] qemuDomainPrepareDiskChainElement(driver, vm, baseSource, ^ And another one: storage/storage_backend_logical.c: In function 'virStorageBackendLogicalMatchPoolSource.isra.2': storage/storage_backend_logical.c:618:33: error: 'thisSource' may be used uninitialized in this function [-Werror=maybe-uninitialized] thisSource->devices[j].path)) ^ Signed-off-by: Michal Privoznik <mprivozn@redhat.com> (cherry picked from commit `bde6e002b5`)	2016-10-03 18:30:24 +02:00
Pavel Hrdina	34807c1f4e	maint: fix syntax-check sc_prohibit_int_ijk exclude rule Fix the regex for excluding files for this syntax-rule. The rule "include/" will not work, because we are matching the whole line like this "^(...\|include/\|...)$ so we need to use "include/libvirt/libvirt.+". The second issue is that we are using only one '$' but there should be two of those at the end. The last small adjustment is to escape dots '.' so it match only dot. Signed-off-by: Pavel Hrdina <phrdina@redhat.com> (cherry picked from commit `a94efa50e2`)	2016-10-03 18:30:19 +02:00
Marc Hartmayer	b18d0b4e43	util: bitmap: clarify virBitmapLastSetBit() behavior for empty bitmaps Before the variable 'bits' was initialized with 0 (commit `3470cd860d`), the following bug was possible. A function call with an empty bitmap leads to undefined behavior. Because if 'bitmap->map_len == 0' 'unusedBits' will be <= 0 and 'sz == 1'. So the non global and non static variable 'bits' would have never been set. Consequently the check 'bits == 0' results in undefined behavior. This patch clarifies the current version of the function by handling the empty bitmap explicitly. Also, for an empty bitmap there is obviously no bit set so we can just return -1 (indicating no bit set) right away. The explicit check for 'bits == 0' after the loop is unnecessary because we only get to this point if no set bit was found. Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Reviewed-by: Sascha Silbe <silbe@linux.vnet.ibm.com> Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com> Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com> (cherry picked from commit `7cd01a248b`)	2016-10-03 18:30:16 +02:00
Martin Kletzander	409362b048	Fix building with -Og When building using -Og, gcc sees that some variables can be used uninitialized It can be debatable whether it is possible with our codeflow, but functions should be self-contained and initializations are always good. The return instead of goto is due to actualType being used in the cleanup. Signed-off-by: Martin Kletzander <mkletzan@redhat.com> (cherry picked from commit `3470cd860d`)	2016-10-03 18:29:29 +02:00
Martin Kletzander	756f518213	qemu: Only use memory-backend-file with NUMA if needed If this reminds you of a commit message from around a year ago, it's `41c2aa729f` and yes, we're dealing with "the same thing" again. Or `f309db1f4d` and it's similar. There is a logic in place that if there is no real need for memory-backend-file, qemuBuildMemoryBackendStr() returns 0. However that wasn't the case with hugepage backing. The reason for that was that we abused the 'pagesize' variable for storing that information, but we should rather have a separate one that specifies whether we really need the new object for hugepage backing. And that variable should be set only if this particular NUMA cell needs special treatment WRT hugepages. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1372153 Signed-off-by: Martin Kletzander <mkletzan@redhat.com> (cherry picked from commit 4372a7845acbc6974f6027ef68e7dd3eeb47f425)	2016-10-03 18:29:18 +02:00
Jiri Denemark	c9317fcdd4	qemu: Let empty default VNC password work as documented CVE-2016-5008 Setting an empty graphics password is documented as a way to disable VNC/SPICE access, but QEMU does not always behaves like that. VNC would happily accept the empty password. Let's enforce the behavior by setting password expiration to "now". https://bugzilla.redhat.com/show_bug.cgi?id=1180092 Signed-off-by: Jiri Denemark <jdenemar@redhat.com> (cherry picked from commit `bb848feec0`)	2016-07-04 10:16:18 +01:00