qemu: Let empty default VNC password work as documented

CVE-2016-5008 Setting an empty graphics password is documented as a way to disable VNC/SPICE access, but QEMU does not always behaves like that. VNC would happily accept the empty password. Let's enforce the behavior by setting password expiration to "now". https://bugzilla.redhat.com/show_bug.cgi?id=1180092 Signed-off-by: Jiri Denemark <jdenemar@redhat.com> (cherry picked from commit bb848feec0) (cherry picked from commit d933f68ee6)
CVE-2015-5313: storage: don't allow '/' in filesystem volume names
2025-09-24 21:44:59 +03:00 · 2016-06-30 14:01:40 +01:00 · 2015-12-16 13:45:49 -07:00 · 2015-12-16 13:45:49 -07:00 · 2015-12-16 13:45:49 -07:00 · 2015-12-16 13:45:49 -07:00
9023 changed files with 1938273 additions and 4317436 deletions
--- a/.color_coded.in
+++ b/.color_coded.in
@@ -1,40 +0,0 @@
-I@abs_top_builddir@
-I@abs_top_srcdir@
-I@abs_top_builddir@/gnulib/lib
-I@abs_top_srcdir@/gnulib/lib
-I@abs_top_builddir@/include
-I@abs_top_srcdir@/include
-I@abs_top_builddir@/src
-I@abs_top_srcdir@/src
-I@abs_top_builddir@/src/access
-I@abs_top_srcdir@/src/access
-I@abs_top_builddir@/src/admin
-I@abs_top_srcdir@/src/admin
-I@abs_top_builddir@/src/bhyve
-I@abs_top_srcdir@/src/bhyve
-I@abs_top_builddir@/src/conf
-I@abs_top_srcdir@/src/conf
-I@abs_top_builddir@/src/libxl
-I@abs_top_srcdir@/src/libxl
-I@abs_top_builddir@/src/locking
-I@abs_top_srcdir@/src/locking
-I@abs_top_builddir@/src/logging
-I@abs_top_srcdir@/src/logging
-I@abs_top_builddir@/src/lxc
-I@abs_top_srcdir@/src/lxc
-I@abs_top_builddir@/src/qemu
-I@abs_top_srcdir@/src/qemu
-I@abs_top_builddir@/src/remote
-I@abs_top_srcdir@/src/remote
-I@abs_top_builddir@/src/rpc
-I@abs_top_srcdir@/src/rpc
-I@abs_top_builddir@/src/secret
-I@abs_top_srcdir@/src/secret
-I@abs_top_builddir@/src/security
-I@abs_top_srcdir@/src/security
-I@abs_top_builddir@/src/util
-I@abs_top_srcdir@/src/util
-I@abs_top_builddir@/src/vmx
-I@abs_top_srcdir@/src/vmx
-I@abs_top_builddir@/src/xenconfig
-I@abs_top_srcdir@/src/xenconfig
--- a/.ctags
+++ b/.ctags
@@ -1,5 +0,0 @@
--recurse
--exclude=*.orig
--exclude=*.html
--exclude=*.html.in
--langmap=c:+.h.in
--- a/.gitignore
+++ b/.gitignore
@@ -1,34 +1,24 @@
 *#*#
 *.#*#
-*.[187]
-*.[187].in
 *.a
 *.cov
 *.exe
-*.exe.manifest
 *.gcda
 *.gcno
 *.gcov
 *.html
 *.i
-*.init
 *.la
 *.lo
 *.loT
 *.o
 *.orig
-*.pem
 *.pyc
 *.rej
 *.s
-*.service
-*.socket
-*.swp
 *~
 .#*
-.color_coded
 .deps
-.dirstamp
 .gdb_history
 .git
 .git-module-status
@@ -36,7 +26,6 @@
 .lvimrc
 .memdump
 .sc-start-sc_*
-.ycm_extra_conf.py
 /ABOUT-NLS
 /AUTHORS
 /ChangeLog
@@ -45,9 +34,9 @@
 /NEWS
 /aclocal.m4
 /autom4te.cache
-/build-aux/*
+/build-aux
+/build-aux/
 /build/
-/confdefs.h
 /config.cache
 /config.guess
 /config.h
@@ -58,48 +47,39 @@
 /config.sub
 /configure
 /configure.lineno
-/conftest.*
 /daemon/*_dispatch.h
 /daemon/libvirt_qemud
 /daemon/libvirtd
 /daemon/libvirtd*.logrotate
+/daemon/libvirtd.8
+/daemon/libvirtd.8.in
+/daemon/libvirtd.init
+/daemon/libvirtd.pod
 /daemon/libvirtd.policy
+/daemon/libvirtd.service
 /daemon/test_libvirtd.aug
-/docs/aclperms.htmlinc
 /docs/apibuild.py.stamp
 /docs/devhelp/libvirt.devhelp
 /docs/hvsupport.html.in
-/docs/libvirt-admin-*.xml
 /docs/libvirt-api.xml
 /docs/libvirt-lxc-*.xml
 /docs/libvirt-qemu-*.xml
 /docs/libvirt-refs.xml
-/docs/news.html.in
 /docs/search.php
 /docs/todo.html.in
-/examples/admin/client_close
-/examples/admin/client_info
-/examples/admin/client_limits
-/examples/admin/list_clients
-/examples/admin/list_servers
-/examples/admin/logging
-/examples/admin/threadpool_params
-/examples/object-events/event-test
+/examples/domain-events/events-c/event-test
 /examples/dominfo/info1
 /examples/domsuspend/suspend
-/examples/dommigrate/dommigrate
-/examples/domtop/domtop
 /examples/hellolibvirt/hellolibvirt
 /examples/openauth/openauth
-/examples/rename/rename
 /gnulib/lib/*
 /gnulib/m4/*
 /gnulib/tests/*
-/include/libvirt/libvirt-common.h
+/include/libvirt/libvirt.h
 /libtool
-/libvirt-*.tar.xz
+/libvirt-*.tar.gz
 /libvirt-[0-9]*
-/libvirt*.pc
+/libvirt.pc
 /libvirt.spec
 /ltconfig
 /ltmain.sh
@@ -109,11 +89,20 @@
 /mkinstalldirs
 /po/*
 /proxy/
-/python/
+/python/generated.stamp
+/python/generator.py.stamp
+/python/libvirt-export.c
+/python/libvirt-lxc-export.c
+/python/libvirt-lxc.[ch]
+/python/libvirt-qemu-export.c
+/python/libvirt-qemu.[ch]
+/python/libvirt.[ch]
+/python/libvirt.py
+/python/libvirt_lxc.py
+/python/libvirt_qemu.py
 /run
 /sc_*
 /src/.*.stamp
-/src/*.pc
 /src/access/org.libvirt.api.policy
 /src/access/viraccessapicheck.c
 /src/access/viraccessapicheck.h
@@ -121,32 +110,22 @@
 /src/access/viraccessapichecklxc.h
 /src/access/viraccessapicheckqemu.c
 /src/access/viraccessapicheckqemu.h
-/src/admin/admin_client.h
-/src/admin/admin_protocol.[ch]
 /src/esx/*.generated.*
 /src/hyperv/*.generated.*
 /src/libvirt*.def
 /src/libvirt.syms
 /src/libvirt_access.syms
-/src/libvirt_access.xml
 /src/libvirt_access_lxc.syms
-/src/libvirt_access_lxc.xml
 /src/libvirt_access_qemu.syms
-/src/libvirt_access_qemu.xml
-/src/libvirt_admin.syms
 /src/libvirt_*.stp
 /src/libvirt_*helper
 /src/libvirt_*probes.h
 /src/libvirt_lxc
-/src/locking/libxl-lockd.conf
-/src/locking/libxl-sanlock.conf
 /src/locking/lock_daemon_dispatch_stubs.h
 /src/locking/lock_protocol.[ch]
 /src/locking/qemu-lockd.conf
 /src/locking/qemu-sanlock.conf
 /src/locking/test_libvirt_sanlock.aug
-/src/logging/log_daemon_dispatch_stubs.h
-/src/logging/log_protocol.[ch]
 /src/lxc/lxc_controller_dispatch.h
 /src/lxc/lxc_monitor_dispatch.h
 /src/lxc/lxc_monitor_protocol.c
@@ -159,42 +138,85 @@
 /src/rpc/virkeepaliveprotocol.[ch]
 /src/rpc/virnetprotocol.[ch]
 /src/test_libvirt*.aug
-/src/test_virtlockd.aug
-/src/test_virtlogd.aug
-/src/util/virkeycodetable*.h
-/src/util/virkeynametable*.h
+/src/util/virkeymaps.h
 /src/virt-aa-helper
 /src/virtlockd
-/src/virtlogd
+/src/virtlockd.init
 /tests/*.log
 /tests/*.pid
 /tests/*.trs
-/tests/*test
+/tests/*xml2*test
 /tests/commandhelper
-/tests/qemucapsprobe
-!/tests/virsh-self-test
-!/tests/virt-aa-helper-test
-!/tests/virt-admin-self-test
-/tests/objectlocking
-/tests/objectlocking-files.txt
-/tests/objectlocking.cm[ix]
+/tests/commandtest
+/tests/conftest
+/tests/cputest
+/tests/domainsnapshotxml2xmltest
+/tests/esxutilstest
+/tests/eventtest
+/tests/fchosttest
+/tests/fdstreamtest
+/tests/hashtest
+/tests/jsontest
+/tests/libvirtdconftest
+/tests/networkxml2argvtest
+/tests/nodeinfotest
+/tests/nwfilterxml2xmltest
+/tests/object-locking
+/tests/object-locking-files.txt
+/tests/object-locking.cm[ix]
+/tests/openvzutilstest
+/tests/qemuargv2xmltest
+/tests/qemuhelptest
+/tests/qemuhotplugtest
+/tests/qemumonitorjsontest
+/tests/qemumonitortest
+/tests/qemuxmlnstest
+/tests/qparamtest
 /tests/reconnect
+/tests/secaatest
+/tests/seclabeltest
+/tests/securityselinuxlabeltest
+/tests/securityselinuxtest
+/tests/sexpr2xmltest
+/tests/shunloadtest
+/tests/sockettest
 /tests/ssh
-/tests/test_file_access.txt
+/tests/statstest
+/tests/storagebackendsheepdogtest
+/tests/sysinfotest
 /tests/test_conf
+/tests/utiltest
+/tests/viratomictest
+/tests/virauthconfigtest
+/tests/virbitmaptest
+/tests/virbuftest
+/tests/vircgrouptest
+/tests/virdrivermoduletest
+/tests/virendiantest
+/tests/virhashtest
+/tests/viridentitytest
+/tests/virkeycodetest
+/tests/virkeyfiletest
+/tests/virlockspacetest
+/tests/virnet*test
+/tests/virportallocatortest
+/tests/virshtest
+/tests/virstoragetest
+/tests/virstringtest
+/tests/virtimetest
+/tests/viruritest
+/tests/vmx2xmltest
+/tests/xencapstest
+/tests/xmconfigtest
+/tools/*.[18]
+/tools/libvirt-guests.init
+/tools/libvirt-guests.service
 /tools/libvirt-guests.sh
-/tools/virt-login-shell
 /tools/virsh
 /tools/virsh-*-edit.c
-/tools/virt-admin
 /tools/virt-*-validate
 /tools/virt-sanlock-cleanup
-/tools/wireshark/src/plugin.c
-/tools/wireshark/src/libvirt
 /update.log
-GPATH
-GRTAGS
-GTAGS
 Makefile
 Makefile.in
 TAGS
@@ -208,7 +230,6 @@ stamp-h
 stamp-h.in
 stamp-h1
 tags
-!/build-aux/*.pl
 !/gnulib/lib/Makefile.am
 !/gnulib/tests/Makefile.am
 !/m4/virt-*.m4
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,6 +1,3 @@
 [submodule "gnulib"]
 	path = .gnulib
 	url = git://git.sv.gnu.org/gnulib.git
-[submodule "keycodemapdb"]
-	path = src/keycodemapdb
-	url = https://gitlab.com/keycodemap/keycodemapdb.git
--- a/.gnulib
+++ b/.gnulib
--- a/.mailmap
+++ b/.mailmap
@@ -5,10 +5,7 @@

 <bozzolan@gmail.com> <redshift@gmx.com>
 <charles_duffy@messageone.com> <charles@dyfis.net>
-<claudio.bley@gmail.com> <cbley@av-test.de>
 <dfj@redhat.com> <dfj@dfj.bne.redhat.com>
-<dpkshetty@gmail.com> <deepakcs@linux.vnet.ibm.com>
-<dpkshetty@gmail.com> <deepakcs@redhat.com>
 <eblake@redhat.com> <ebb9@byu.net>
 <gdolley@arpnetworks.com> <gdolley@ucla.edu>
 <gerhard.stenzel@de.ibm.com> <gstenzel@linux.vnet.ibm.com>
@@ -59,5 +56,3 @@ Philipp Hahn <hahn@univention.de>
 Marco Bozzolan <bozzolan@gmail.com>
 Marco Bozzolan <redshift@gmx.com>
 Pritesh Kothari <pritesh.kothari@sun.com>
-Wang Yufei (James) <james.wangyufei@huawei.com>
-Deepak C Shetty <dpkshetty@gmail.com>
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,93 +0,0 @@
-sudo: false
-language: c
-dist: precise
-compiler:
-  - gcc
-cache: ccache
-addons:
-  apt:
-    packages:
-      - xsltproc
-      - autopoint
-      - libxml2-dev
-      - libncurses5-dev
-      - libreadline-dev
-      - zlib1g-dev
-      - libgnutls-dev
-      - libgcrypt11-dev
-      - libavahi-client-dev
-      - libsasl2-dev
-      - libxen-dev
-      - lvm2
-      - libgcrypt11-dev
-      - libparted0-dev
-      - libdevmapper-dev
-      - uuid-dev
-      - libudev-dev
-      - libpciaccess-dev
-      - libcap-ng-dev
-      - libnl-3-dev
-      - libnl-route-3-dev
-      - libyajl-dev
-      - libpcap0.8-dev
-      - libnuma-dev
-      - libnetcf-dev
-      - libaudit-dev
-#      - dwarves
-      - libxml2-utils
-      - libapparmor-dev
-      - dnsmasq-base
-      - librbd-dev
-      - w3c-dtd-xhtml
-
-notifications:
-  irc:
-    # The channel name "irc.oftc.net#virt" is encrypted against libvirt/libvirt
-    # to prevent IRC notifications from github forks. This was created using:
-    # $ travis encrypt -r "libvirt/libvirt" "irc.oftc.net#virt"
-    channels:
-      - secure: "hUPdkLxX7nh75+clpnk4U0XLExLfV9DFKSvQSAUtf5JtDNMslj7AeOCf2wcbkNsEhkiF557odTAnov1s5m1w/yaa56zbjFAh5agzqRKya3QjqsrvlBKw/WuN+l82iMNLLeebTgCPAXrbAbGWH8YmYssp/7+eMsnKaVh84EQQNbMCHlLg6ovE26Fs18mZ6J5RC3OPa1vbv+xkdCHvGg/Oyp4K8bpU7RYyimA56jdxI/OfdTH9HxntHYSzykR7hDbyzZhdIlAUyRKReQVjcV5+R8fdDL/1imyGA/88KTztMeKXpZ5Rf+Ss3vYLZb6qsLLegCZ4AU/q0vvbWxjpZGJZoeyrVpfBTZdYGIzmLTMl9GYXXa/gDwFlbvRDiPDG4TIy6GlMUROinj7KRKEHu1fWRYu012ife5OjidxcwrTnz21vYaCv3AKWPpMPxwIzQPkY1hex9uLLX6z+TrAxxDLF+7UzRT9w2RLFBkLYlj2aDVrLAVb/ynRsxDz5CGzC61FSQVft2e308SkGjdn8YxvguCuXv+N70Fu1cvFyh5XYeHb4fbBRo0Ctzaec78leHlQvRGWKJxXDXRkE2lvvBc7YbBNSAYh7Fs8Y+zY7l7rMxvXdrt3nuaNQhe74V3yhxPDAld66qmAn9TYMmaZW2f5/KKKILLbCa0t2MxiAc6L2OI8="
-    on_success: change
-    on_failure: always
-  email:
-    # The list name 'libvirt-ci@redhat.com" is encrypted against libvirt/libvirt
-    # to prevent IRC notifications from github forks. This was created using:
-    # $ travis encrypt -r "libvirt/libvirt" "libvirt-ci@redhat.com"
-    recipients:
-      - secure: "QcU9eP96P0RlDNzVRZl/4sxyydPStGzECrpgJhr2IPB/7pHk23yaBrmUsq9S830tB+jwLGma1IscNB8uf7Sf7WY+cYIpfR8v030OffWnaipo/Gcs0dpnlfURWHjOFQI3RJzGEihsqvbwUFOwsM+3IDyO3qdWaiT6cN2Tj9ROlwYCySSX5YWzLyX7arBZ4lp8ESs7ohQaEwp2cegnMP2oGPJJe4SebvlCDjHZbjkU5aEradwUWnRQDJZWTKknpNLArVFxN2/ixp6f/MGY4DmkHoDweio6mHIPN5zTs5Jt32aiX6wDBa+bBa4v8TCRqzhYkQ63ZZhNV8bY5Uf9ufTdyvt96yIANyakd85b1QpMdAX76IyJi1l0/Uub6DTQZAcq3vK7iPjGeTVSpyoXrqTfGy4JxMjqDoocpWvv8ALX1wrYI/HfN2R2Aepw9jModTimOsebYhJ1yMhSt8qnh5AQNftGKL2JBKoA1LWdU2YJ5fO1bGjKNiVEkGFQTPYFWrYCUY5JcT+s5WCzNeMNm8s9na8liYhGl3WtS3rPr5M8bof+BMsBhG2hQ0loduc94x2GkvyhQZUgRbqrwNR+y4hn+rWFC3hBzzyiAULs43vY/PJ+eBdKEf3VAc0MkhQ8GgXGSA61fR6aXYonroI/WnBVItwDmUnnMfSziZXxk09GLl4="
-
-git:
-  submodules: true
-
-before_install:
-  - if [ "$TRAVIS_OS_NAME" == "osx" ]; then brew update && brew install gnutls libgcrypt yajl gettext rpcgen ; fi
-
-# the custom PATH is just to pick up OS-X homebrew & its harmless on Linux
-before_script:
-  - PATH="/usr/local/opt/gettext/bin:/usr/local/opt/rpcgen/bin:$PATH" ./autogen.sh
-script:
-  - VIR_TEST_DEBUG=1 make -j3 && make -j3 syntax-check && make -j3 check
-
-# Environments here are run in addition to the main environment defined above
-matrix:
-  include:
-    - compiler: clang
-      dist: precise
-    - compiler: clang
-      dist: trusty
-    - compiler: gcc
-      dist: trusty
-    - compiler: clang
-      os: osx
-      script:
-        # many unit tests fail & so does syntax-check, so skip for now
-        # one day we must fix it though....
-        - make -j3
-
-after_failure:
-  - echo '============================================================================'
-  - 'if [ -f $(pwd)/tests/test-suite.log ]; then
-        cat $(pwd)/tests/test-suite.log;
-    else
-        echo "=== NO LOG FILE FOUND ===";
-    fi'
--- a/.ycm_extra_conf.py.in
+++ b/.ycm_extra_conf.py.in
@@ -1,45 +0,0 @@
-flags = [
-  '-I@abs_top_builddir@',
-  '-I@abs_top_srcdir@',
-  '-I@abs_top_builddir@/gnulib/lib',
-  '-I@abs_top_srcdir@/gnulib/lib',
-  '-I@abs_top_builddir@/include',
-  '-I@abs_top_srcdir@/include',
-  '-I@abs_top_builddir@/src',
-  '-I@abs_top_srcdir@/src',
-  '-I@abs_top_builddir@/src/access',
-  '-I@abs_top_srcdir@/src/access',
-  '-I@abs_top_builddir@/src/admin',
-  '-I@abs_top_srcdir@/src/admin',
-  '-I@abs_top_builddir@/src/bhyve',
-  '-I@abs_top_srcdir@/src/bhyve',
-  '-I@abs_top_builddir@/src/conf',
-  '-I@abs_top_srcdir@/src/conf',
-  '-I@abs_top_builddir@/src/libxl',
-  '-I@abs_top_srcdir@/src/libxl',
-  '-I@abs_top_builddir@/src/locking',
-  '-I@abs_top_srcdir@/src/locking',
-  '-I@abs_top_builddir@/src/logging',
-  '-I@abs_top_srcdir@/src/logging',
-  '-I@abs_top_builddir@/src/lxc',
-  '-I@abs_top_srcdir@/src/lxc',
-  '-I@abs_top_builddir@/src/qemu',
-  '-I@abs_top_srcdir@/src/qemu',
-  '-I@abs_top_builddir@/src/remote',
-  '-I@abs_top_srcdir@/src/remote',
-  '-I@abs_top_builddir@/src/rpc',
-  '-I@abs_top_srcdir@/src/rpc',
-  '-I@abs_top_builddir@/src/secret',
-  '-I@abs_top_srcdir@/src/secret',
-  '-I@abs_top_builddir@/src/security',
-  '-I@abs_top_srcdir@/src/security',
-  '-I@abs_top_builddir@/src/util',
-  '-I@abs_top_srcdir@/src/util',
-  '-I@abs_top_builddir@/src/vmx',
-  '-I@abs_top_srcdir@/src/vmx',
-  '-I@abs_top_builddir@/src/xenconfig',
-  '-I@abs_top_srcdir@/src/xenconfig',
-]
-
-def FlagsForFile(filename, **kwargs):
-  return { 'flags': flags, 'do_cache': True }
--- a/AUTHORS.in
+++ b/AUTHORS.in
@@ -8,50 +8,42 @@ Daniel Veillard <veillard@redhat.com> or <daniel@veillard.com>
 The primary maintainers and people with commit access rights:

 Alex Jia <ajia@redhat.com>
-Andrea Bolognani <abologna@redhat.com>
-Cédric Bosdonnat <cbosdonnat@suse.com>
+Anthony Liguori <aliguori@us.ibm.com>
+Chris Lalancette <clalance@redhat.com>
 Christophe Fergeau <cfergeau@redhat.com>
-Claudio Bley <claudio.bley@gmail.com>
+Claudio Bley <cbley@av-test.de>
 Cole Robinson <crobinso@redhat.com>
 Daniel Berrange <berrange@redhat.com>
 Daniel Veillard <veillard@redhat.com>
+Dave Allan <dallan@redhat.com>
 Doug Goldstein <cardoe@gentoo.org>
 Eric Blake <eblake@redhat.com>
-Erik Skultety <eskultet@redhat.com>
-Gao Feng <gaofeng@cn.fujitsu.com>
+Guannan Ren <gren@redhat.com>
 Guido Günther <agx@sigxcpu.org>
 Ján Tomko <jtomko@redhat.com>
 Jim Fehlig <jfehlig@suse.com>
+Jim Meyering <meyering@redhat.com>
 Jiří Denemark <jdenemar@redhat.com>
 John Ferlan <jferlan@redhat.com>
+John Levon <john.levon@sun.com>
+Justin Clift <jclift@redhat.com>
 Laine Stump <laine@redhat.com>
 Mark McLoughlin <markmc@redhat.com>
 Martin Kletzander <mkletzan@redhat.com>
 Matthias Bolte <matthias.bolte@googlemail.com>
-Maxim Nestratov <mnestratov@virtuozzo.com>
 Michal Prívozník <mprivozn@redhat.com>
-Pavel Hrdina <phrdina@redhat.com>
+Osier Yang <jyang@redhat.com>
 Peter Krempa <pkrempa@redhat.com>
 Richard W.M. Jones <rjones@redhat.com>
-Roman Bogorodskiy <bogorodskiy@gmail.com>
 Stefan Berger <stefanb@us.ibm.com>
 Wen Congyang <wency@cn.fujitsu.com>

 Previous maintainers:

-Anthony Liguori <aliguori@us.ibm.com>
 Atsushi SAKAI <sakaia@jp.fujitsu.com>
-Chris Lalancette <clalance@redhat.com>
 Dan Smith <danms@us.ibm.com>
-Dave Allan <dallan@redhat.com>
 Dave Leskovec <dlesko@linux.vnet.ibm.com>
-Dmitry Guryanov <dguryanov@parallels.com>
-Guannan Ren <gren@redhat.com>
-Jim Meyering <meyering@redhat.com>
-John Levon <john.levon@sun.com>
-Justin Clift <jclift@redhat.com>
 Karel Zak <kzak@redhat.com>
-Osier Yang <jyang@redhat.com>

 Patches have also been contributed by:

--- a/COPYING.LESSER
+++ b/COPYING.LESSER
@@ -55,7 +55,7 @@ modified by someone else and passed on, the recipients should know
 that what they have is not the original version, so that the original
 author's reputation will not be affected by problems that might be
 introduced by others.
-
+
  Finally, software patents pose a constant threat to the existence of
 any free program.  We wish to make sure that a company cannot
 effectively restrict the users of a free program by obtaining a
@@ -111,7 +111,7 @@ modification follow.  Pay close attention to the difference between a
 "work based on the library" and a "work that uses the library".  The
 former contains code derived from the library, whereas the latter must
 be combined with the library in order to run.
-
+
                  GNU LESSER GENERAL PUBLIC LICENSE
   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

@@ -158,7 +158,7 @@ Library.
  You may charge a fee for the physical act of transferring a copy,
 and you may at your option offer warranty protection in exchange for a
 fee.
-
+
  2. You may modify your copy or copies of the Library or any portion
 of it, thus forming a work based on the Library, and copy and
 distribute such modifications or work under the terms of Section 1
@@ -216,7 +216,7 @@ instead of to this License.  (If a newer version than version 2 of the
 ordinary GNU General Public License has appeared, then you can specify
 that version instead if you wish.)  Do not make any other change in
 these notices.
-
+
  Once this change is made in a given copy, it is irreversible for
 that copy, so the ordinary GNU General Public License applies to all
 subsequent copies and derivative works made from that copy.
@@ -267,7 +267,7 @@ Library will still fall under Section 6.)
 distribute the object code for the work under the terms of Section 6.
 Any executables containing that work also fall under Section 6,
 whether or not they are linked directly with the Library itself.
-
+
  6. As an exception to the Sections above, you may also combine or
 link a "work that uses the Library" with the Library to produce a
 work containing portions of the Library, and distribute that work
@@ -329,7 +329,7 @@ restrictions of other proprietary libraries that do not normally
 accompany the operating system.  Such a contradiction means you cannot
 use both them and the Library together in an executable that you
 distribute.
-
+
  7. You may place library facilities that are a work based on the
 Library side-by-side in a single library together with other library
 facilities not covered by this License, and distribute such a combined
@@ -370,7 +370,7 @@ subject to these terms and conditions.  You may not impose any further
 restrictions on the recipients' exercise of the rights granted herein.
 You are not responsible for enforcing compliance by third parties with
 this License.
-
+
  11. If, as a consequence of a court judgment or allegation of patent
 infringement or for any other reason (not limited to patent issues),
 conditions are imposed on you (whether by court order, agreement or
@@ -422,7 +422,7 @@ conditions either of that version or of any later version published by
 the Free Software Foundation.  If the Library does not specify a
 license version number, you may choose any version ever published by
 the Free Software Foundation.
-
+
  14. If you wish to incorporate parts of the Library into other free
 programs whose distribution conditions are incompatible with these,
 write to the author to ask for permission.  For software which is
@@ -456,7 +456,7 @@ SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
 DAMAGES.

                     END OF TERMS AND CONDITIONS
-
+
           How to Apply These Terms to Your New Libraries

  If you develop a new library, and you want it to be of the greatest
--- a/14
+++ b/14
@@ -4286,7 +4286,7 @@ Wed Dec 17 21:45:39 GMT 2008 Daniel P. Berrange <berrange@redhat.com>

 Wed Dec 17 21:41:39 GMT 2008 Daniel P. Berrange <berrange@redhat.com>

-	* src/libvirt_sym.version.in: Remove non-existent symbols
+	* src/libvirt_sym.version.in: Remove non-existant symbols
 	(John Levon)

 Wed Dec 17 21:35:39 GMT 2008 Daniel P. Berrange <berrange@redhat.com>
@@ -5504,7 +5504,7 @@ Tue Nov 11 15:51:42 GMT 2008 Daniel P. Berrange <berrange@redhat.com>

 Mon Nov 10 12:05:42 GMT 2008 Daniel P. Berrange <berrange@redhat.com>

-	* src/openvz_conf.c: Read filesystem template name from config
+	* src/openvz_conf.c: Read filesytem template name from config
 	files. Increase buffer size when parsing vzctl version number

 Thu Nov  6 20:45:42 CET 2008 Jim Meyering <meyering@redhat.com>
@@ -12415,7 +12415,7 @@ Thu Jul 12 11:02:17 EST 2007 Daniel P. Berrange <berrange@redhat.com>

 Thu Jul 12 11:00:17 EST 2007 Daniel P. Berrange <berrange@redhat.com>

-	* qemud/qemud.c: Add explicit checks for existence of x509
+	* qemud/qemud.c: Add explicit checks for existance of x509
 	certificate & key files to get better error reporting than
 	GNU TLS offers when it can't load a file

@@ -13276,7 +13276,7 @@ Tue Apr 17 11:30:46 CEST 2007 Daniel Veillard <veillard@redhat.com>

 Mon Apr 16 09:11:04 EST 2007 Daniel P. Berrange <berrange@redhat.com>

-	* qemud/conf.c: Check for existence of QEMU binary path. Fix check
+	* qemud/conf.c: Check for existance of QEMU binary path. Fix check
 	for -no-kqemu flag to work with x86_64 on i386

 Mon Apr 16 09:09:04 EST 2007 Daniel P. Berrange <berrange@redhat.com>
@@ -13920,7 +13920,7 @@ Tue Feb 27 10:20:43 EST 2007 Daniel P. Berrange <berrange@redhat.com>

 	* src/xend_internal.c: Only hardcode port = 5900+domid if
 	running against old XenD < 3.0.3, because in newer XenD
-	port is guaranteed to be available in XenStore if the VNC
+	port is guarenteed to be available in XenStore if the VNC
 	server is running.

 Mon Feb 26 15:33:08 IST 2007 Mark McLoughlin <markmc@redhat.com>
@@ -15020,7 +15020,7 @@ Tue Nov  7 16:33:43 CET 2006 Daniel Veillard <veillard@redhat.com>
 Tue Oct 31 10:31:34 CET 2006 Daniel Veillard <veillard@redhat.com>

 	* src/xend_internal.c: when getting informations about a non
-	  existent domain, it is not a good idea to raise the HTTP
+	  existant domain, it is not a good idea to raise the HTTP
 	  404 GET error, the handling is better done somewhere up in
 	  the stack.

@@ -15228,7 +15228,7 @@ Sun Sep  3 12:34:23 EDT 2006 Daniel Berrange <berrange@redhat.com>
 	iterating over list of ids/names, because it is not neccessarily
 	the same as the value returned by virConnectNumOfDomains. Use qsort
 	to sort active domains by Id, and inactive domains by name, since
-	there is no guaranteed sort ordering when listing domains. For inactive
+	there is no guarenteed sort ordering when listing domains. For inactive
 	domains display a '-' instead of '-1' to make it clear they have no
 	sensible ID number.

--- a/950
+++ b/950
@@ -0,0 +1,950 @@
+-*- buffer-read-only: t -*- vi: set ro:
+DO NOT EDIT THIS FILE!  IT IS GENERATED AUTOMATICALLY
+from docs/hacking.html.in!
+
+
+
+                         Contributor guidelines
+                         ======================
+
+
+
+General tips for contributing patches
+=====================================
+(1) Discuss any large changes on the mailing list first. Post patches early and
+listen to feedback.
+
+(2) Post patches in unified diff format, with git rename detection enabled. You
+need a one-time setup of:
+
+  git config diff.renames true
+
+After that, a command similar to this should work:
+
+  diff -urp libvirt.orig/ libvirt.modified/ > libvirt-myfeature.patch
+
+or:
+
+  git diff > libvirt-myfeature.patch
+
+Also, for code motion patches, you may find that "git diff --patience"
+provides an easier-to-read patch. However, the usual workflow of libvirt
+developer is:
+
+  git checkout master
+  git pull
+  git checkout -t origin -b workbranch
+  Hack, committing any changes along the way
+
+More hints on compiling can be found here <compiling.html>. When you want to
+post your patches:
+
+  git pull --rebase
+  (fix any conflicts)
+  git send-email --cover-letter --no-chain-reply-to --annotate \
+                 --to=libvir-list@redhat.com master
+
+(Note that the "git send-email" subcommand may not be in the main git package
+and using it may require installion of a separate package, for example the
+"git-email" package in Fedora.) For a single patch you can omit
+"--cover-letter", but a series of two or more patches needs a cover letter. If
+you get tired of typing "--to=libvir-list@redhat.com" designation you can set
+it in git config:
+
+  git config sendemail.to libvir-list@redhat.com
+
+Please follow this as close as you can, especially the rebase and git
+send-email part, as it makes life easier for other developers to review your
+patch set. One should avoid sending patches as attachments, but rather send
+them in email body along with commit message. If a developer is sending
+another version of the patch (e.g. to address review comments), he is advised
+to note differences to previous versions after the "---" line in the patch so
+that it helps reviewers but doesn't become part of git history. Moreover, such
+patch needs to be prefixed correctly with "--subject-prefix=PATCHv2" appended
+to "git send-email" (substitute "v2" with the correct version if needed
+though).
+
+
+
+(3) In your commit message, make the summary line reasonably short (60 characters
+is typical), followed by a blank line, followed by any longer description of
+why your patch makes sense. If the patch fixes a regression, and you know what
+commit introduced the problem, mentioning that is useful. If the patch
+resolves a bugzilla report, mentioning the URL of the bug number is useful;
+but also summarize the issue rather than making all readers follow the link.
+You can use 'git shortlog -30' to get an idea of typical summary lines.
+Libvirt does not currently attach any meaning to Signed-off-by: lines, so it
+is up to you if you want to include or omit them in the commit message.
+
+
+
+(4) Split large changes into a series of smaller patches, self-contained if
+possible, with an explanation of each patch and an explanation of how the
+sequence of patches fits together. Moreover, please keep in mind that it's
+required to be able to compile cleanly (*including* "make check" and "make
+syntax-check") after each patch. A feature does not have to work until the end
+of a series, but intermediate patches must compile and not cause test-suite
+failures (this is to preserve the usefulness of "git bisect", among other
+things).
+
+
+
+(5) Make sure your patches apply against libvirt GIT. Developers only follow GIT
+and don't care much about released versions.
+
+(6) Run the automated tests on your code before submitting any changes. In
+particular, configure with compile warnings set to -Werror. This is done
+automatically for a git checkout; from a tarball, use:
+
+  ./configure --enable-werror
+
+and run the tests:
+
+  make check
+  make syntax-check
+  make -C tests valgrind
+
+
+
+  Valgrind
+  http://valgrind.org/is a test that checks for memory management issues, such as leaks or use of
+uninitialized variables.
+
+Some tests are skipped by default in a development environment, based on the
+time they take in comparison to the likelihood that those tests will turn up
+problems during incremental builds. These tests default to being run when when
+building from a tarball or with the configure option --enable-expensive-tests;
+you can also force a one-time toggle of these tests by setting
+VIR_TEST_EXPENSIVE to 0 or 1 at make time, as in:
+
+  make check VIR_TEST_EXPENSIVE=1
+
+If you encounter any failing tests, the VIR_TEST_DEBUG environment variable
+may provide extra information to debug the failures. Larger values of
+VIR_TEST_DEBUG may provide larger amounts of information:
+
+  VIR_TEST_DEBUG=1 make check    (or)
+  VIR_TEST_DEBUG=2 make check
+
+Also, individual tests can be run from inside the "tests/" directory, like:
+
+  ./qemuxml2xmltest
+
+There is also a "./run" script at the top level, to make it easier to run
+programs that have not yet been installed, as well as to wrap invocations of
+various tests under gdb or Valgrind.
+
+
+
+(7) The Valgrind test should produce similar output to "make check". If the output
+has traces within libvirt API's, then investigation is required in order to
+determine the cause of the issue. Output such as the following indicates some
+sort of leak:
+
+==5414== 4 bytes in 1 blocks are definitely lost in loss record 3 of 89
+==5414==    at 0x4A0881C: malloc (vg_replace_malloc.c:270)
+==5414==    by 0x34DE0AAB85: xmlStrndup (in /usr/lib64/libxml2.so.2.7.8)
+==5414==    by 0x4CC97A6: virDomainVideoDefParseXML (domain_conf.c:7410)
+==5414==    by 0x4CD581D: virDomainDefParseXML (domain_conf.c:10188)
+==5414==    by 0x4CD8C73: virDomainDefParseNode (domain_conf.c:10640)
+==5414==    by 0x4CD8DDB: virDomainDefParse (domain_conf.c:10590)
+==5414==    by 0x41CB1D: testCompareXMLToArgvHelper (qemuxml2argvtest.c:100)
+==5414==    by 0x41E20F: virtTestRun (testutils.c:161)
+==5414==    by 0x41C7CB: mymain (qemuxml2argvtest.c:866)
+==5414==    by 0x41E84A: virtTestMain (testutils.c:723)
+==5414==    by 0x34D9021734: (below main) (in /usr/lib64/libc-2.15.so)
+
+In this example, the "virDomainDefParseXML()" had an error path where the
+"virDomainVideoDefPtr video" pointer was not properly disposed. By simply
+adding a "virDomainVideoDefFree(video);" in the error path, the issue was
+resolved.
+
+Another common mistake is calling a printing function, such as "VIR_DEBUG()"
+without initializing a variable to be printed. The following example involved
+a call which could return an error, but not set variables passed by reference
+to the call. The solution was to initialize the variables prior to the call.
+
+==4749== Use of uninitialised value of size 8
+==4749==    at 0x34D904650B: _itoa_word (in /usr/lib64/libc-2.15.so)
+==4749==    by 0x34D9049118: vfprintf (in /usr/lib64/libc-2.15.so)
+==4749==    by 0x34D9108F60: __vasprintf_chk (in /usr/lib64/libc-2.15.so)
+==4749==    by 0x4CAEEF7: virVasprintf (stdio2.h:199)
+==4749==    by 0x4C8A55E: virLogVMessage (virlog.c:814)
+==4749==    by 0x4C8AA96: virLogMessage (virlog.c:751)
+==4749==    by 0x4DA0056: virNetTLSContextCheckCertKeyUsage (virnettlscontext.c:225)
+==4749==    by 0x4DA06DB: virNetTLSContextCheckCert (virnettlscontext.c:439)
+==4749==    by 0x4DA1620: virNetTLSContextNew (virnettlscontext.c:562)
+==4749==    by 0x4DA26FC: virNetTLSContextNewServer (virnettlscontext.c:927)
+==4749==    by 0x409C39: testTLSContextInit (virnettlscontexttest.c:467)
+==4749==    by 0x40AB8F: virtTestRun (testutils.c:161)
+
+Valgrind will also find some false positives or code paths which cannot be
+resolved by making changes to the libvirt code. For these paths, it is
+possible to add a filter to avoid the errors. For example:
+
+==4643== 7 bytes in 1 blocks are possibly lost in loss record 4 of 20
+==4643==    at 0x4A0881C: malloc (vg_replace_malloc.c:270)
+==4643==    by 0x34D90853F1: strdup (in /usr/lib64/libc-2.15.so)
+==4643==    by 0x34EEC2C08A: ??? (in /usr/lib64/libnl.so.1.1)
+==4643==    by 0x34EEC15B81: ??? (in /usr/lib64/libnl.so.1.1)
+==4643==    by 0x34D8C0EE15: call_init.part.0 (in /usr/lib64/ld-2.15.so)
+==4643==    by 0x34D8C0EECF: _dl_init (in /usr/lib64/ld-2.15.so)
+==4643==    by 0x34D8C01569: ??? (in /usr/lib64/ld-2.15.so)
+
+
+In this instance, it is acceptable to modify the "tests/.valgrind.supp" file
+in order to add a suppression filter. The filter should be unique enough to
+not suppress real leaks, but it should be generic enough to cover multiple
+code paths. The format of the entry can be found in the documentation found at
+the
+
+  Valgrind home page.
+  http://valgrind.org/The following trace was added to "tests/.valgrind.supp" in order to suppress
+the warning:
+
+{
+    dlInitMemoryLeak1
+    Memcheck:Leak
+    fun:?alloc
+    ...
+    fun:call_init.part.0
+    fun:_dl_init
+    ...
+    obj:*/lib*/ld-2.*so*
+}
+
+
+
+(8) Update tests and/or documentation, particularly if you are adding a new
+feature or changing the output of a program.
+
+
+
+There is more on this subject, including lots of links to background reading
+on the subject, on
+
+  Richard Jones' guide to working with open source projects
+  http://et.redhat.com/~rjones/how-to-supply-code-to-open-source-projects/
+
+
+Code indentation
+================
+Libvirt's C source code generally adheres to some basic code-formatting
+conventions. The existing code base is not totally consistent on this front,
+but we do prefer that contributed code be formatted similarly. In short, use
+spaces-not-TABs for indentation, use 4 spaces for each indentation level, and
+other than that, follow the K&R style.
+
+If you use Emacs, add the following to one of one of your start-up files
+(e.g., ~/.emacs), to help ensure that you get indentation right:
+
+  ;;; When editing C sources in libvirt, use this style.
+  (defun libvirt-c-mode ()
+    "C mode with adjusted defaults for use with libvirt."
+    (interactive)
+    (c-set-style "K&R")
+    (setq indent-tabs-mode nil) ; indent using spaces, not TABs
+    (setq c-indent-level 4)
+    (setq c-basic-offset 4))
+  (add-hook 'c-mode-hook
+            '(lambda () (if (string-match "/libvirt" (buffer-file-name))
+                            (libvirt-c-mode))))
+
+If you use vim, append the following to your ~/.vimrc file:
+
+  set nocompatible
+  filetype on
+  set autoindent
+  set smartindent
+  set cindent
+  set tabstop=8
+  set shiftwidth=4
+  set expandtab
+  set cinoptions=(0,:0,l1,t0
+  filetype plugin indent on
+  au FileType make setlocal noexpandtab
+  au BufRead,BufNewFile *.am setlocal noexpandtab
+  match ErrorMsg /\s\+$\| \+\ze\t/
+
+Or if you don't want to mess your ~/.vimrc up, you can save the above into a
+file called .lvimrc (not .vimrc) located at the root of libvirt source, then
+install a vim script from
+http://www.vim.org/scripts/script.php?script_id=1408, which will load the
+.lvimrc only when you edit libvirt code.
+
+
+Code formatting (especially for new code)
+=========================================
+With new code, we can be even more strict. Please apply the following function
+(using GNU indent) to any new code. Note that this also gives you an idea of
+the type of spacing we prefer around operators and keywords:
+
+  indent-libvirt()
+  {
+    indent -bad -bap -bbb -bli4 -br -ce -brs -cs -i4 -l75 -lc75 \
+      -sbi4 -psl -saf -sai -saw -sbi4 -ss -sc -cdw -cli4 -npcs -nbc \
+      --no-tabs "$@"
+  }
+
+Note that sometimes you'll have to post-process that output further, by piping
+it through "expand -i", since some leading TABs can get through. Usually
+they're in macro definitions or strings, and should be converted anyhow.
+
+Libvirt requires a C99 compiler for various reasons. However, most of the code
+base prefers to stick to C89 syntax unless there is a compelling reason
+otherwise. For example, it is preferable to use "/* */" comments rather than
+"//". Also, when declaring local variables, the prevailing style has been to
+declare them at the beginning of a scope, rather than immediately before use.
+
+
+Bracket spacing
+===============
+The keywords "if", "for", "while", and "switch" must have a single space
+following them before the opening bracket. E.g.
+
+      if(foo)   // Bad
+      if (foo)  // Good
+
+Function implementations mustnothave any whitespace between the function name and the opening bracket. E.g.
+
+      int foo (int wizz)  // Bad
+      int foo(int wizz)   // Good
+
+Function calls mustnothave any whitespace between the function name and the opening bracket. E.g.
+
+      bar = foo (wizz);  // Bad
+      bar = foo(wizz);   // Good
+
+Function typedefs mustnothave any whitespace between the closing bracket of the function name and
+opening bracket of the arg list. E.g.
+
+      typedef int (*foo) (int wizz);  // Bad
+      typedef int (*foo)(int wizz);   // Good
+
+There must not be any whitespace immediately following any opening bracket, or
+immediately prior to any closing bracket. E.g.
+
+      int foo( int wizz );  // Bad
+      int foo(int wizz);    // Good
+
+
+Semicolons
+==========
+Semicolons should never have a space beforehand. Inside the condition of a
+"for" loop, there should always be a space or line break after each semicolon,
+except for the special case of an infinite loop (although more infinite loops
+use "while"). While not enforced, loop counters generally use post-increment.
+
+      for (i = 0 ;i < limit ; ++i) { // Bad
+      for (i = 0; i < limit; i++) { // Good
+      for (;;) { // ok
+      while (1) { // Better
+
+Empty loop bodies are better represented with curly braces and a comment,
+although use of a semicolon is not currently rejected.
+
+      while ((rc = waitpid(pid, &st, 0) == -1) &&
+             errno == EINTR); // ok
+      while ((rc = waitpid(pid, &st, 0) == -1) &&
+             errno == EINTR) { // Better
+          /* nothing */
+      }
+
+
+Curly braces
+============
+Omit the curly braces around an "if", "while", "for" etc. body only when that
+body occupies a single line. In every other case we require the braces. This
+ensures that it is trivially easy to identify a single-'statement' loop: each
+has only one 'line' in its body.
+
+Omitting braces with a single-line body is fine:
+
+  while (expr) // one-line body -> omitting curly braces is ok
+      single_line_stmt();
+
+However, the moment your loop/if/else body extends on to a second line, for
+whatever reason (even if it's just an added comment), then you should add
+braces. Otherwise, it would be too easy to insert a statement just before that
+comment (without adding braces), thinking it is already a multi-statement loop:
+
+  while (true) // BAD! multi-line body with no braces
+      /* comment... */
+      single_line_stmt();
+
+Do this instead:
+
+  while (true) { // Always put braces around a multi-line body.
+      /* comment... */
+      single_line_stmt();
+  }
+
+There is one exception: when the second body line is not at the same
+indentation level as the first body line:
+
+  if (expr)
+      die("a diagnostic that would make this line"
+          " extend past the 80-column limit"));
+
+It is safe to omit the braces in the code above, since the further-indented
+second body line makes it obvious that this is still a single-statement body.
+
+To reiterate, don't do this:
+
+  if (expr)            // BAD: no braces around...
+      while (expr_2) { // ... a multi-line body
+          ...
+      }
+
+Do this, instead:
+
+  if (expr) {
+      while (expr_2) {
+          ...
+      }
+  }
+
+However, there is one exception in the other direction, when even a one-line
+block should have braces. That occurs when that one-line, brace-less block is
+an "if" or "else" block, and the counterpart block *does* use braces. In that
+case, put braces around both blocks. Also, if the "else" block is much shorter
+than the "if" block, consider negating the "if"-condition and swapping the
+bodies, putting the short block first and making the longer, multi-line block
+be the "else" block.
+
+  if (expr) {
+      ...
+      ...
+  }
+  else
+      x = y;    // BAD: braceless "else" with braced "then",
+                // and short block last
+
+  if (expr)
+      x = y;    // BAD: braceless "if" with braced "else"
+  else {
+      ...
+      ...
+  }
+
+Keeping braces consistent and putting the short block first is preferred,
+especially when the multi-line body is more than a few lines long, because it
+is easier to read and grasp the semantics of an if-then-else block when the
+simpler block occurs first, rather than after the more involved block:
+
+  if (!expr) {
+    x = y; // putting the smaller block first is more readable
+  } else {
+      ...
+      ...
+  }
+
+But if negating a complex condition is too ugly, then at least add braces:
+
+  if (complex expr not worth negating) {
+      ...
+      ...
+  } else {
+      x = y;
+  }
+
+
+Preprocessor
+============
+Macros defined with an ALL_CAPS name should generally be assumed to be unsafe
+with regards to arguments with side-effects (that is, MAX(a++, b--) might
+increment a or decrement b too many or too few times). Exceptions to this rule
+are explicitly documented for macros in viralloc.h and virstring.h.
+
+For variadic macros, stick with C99 syntax:
+
+  #define vshPrint(_ctl, ...) fprintf(stdout, __VA_ARGS__)
+
+Use parenthesis when checking if a macro is defined, and use indentation to
+track nesting:
+
+  #if defined(HAVE_POSIX_FALLOCATE) && !defined(HAVE_FALLOCATE)
+  # define fallocate(a,ignored,b,c) posix_fallocate(a,b,c)
+  #endif
+
+
+C types
+=======
+Use the right type.
+
+Scalars
+-------
+- If you're using "int" or "long", odds are good that there's a better type.
+
+- If a variable is counting something, be sure to declare it with an unsigned
+type.
+
+- If it's memory-size-related, use "size_t" (use "ssize_t" only if required).
+
+- If it's file-size related, use uintmax_t, or maybe "off_t".
+
+- If it's file-offset related (i.e., signed), use "off_t".
+
+- If it's just counting small numbers use "unsigned int"; (on all but oddball
+embedded systems, you can assume that that type is at least four bytes wide).
+
+- If a variable has boolean semantics, give it the "bool" type and use the
+corresponding "true" and "false" macros. It's ok to include <stdbool.h>, since
+libvirt's use of gnulib ensures that it exists and is usable.
+
+- In the unusual event that you require a specific width, use a standard type
+like "int32_t", "uint32_t", "uint64_t", etc.
+
+- While using "bool" is good for readability, it comes with minor caveats:
+
+-- Don't use "bool" in places where the type size must be constant across all
+systems, like public interfaces and on-the-wire protocols. Note that it would
+be possible (albeit wasteful) to use "bool" in libvirt's logical wire
+protocol, since XDR maps that to its lower-level "bool_t" type, which *is*
+fixed-size.
+
+-- Don't compare a bool variable against the literal, "true", since a value with
+a logical non-false value need not be "1". I.e., don't write "if (seen ==
+true) ...". Rather, write "if (seen)...".
+
+
+
+
+
+Of course, take all of the above with a grain of salt. If you're about to use
+some system interface that requires a type like "size_t", "pid_t" or "off_t",
+use matching types for any corresponding variables.
+
+Also, if you try to use e.g., "unsigned int" as a type, and that conflicts
+with the signedness of a related variable, sometimes it's best just to use the
+*wrong* type, if 'pulling the thread' and fixing all related variables would
+be too invasive.
+
+Finally, while using descriptive types is important, be careful not to go
+overboard. If whatever you're doing causes warnings, or requires casts, then
+reconsider or ask for help.
+
+Pointers
+--------
+Ensure that all of your pointers are 'const-correct'. Unless a pointer is used
+to modify the pointed-to storage, give it the "const" attribute. That way, the
+reader knows up-front that this is a read-only pointer. Perhaps more
+importantly, if we're diligent about this, when you see a non-const pointer,
+you're guaranteed that it is used to modify the storage it points to, or it is
+aliased to another pointer that is.
+
+
+Low level memory management
+===========================
+Use of the malloc/free/realloc/calloc APIs is deprecated in the libvirt
+codebase, because they encourage a number of serious coding bugs and do not
+enable compile time verification of checks for NULL. Instead of these
+routines, use the macros from viralloc.h.
+
+- To allocate a single object:
+
+  virDomainPtr domain;
+
+  if (VIR_ALLOC(domain) < 0) {
+      virReportOOMError();
+      return NULL;
+  }
+
+
+
+- To allocate an array of objects:
+
+  virDomainPtr domains;
+  size_t ndomains = 10;
+
+  if (VIR_ALLOC_N(domains, ndomains) < 0) {
+      virReportOOMError();
+      return NULL;
+  }
+
+
+
+- To allocate an array of object pointers:
+
+  virDomainPtr *domains;
+  size_t ndomains = 10;
+
+  if (VIR_ALLOC_N(domains, ndomains) < 0) {
+      virReportOOMError();
+      return NULL;
+  }
+
+
+
+- To re-allocate the array of domains to be 1 element longer (however, note that
+repeatedly expanding an array by 1 scales quadratically, so this is
+recommended only for smaller arrays):
+
+  virDomainPtr domains;
+  size_t ndomains = 0;
+
+  if (VIR_EXPAND_N(domains, ndomains, 1) < 0) {
+      virReportOOMError();
+      return NULL;
+  }
+  domains[ndomains - 1] = domain;
+
+
+
+- To ensure an array has room to hold at least one more element (this approach
+scales better, but requires tracking allocation separately from usage)
+
+  virDomainPtr domains;
+  size_t ndomains = 0;
+  size_t ndomains_max = 0;
+
+  if (VIR_RESIZE_N(domains, ndomains_max, ndomains, 1) < 0) {
+      virReportOOMError();
+      return NULL;
+  }
+  domains[ndomains++] = domain;
+
+
+
+- To trim an array of domains from its allocated size down to the actual used
+size:
+
+  virDomainPtr domains;
+  size_t ndomains = x;
+  size_t ndomains_max = y;
+
+  VIR_SHRINK_N(domains, ndomains_max, ndomains_max - ndomains);
+
+
+
+- To free an array of domains:
+
+  virDomainPtr domains;
+  size_t ndomains = x;
+  size_t ndomains_max = y;
+  size_t i;
+
+  for (i = 0; i < ndomains; i++)
+      VIR_FREE(domains[i]);
+  VIR_FREE(domains);
+  ndomains_max = ndomains = 0;
+
+
+
+
+
+
+File handling
+=============
+Usage of the "fdopen()", "close()", "fclose()" APIs is deprecated in libvirt
+code base to help avoiding double-closing of files or file descriptors, which
+is particularly dangerous in a multi-threaded application. Instead of these
+APIs, use the macros from virfile.h
+
+- Open a file from a file descriptor:
+
+  if ((file = VIR_FDOPEN(fd, "r")) == NULL) {
+      virReportSystemError(errno, "%s",
+                           _("failed to open file from file descriptor"));
+      return -1;
+  }
+  /* fd is now invalid; only access the file using file variable */
+
+
+
+- Close a file descriptor:
+
+  if (VIR_CLOSE(fd) < 0) {
+      virReportSystemError(errno, "%s", _("failed to close file"));
+  }
+
+
+
+- Close a file:
+
+  if (VIR_FCLOSE(file) < 0) {
+      virReportSystemError(errno, "%s", _("failed to close file"));
+  }
+
+
+
+- Close a file or file descriptor in an error path, without losing the previous
+"errno" value:
+
+  VIR_FORCE_CLOSE(fd);
+  VIR_FORCE_FCLOSE(file);
+
+
+
+
+
+
+String comparisons
+==================
+Do not use the strcmp, strncmp, etc functions directly. Instead use one of the
+following semantically named macros
+
+- For strict equality:
+
+  STREQ(a,b)
+  STRNEQ(a,b)
+
+
+
+- For case insensitive equality:
+
+  STRCASEEQ(a,b)
+  STRCASENEQ(a,b)
+
+
+
+- For strict equality of a substring:
+
+  STREQLEN(a,b,n)
+  STRNEQLEN(a,b,n)
+
+
+
+- For case insensitive equality of a substring:
+
+  STRCASEEQLEN(a,b,n)
+  STRCASENEQLEN(a,b,n)
+
+
+
+- For strict equality of a prefix:
+
+  STRPREFIX(a,b)
+
+
+
+- To avoid having to check if a or b are NULL:
+
+  STREQ_NULLABLE(a, b)
+  STRNEQ_NULLABLE(a, b)
+
+
+
+
+
+
+String copying
+==============
+Do not use the strncpy function. According to the man page, it does *not*
+guarantee a NULL-terminated buffer, which makes it extremely dangerous to use.
+Instead, use one of the functionally equivalent functions:
+
+  virStrncpy(char *dest, const char *src, size_t n, size_t destbytes)
+
+The first three arguments have the same meaning as for strncpy; namely the
+destination, source, and number of bytes to copy, respectively. The last
+argument is the number of bytes available in the destination string; if a copy
+of the source string (including a \0) will not fit into the destination, no
+bytes are copied and the routine returns NULL. Otherwise, n bytes from the
+source are copied into the destination and a trailing \0 is appended.
+
+  virStrcpy(char *dest, const char *src, size_t destbytes)
+
+Use this variant if you know you want to copy the entire src string into dest.
+Note that this is a macro, so arguments could be evaluated more than once.
+This is equivalent to virStrncpy(dest, src, strlen(src), destbytes)
+
+  virStrcpyStatic(char *dest, const char *src)
+
+Use this variant if you know you want to copy the entire src string into dest
+*and* you know that your destination string is a static string (i.e. that
+sizeof(dest) returns something meaningful). Note that this is a macro, so
+arguments could be evaluated more than once. This is equivalent to
+virStrncpy(dest, src, strlen(src), sizeof(dest)).
+
+  VIR_STRDUP(char *dst, const char *src);
+  VIR_STRNDUP(char *dst, const char *src, size_t n);
+
+You should avoid using strdup or strndup directly as they do not report
+out-of-memory error, and do not allow a NULL source. Use VIR_STRDUP or
+VIR_STRNDUP macros instead, which return 0 for NULL source, 1 for successful
+copy, and -1 for allocation failure with the error already reported. In very
+specific cases, when you don't want to report the out-of-memory error, you can
+use VIR_STRDUP_QUIET or VIR_STRNDUP_QUIET, but such usage is very rare and
+usually considered a flaw.
+
+
+Variable length string buffer
+=============================
+If there is a need for complex string concatenations, avoid using the usual
+sequence of malloc/strcpy/strcat/snprintf functions and make use of the
+virBuffer API described in buf.h
+
+Typical usage is as follows:
+
+  char *
+  somefunction(...)
+  {
+     virBuffer buf = VIR_BUFFER_INITIALIZER;
+
+     ...
+
+     virBufferAddLit(&buf, "<domain>\n");
+     virBufferAsprintf(&buf, "  <memory>%d</memory>\n", memory);
+     ...
+     virBufferAddLit(&buf, "</domain>\n");
+
+     ...
+
+     if (virBufferError(&buf)) {
+         virBufferFreeAndReset(&buf);
+         virReportOOMError();
+         return NULL;
+     }
+
+     return virBufferContentAndReset(&buf);
+  }
+
+
+Include files
+=============
+There are now quite a large number of include files, both libvirt internal and
+external, and system includes. To manage all this complexity it's best to
+stick to the following general plan for all *.c source files:
+
+  /*
+   * Copyright notice
+   * ....
+   * ....
+   * ....
+   *
+   */
+
+  #include <config.h>             Must come first in every file.
+
+  #include <stdio.h>              Any system includes you need.
+  #include <string.h>
+  #include <limits.h>
+
+  #if WITH_NUMACTL                Some system includes aren't supported
+  # include <numa.h>              everywhere so need these #if guards.
+  #endif
+
+  #include "internal.h"           Include this first, after system includes.
+
+  #include "util.h"               Any libvirt internal header files.
+  #include "buf.h"
+
+  static int
+  myInternalFunc()                The actual code.
+  {
+      ...
+
+Of particular note: *Do not* include libvirt/libvirt.h, libvirt/virterror.h,
+libvirt/libvirt-qemu.h, or libvirt/libvirt-lxc.h. They are included by
+"internal.h" already and there are some special reasons why you cannot include
+these files explicitly. One of the special cases, "libvirt/libvirt.h" is
+included prior to "internal.h" in "remote_protocol.x", to avoid exposing
+*_LAST enum elements.
+
+
+Printf-style functions
+======================
+Whenever you add a new printf-style function, i.e., one with a format string
+argument and following "..." in its prototype, be sure to use gcc's printf
+attribute directive in the prototype. For example, here's the one for
+virAsprintf, in util.h:
+
+  int virAsprintf(char **strp, const char *fmt, ...)
+      ATTRIBUTE_FORMAT(printf, 2, 3);
+
+This makes it so gcc's -Wformat and -Wformat-security options can do their
+jobs and cross-check format strings with the number and types of arguments.
+
+When printing to a string, consider using virBuffer for incremental
+allocations, virAsprintf for a one-shot allocation, and snprintf for
+fixed-width buffers. Do not use sprintf, even if you can prove the buffer
+won't overflow, since gnulib does not provide the same portability guarantees
+for sprintf as it does for snprintf.
+
+
+Use of goto
+===========
+The use of goto is not forbidden, and goto is widely used throughout libvirt.
+While the uncontrolled use of goto will quickly lead to unmaintainable code,
+there is a place for it in well structured code where its use increases
+readability and maintainability. In general, if goto is used for error
+recovery, it's likely to be ok, otherwise, be cautious or avoid it all
+together.
+
+The typical use of goto is to jump to cleanup code in the case of a long list
+of actions, any of which may fail and cause the entire operation to fail. In
+this case, a function will have a single label at the end of the function.
+It's almost always ok to use this style. In particular, if the cleanup code
+only involves free'ing memory, then having multiple labels is overkill.
+VIR_FREE() and every function named XXXFree() in libvirt is required to handle
+NULL as its arg. Thus you can safely call free on all the variables even if
+they were not yet allocated (yes they have to have been initialized to NULL).
+This is much simpler and clearer than having multiple labels.
+
+There are a couple of signs that a particular use of goto is not ok:
+
+- You're using multiple labels. If you find yourself using multiple labels,
+you're strongly encouraged to rework your code to eliminate all but one of
+them.
+
+- The goto jumps back up to a point above the current line of code being
+executed. Please use some combination of looping constructs to re-execute code
+instead; it's almost certainly going to be more understandable by others. One
+well-known exception to this rule is restarting an i/o operation following
+EINTR.
+
+- The goto jumps down to an arbitrary place in the middle of a function followed
+by further potentially failing calls. You should almost certainly be using a
+conditional and a block instead of a goto. Perhaps some of your function's
+logic would be better pulled out into a helper function.
+
+
+
+Although libvirt does not encourage the Linux kernel wind/unwind style of
+multiple labels, there's a good general discussion of the issue archived at
+
+  KernelTrap
+  http://kerneltrap.org/node/553/2131
+
+When using goto, please use one of these standard labels if it makes sense:
+
+      error: A path only taken upon return with an error code
+    cleanup: A path taken upon return with success code + optional error
+  no_memory: A path only taken upon return with an OOM error code
+      retry: If needing to jump upwards (e.g., retry on EINTR)
+
+
+Libvirt committer guidelines
+============================
+The AUTHORS files indicates the list of people with commit access right who
+can actually merge the patches.
+
+The general rule for committing a patch is to make sure it has been reviewed
+properly in the mailing-list first, usually if a couple of people gave an ACK
+or +1 to a patch and nobody raised an objection on the list it should be good
+to go. If the patch touches a part of the code where you're not the main
+maintainer, or where you do not have a very clear idea of how things work,
+it's better to wait for a more authoritative feedback though. Before
+committing, please also rebuild locally, run 'make check syntax-check', and
+make sure you don't raise errors. Try to look for warnings too; for example,
+configure with
+
+  --enable-compile-warnings=error
+
+which adds -Werror to compile flags, so no warnings get missed
+
+An exception to 'review and approval on the list first' is fixing failures to
+build:
+
+- if a recently committed patch breaks compilation on a platform or for a given
+driver, then it's fine to commit a minimal fix directly without getting the
+review feedback first
+
+- if make check or make syntax-check breaks, if there is an obvious fix, it's
+fine to commit immediately. The patch should still be sent to the list (or
+tell what the fix was if trivial), and 'make check syntax-check' should pass
+too, before committing anything
+
+- fixes for documentation and code comments can be managed in the same way, but
+still make sure they get reviewed if non-trivial.
--- a/Makefile.am
+++ b/Makefile.am
@@ -19,63 +19,62 @@
 LCOV = lcov
 GENHTML = genhtml

-SUBDIRS = . gnulib/lib include/libvirt src daemon tools docs gnulib/tests \
-  tests po examples
+SUBDIRS = gnulib/lib include src daemon tools docs gnulib/tests \
+  python tests po examples/domain-events/events-c examples/hellolibvirt \
+  examples/dominfo examples/domsuspend examples/python examples/apparmor \
+  examples/xml/nwfilter examples/openauth examples/systemtap

-XZ_OPT ?= -v -T0
-export XZ_OPT
+ACLOCAL_AMFLAGS = -I m4 -I gnulib/m4

-ACLOCAL_AMFLAGS = -I m4
+XML_EXAMPLES = \
+  $(patsubst $(srcdir)/%,%,$(wildcard $(addprefix $(srcdir)/examples/xml/, \
+					test/*.xml storage/*.xml)))

 EXTRA_DIST = \
-  config-post.h \
  ChangeLog-old \
  libvirt.spec libvirt.spec.in \
  mingw-libvirt.spec.in \
  libvirt.pc.in \
-  libvirt-qemu.pc.in \
-  libvirt-lxc.pc.in \
-  libvirt-admin.pc.in \
+  autobuild.sh \
  Makefile.nonreentrant \
  autogen.sh \
  cfg.mk \
+  examples/domain-events/events-python \
  run.in \
-  README.md \
-  AUTHORS.in
+  AUTHORS.in \
+  $(XML_EXAMPLES)

 pkgconfigdir = $(libdir)/pkgconfig
-pkgconfig_DATA = libvirt.pc libvirt-qemu.pc libvirt-lxc.pc libvirt-admin.pc
+pkgconfig_DATA = libvirt.pc

-NEWS: \
-	  $(srcdir)/docs/news.xml \
-	  $(srcdir)/docs/news-ascii.xsl \
-	  $(srcdir)/docs/reformat-news.py
-	$(AM_V_GEN) \
-	if [ -x $(XSLTPROC) ]; then \
-	  $(XSLTPROC) --nonet \
-	    $(srcdir)/docs/news-ascii.xsl \
-	    $(srcdir)/docs/news.xml \
-	  >$@-tmp \
-	    || { rm -f $@-tmp; exit 1; }; \
-	  $(srcdir)/docs/reformat-news.py $@-tmp >$@ \
-	    || { rm -f $@-tmp; exit 1; }; \
-	  rm -f $@-tmp; \
-	fi
-EXTRA_DIST += \
-	$(srcdir)/docs/news.xml \
-	$(srcdir)/docs/news-ascii.xsl \
-	$(srcdir)/docs/reformat-news.py
+NEWS: $(top_srcdir)/docs/news.xsl $(top_srcdir)/docs/news.html.in
+	$(AM_V_GEN)if [ -x $(XSLTPROC) ] ; then			\
+	  $(XSLTPROC) --nonet $(top_srcdir)/docs/news.xsl	\
+	     $(top_srcdir)/docs/news.html.in			\
+	   | perl -0777 -pe 's/\n\n+$$/\n/'			\
+	   | perl -pe 's/[ \t]+$$//'				\
+	   > $@-t && mv $@-t $@ ; fi
+
+$(top_srcdir)/HACKING: $(top_srcdir)/docs/hacking1.xsl $(top_srcdir)/docs/hacking2.xsl \
+                       $(top_srcdir)/docs/wrapstring.xsl $(top_srcdir)/docs/hacking.html.in
+	$(AM_V_GEN)if [ -x $(XSLTPROC) ] ; then \
+	   $(XSLTPROC) --nonet $(top_srcdir)/docs/hacking1.xsl $(top_srcdir)/docs/hacking.html.in | \
+	   $(XSLTPROC) --nonet $(top_srcdir)/docs/hacking2.xsl - \
+	   | perl -0777 -pe 's/\n\n+$$/\n/' \
+	   > $@-t && mv $@-t $@ ; fi;

 rpm: clean
-	@(unset CDPATH ; $(MAKE) dist && rpmbuild -ta $(distdir).tar.xz)
+	@(unset CDPATH ; $(MAKE) dist && rpmbuild -ta $(distdir).tar.gz)

 check-local: all tests

-check-access:
-	@($(MAKE) $(AM_MAKEFLAGS) -C tests check-access)
+tests:
+	@(cd docs/examples ; $(MAKE) MAKEFLAGS+=--silent tests)
+	@(if [ "$(pythondir)" != "" ] ; then cd python ; \
+	  $(MAKE) MAKEFLAGS+=--silent tests ; fi)

 cov: clean-cov
-	$(MKDIR_P) $(top_builddir)/coverage
+	mkdir $(top_builddir)/coverage
 	$(LCOV) -c -o $(top_builddir)/coverage/libvirt.info.tmp \
 	  -d $(top_builddir)/src  -d $(top_builddir)/daemon \
 	  -d $(top_builddir)/tests
@@ -90,6 +89,9 @@ clean-cov:

 MAINTAINERCLEANFILES = .git-module-status

+# disable this check
+distuninstallcheck:
+
 dist-hook: gen-ChangeLog gen-AUTHORS

 # Generate the ChangeLog file (with all entries since the switch to git)
--- a/Makefile.nonreentrant
+++ b/Makefile.nonreentrant
@@ -113,11 +113,3 @@ NON_REENTRANT += inet_nsap_ntoa
 NON_REENTRANT += inet_ntoa
 NON_REENTRANT += inet_ntop
 NON_REENTRANT += inet_pton
-
-# Separate two nothings by space to get one space in a variable
-space =
-space +=
-# The space needs to be in a variable otherwise it would be ignored.
-# And there must be no spaces around the commas because they would
-# not be ignored, logically.
-NON_REENTRANT_RE=$(subst $(space),|,$(NON_REENTRANT))
--- a/1
+++ b/1
@@ -1 +0,0 @@
-README.md
--- a/13
+++ b/13
@@ -0,0 +1,13 @@
+
+         LibVirt : simple API for virtualization
+
+  Libvirt is a C toolkit to interact with the virtualization capabilities
+of recent versions of Linux (and other OSes). It is free software
+available under the GNU Lesser General Public License. Virtualization of
+the Linux Operating System means the ability to run multiple instances of
+Operating Systems concurrently on a single hardware system where the basic
+resources are driven by a Linux instance. The library aim at providing
+long term stable C API initially for the Xen paravirtualization but
+should be able to integrate other virtualization mechanisms if needed.
+
+Daniel Veillard <veillard@redhat.com>
--- a/5
+++ b/5
@@ -2,8 +2,7 @@

 These notes intend to help people working on the checked-out sources.
 These requirements do not apply when building from a distribution tarball.
-See also docs/hacking.html (after building libvirt using the information
-included in this file) for more detailed contribution guidelines.
+See also HACKING for more detailed libvirt contribution guidelines.

 * Requirements

@@ -16,7 +15,7 @@ Specific development tools and versions will be checked for and listed by
 the bootstrap script.

 Valgrind <http://valgrind.org/> is also highly recommended, if
-Valgrind supports your architecture.
+Valgrind supports your architecture. See also README-valgrind.

 While building from a just-cloned source tree may require installing a
 few prerequisites, later, a plain `git pull && make' should be sufficient.
--- a/README.md
+++ b/README.md
@@ -1,82 +0,0 @@
-[![Build Status](https://travis-ci.org/libvirt/libvirt.svg)](https://travis-ci.org/libvirt/libvirt)
-
-Libvirt API for virtualization
-==============================
-
-Libvirt provides a portable, long term stable C API for managing the
-virtualization technologies provided by many operating systems. It
-includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware
-vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER
-Hypervisor.
-
-For some of these hypervisors, it provides a stateful management
-daemon which runs on the virtualization host allowing access to the
-API both by non-privileged local users and remote users.
-
-Layered packages provide bindings of the libvirt C API into other
-languages including Python, Perl, PHP, Go, Java, OCaml, as well as
-mappings into object systems such as GObject, CIM and SNMP.
-
-Further information about the libvirt project can be found on the
-website:
-
-[https://libvirt.org](https://libvirt.org)
-
-
-License
-------
-
-The libvirt C API is distributed under the terms of GNU Lesser General
-Public License, version 2.1 (or later). Some parts of the code that are
-not part of the C library may have the more restrictive GNU General
-Public License, version 2.1 (or later). See the files `COPYING.LESSER`
-and `COPYING` for full license terms & conditions.
-
-
-Installation
------------
-
-Libvirt uses the GNU Autotools build system, so in general can be built
-and installed with the usual commands. For example, to build in a manner
-that is suitable for installing as root, use:
-
-```
-$ ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
-$ make
-$ sudo make install
-```
-
-While to build & install as an unprivileged user
-
-```
-$ ./configure --prefix=$HOME/usr
-$ make
-$ make install
-```
-
-The libvirt code relies on a large number of 3rd party libraries. These will
-be detected during execution of the `configure` script and a summary printed
-which lists any missing (optional) dependencies.
-
-
-Contributing
------------
-
-The libvirt project welcomes contributions in many ways. For most components
-the best way to contribute is to send patches to the primary development
-mailing list. Further guidance on this can be found on the website:
-
-[https://libvirt.org/contribute.html](https://libvirt.org/contribute.html)
-
-
-Contact
-------
-
-The libvirt project has two primary mailing lists:
-
-  * libvirt-users@redhat.com (**for user discussions**)
-  * libvir-list@redhat.com (**for development only**)
-
-Further details on contacting the project are available on the website:
-
-[https://libvirt.org/contact.html](https://libvirt.org/contact.html)
--- a/autobuild.sh
+++ b/autobuild.sh
@@ -0,0 +1,119 @@
+#!/bin/sh
+
+set -e
+set -v
+
+# Make things clean.
+
+test -n "$1" && RESULTS=$1 || RESULTS=results.log
+: ${AUTOBUILD_INSTALL_ROOT=$HOME/builder}
+
+test -f Makefile && make -k distclean || :
+rm -rf coverage
+
+rm -rf build
+mkdir build
+cd build
+
+# Run with options not normally exercised by the rpm build, for
+# more complete code coverage.
+../autogen.sh --prefix="$AUTOBUILD_INSTALL_ROOT" \
+  --enable-expensive-tests \
+  --enable-test-coverage \
+  --disable-nls \
+  --enable-werror \
+  --enable-static
+
+# If the MAKEFLAGS envvar does not yet include a -j option,
+# add -jN where N depends on the number of processors.
+case $MAKEFLAGS in
+  *-j*) ;;
+  *) n=$(getconf _NPROCESSORS_ONLN 2> /dev/null)
+    test "$n" -gt 0 || n=1
+    n=$(expr $n + 1)
+    MAKEFLAGS="$MAKEFLAGS -j$n"
+    export MAKEFLAGS
+    ;;
+esac
+
+make
+make install
+
+# set -o pipefail is a bashism; this use of exec is the POSIX alternative
+exec 3>&1
+st=$(
+  exec 4>&1 >&3
+  { make check syntax-check 2>&1 3>&- 4>&-; echo $? >&4; } | tee "$RESULTS"
+)
+exec 3>&-
+test "$st" = 0
+test -x /usr/bin/lcov && make cov
+
+rm -f *.tar.gz
+make dist
+
+if test -n "$AUTOBUILD_COUNTER" ; then
+  EXTRA_RELEASE=".auto$AUTOBUILD_COUNTER"
+else
+  NOW=`date +"%s"`
+  EXTRA_RELEASE=".$USER$NOW"
+fi
+
+if test -f /usr/bin/rpmbuild ; then
+  rpmbuild --nodeps \
+     --define "extra_release $EXTRA_RELEASE" \
+     --define "_sourcedir `pwd`" \
+     -ba --clean libvirt.spec
+fi
+
+# Test mingw32 cross-compile
+if test -x /usr/bin/i686-w64-mingw32-gcc ; then
+  make distclean
+
+  PKG_CONFIG_LIBDIR="/usr/i686-w64-mingw32/sys-root/mingw/lib/pkgconfig:/usr/i686-w64-mingw32/sys-root/mingw/share/pkgconfig" \
+  PKG_CONFIG_PATH="$AUTOBUILD_INSTALL_ROOT/i686-w64-mingw32/sys-root/mingw/lib/pkgconfig" \
+  CC="i686-w64-mingw32-gcc" \
+  ../configure \
+    --build=$(uname -m)-w64-linux \
+    --host=i686-w64-mingw32 \
+    --prefix="$AUTOBUILD_INSTALL_ROOT/i686-w64-mingw32/sys-root/mingw" \
+    --enable-expensive-tests \
+    --enable-werror \
+    --without-libvirtd \
+    --without-python
+
+  make
+  make install
+
+fi
+
+# Test mingw64 cross-compile
+if test -x /usr/bin/x86_64-w64-mingw32-gcc ; then
+  make distclean
+
+  PKG_CONFIG_LIBDIR="/usr/x86_64-w64-mingw32/sys-root/mingw/lib/pkgconfig:/usr/x86_64-w64-mingw32/sys-root/mingw/share/pkgconfig" \
+  PKG_CONFIG_PATH="$AUTOBUILD_INSTALL_ROOT/x86_64-w64-mingw32/sys-root/mingw/lib/pkgconfig" \
+  CC="x86_64-w64-mingw32-gcc" \
+  ../configure \
+    --build=$(uname -m)-w64-linux \
+    --host=x86_64-w64-mingw32 \
+    --prefix="$AUTOBUILD_INSTALL_ROOT/x86_64-w64-mingw32/sys-root/mingw" \
+    --enable-expensive-tests \
+    --enable-werror \
+    --without-libvirtd \
+    --without-python
+
+  make
+  make install
+
+fi
+
+
+if test -x /usr/bin/i686-w64-mingw32-gcc && test -x /usr/bin/x86_64-w64-mingw32-gcc ; then
+  if test -f /usr/bin/rpmbuild ; then
+    rpmbuild --nodeps \
+       --define "extra_release $EXTRA_RELEASE" \
+       --define "_sourcedir `pwd`" \
+       -ba --clean mingw-libvirt.spec
+  fi
+fi
--- a/autogen.sh
+++ b/autogen.sh
@@ -1,196 +1,113 @@
 #!/bin/sh
 # Run this to generate all the initial makefiles, etc.

-die()
-{
-    echo "error: $1" >&2
+set -e
+
+srcdir=`dirname "$0"`
+test -z "$srcdir" && srcdir=.
+
+THEDIR=`pwd`
+cd "$srcdir"
+
+test -f src/libvirt.c || {
+    echo "You must run this script in the top-level libvirt directory"
    exit 1
 }

-starting_point=$(pwd)

-srcdir=$(dirname "$0")
-test "$srcdir" || srcdir=.
-
-cd "$srcdir" || {
-    die "Failed to cd into $srcdir"
-}
-
-test -f src/libvirt.c || {
-    die "$0 must live in the top-level libvirt directory"
-}
-
-dry_run=
+EXTRA_ARGS=
 no_git=
-gnulib_srcdir=
-extra_args=
-while test "$#" -gt 0; do
-    case "$1" in
-    --dry-run)
-        # This variable will serve both as an indicator of the fact that
-        # a dry run has been requested, and to store the result of the
-        # dry run. It will be ultimately used as return code for the
-        # script: 0 means no action is necessary, 2 means that autogen.sh
-        # needs to be executed, and 1 is reserved for failures
-        dry_run=0
-        shift
-        ;;
-    --no-git)
-        no_git=" $1"
-        shift
-        ;;
-    --gnulib-srcdir=*)
-        gnulib_srcdir=" $1"
-        shift
-        ;;
-    --gnulib-srcdir)
-        gnulib_srcdir=" $1=$2"
-        shift
-        shift
-        ;;
-    --system)
-        prefix=/usr
-        sysconfdir=/etc
-        localstatedir=/var
-        if test -d $prefix/lib64; then
-            libdir=$prefix/lib64
-        else
-            libdir=$prefix/lib
-        fi
-        extra_args="--prefix=$prefix --localstatedir=$localstatedir"
-        extra_args="$extra_args --sysconfdir=$sysconfdir --libdir=$libdir"
-        shift
-        ;;
-    *)
-        # All remaining arguments will be passed to configure verbatim
-        break
-        ;;
-    esac
-done
-no_git="$no_git$gnulib_srcdir"
+if test "x$1" = "x--no-git"; then
+  no_git=" $1"
+  shift
+fi
+if test -z "$NOCONFIGURE" ; then
+  if test "x$1" = "x--system"; then
+    shift
+    prefix=/usr
+    libdir=$prefix/lib
+    sysconfdir=/etc
+    localstatedir=/var
+    if [ -d /usr/lib64 ]; then
+      libdir=$prefix/lib64
+    fi
+    EXTRA_ARGS="--prefix=$prefix --sysconfdir=$sysconfdir --localstatedir=$localstatedir --libdir=$libdir"
+    echo "Running ./configure with $EXTRA_ARGS $@"
+  else
+    if test -z "$*" && test ! -f "$THEDIR/config.status"; then
+        echo "I am going to run ./configure with no arguments - if you wish "
+        echo "to pass any to it, please specify them on the $0 command line."
+    fi
+  fi
+fi

-gnulib_hash()
+# Compute the hash we'll use to determine whether rerunning bootstrap
+# is required.  The first is just the SHA1 that selects a gnulib snapshot.
+# The second ensures that whenever we change the set of gnulib modules used
+# by this package, we rerun bootstrap to pull in the matching set of files.
+# The third ensures that whenever we change the set of local gnulib diffs,
+# we rerun bootstrap to pull in those diffs.
+bootstrap_hash()
 {
-    local no_git=$1
-
    if test "$no_git"; then
-        echo "no-git"
+        echo no-git
        return
    fi
-
-    # Compute the hash we'll use to determine whether rerunning bootstrap
-    # is required. The first is just the SHA1 that selects a gnulib snapshot.
-    # The second ensures that whenever we change the set of gnulib modules used
-    # by this package, we rerun bootstrap to pull in the matching set of files.
-    # The third ensures that whenever we change the set of local gnulib diffs,
-    # we rerun bootstrap to pull in those diffs.
-    git submodule status .gnulib | awk '{ print $1 }'
+    git submodule status | sed 's/^[ +-]//;s/ .*//'
    git hash-object bootstrap.conf
-    git ls-tree -d HEAD gnulib/local | awk '{ print $3 }'
+    git ls-tree -d HEAD gnulib/local | awk '{print $3}'
 }

-# Only look into git submodules if we're in a git checkout
-if test -d .git || test -f .git; then
-
-    # Check for dirty submodules
-    if test -z "$CLEAN_SUBMODULE"; then
-        for path in $(git submodule status | awk '{ print $2 }'); do
-            case "$(git diff "$path")" in
-                *-dirty*)
-                    echo "error: $path is dirty, please investigate" >&2
-                    echo "set CLEAN_SUBMODULE to discard submodule changes" >&2
-                    exit 1
-                    ;;
-            esac
-        done
+# Ensure that whenever we pull in a gnulib update or otherwise change to a
+# different version (i.e., when switching branches), we also rerun ./bootstrap.
+# Also, running 'make rpm' tends to litter the po/ directory, and some people
+# like to run 'git clean -x -f po' to fix it; but only ./bootstrap regenerates
+# the required file po/Makevars.
+# Only run bootstrap from a git checkout, never from a tarball.
+if test -d .git; then
+    curr_status=.git-module-status t=
+    if test "$no_git"; then
+        t=no-git
+    elif test -d .gnulib; then
+        t=$(bootstrap_hash; git diff .gnulib)
    fi
-    if test "$CLEAN_SUBMODULE" && test -z "$no_git"; then
-        if test -z "$dry_run"; then
-            echo "Cleaning up submodules..."
-            git submodule foreach 'git clean -dfqx && git reset --hard' || {
-                die "Cleaning up submodules failed"
-            }
-        fi
-    fi
-
-    # Update all submodules. If any of the submodules has not been
-    # initialized yet, it will be initialized now; moreover, any submodule
-    # with uncommitted changes will be returned to the expected state
-    echo "Updating submodules..."
-    git submodule update --init || {
-        die "Updating submodules failed"
-    }
-
-    # The expected hash, eg. the one computed after the last
-    # successful bootstrap run, is stored on disk
-    state_file=.git-module-status
-    expected_hash=$(cat "$state_file" 2>/dev/null)
-    actual_hash=$(gnulib_hash "$no_git")
-
-    if test "$actual_hash" = "$expected_hash" && \
-       test -f po/Makevars && test -f AUTHORS; then
-        # The gnulib hash matches our expectations, and all the files
-        # that can only be generated through bootstrap are present:
-        # we just need to run autoreconf. Unless we're performing a
-        # dry run, of course...
-        if test -z "$dry_run"; then
-            echo "Running autoreconf..."
-            autoreconf -if || {
-                die "autoreconf failed"
-            }
-        fi
+    case $t:${CLEAN_SUBMODULE+set} in
+        *:set) ;;
+        *-dirty*)
+            echo "error: gnulib submodule is dirty, please investigate" 2>&1
+            echo "set env-var CLEAN_SUBMODULE to discard gnulib changes" 2>&1
+            exit 1 ;;
+    esac
+    # Keep this test in sync with cfg.mk:_update_required
+    if test "$t" = "$(cat $curr_status 2>/dev/null)" \
+        && test -f "po/Makevars" && test -f AUTHORS; then
+        # good, it's up to date, all we need is autoreconf
+        autoreconf -if
    else
-        # Whenever the gnulib submodule or any of the related bits
-        # has been changed in some way (see gnulib_hash) we need to
-        # run bootstrap again. If we're performing a dry run, we
-        # change the return code instead to signal our caller
-        if test "$dry_run"; then
-            dry_run=2
-        else
-            echo "Running bootstrap..."
-            ./bootstrap$no_git --bootstrap-sync || {
-                die "bootstrap failed"
-            }
-            gnulib_hash >"$state_file"
+        if test -z "$no_git" && test ${CLEAN_SUBMODULE+set}; then
+            echo cleaning up submodules...
+            git submodule foreach 'git clean -dfqx && git reset --hard'
        fi
+        echo running bootstrap$no_git...
+        ./bootstrap$no_git --bootstrap-sync && bootstrap_hash > $curr_status \
+            || { echo "Failed to bootstrap, please investigate."; exit 1; }
    fi
 fi

-# When performing a dry run, we can stop here
-test "$dry_run" && exit "$dry_run"
+test -n "$NOCONFIGURE" && exit 0

-# If asked not to run configure, we can stop here
-test "$NOCONFIGURE" && exit 0
+cd "$THEDIR"

-cd "$starting_point" || {
-    die "Failed to cd into $starting_point"
-}
-
-if test "$OBJ_DIR"; then
-    mkdir -p "$OBJ_DIR" || {
-        die "Failed to create $OBJ_DIR"
-    }
-    cd "$OBJ_DIR" || {
-        die "Failed to cd into $OBJ_DIR"
-    }
+if test "x$OBJ_DIR" != x; then
+    mkdir -p "$OBJ_DIR"
+    cd "$OBJ_DIR"
 fi

-if test -z "$*" && test -z "$extra_args" && test -f config.status; then
-    echo "Running config.status..."
-    ./config.status --recheck || {
-        die "config.status failed"
-    }
+if test -z "$*" && test -z "$EXTRA_ARGS" && test -f config.status; then
+    ./config.status --recheck
 else
-    if test -z "$*" && test -z "$extra_args"; then
-        echo "I am going to run configure with no arguments - if you wish"
-        echo "to pass any to it, please specify them on the $0 command line."
-    else
-        echo "Running configure with $extra_args $@"
-    fi
-    "$srcdir/configure" $extra_args "$@" || {
-        die "configure failed"
-    }
-fi
-
-echo
-echo "Now type 'make' to compile libvirt."
+    $srcdir/configure $EXTRA_ARGS "$@"
+fi && {
+    echo
+    echo "Now type 'make' to compile libvirt."
+}
--- a/143
+++ b/143
@@ -1,10 +1,10 @@
 #! /bin/sh
 # Print a version string.
-scriptversion=2017-01-09.19; # UTC
+scriptversion=2013-07-03.20; # UTC

 # Bootstrap this package from checked-out sources.

-# Copyright (C) 2003-2017 Free Software Foundation, Inc.
+# Copyright (C) 2003-2013 Free Software Foundation, Inc.

 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -42,9 +42,6 @@ export LC_ALL

 local_gl_dir=gl

-# Honor $PERL, but work even if there is none.
-PERL="${PERL-perl}"
-
 me=$0

 usage() {
@@ -212,26 +209,12 @@ bootstrap_sync=false
 # Use git to update gnulib sources
 use_git=true

-check_exists() {
-  if test "$1" = "--verbose"; then
-    ($2 --version </dev/null) >/dev/null 2>&1
-    if test $? -ge 126; then
-      # If not found, run with diagnostics as one may be
-      # presented with env variables to set to find the right version
-      ($2 --version </dev/null)
-    fi
-  else
-    ($1 --version </dev/null) >/dev/null 2>&1
-  fi
-
-  test $? -lt 126
-}
-
 # find_tool ENVVAR NAMES...
 # -------------------------
 # Search for a required program.  Use the value of ENVVAR, if set,
-# otherwise find the first of the NAMES that can be run.
-# If found, set ENVVAR to the program name, die otherwise.
+# otherwise find the first of the NAMES that can be run (i.e.,
+# supports --version).  If found, set ENVVAR to the program name,
+# die otherwise.
 #
 # FIXME: code duplication, see also gnu-web-doc-update.
 find_tool ()
@@ -241,21 +224,27 @@ find_tool ()
  find_tool_names=$@
  eval "find_tool_res=\$$find_tool_envvar"
  if test x"$find_tool_res" = x; then
-    for i; do
-      if check_exists $i; then
-        find_tool_res=$i
-        break
+    for i
+    do
+      if ($i --version </dev/null) >/dev/null 2>&1; then
+       find_tool_res=$i
+       break
      fi
    done
+  else
+    find_tool_error_prefix="\$$find_tool_envvar: "
  fi
-  if test x"$find_tool_res" = x; then
-    warn_ "one of these is required: $find_tool_names;"
-    die   "alternatively set $find_tool_envvar to a compatible tool"
-  fi
+  test x"$find_tool_res" != x \
+    || die "one of these is required: $find_tool_names"
+  ($find_tool_res --version </dev/null) >/dev/null 2>&1 \
+    || die "${find_tool_error_prefix}cannot run $find_tool_res --version"
  eval "$find_tool_envvar=\$find_tool_res"
  eval "export $find_tool_envvar"
 }

+# Find sha1sum, named gsha1sum on MacPorts, and shasum on Mac OS X 10.6.
+find_tool SHA1SUM sha1sum gsha1sum shasum
+
 # Override the default configuration, if necessary.
 # Make sure that bootstrap.conf is sourced from the current directory
 # if we were invoked as "sh bootstrap".
@@ -337,7 +326,7 @@ insert_if_absent() {
    die "Error: Duplicate entries in $file: " $duplicate_entries
  fi
  linesold=$(gitignore_entries $file | wc -l)
-  linesnew=$( { echo "$str"; cat $file; } | gitignore_entries | sort -u | wc -l)
+  linesnew=$(echo "$str" | gitignore_entries - $file | sort -u | wc -l)
  if [ $linesold != $linesnew ] ; then
    { echo "$str" | cat - $file > $file.bak && mv $file.bak $file; } \
      || die "insert_if_absent $file $str: failed"
@@ -418,30 +407,28 @@ sort_ver() { # sort -V is not generally available
  done
 }

-get_version_sed='
-# Move version to start of line.
-s/.*[v ]\([0-9]\)/\1/
-
-# Skip lines that do not start with version.
-/^[0-9]/!d
-
-# Remove characters after the version.
-s/[^.a-z0-9-].*//
-
-# The first component must be digits only.
-s/^\([0-9]*\)[a-z-].*/\1/
-
-#the following essentially does s/5.005/5.5/
-s/\.0*\([1-9]\)/.\1/g
-p
-q'
-
 get_version() {
  app=$1

-  $app --version >/dev/null 2>&1 || { $app --version; return 1; }
+  $app --version >/dev/null 2>&1 || return 1

-  $app --version 2>&1 | sed -n "$get_version_sed"
+  $app --version 2>&1 |
+  sed -n '# Move version to start of line.
+          s/.*[v ]\([0-9]\)/\1/
+
+          # Skip lines that do not start with version.
+          /^[0-9]/!d
+
+          # Remove characters after the version.
+          s/[^.a-z0-9-].*//
+
+          # The first component must be digits only.
+          s/^\([0-9]*\)[a-z-].*/\1/
+
+          #the following essentially does s/5.005/5.5/
+          s/\.0*\([1-9]\)/.\1/g
+          p
+          q'
 }

 check_versions() {
@@ -461,7 +448,6 @@ check_versions() {
    test "$appvar" = TAR && appvar=AMTAR
    case $appvar in
        GZIP) ;; # Do not use $GZIP:  it contains gzip options.
-        PERL::*) ;; # Keep perl modules as-is
        *) eval "app=\${$appvar-$app}" ;;
    esac

@@ -479,22 +465,12 @@ check_versions() {
          ret=1
          continue
        } ;;
-      # Another check is for perl modules.  These can be written as
-      # e.g. perl::XML::XPath in case of XML::XPath module, etc.
-      perl::*)
-        # Extract module name
-        app="${app#perl::}"
-        if ! $PERL -m"$app" -e 'exit 0' >/dev/null 2>&1; then
-          warn_ "Error: perl module '$app' not found"
-          ret=1
-        fi
-        continue
-        ;;
    esac
    if [ "$req_ver" = "-" ]; then
      # Merely require app to exist; not all prereq apps are well-behaved
      # so we have to rely on $? rather than get_version.
-      if ! check_exists --verbose $app; then
+      $app --version >/dev/null 2>&1
+      if [ 126 -le $? ]; then
        warn_ "Error: '$app' not found"
        ret=1
      fi
@@ -527,12 +503,6 @@ print_versions() {
  # can't depend on column -t
 }

-# Find sha1sum, named gsha1sum on MacPorts, shasum on Mac OS X 10.6.
-# Also find the compatible sha1 utility on the BSDs
-if test x"$SKIP_PO" = x; then
-  find_tool SHA1SUM sha1sum gsha1sum shasum sha1
-fi
-
 use_libtool=0
 # We'd like to use grep -E, to see if any of LT_INIT,
 # AC_PROG_LIBTOOL, AM_PROG_LIBTOOL is used in configure.ac,
@@ -578,21 +548,13 @@ if ! printf "$buildreq" | check_versions; then
  fi
 fi

-# Warn the user if autom4te appears to be broken; this causes known
-# issues with at least gettext 0.18.3.
-probe=$(echo 'm4_quote([hi])' | autom4te -l M4sugar -t 'm4_quote:$%' -)
-if test "x$probe" != xhi; then
-  warn_ "WARNING: your autom4te wrapper eats stdin;"
-  warn_ "if bootstrap fails, consider upgrading your autotools"
-fi
-
 echo "$0: Bootstrapping from checked-out $package sources..."

 # See if we can use gnulib's git-merge-changelog merge driver.
-if $use_git && test -d .git && check_exists git; then
+if $use_git && test -d .git && (git --version) >/dev/null 2>/dev/null ; then
  if git config merge.merge-changelog.driver >/dev/null ; then
    :
-  elif check_exists git-merge-changelog; then
+  elif (git-merge-changelog --version) >/dev/null 2>/dev/null ; then
    echo "$0: initializing git-merge-changelog driver"
    git config merge.merge-changelog.name 'GNU-style ChangeLog merge driver'
    git config merge.merge-changelog.driver 'git-merge-changelog %O %A %B'
@@ -625,8 +587,8 @@ case ${GNULIB_SRCDIR--} in
  # Note that $use_git is necessarily true in this case.
  if git_modules_config submodule.gnulib.url >/dev/null; then
    echo "$0: getting gnulib files..."
-    git submodule init -- "$gnulib_path" || exit $?
-    git submodule update -- "$gnulib_path" || exit $?
+    git submodule init || exit $?
+    git submodule update || exit $?

  elif [ ! -d "$gnulib_path" ]; then
    echo "$0: getting gnulib files..."
@@ -655,14 +617,13 @@ case ${GNULIB_SRCDIR--} in
      # This fallback allows at least git 1.5.5.
      if test -f "$gnulib_path"/gnulib-tool; then
        # Since file already exists, assume submodule init already complete.
-        git submodule update -- "$gnulib_path" || exit $?
+        git submodule update || exit $?
      else
        # Older git can't clone into an empty directory.
        rmdir "$gnulib_path" 2>/dev/null
        git clone --reference "$GNULIB_SRCDIR" \
          "$(git_modules_config submodule.gnulib.url)" "$gnulib_path" \
-          && git submodule init -- "$gnulib_path" \
-          && git submodule update -- "$gnulib_path" \
+          && git submodule init && git submodule update \
          || exit $?
      fi
    fi
@@ -731,10 +692,11 @@ update_po_files() {
    cksum_file="$ref_po_dir/$po.s1"
    if ! test -f "$cksum_file" ||
        ! test -f "$po_dir/$po.po" ||
-        ! $SHA1SUM -c "$cksum_file" < "$new_po" > /dev/null 2>&1; then
+        ! $SHA1SUM -c --status "$cksum_file" \
+            < "$new_po" > /dev/null; then
      echo "$me: updated $po_dir/$po.po..."
      cp "$new_po" "$po_dir/$po.po" \
-          && $SHA1SUM < "$new_po" > "$cksum_file" || return
+          && $SHA1SUM < "$new_po" > "$cksum_file"
    fi
  done
 }
@@ -790,7 +752,7 @@ symlink_to_dir()
      # Leave any existing symlink alone, if it already points to the source,
      # so that broken build tools that care about symlink times
      # aren't confused into doing unnecessary builds.  Conversely, if the
-      # existing symlink's timestamp is older than the source, make it afresh,
+      # existing symlink's time stamp is older than the source, make it afresh,
      # so that broken tools aren't confused into skipping needed builds.  See
      # <http://lists.gnu.org/archive/html/bug-gnulib/2011-05/msg00326.html>.
      test -h "$dst" &&
@@ -917,8 +879,7 @@ if test $use_libtool = 1; then
  esac
 fi
 echo "$0: $gnulib_tool $gnulib_tool_options --import ..."
-$gnulib_tool $gnulib_tool_options --import $gnulib_modules \
-  || die "gnulib-tool failed"
+$gnulib_tool $gnulib_tool_options --import $gnulib_modules &&

 for file in $gnulib_files; do
  symlink_to_dir "$GNULIB_SRCDIR" $file \
@@ -1023,6 +984,6 @@ echo "$0: done.  Now you can run './configure'."
 # eval: (add-hook 'write-file-hooks 'time-stamp)
 # time-stamp-start: "scriptversion="
 # time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC0"
+# time-stamp-time-zone: "UTC"
 # time-stamp-end: "; # UTC"
 # End:
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -1,6 +1,6 @@
 # Bootstrap configuration.

-# Copyright (C) 2010-2014 Red Hat, Inc.
+# Copyright (C) 2010-2013 Red Hat, Inc.

 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -35,7 +35,6 @@ clock-time
 close
 connect
 configmake
-count-leading-zeros
 count-one-bits
 crypto/md5
 crypto/sha256
@@ -54,7 +53,6 @@ func
 getaddrinfo
 getcwd-lgpl
 gethostname
-getopt-posix
 getpass
 getpeername
 getsockname
@@ -95,7 +93,6 @@ recv
 regex
 random_r
 sched
-secure_getenv
 send
 setenv
 setsockopt
@@ -121,7 +118,6 @@ time_r
 timegm
 ttyname_r
 uname
-unsetenv
 useless-if-before-free
 usleep
 vasprintf
@@ -179,11 +175,11 @@ fi
 # Tell gnulib to:
 #   require LGPLv2+
 #   apply any local diffs in gnulib/local/ dir
-#   put *.m4 files in m4/ dir
+#   put *.m4 files in new gnulib/m4/ dir
 #   put *.[ch] files in new gnulib/lib/ dir
 #   import gnulib tests in new gnulib/tests/ dir
 gnulib_name=libgnu
-m4_base=m4
+m4_base=gnulib/m4
 source_base=gnulib/lib
 tests_base=gnulib/tests
 gnulib_tool_option_extras="\
@@ -195,10 +191,18 @@ gnulib_tool_option_extras="\
 "
 local_gl_dir=gnulib/local

+# Convince bootstrap to use multiple m4 directories.
+: ${ACLOCAL=aclocal}
+ACLOCAL="$ACLOCAL -I m4"
+export ACLOCAL
+
 # Build prerequisites
 # Note that some of these programs are only required for 'make dist' to
 # succeed from a fresh git checkout; not all of these programs are
-# required to run 'make dist' on a tarball.
+# required to run 'make dist' on a tarball.  As a special case, we want
+# to require the equivalent of the Fedora python-devel package, but
+# RHEL 5 lacks the witness python-config package; we hack around that
+# old environment below.
 buildreq="\
 autoconf   2.59
 automake   1.9.6
@@ -210,11 +214,19 @@ libtool    -
 patch      -
 perl       5.5
 pkg-config -
+python-config -
 rpcgen     -
 tar        -
 xmllint	   -
 xsltproc   -
 "
+# Use rpm as a fallback to bypass the bootstrap probe for python-config,
+# for the sake of RHEL 5; without requiring it on newer systems that
+# have python-config to begin with.
+if `(${PYTHON_CONFIG-python-config} --version;
+     test $? -lt 126 || rpm -q python-devel) >/dev/null 2>&1`; then
+  PYTHON_CONFIG=true
+fi

 # Automake requires that ChangeLog and AUTHORS exist.
 touch AUTHORS ChangeLog || exit 1
@@ -229,11 +241,13 @@ gnulib_extra_files="
 "


-bootstrap_post_import_hook()
+bootstrap_epilogue()
 {
  # Change paths in gnulib/tests/gnulib.mk from "../../.." to "../..",
-  # and make tests conditional by changing "TESTS" to "GNULIB_TESTS".
+  # and make tests conditional by changing "TESTS" to "GNULIB_TESTS",
+  # then ensure that gnulib/tests/Makefile.in is up-to-date.
  m=gnulib/tests/gnulib.mk
  sed 's,\.\./\.\./\.\.,../..,g; s/^TESTS /GNULIB_TESTS /' $m > $m-t
  mv -f $m-t $m
+  ${AUTOMAKE-automake} gnulib/tests/Makefile
 }
--- a/build-aux/bracket-spacing.pl
+++ b/build-aux/bracket-spacing.pl
@@ -0,0 +1,144 @@
+#!/usr/bin/perl
+#
+# bracket-spacing.pl: Report any usage of 'function (..args..)'
+# Also check for other syntax issues, such as correct use of ';'
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library.  If not, see
+# <http://www.gnu.org/licenses/>.
+#
+# Authors:
+#     Daniel P. Berrange <berrange@redhat.com>
+
+use strict;
+use warnings;
+
+my $ret = 0;
+my $incomment = 0;
+
+foreach my $file (@ARGV) {
+    open FILE, $file;
+
+    while (defined (my $line = <FILE>)) {
+        my $data = $line;
+
+        # Kill any quoted ; or "
+        $data =~ s,'[";]','X',g;
+
+        # Kill any quoted strings
+        $data =~ s,"([^\\\"]|\\.)*","XXX",g;
+
+        # Kill any C++ style comments
+        $data =~ s,//.*$,//,;
+
+        next if $data =~ /^#/;
+
+        # Kill contents of multi-line comments
+        # and detect end of multi-line comments
+        if ($incomment) {
+            if ($data =~ m,\*/,) {
+                $incomment = 0;
+                $data =~ s,^.*\*/,*/,;
+            } else {
+                $data = "";
+            }
+        }
+
+        # Kill single line comments, and detect
+        # start of multi-line comments
+        if ($data =~ m,/\*.*\*/,) {
+            $data =~ s,/\*.*\*/,/* */,;
+        } elsif ($data =~ m,/\*,) {
+            $incomment = 1;
+            $data =~ s,/\*.*,/*,;
+        }
+
+        # We need to match things like
+        #
+        #  int foo (int bar, bool wizz);
+        #  foo (bar, wizz);
+        #
+        # but not match things like:
+        #
+        #  typedef int (*foo)(bar wizz)
+        #
+        # we can't do this (efficiently) without
+        # missing things like
+        #
+        #  foo (*bar, wizz);
+        #
+        while ($data =~ /(\w+)\s\((?!\*)/) {
+            my $kw = $1;
+
+            # Allow space after keywords only
+            if ($kw =~ /^(if|for|while|switch|return)$/) {
+                $data =~ s/($kw\s\()/XXX(/;
+            } else {
+                print "$file:$.: $line";
+                $ret = 1;
+                last;
+            }
+        }
+
+        # Require whitespace immediately after keywords,
+        # but none after the opening bracket
+        while ($data =~ /(if|for|while|switch|return)\(/ ||
+               $data =~ /(if|for|while|switch|return)\s+\(\s/) {
+            print "$file:$.: $line";
+            $ret = 1;
+            last;
+        }
+
+        # Forbid whitespace between )( of a function typedef
+        while ($data =~ /\(\*\w+\)\s+\(/) {
+            print "$file:$.: $line";
+            $ret = 1;
+            last;
+        }
+
+        # Forbid whitespace following ( or prior to )
+        while ($data =~ /\S\s+\)/ ||
+               $data =~ /\(\s+\S/) {
+            print "$file:$.: $line";
+            $ret = 1;
+            last;
+        }
+
+        # Forbid whitespace before ";". Things like below are allowed:
+        #
+        # 1) The expression is empty for "for" loop. E.g.
+        #   for (i = 0; ; i++)
+        #
+        # 2) An empty statement. E.g.
+        #   while (write(statuswrite, &status, 1) == -1 &&
+        #          errno == EINTR)
+        #       ;
+        #
+        while ($data =~ /[^;\s]\s+;/) {
+            print "$file:$.: $line";
+            $ret = 1;
+            last;
+        }
+
+        # Require EOL, macro line continuation, or whitespace after ";".
+        # Allow "for (;;)" as an exception.
+        while ($data =~ /;[^	 \\\n;)]/) {
+            print "$file:$.: $line";
+            $ret = 1;
+            last;
+        }
+    }
+    close FILE;
+}
+
+exit $ret;
--- a/build-aux/check-spacing.pl
+++ b/build-aux/check-spacing.pl
@@ -1,204 +0,0 @@
-#!/usr/bin/perl
-#
-# check-spacing.pl: Report any usage of 'function (..args..)'
-# Also check for other syntax issues, such as correct use of ';'
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library.  If not, see
-# <http://www.gnu.org/licenses/>.
-#
-# Authors:
-#     Daniel P. Berrange <berrange@redhat.com>
-
-use strict;
-use warnings;
-
-my $ret = 0;
-my $incomment = 0;
-
-foreach my $file (@ARGV) {
-    # Per-file variables for multiline Curly Bracket (cb_) check
-    my $cb_linenum = 0;
-    my $cb_code = "";
-    my $cb_scolon = 0;
-
-    open FILE, $file;
-
-    while (defined (my $line = <FILE>)) {
-        my $data = $line;
-        # For temporary modifications
-        my $tmpdata;
-
-        # Kill any quoted , ; = or "
-        $data =~ s/'[";,=]'/'X'/g;
-
-        # Kill any quoted strings
-        $data =~ s,"(?:[^\\\"]|\\.)*","XXX",g;
-
-        # Kill any C++ style comments
-        $data =~ s,//.*$,//,;
-
-        next if $data =~ /^#/;
-
-        # Kill contents of multi-line comments
-        # and detect end of multi-line comments
-        if ($incomment) {
-            if ($data =~ m,\*/,) {
-                $incomment = 0;
-                $data =~ s,^.*\*/,*/,;
-            } else {
-                $data = "";
-            }
-        }
-
-        # Kill single line comments, and detect
-        # start of multi-line comments
-        if ($data =~ m,/\*.*\*/,) {
-            $data =~ s,/\*.*\*/,/* */,;
-        } elsif ($data =~ m,/\*,) {
-            $incomment = 1;
-            $data =~ s,/\*.*,/*,;
-        }
-
-        # We need to match things like
-        #
-        #  int foo (int bar, bool wizz);
-        #  foo (bar, wizz);
-        #
-        # but not match things like:
-        #
-        #  typedef int (*foo)(bar wizz)
-        #
-        # we can't do this (efficiently) without
-        # missing things like
-        #
-        #  foo (*bar, wizz);
-        #
-        # We also don't want to spoil the $data so it can be used
-        # later on.
-        $tmpdata = $data;
-        while ($tmpdata =~ /(\w+)\s\((?!\*)/) {
-            my $kw = $1;
-
-            # Allow space after keywords only
-            if ($kw =~ /^(?:if|for|while|switch|return)$/) {
-                $tmpdata =~ s/(?:$kw\s\()/XXX(/;
-            } else {
-                print "Whitespace after non-keyword:\n";
-                print "$file:$.: $line";
-                $ret = 1;
-                last;
-            }
-        }
-
-        # Require whitespace immediately after keywords
-        if ($data =~ /\b(?:if|for|while|switch|return)\(/) {
-            print "No whitespace after keyword:\n";
-            print "$file:$.: $line";
-            $ret = 1;
-        }
-
-        # Forbid whitespace between )( of a function typedef
-        if ($data =~ /\(\*\w+\)\s+\(/) {
-            print "Whitespace between ')' and '(':\n";
-            print "$file:$.: $line";
-            $ret = 1;
-        }
-
-        # Forbid whitespace following ( or prior to )
-        # but allow whitespace before ) on a single line
-        # (optionally followed by a semicolon)
-        if (($data =~ /\s\)/ && not $data =~ /^\s+\);?$/) ||
-            $data =~ /\((?!$)\s/) {
-            print "Whitespace after '(' or before ')':\n";
-            print "$file:$.: $line";
-            $ret = 1;
-        }
-
-        # Forbid whitespace before ";" or ",". Things like below are allowed:
-        #
-        # 1) The expression is empty for "for" loop. E.g.
-        #   for (i = 0; ; i++)
-        #
-        # 2) An empty statement. E.g.
-        #   while (write(statuswrite, &status, 1) == -1 &&
-        #          errno == EINTR)
-        #       ;
-        #
-        if ($data =~ /\s[;,]/) {
-            unless ($data =~ /\S; ; / ||
-                    $data =~ /^\s+;/) {
-                print "Whitespace before semicolon or comma:\n";
-                print "$file:$.: $line";
-                $ret = 1;
-            }
-        }
-
-        # Require EOL, macro line continuation, or whitespace after ";".
-        # Allow "for (;;)" as an exception.
-        if ($data =~ /;[^	 \\\n;)]/) {
-            print "Invalid character after semicolon:\n";
-            print "$file:$.: $line";
-            $ret = 1;
-        }
-
-        # Require EOL, space, or enum/struct end after comma.
-        if ($data =~ /,[^ \\\n)}]/) {
-            print "Invalid character after comma:\n";
-            print "$file:$.: $line";
-            $ret = 1;
-        }
-
-        # Require spaces around assignment '=', compounds and '=='
-        if ($data =~ /[^ ]\b[!<>&|\-+*\/%\^=]?=/ ||
-            $data =~ /=[^= \\\n]/) {
-            print "Spacing around '=' or '==':\n";
-            print "$file:$.: $line";
-            $ret = 1;
-        }
-
-        # One line conditional statements with one line bodies should
-        # not use curly brackets.
-        if ($data =~ /^\s*(if|while|for)\b.*\{$/) {
-            $cb_linenum = $.;
-            $cb_code = $line;
-            $cb_scolon = 0;
-        }
-
-        # We need to check for exactly one semicolon inside the body,
-        # because empty statements (e.g. with comment only) are
-        # allowed
-        if ($cb_linenum == $. - 1 && $data =~ /^[^;]*;[^;]*$/) {
-            $cb_code .= $line;
-            $cb_scolon = 1;
-        }
-
-        if ($data =~ /^\s*}\s*$/ &&
-            $cb_linenum == $. - 2 &&
-            $cb_scolon) {
-
-            print "Curly brackets around single-line body:\n";
-            print "$file:$cb_linenum-$.:\n$cb_code$line";
-            $ret = 1;
-
-            # There _should_ be no need to reset the values; but to
-            # keep my inner peace...
-            $cb_linenum = 0;
-            $cb_scolon = 0;
-            $cb_code = "";
-        }
-    }
-    close FILE;
-}
-
-exit $ret;
--- a/build-aux/mock-noinline.pl
+++ b/build-aux/mock-noinline.pl
@@ -1,72 +0,0 @@
-#!/usr/bin/perl
-
-my %noninlined;
-my %mocked;
-
-# Functions in public header don't get the noinline annotation
-# so whitelist them here
-$noninlined{"virEventAddTimeout"} = 1;
-
-foreach my $arg (@ARGV) {
-    if ($arg =~ /\.h$/) {
-        #print "Scan header $arg\n";
-        &scan_annotations($arg);
-    } elsif ($arg =~ /mock\.c$/) {
-        #print "Scan mock $arg\n";
-        &scan_overrides($arg);
-    }
-}
-
-my $warned = 0;
-foreach my $func (keys %mocked) {
-    next if exists $noninlined{$func};
-
-    $warned++;
-    print STDERR "$func is mocked at $mocked{$func} but missing noinline annotation\n";
-}
-
-exit $warned ? 1 : 0;
-
-
-sub scan_annotations {
-    my $file = shift;
-
-    open FH, $file or die "cannot read $file: $!";
-
-    my $func;
-    while (<FH>) {
-        if (/^\s*(\w+)\(/ || /^(?:\w+\*?\s+)+(?:\*\s*)?(\w+)\(/) {
-            my $name = $1;
-            if ($name !~ /ATTRIBUTE/) {
-                $func = $name;
-            }
-        } elsif (/^\s*$/) {
-            $func = undef;
-        }
-        if (/ATTRIBUTE_NOINLINE/) {
-            if (defined $func) {
-                $noninlined{$func} = 1;
-            }
-        }
-    }
-
-    close FH
-}
-
-sub scan_overrides {
-    my $file = shift;
-
-    open FH, $file or die "cannot read $file: $!";
-
-    my $func;
-    while (<FH>) {
-        if (/^(\w+)\(/ || /^\w+\s*(?:\*\s*)?(\w+)\(/) {
-            my $name = $1;
-            if ($name =~ /^vir/) {
-                $mocked{$name} = "$file:$.";
-            }
-        }
-    }
-
-    close FH
-}
--- a/build-aux/prohibit-duplicate-header.pl
+++ b/build-aux/prohibit-duplicate-header.pl
@@ -1,26 +0,0 @@
-#!/usr/bin/perl
-
-use strict;
-
-my $file = " ";
-my $ret = 0;
-my %includes = ( );
-my $lineno = 0;
-
-while (<>) {
-    if (not $file eq $ARGV) {
-        %includes = ( );
-        $file = $ARGV;
-        $lineno = 0;
-    }
-    $lineno++;
-    if (/^# *include *[<"]([^>"]*\.h)[">]/) {
-        $includes{$1}++;
-        if ($includes{$1} == 2) {
-            $ret = 1;
-            print STDERR "$ARGV:$lineno: $_";
-            print STDERR "Do not include a header more than once per file\n";
-        }
-    }
-}
-exit $ret;
--- a/cfg.mk
+++ b/cfg.mk
@@ -1,5 +1,5 @@
 # Customize Makefile.maint.                           -*- makefile -*-
-# Copyright (C) 2008-2015 Red Hat, Inc.
+# Copyright (C) 2008-2013 Red Hat, Inc.
 # Copyright (C) 2003-2008 Free Software Foundation, Inc.

 # This program is free software: you can redistribute it and/or modify
@@ -33,9 +33,8 @@ gnulib_dir = $(srcdir)/.gnulib
 # This is all gnulib files, as well as generated files for RPC code.
 generated_files = \
  $(srcdir)/daemon/*_dispatch.h \
-  $(srcdir)/src/*/*_dispatch.h \
  $(srcdir)/src/remote/*_client_bodies.h \
-  $(srcdir)/src/*/*_protocol.[ch] \
+  $(srcdir)/src/remote/*_protocol.[ch] \
  $(srcdir)/gnulib/lib/*.[ch]

 # We haven't converted all scripts to using gnulib's init.sh yet.
@@ -64,7 +63,6 @@ local-checks-to-skip =			\
  sc_prohibit_quote_without_use		\
  sc_prohibit_quotearg_without_use	\
  sc_prohibit_stat_st_blocks		\
-  sc_prohibit_undesirable_word_seq	\
  sc_root_tests				\
  sc_space_tab				\
  sc_sun_os_names			\
@@ -91,7 +89,7 @@ endif

 # Files that should never cause syntax check failures.
 VC_LIST_ALWAYS_EXCLUDE_REGEX = \
-  (^(docs/(news(-[0-9]*)?\.html\.in|.*\.patch))|\.(po|fig|gif|ico|png))$$
+  (^(HACKING|docs/(news\.html\.in|.*\.patch))|\.po)$$

 # Functions like free() that are no-ops on NULL arguments.
 useless_free_options =				\
@@ -126,7 +124,9 @@ useless_free_options =				\
  --name=virDomainDeviceDefFree			\
  --name=virDomainDiskDefFree			\
  --name=virDomainEventCallbackListFree		\
-  --name=virObjectEventQueueFree		\
+  --name=virDomainEventFree			\
+  --name=virDomainEventQueueFree		\
+  --name=virDomainEventStateFree		\
  --name=virDomainFSDefFree			\
  --name=virDomainGraphicsDefFree		\
  --name=virDomainHostdevDefFree		\
@@ -160,6 +160,7 @@ useless_free_options =				\
  --name=virNWFilterRuleDefFree			\
  --name=virNWFilterRuleInstFree		\
  --name=virNetworkDefFree			\
+  --name=virNetworkObjFree			\
  --name=virNodeDeviceDefFree			\
  --name=virNodeDeviceObjFree			\
  --name=virObjectUnref                         \
@@ -203,6 +204,7 @@ useless_free_options =				\
 # y virDomainDeviceDefFree
 # y virDomainDiskDefFree
 # y virDomainEventCallbackListFree
+# y virDomainEventFree
 # y virDomainEventQueueFree
 # y virDomainFSDefFree
 # n virDomainFree
@@ -248,6 +250,8 @@ useless_free_options =				\
 # y virNetworkDefFree
 # n virNetworkFree (returns int)
 # n virNetworkFreeName (returns int)
+# y virNetworkObjFree
+# n virNetworkObjListFree FIXME
 # n virNodeDevCapsDefFree FIXME
 # y virNodeDeviceDefFree
 # n virNodeDeviceFree (returns int)
@@ -300,15 +304,14 @@ sc_flags_debug:
 # than d).  The existence of long long, and of documentation about
 # flags, makes the regex in the third test slightly harder.
 sc_flags_usage:
-	@test "$$(cat $(srcdir)/include/libvirt/libvirt-domain.h	\
+	@test "$$(cat $(srcdir)/include/libvirt/libvirt.h.in		\
 	    $(srcdir)/include/libvirt/virterror.h			\
 	    $(srcdir)/include/libvirt/libvirt-qemu.h			\
 	    $(srcdir)/include/libvirt/libvirt-lxc.h			\
-	    $(srcdir)/include/libvirt/libvirt-admin.h			\
 	  | grep -c '\(long\|unsigned\) flags')" != 4 &&		\
 	  { echo '$(ME): new API should use "unsigned int flags"' 1>&2;	\
 	    exit 1; } || :
-	@prohibit=' flags ATTRIBUTE_UNUSED'				\
+	@prohibit=' flags ''ATTRIBUTE_UNUSED'				\
 	halt='flags should be checked with virCheckFlags'		\
 	  $(_sc_search_regexp)
 	@prohibit='^[^@]*([^d] (int|long long)|[^dg] long) flags[;,)]'	\
@@ -351,8 +354,8 @@ sc_prohibit_mkstemp:
 # access with X_OK accepts directories, but we can't exec() those.
 # access with F_OK or R_OK is okay, though.
 sc_prohibit_access_xok:
-	@prohibit='access(at)? *\(.*X_OK'				\
-	halt='use virFileIsExecutable instead of access(,X_OK)'		\
+	@prohibit='access''(at)? *\(.*X_OK'				\
+	halt='use virFileIsExecutable instead of access''(,X_OK)'	\
 	  $(_sc_search_regexp)

 # Similar to the gnulib maint.mk rule for sc_prohibit_strcmp
@@ -361,7 +364,7 @@ snp_ = strncmp *\(.+\)
 sc_prohibit_strncmp:
 	@prohibit='! *strncmp *\(|\<$(snp_) *[!=]=|[!=]= *$(snp_)'	\
 	exclude=':# *define STR(N?EQLEN|PREFIX)\('			\
-	halt='use STREQLEN or STRPREFIX instead of strncmp'		\
+	halt='use STREQLEN or STRPREFIX instead of str''ncmp'		\
 	  $(_sc_search_regexp)

 # strtol and friends are too easy to misuse
@@ -379,7 +382,7 @@ sc_prohibit_strtol:
 # But for plain %s, virAsprintf is overkill compared to strdup.
 sc_prohibit_asprintf:
 	@prohibit='\<v?a[s]printf\>'					\
-	halt='use virAsprintf, not asprintf'				\
+	halt='use virAsprintf, not as'printf				\
 	  $(_sc_search_regexp)
 	@prohibit='virAsprintf.*, *"%s",'				\
 	halt='use VIR_STRDUP instead of virAsprintf with "%s"'		\
@@ -406,7 +409,7 @@ sc_prohibit_risky_id_promotion:
 # since gnulib has more guarantees for snprintf portability
 sc_prohibit_sprintf:
 	@prohibit='\<[s]printf\>'					\
-	halt='use snprintf, not sprintf'				\
+	halt='use snprintf, not s'printf				\
 	  $(_sc_search_regexp)

 sc_prohibit_readlink:
@@ -419,60 +422,49 @@ sc_prohibit_gethostname:
 	halt='use virGetHostname, not gethostname'			\
 	  $(_sc_search_regexp)

-sc_prohibit_readdir:
-	@prohibit='\b(read|close|open)dir *\('				\
-	exclude='exempt from syntax-check'				\
-	halt='use virDirOpen, virDirRead and VIR_DIR_CLOSE'		\
-	  $(_sc_search_regexp)
-
 sc_prohibit_gettext_noop:
 	@prohibit='gettext_noop *\('					\
 	halt='use N_, not gettext_noop'					\
 	  $(_sc_search_regexp)

 sc_prohibit_VIR_ERR_NO_MEMORY:
-	@prohibit='\<VIR_ERR_NO_MEMORY\>'				\
-	halt='use virReportOOMError, not VIR_ERR_NO_MEMORY'		\
+	@prohibit='\<V''IR_ERR_NO_MEMORY\>'				\
+	halt='use virReportOOMError, not V'IR_ERR_NO_MEMORY		\
 	  $(_sc_search_regexp)

 sc_prohibit_PATH_MAX:
-	@prohibit='\<PATH_MAX\>'				\
-	halt='dynamically allocate paths, do not use PATH_MAX'	\
+	@prohibit='\<P''ATH_MAX\>'				\
+	halt='dynamically allocate paths, do not use P'ATH_MAX	\
 	  $(_sc_search_regexp)

+# Use a subshell for each function, to give the optimal warning message.
 include $(srcdir)/Makefile.nonreentrant
 sc_prohibit_nonreentrant:
-	@prohibit="\\<(${NON_REENTRANT_RE}) *\\("			\
-	halt="use re-entrant functions (usually ending with _r)"	\
-	  $(_sc_search_regexp)
+	@fail=0 ; \
+	for i in $(NON_REENTRANT) ; \
+	do \
+	    (prohibit="\\<$$i *\\("					\
+	     halt="use $${i}_r, not $$i"				\
+	     $(_sc_search_regexp)					\
+	    ) || fail=1;						\
+	done ; \
+	exit $$fail

 sc_prohibit_select:
-	@prohibit='\<select *\('					\
-	halt='use poll(), not select()'					\
+	@prohibit="\\<select *\\("					\
+	halt="use poll(), not se""lect()"				\
 	  $(_sc_search_regexp)

 # Prohibit the inclusion of <ctype.h>.
 sc_prohibit_ctype_h:
 	@prohibit='^# *include  *<ctype\.h>'				\
-	halt='use c-ctype.h instead of ctype.h'				\
+	halt="don't use ctype.h; instead, use c-ctype.h"		\
 	  $(_sc_search_regexp)

 # Insist on correct types for [pug]id.
 sc_correct_id_types:
 	@prohibit='\<(int|long) *[pug]id\>'				\
-	halt='use pid_t for pid, uid_t for uid, gid_t for gid'		\
-	  $(_sc_search_regexp)
-
-# "const fooPtr a" is the same as "foo * const a", even though it is
-# usually desired to have "foo const *a".  It's easier to just prevent
-# the confusing mix of typedef vs. const placement.
-# Also requires that all 'fooPtr' typedefs are actually pointers.
-sc_forbid_const_pointer_typedef:
-	@prohibit='(^|[^"])const \w*Ptr'				\
-	halt='"const fooPtr var" does not declare what you meant'	\
-	  $(_sc_search_regexp)
-	@prohibit='typedef [^(]+ [^*]\w*Ptr\b'				\
-	halt='use correct style and type for Ptr typedefs'		\
+	halt="use pid_t for pid, uid_t for uid, gid_t for gid"		\
 	  $(_sc_search_regexp)

 # Forbid sizeof foo or sizeof (foo), require sizeof(foo)
@@ -496,12 +488,12 @@ ctype_re = isalnum|isalpha|isascii|isblank|iscntrl|isdigit|isgraph|islower\

 sc_avoid_ctype_macros:
 	@prohibit='\b($(ctype_re)) *\('					\
-	halt='use c-ctype.h instead of ctype macros'			\
+	halt="don't use ctype macros (use c-ctype.h)"			\
 	  $(_sc_search_regexp)

 sc_avoid_strcase:
 	@prohibit='\bstrn?case(cmp|str) *\('				\
-	halt='use c-strcase.h instead of raw strcase functions'		\
+	halt="don't use raw strcase functions (use c-strcase instead)"	\
 	  $(_sc_search_regexp)

 sc_prohibit_virBufferAdd_with_string_literal:
@@ -514,9 +506,11 @@ sc_prohibit_virBufferAsprintf_with_string_literal:
 	halt='use virBufferAddLit, not virBufferAsprintf, with a string literal' \
 	  $(_sc_search_regexp)

-sc_forbid_manual_xml_indent:
-	@prohibit='virBuffer.*" +<'					      \
-	halt='use virBufferAdjustIndent instead of spaces when indenting xml' \
+# Not only do they fail to deal well with ipv6, but the gethostby*
+# functions are also not thread-safe.
+sc_prohibit_gethostby:
+	@prohibit='\<gethostby(addr|name2?) *\('			\
+	halt='use getaddrinfo, not gethostby*'				\
 	  $(_sc_search_regexp)

 # dirname and basename from <libgen.h> are not required to be thread-safe
@@ -551,40 +545,6 @@ sc_avoid_attribute_unused_in_header:
 	halt='use ATTRIBUTE_UNUSED in .c rather than .h files'		\
 	  $(_sc_search_regexp)

-sc_prohibit_int_index:
-	@prohibit='\<(int|unsigned)\s*\*?index\>(\s|,|;)'	\
-	halt='use different name than 'index' for declaration'	        \
-	  $(_sc_search_regexp)
-
-sc_prohibit_int_ijk:
-	@prohibit='\<(int|unsigned) ([^(=]* )*(i|j|k)\>(\s|,|;)'	\
-	exclude='exempt from syntax-check'				\
-	halt='use size_t, not int/unsigned int for loop vars i, j, k'	\
-	  $(_sc_search_regexp)
-
-sc_prohibit_loop_iijjkk:
-	@prohibit='\<(int|unsigned) ([^=]+ )*(ii|jj|kk)\>(\s|,|;)'	\
-	halt='use i, j, k for loop iterators, not ii, jj, kk'		\
-	  $(_sc_search_regexp)
-
-# RHEL 5 gcc can't grok "for (int i..."
-sc_prohibit_loop_var_decl:
-	@prohibit='\<for *\(\w+[ *]+\w+'				\
-	in_vc_files='\.[ch]$$'						\
-	halt='declare loop iterators outside the for statement'		\
-	  $(_sc_search_regexp)
-
-# Use 'bool', not 'int', when assigning true or false
-sc_prohibit_int_assign_bool:
-	@prohibit='\<int\>.*= *(true|false)'				\
-	halt='use bool type for boolean values'				\
-	  $(_sc_search_regexp)
-
-sc_prohibit_unsigned_pid:
-	@prohibit='\<unsigned\> [^,=;(]+pid'				\
-	halt='use signed type for pid values'				\
-	  $(_sc_search_regexp)
-
 # Many of the function names below came from this filter:
 # git grep -B2 '\<_('|grep -E '\.c- *[[:alpha:]_][[:alnum:]_]* ?\(.*[,;]$' \
 # |sed 's/.*\.c-  *//'|perl -pe 's/ ?\(.*//'|sort -u \
@@ -597,6 +557,16 @@ msg_gen_function += regerror
 msg_gen_function += vah_error
 msg_gen_function += vah_warning
 msg_gen_function += virGenericReportError
+msg_gen_function += virLibConnError
+msg_gen_function += virLibDomainError
+msg_gen_function += virLibDomainSnapshotError
+msg_gen_function += virLibInterfaceError
+msg_gen_function += virLibNetworkError
+msg_gen_function += virLibNodeDeviceError
+msg_gen_function += virLibNWFilterError
+msg_gen_function += virLibSecretError
+msg_gen_function += virLibStoragePoolError
+msg_gen_function += virLibStorageVolError
 msg_gen_function += virRaiseError
 msg_gen_function += virReportError
 msg_gen_function += virReportErrorHelper
@@ -611,9 +581,8 @@ msg_gen_function += xenapiSessionErrorHandler
 # msg_gen_function += vshPrint
 # msg_gen_function += vshError

-space =
-space +=
-func_re= ($(subst $(space),|,$(msg_gen_function)))
+func_or := $(shell echo $(msg_gen_function)|tr -s ' ' '|')
+func_re := ($(func_or))

 # Look for diagnostics that aren't marked for translation.
 # This won't find any for which error's format string is on a separate line.
@@ -627,7 +596,7 @@ sc_libvirt_unmarked_diagnostics:
 	  $(_sc_search_regexp)
 	@{ grep     -nE '\<$(func_re) *\(.*;$$' $$($(VC_LIST_EXCEPT));   \
 	   grep -A1 -nE '\<$(func_re) *\(.*,$$' $$($(VC_LIST_EXCEPT)); } \
-	   | $(SED) 's/_("\([^\"]\|\\.\)\+"//;s/[	 ]"%s"//'		\
+	   | sed 's/_("\([^\"]\|\\.\)\+"//;s/[	 ]"%s"//'		\
 	   | grep '[	 ]"' &&						\
 	  { echo '$(ME): found unmarked diagnostic(s)' 1>&2;		\
 	    exit 1; } || :
@@ -652,7 +621,7 @@ sc_prohibit_newline_at_end_of_diagnostic:
 sc_prohibit_diagnostic_without_format:
 	@{ grep     -nE '\<$(func_re) *\(.*;$$' $$($(VC_LIST_EXCEPT));   \
 	   grep -A2 -nE '\<$(func_re) *\(.*,$$' $$($(VC_LIST_EXCEPT)); } \
-	   | $(SED) -rn -e ':l; /[,"]$$/ {N;b l;}'				 \
+	   | sed -rn -e ':l; /[,"]$$/ {N;b l;}'				 \
 		-e '/(xenapiSessionErrorHandler|vah_(error|warning))/d'	 \
 		-e '/\<$(func_re) *\([^"]*"([^%"]|"\n[^"]*")*"[,)]/p'	 \
           | grep -vE 'VIR_ERROR' &&					 \
@@ -666,7 +635,7 @@ sc_prohibit_useless_translation:
 	halt='found useless translation'				\
 	  $(_sc_search_regexp)
 	@prohibit='\<N?_ *\('						\
-	in_vc_files='(tests|examples)/'					\
+	in_vc_files='^(tests|examples)/'				\
 	halt='no translations in tests or examples'			\
 	  $(_sc_search_regexp)

@@ -674,7 +643,7 @@ sc_prohibit_useless_translation:
 # or \n on one side of the split.
 sc_require_whitespace_in_translation:
 	@grep -n -A1 '"$$' $$($(VC_LIST_EXCEPT))   			\
-	   | $(SED) -ne ':l; /"$$/ {N;b l;}; s/"\n[^"]*"/""/g; s/\\n/ /g'	\
+	   | sed -ne ':l; /"$$/ {N;b l;}; s/"\n[^"]*"/""/g; s/\\n/ /g'	\
 		-e '/_(.*[^\ ]""[^\ ]/p' | grep . &&			\
 	  { echo '$(ME): missing whitespace at line split' 1>&2;	\
 	    exit 1; } || :
@@ -682,7 +651,7 @@ sc_require_whitespace_in_translation:
 # Enforce recommended preprocessor indentation style.
 sc_preprocessor_indentation:
 	@if cppi --version >/dev/null 2>&1; then			\
-	  $(VC_LIST_EXCEPT) | grep -E '\.[ch](\.in)?$$' | xargs cppi -a -c	\
+	  $(VC_LIST_EXCEPT) | grep '\.[ch]$$' | xargs cppi -a -c	\
 	    || { echo '$(ME): incorrect preprocessor indentation' 1>&2;	\
 		exit 1; };						\
 	else								\
@@ -694,11 +663,11 @@ sc_preprocessor_indentation:
 sc_spec_indentation:
 	@if cppi --version >/dev/null 2>&1; then			\
 	  for f in $$($(VC_LIST_EXCEPT) | grep '\.spec\.in$$'); do	\
-	    $(SED) -e 's|#|// #|; s|%ifn*\(arch\)* |#if a // |'		\
+	    sed -e 's|#|// #|; s|%ifn*\(arch\)* |#if a // |'		\
 		-e 's/%\(else\|endif\|define\)/#\1/'			\
 		-e 's/^\( *\)\1\1\1#/#\1/'				\
 		-e 's|^\( *[^#/ ]\)|// \1|; s|^\( */[^/]\)|// \1|' $$f	\
-	    | cppi -a -c 2>&1 | $(SED) "s|standard input|$$f|";		\
+	    | cppi -a -c 2>&1 | sed "s|standard input|$$f|";		\
 	  done | { if grep . >&2; then false; else :; fi; }		\
 	    || { echo '$(ME): incorrect preprocessor indentation' 1>&2;	\
 		exit 1; };						\
@@ -706,27 +675,6 @@ sc_spec_indentation:
 	  echo '$(ME): skipping test $@: cppi not installed' 1>&2;	\
 	fi

-# Nested conditionals are easier to understand if we enforce that endifs
-# can be paired back to the if
-sc_makefile_conditionals:
-	@prohibit='(else|endif)($$| *#)'				\
-	in_vc_files='Makefile\.am'					\
-	halt='match "if FOO" with "endif FOO" in Makefiles'		\
-	  $(_sc_search_regexp)
-
-# Long lines can be harder to diff; too long, and git send-email chokes.
-# For now, only enforce line length on files where we have intentionally
-# fixed things and don't want to regress.
-sc_prohibit_long_lines:
-	@prohibit='.{90}'						\
-	in_vc_files='\.arg[sv]'						\
-	halt='Wrap long lines in expected output files'			\
-	  $(_sc_search_regexp)
-	@prohibit='.{80}'						\
-	in_vc_files='Makefile\.am'					\
-	halt='Wrap long lines in Makefiles'				\
-	  $(_sc_search_regexp)
-
 sc_copyright_format:
 	@require='Copyright .*Red 'Hat', Inc\.'				\
 	containing='Copyright .*Red 'Hat				\
@@ -735,7 +683,7 @@ sc_copyright_format:
 	@prohibit='Copyright [^(].*Red 'Hat				\
 	halt='consistently use (C) in Red Hat copyright'		\
 	  $(_sc_search_regexp)
-	@prohibit='\<RedHat\>'						\
+	@prohibit='\<Red''Hat\>'					\
 	halt='spell Red Hat as two words'				\
 	  $(_sc_search_regexp)

@@ -768,17 +716,16 @@ sc_prohibit_gettext_markup:
 # lower-level code must not include higher-level headers.
 cross_dirs=$(patsubst $(srcdir)/src/%.,%,$(wildcard $(srcdir)/src/*/.))
 cross_dirs_re=($(subst / ,/|,$(cross_dirs)))
-mid_dirs=access|conf|cpu|locking|logging|network|node_device|rpc|security|storage
 sc_prohibit_cross_inclusion:
 	@for dir in $(cross_dirs); do					\
 	  case $$dir in							\
 	    util/) safe="util";;					\
-	    access/ | conf/) safe="($$dir|conf|util)";;			\
-	    locking/) safe="($$dir|util|conf|rpc)";;			\
-	    cpu/| network/| node_device/| rpc/| security/| storage/)	\
-	      safe="($$dir|util|conf|storage)";;			\
-	    xenapi/ | xenconfig/ ) safe="($$dir|util|conf|xen|cpu)";;	\
-	    *) safe="($$dir|$(mid_dirs)|util)";;			\
+	    locking/)							\
+	      safe="($$dir|util|conf|rpc)";;				\
+	    cpu/ | locking/ | network/ | rpc/ | security/)		\
+	      safe="($$dir|util|conf)";;				\
+	    xenapi/ | xenxs/ ) safe="($$dir|util|conf|xen)";;		\
+	    *) safe="($$dir|util|conf|cpu|network|locking|rpc|security)";; \
 	  esac;								\
 	  in_vc_files="^src/$$dir"					\
 	  prohibit='^# *include .$(cross_dirs_re)'			\
@@ -791,7 +738,7 @@ sc_prohibit_cross_inclusion:
 # elements added to the enum by using a _LAST marker.
 sc_require_enum_last_marker:
 	@grep -A1 -nE '^[^#]*VIR_ENUM_IMPL *\(' $$($(VC_LIST_EXCEPT))	\
-	   | $(SED) -ne '/VIR_ENUM_IMPL[^,]*,$$/N'				\
+	   | sed -ne '/VIR_ENUM_IMPL[^,]*,$$/N'				\
 	     -e '/VIR_ENUM_IMPL[^,]*,[^,]*[^_,][^L,][^A,][^S,][^T,],/p'	\
 	     -e '/VIR_ENUM_IMPL[^,]*,[^,]\{0,4\},/p'			\
 	   | grep . &&							\
@@ -802,16 +749,40 @@ sc_require_enum_last_marker:
 sc_prohibit_semicolon_at_eol_in_python:
 	@prohibit='^[^#].*\;$$'			                        \
 	in_vc_files='\.py$$'						\
-	halt='python does not require to end lines with a semicolon'	\
+	halt="Don't use semicolon at eol in python files"		\
 	  $(_sc_search_regexp)

 # mymain() in test files should use return, not exit, for nicer output
 sc_prohibit_exit_in_tests:
 	@prohibit='\<exit *\('						\
-	in_vc_files='tests/.*\.c$$'					\
+	in_vc_files='^tests/'						\
 	halt='use return, not exit(), in tests'				\
 	  $(_sc_search_regexp)

+# Don't include duplicate header in the source (either *.c or *.h)
+sc_prohibit_duplicate_header:
+	@fail=0; for i in $$($(VC_LIST_EXCEPT) | grep '\.[chx]$$'); do	\
+	  awk '/# *include.*\.h/ {					\
+	    match($$0, /[<"][^>"]*[">]/);				\
+	    arr[substr($$0, RSTART + 1, RLENGTH - 2)]++;		\
+	  }								\
+	  END {								\
+	    for (key in arr) {						\
+	      if (arr[key] > 1)	{					\
+		fail=1;							\
+		printf("%d %s are included\n", arr[key], key);		\
+	      }								\
+	    }								\
+	    if (fail == 1) {						\
+	      printf("duplicate header(s) in " FILENAME "\n");		\
+	      exit 1;							\
+	    }								\
+	  }' $$i || fail=1;						\
+	done;								\
+	if test $$fail -eq 1; then					\
+	  { echo '$(ME): avoid duplicate headers' 1>&2; exit 1; }	\
+	fi;
+
 # Don't include "libvirt/*.h" in "" form.
 sc_prohibit_include_public_headers_quote:
 	@prohibit='# *include *"libvirt/.*\.h"'				\
@@ -835,225 +806,42 @@ sc_prohibit_config_h_in_headers:
 	halt='headers should not include <config.h>'			\
 	  $(_sc_search_regexp)

-sc_prohibit_unbounded_arrays_in_rpc:
-	@prohibit='<>'							\
-	in_vc_files='\.x$$'						\
-	halt='Arrays in XDR must have a upper limit set for <NNN>'	\
-	  $(_sc_search_regexp)
-
-sc_prohibit_getenv:
-	@prohibit='\b(secure_)?getenv *\('				\
-	exclude='exempt from syntax-check'				\
-	halt='Use virGetEnv{Allow,Block}SUID instead of getenv'		\
-	  $(_sc_search_regexp)
-
-sc_prohibit_atoi:
-	@prohibit='\bato(i|f|l|ll|q) *\('	\
-	halt='Use virStrToLong* instead of atoi, atol, atof, atoq, atoll' \
-	  $(_sc_search_regexp)
-
-sc_prohibit_wrong_filename_in_comment:
-	@fail=0;                                                       \
-	awk 'BEGIN {                                                   \
-	  fail=0;                                                      \
-	} FNR < 3 {                                                    \
-	  n=match($$0, /[[:space:]][^[:space:]]*[.][ch][[:space:]:]/); \
-	  if (n > 0) {                                                 \
-	    A=substr($$0, RSTART+1, RLENGTH-2);                        \
-	    n=split(FILENAME, arr, "/");                               \
-	    if (A != arr[n]) {                                         \
-	      print "in " FILENAME ": " A " mentioned in comments ";   \
-	      fail=1;                                                  \
-	    }                                                          \
-	  }                                                            \
-	} END {                                                        \
-	  if (fail == 1) {                                             \
-	    exit 1;                                                    \
-	  }                                                            \
-	}' $$($(VC_LIST_EXCEPT) | grep '\.[ch]$$') || fail=1;          \
-	if test $$fail -eq 1; then                                     \
-	  { echo '$(ME): The file name in comments must match the'     \
-	    'actual file name' 1>&2; exit 1; }	                       \
-	fi;
-
-sc_prohibit_virConnectOpen_in_virsh:
-	@prohibit='\bvirConnectOpen[a-zA-Z]* *\('                      \
-	in_vc_files='tools/virsh-.*\.[ch]$$'                           \
-	halt='Use vshConnect() in virsh instead of virConnectOpen*'    \
-	  $(_sc_search_regexp)
-
-sc_require_space_before_label:
-	@prohibit='^(   ?)?[_a-zA-Z0-9]+:$$'                           \
-	in_vc_files='\.[ch]$$'                                         \
-	halt='Top-level labels should be indented by one space'        \
-	  $(_sc_search_regexp)
-
-# Allow for up to three spaces before the label: this is to avoid running
-# into situations where neither this rule nor require_space_before_label
-# would apply, eg. a line matching ^[a-zA-Z0-9]+ :$
-sc_prohibit_space_in_label:
-	@prohibit='^ {0,3}[_a-zA-Z0-9]+ +:$$'                          \
-	in_vc_files='\.[ch]$$'                                         \
-	halt='There should be no space between label name and colon'   \
-	  $(_sc_search_regexp)
-
-# Doesn't catch all cases of mismatched braces across if-else, but it helps
-sc_require_if_else_matching_braces:
-	@prohibit='(  else( if .*\))? {|} else( if .*\))?$$)'		\
-	in_vc_files='\.[chx]$$'						\
-	halt='if one side of if-else uses {}, both sides must use it'	\
-	  $(_sc_search_regexp)
-
-sc_curly_braces_style:
-	@files=$$($(VC_LIST_EXCEPT) | grep '\.[ch]$$');			\
-	if $(GREP) -nHP							\
-'^\s*(?!([a-zA-Z_]*for_?each[a-zA-Z_]*) ?\()([_a-zA-Z0-9]+( [_a-zA-Z0-9]+)* ?\()?(\*?[_a-zA-Z0-9]+(,? \*?[_a-zA-Z0-9\[\]]+)+|void)\) ?\{'		\
-	$$files; then							\
-	  echo '$(ME): Non-K&R style used for curly braces around'	\
-	    'function body' 1>&2; exit 1;		\
-	fi;								\
-	if $(GREP) -A1 -En ' ((if|for|while|switch) \(|(else|do)\b)[^{]*$$'\
-	  $$files | $(GREP) '^[^ ]*- *{'; then				\
-	  echo '$(ME): Use hanging braces for compound statements' 1>&2; exit 1; \
-	fi
-
-sc_prohibit_windows_special_chars_in_filename:
-	@files=$$($(VC_LIST_EXCEPT) | grep '[:*?"<>|]');               \
-	test -n "$$files" && { echo '$(ME): Windows special chars'     \
-	  'in filename not allowed:' 1>&2; echo $$files 1>&2; exit 1; } || :
-
-sc_prohibit_mixed_case_abbreviations:
-	@prohibit='Pci|Usb|Scsi'			\
-	in_vc_files='\.[ch]$$'				\
-	halt='Use PCI, USB, SCSI, not Pci, Usb, Scsi'	\
-	  $(_sc_search_regexp)
-
-# Require #include <locale.h> in all files that call setlocale()
-sc_require_locale_h:
-	@require='include.*locale\.h'					\
-	containing='setlocale *('					\
-	halt='setlocale() requires <locale.h>'				\
-	  $(_sc_search_regexp)
-
-sc_prohibit_empty_first_line:
-	@awk 'BEGIN { fail=0; }						\
-	FNR == 1 { if ($$0 == "") { print FILENAME ":1:"; fail=1; } }	\
-	END { if (fail == 1) {						\
-	  print "$(ME): Prohibited empty first line" > "/dev/stderr";	\
-	} exit fail; }' $$($(VC_LIST_EXCEPT));
-
-sc_prohibit_paren_brace:
-	@prohibit='\)\{$$'						\
-	in_vc_files='\.[chx]$$'						\
-	halt='Put space between closing parenthesis and opening brace'	\
-	  $(_sc_search_regexp)
-
-# C guarantees that static variables are zero initialized, and some compilers
-# waste space by sticking explicit initializers in .data instead of .bss
-sc_prohibit_static_zero_init:
-	@prohibit='\bstatic\b.*= *(0[^xX0-9]|NULL|false)'		\
-	in_vc_files='\.[chx](\.in)?$$'					\
-	halt='static variables do not need explicit zero initialization'\
-	  $(_sc_search_regexp)
-
-# FreeBSD exports the "devname" symbol which produces a warning.
-sc_prohibit_devname:
-	@prohibit='\bdevname\b'	\
-	exclude='sc_prohibit_devname' \
-	halt='avoid using devname as FreeBSD exports the symbol' \
-	  $(_sc_search_regexp)
-
-sc_prohibit_system_error_with_vir_err:
-	@prohibit='\bvirReportSystemError *\(VIR_ERR_' \
-	halt='do not use virReportSystemError with VIR_ERR_* error codes' \
-	  $(_sc_search_regexp)
-
-# Rule to prohibit usage of virXXXFree within library, daemon, remote, etc.
-# functions. There's a corresponding exclude to allow usage within tests,
-# docs, examples, tools, src/libvirt-*.c, and include/libvirt/libvirt-*.h
-sc_prohibit_virXXXFree:
-	@prohibit='\bvir(Domain|Network|NodeDevice|StorageVol|StoragePool|Stream|Secret|NWFilter|Interface|DomainSnapshot)Free\b'	\
-	exclude='sc_prohibit_virXXXFree' \
-	halt='avoid using virXXXFree, use virObjectUnref instead' \
-	  $(_sc_search_regexp)
-
-sc_prohibit_sysconf_pagesize:
-	@prohibit='sysconf\(_SC_PAGESIZE' \
-	halt='use virGetSystemPageSize[KB] instead of sysconf(_SC_PAGESIZE)' \
-	  $(_sc_search_regexp)
-
-sc_prohibit_virSecurity:
-	@grep -Pn 'virSecurityManager(?!Ptr)' $$($(VC_LIST_EXCEPT) | grep 'src/qemu/' | \
-		grep -v 'src/qemu/qemu_security') && \
-		{ echo '$(ME): prefer qemuSecurity wrappers' 1>&2; exit 1; } || :
-
-sc_prohibit_pthread_create:
-	@prohibit='\bpthread_create\b' \
-	exclude='sc_prohibit_pthread_create' \
-	halt='avoid using pthread_create, use virThreadCreate instead' \
-	  $(_sc_search_regexp)
-
-sc_prohibit_not_streq:
-	@prohibit='! *STRN?EQ *\(.*\)'		\
-	halt='Use STRNEQ instead of !STREQ and STREQ instead of !STRNEQ'	\
-	  $(_sc_search_regexp)
-
-sc_prohibit_verbose_strcat:
-	@prohibit='strncat\([^,]*,\s+([^,]*),\s+strlen\(\1\)\)'     \
-	in_vc_files='\.[ch]$$'                                      \
-	halt='Use strcat(a, b) instead of strncat(a, b, strlen(b))' \
-	  $(_sc_search_regexp)
-
-# Ensure that each .c file containing a "main" function also
-# calls virGettextInitialize
-sc_gettext_init:
-	@require='virGettextInitialize *\('					\
-	in_vc_files='\.c$$'						\
-	containing='\<main *('						\
-	halt='the above files do not call virGettextInitialize'		\
-	  $(_sc_search_regexp)
-
-sc_prohibit_obj_free_apis_in_virsh:
-	@prohibit='\bvir(Domain|DomainSnapshot)Free\b' \
-	in_vc_files='virsh.*\.[ch]$$'                              \
-	exclude='sc_prohibit_obj_free_apis_in_virsh' \
-	halt='avoid using virDomain(Snapshot)Free in virsh, use virsh-prefixed wrappers instead' \
-	  $(_sc_search_regexp)

 # We don't use this feature of maint.mk.
 prev_version_file = /dev/null

-ifneq ($(_gl-Makefile),)
 ifeq (0,$(MAKELEVEL))
-  _dry_run_result := $(shell \
-      cd '$(srcdir)'; \
-      test -d .git || test -f .git || { echo 0; exit; }; \
-      $(srcdir)/autogen.sh --dry-run >/dev/null 2>&1; \
-      echo $$?; \
-  )
+  _curr_status = .git-module-status
+  # The sed filter accommodates those who check out on a commit from which
+  # no tag is reachable.  In that case, git submodule status prints a "-"
+  # in column 1 and does not print a "git describe"-style string after the
+  # submodule name.  Contrast these:
+  # -b653eda3ac4864de205419d9f41eec267cb89eeb .gnulib
+  #  b653eda3ac4864de205419d9f41eec267cb89eeb .gnulib (v0.0-2286-gb653eda)
+  # $ cat .git-module-status
+  # b653eda3ac4864de205419d9f41eec267cb89eeb
+  #
+  # Keep this logic in sync with autogen.sh.
+  _submodule_hash = sed 's/^[ +-]//;s/ .*//'
+  _update_required := $(shell						\
+      cd '$(srcdir)';							\
+      test -d .git || { echo 0; exit; };				\
+      test -f po/Makevars || { echo 1; exit; };				\
+      test -f AUTHORS || { echo 1; exit; };				\
+      test "no-git" = "$$(cat $(_curr_status))" && { echo 0; exit; };	\
+      actual=$$(git submodule status | $(_submodule_hash);		\
+		git hash-object bootstrap.conf;				\
+		git ls-tree -d HEAD gnulib/local | awk '{print $$3}';	\
+		git diff .gnulib);					\
+      stamp="$$($(_submodule_hash) $(_curr_status) 2>/dev/null)";	\
+      test "$$stamp" = "$$actual"; echo $$?)
  _clean_requested = $(filter %clean,$(MAKECMDGOALS))
-
-  # A return value of 0 means no action is required
-
-  # A return value of 1 means a genuine error has occurred while
-  # performing the dry run, and it should be reported so it can
-  # be investigated
-  ifeq (1,$(_dry_run_result))
-    $(info INFO: autogen.sh error, running again to show details)
-maint.mk Makefile: _autogen_error
-  endif
-
-  # A return value of 2 means that autogen.sh needs to be executed
-  # in earnest before building, probably because of gnulib updates.
-  # We don't run autogen.sh if the clean target has been invoked,
-  # though, as it would be quite pointless
-  ifeq (2,$(_dry_run_result)$(_clean_requested))
-    $(info INFO: running autogen.sh is required, running it now...)
+  ifeq (1,$(_update_required)$(_clean_requested))
+    $(info INFO: gnulib update required; running ./autogen.sh first)
    $(shell touch $(srcdir)/AUTHORS $(srcdir)/ChangeLog)
 maint.mk Makefile: _autogen
  endif
 endif
-endif

 # It is necessary to call autogen any time gnulib changes.  Autogen
 # reruns configure, then we regenerate all Makefiles at once.
@@ -1062,71 +850,41 @@ _autogen:
 	$(srcdir)/autogen.sh
 	./config.status

-.PHONY: _autogen_error
-_autogen_error:
-	$(srcdir)/autogen.sh --dry-run
+# regenerate HACKING as part of the syntax-check
+syntax-check: $(top_srcdir)/HACKING bracket-spacing-check

-ifneq ($(_gl-Makefile),)
-syntax-check: spacing-check test-wrap-argv \
-	prohibit-duplicate-header mock-noinline
-endif
-
-# Don't include duplicate header in the source (either *.c or *.h)
-prohibit-duplicate-header:
-	$(AM_V_GEN)files=$$($(VC_LIST_EXCEPT) | grep '\.[chx]$$'); \
-	$(PERL) -W $(top_srcdir)/build-aux/prohibit-duplicate-header.pl $$files
-
-spacing-check:
+bracket-spacing-check:
 	$(AM_V_GEN)files=`$(VC_LIST) | grep '\.c$$'`; \
-	$(PERL) $(top_srcdir)/build-aux/check-spacing.pl $$files || \
-	  { echo '$(ME): incorrect formatting' 1>&2; exit 1; }
-
-mock-noinline:
-	$(AM_V_GEN)files=`$(VC_LIST) | grep '\.[ch]$$'`; \
-	$(PERL) $(top_srcdir)/build-aux/mock-noinline.pl $$files
-
-test-wrap-argv:
-	$(AM_V_GEN)files=`$(VC_LIST) | grep -E '\.(ldargs|args)'`; \
-	$(PERL) $(top_srcdir)/tests/test-wrap-argv.pl --check $$files
+	$(PERL) $(top_srcdir)/build-aux/bracket-spacing.pl $$files || \
+	  { echo '$(ME): incorrect whitespace, see HACKING for rules' 1>&2; \
+	    exit 1; }

 # sc_po_check can fail if generated files are not built first
 sc_po_check: \
 		$(srcdir)/daemon/remote_dispatch.h \
 		$(srcdir)/daemon/qemu_dispatch.h \
-		$(srcdir)/src/remote/remote_client_bodies.h \
-		$(srcdir)/daemon/admin_dispatch.h \
-		$(srcdir)/src/admin/admin_client.h
+		$(srcdir)/src/remote/remote_client_bodies.h
 $(srcdir)/daemon/remote_dispatch.h: $(srcdir)/src/remote/remote_protocol.x
 	$(MAKE) -C daemon remote_dispatch.h
 $(srcdir)/daemon/qemu_dispatch.h: $(srcdir)/src/remote/qemu_protocol.x
 	$(MAKE) -C daemon qemu_dispatch.h
 $(srcdir)/src/remote/remote_client_bodies.h: $(srcdir)/src/remote/remote_protocol.x
 	$(MAKE) -C src remote/remote_client_bodies.h
-$(srcdir)/daemon/admin_dispatch.h: $(srcdir)/src/admin/admin_protocol.x
-	$(MAKE) -C daemon admin_dispatch.h
-$(srcdir)/src/admin/admin_client.h: $(srcdir)/src/admin/admin_protocol.x
-	$(MAKE) -C src admin/admin_client.h

 # List all syntax-check exemptions:
-exclude_file_name_regexp--sc_avoid_strcase = ^tools/vsh\.h$$
+exclude_file_name_regexp--sc_avoid_strcase = ^tools/virsh\.h$$

-_src1=libvirt-stream|qemu/qemu_monitor|util/vir(command|file|fdstream)|xen/xend_internal|rpc/virnetsocket|lxc/lxc_controller|locking/lock_daemon|logging/log_daemon
-_test1=shunloadtest|virnettlscontexttest|virnettlssessiontest|vircgroupmock
+_src1=libvirt|fdstream|qemu/qemu_monitor|util/(vircommand|virfile)|xen/xend_internal|rpc/virnetsocket|lxc/lxc_controller|locking/lock_daemon
+_test1=shunloadtest|virnettlscontexttest|vircgroupmock
 exclude_file_name_regexp--sc_avoid_write = \
-  ^(src/($(_src1))|daemon/libvirtd|tools/virsh-console|tests/($(_test1)))\.c$$
+  ^(src/($(_src1))|daemon/libvirtd|tools/console|tests/($(_test1)))\.c$$

-exclude_file_name_regexp--sc_bindtextdomain = .*
-
-exclude_file_name_regexp--sc_gettext_init = ^(tests|examples)/
-
-exclude_file_name_regexp--sc_copyright_format = \
-	^cfg\.mk$$
+exclude_file_name_regexp--sc_bindtextdomain = ^(tests|examples)/

 exclude_file_name_regexp--sc_copyright_usage = \
  ^COPYING(|\.LESSER)$$

-exclude_file_name_regexp--sc_flags_usage = \
-  ^(cfg\.mk|docs/|src/util/virnetdevtap\.c$$|tests/((vir(cgroup|pci|test|usb)|nss|qemuxml2argv)mock|virfilewrapper)\.c$$)
+exclude_file_name_regexp--sc_flags_usage = ^(docs/|src/util/virnetdevtap\.c$$|tests/vircgroupmock\.c$$)

 exclude_file_name_regexp--sc_libvirt_unmarked_diagnostics = \
  ^(src/rpc/gendispatch\.pl$$|tests/)
@@ -1134,27 +892,26 @@ exclude_file_name_regexp--sc_libvirt_unmarked_diagnostics = \
 exclude_file_name_regexp--sc_po_check = ^(docs/|src/rpc/gendispatch\.pl$$)

 exclude_file_name_regexp--sc_prohibit_VIR_ERR_NO_MEMORY = \
-  ^(cfg\.mk|include/libvirt/virterror\.h|daemon/dispatch\.c|src/util/virerror\.c|docs/internals/oomtesting\.html\.in)$$
+  ^(include/libvirt/virterror\.h|daemon/dispatch\.c|src/util/virerror\.c)$$

-exclude_file_name_regexp--sc_prohibit_PATH_MAX = \
-	^cfg\.mk$$
+exclude_file_name_regexp--sc_prohibit_access_xok = ^src/util/virutil\.c$$

-exclude_file_name_regexp--sc_prohibit_access_xok = \
-	^(cfg\.mk|src/util/virutil\.c)$$
+exclude_file_name_regexp--sc_prohibit_always_true_header_tests = \
+  ^python/(libvirt-(lxc-|qemu-)?override|typewrappers)\.c$$

 exclude_file_name_regexp--sc_prohibit_asprintf = \
-  ^(cfg\.mk|bootstrap.conf$$|examples/|src/util/virstring\.[ch]$$|tests/vircgroupmock\.c$$)
+  ^(bootstrap.conf$$|src/util/virstring\.c$$|examples/domain-events/events-c/event-test\.c$$|tests/vircgroupmock\.c$$)

 exclude_file_name_regexp--sc_prohibit_strdup = \
-  ^(docs/|examples/|src/util/virstring\.c|tests/vir(netserverclient|cgroup)mock.c$$)
+  ^(docs/|examples/|python/|src/util/virstring\.c$$)

 exclude_file_name_regexp--sc_prohibit_close = \
-  (\.p[yl]$$|\.spec\.in$$|^docs/|^(src/util/virfile\.c|src/libvirt-stream\.c|tests/vir.+mock\.c)$$)
+  (\.p[yl]$$|^docs/|^(src/util/virfile\.c|src/libvirt\.c|tests/vircgroupmock\.c)$$)

 exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF = \
-  (^tests/(qemuhelp|virhostcpu|virpcitest)data/|docs/js/.*\.js|docs/fonts/.*\.woff|\.diff|tests/virconfdata/no-newline\.conf$$)
+  (^tests/(qemuhelp|nodeinfo)data/|\.(gif|ico|png|diff)$$)

-_src2=src/(util/vircommand|libvirt|lxc/lxc_controller|locking/lock_daemon|logging/log_daemon)
+_src2=src/(util/vircommand|libvirt|lxc/lxc_controller|locking/lock_daemon)
 exclude_file_name_regexp--sc_prohibit_fork_wrappers = \
  (^($(_src2)|tests/testutils|daemon/libvirtd)\.c$$)

@@ -1167,13 +924,10 @@ exclude_file_name_regexp--sc_prohibit_newline_at_end_of_diagnostic = \
  ^src/rpc/gendispatch\.pl$$

 exclude_file_name_regexp--sc_prohibit_nonreentrant = \
-  ^((po|tests)/|docs/.*(py|js|html\.in)|run.in$$|tools/wireshark/util/genxdrstub\.pl$$)
-
-exclude_file_name_regexp--sc_prohibit_select = \
-	^cfg\.mk$$
+  ^((po|tests)/|docs/.*(py|html\.in)|run.in$$)

 exclude_file_name_regexp--sc_prohibit_raw_allocation = \
-  ^(docs/hacking\.html\.in|src/util/viralloc\.[ch]|examples/.*|tests/(securityselinuxhelper|(vircgroup|nss)mock)\.c|tools/wireshark/src/packet-libvirt\.c)$$
+  ^(docs/hacking\.html\.in)|(src/util/viralloc\.[ch]|examples/.*|tests/securityselinuxhelper\.c|tests/vircgroupmock\.c)$$

 exclude_file_name_regexp--sc_prohibit_readlink = \
  ^src/(util/virutil|lxc/lxc_container)\.c$$
@@ -1181,11 +935,12 @@ exclude_file_name_regexp--sc_prohibit_readlink = \
 exclude_file_name_regexp--sc_prohibit_setuid = ^src/util/virutil\.c$$

 exclude_file_name_regexp--sc_prohibit_sprintf = \
-  ^(cfg\.mk|docs/hacking\.html\.in|.*\.stp|.*\.pl)$$
+  ^(docs/hacking\.html\.in)|(examples/systemtap/.*stp)|(src/dtrace2systemtap\.pl)|(src/rpc/gensystemtap\.pl)$$

 exclude_file_name_regexp--sc_prohibit_strncpy = ^src/util/virstring\.c$$

-exclude_file_name_regexp--sc_prohibit_strtol = ^examples/.*$$
+exclude_file_name_regexp--sc_prohibit_strtol = \
+  ^src/(util/virsexpr|(vbox|xen|xenxs)/.*)\.c$$

 exclude_file_name_regexp--sc_prohibit_xmlGetProp = ^src/util/virxml\.c$$

@@ -1200,10 +955,10 @@ exclude_file_name_regexp--sc_require_config_h_first = \
 	^(examples/|tools/virsh-edit\.c$$)

 exclude_file_name_regexp--sc_trailing_blank = \
-  /qemuhelpdata/|/sysinfodata/.*\.data|/virhostcpudata/.*\.cpuinfo$$
+  (/qemuhelpdata/|/sysinfodata/.*\.data|\.(fig|gif|ico|png)$$)

 exclude_file_name_regexp--sc_unmarked_diagnostics = \
-  ^(docs/apibuild.py|tests/virt-aa-helper-test|docs/js/.*\.js)$$
+  ^(docs/apibuild.py|tests/virt-aa-helper-test)$$

 exclude_file_name_regexp--sc_size_of_brackets = cfg.mk

@@ -1213,49 +968,7 @@ exclude_file_name_regexp--sc_correct_id_types = \
 exclude_file_name_regexp--sc_m4_quote_check = m4/virt-lib.m4

 exclude_file_name_regexp--sc_prohibit_include_public_headers_quote = \
-  ^(src/internal\.h$$|tools/wireshark/src/packet-libvirt.h$$)
+  ^src/internal\.h$$

 exclude_file_name_regexp--sc_prohibit_include_public_headers_brackets = \
-  ^(tools/|examples/|include/libvirt/(virterror|libvirt(-(admin|qemu|lxc))?)\.h$$)
-
-exclude_file_name_regexp--sc_prohibit_int_ijk = \
-  ^(src/remote_protocol-structs|src/remote/remote_protocol\.x|cfg\.mk|include/libvirt/libvirt.+|src/admin_protocol-structs|src/admin/admin_protocol\.x)$$
-
-exclude_file_name_regexp--sc_prohibit_unsigned_pid = \
-  ^(include/libvirt/.*\.h|src/(qemu/qemu_driver\.c|driver-hypervisor\.h|libvirt(-[a-z]*)?\.c|.*\.x|util/vir(polkit|systemd)\.c)|tests/virpolkittest\.c|tools/virsh-domain\.c)$$
-
-exclude_file_name_regexp--sc_prohibit_getenv = \
-  ^tests/.*\.[ch]$$
-
-exclude_file_name_regexp--sc_avoid_attribute_unused_in_header = \
-  ^(src/util/virlog\.h|src/network/bridge_driver\.h)$$
-
-exclude_file_name_regexp--sc_prohibit_mixed_case_abbreviations = \
-  ^src/(vbox/vbox_CAPI.*.h|esx/esx_vi.(c|h)|esx/esx_storage_backend_iscsi.c)$$
-
-exclude_file_name_regexp--sc_prohibit_empty_first_line = \
-  ^(README|daemon/THREADS\.txt|src/esx/README|tests/(vmwarever|virhostcpu)data/.*)$$
-
-exclude_file_name_regexp--sc_prohibit_useless_translation = \
-  ^tests/virpolkittest.c
-
-exclude_file_name_regexp--sc_prohibit_devname = \
-  ^(tools/virsh.pod|cfg.mk|docs/.*)$$
-
-exclude_file_name_regexp--sc_prohibit_virXXXFree = \
-  ^(docs/|tests/|examples/|tools/|cfg.mk|src/test/test_driver.c|src/libvirt_public.syms|include/libvirt/libvirt-(domain|network|nodedev|storage|stream|secret|nwfilter|interface|domain-snapshot).h|src/libvirt-(domain|qemu|network|nodedev|storage|stream|secret|nwfilter|interface|domain-snapshot).c$$)
-
-exclude_file_name_regexp--sc_prohibit_sysconf_pagesize = \
-  ^(cfg\.mk|src/util/virutil\.c)$$
-
-exclude_file_name_regexp--sc_prohibit_pthread_create = \
-  ^(cfg\.mk|src/util/virthread\.c|tests/.*)$$
-
-exclude_file_name_regexp--sc_prohibit_always-defined_macros = \
-  ^tests/virtestmock.c$$
-
-exclude_file_name_regexp--sc_prohibit_readdir = \
-  ^tests/(.*mock|virfilewrapper)\.c$$
-
-exclude_file_name_regexp--sc_prohibit_cross_inclusion = \
-  ^(src/util/virclosecallbacks\.h|src/util/virhostdev\.h)$$
+  ^(python/|tools/|examples/|include/libvirt/(virterror|libvirt-(qemu|lxc))\.h$$)
--- a/config-post.h
+++ b/config-post.h
@@ -1,95 +0,0 @@
-/*
- * Copyright (C) 2013 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library.  If not, see
- * <http://www.gnu.org/licenses/>.
- */
-
-/*
- * Since virt-login-shell will be setuid, we must do everything
- * we can to avoid linking to other libraries. Many of them do
- * unsafe things in functions marked __atttribute__((constructor)).
- * The only way to avoid such deps is to re-compile the
- * functions with the code in question disabled, and for that we
- * must override the main config.h rules. Hence this file :-(
- */
-
-#ifdef LIBVIRT_SETUID_RPC_CLIENT
-# undef HAVE_LIBNL
-# undef HAVE_LIBNL3
-# undef HAVE_LIBSASL2
-# undef HAVE_SYS_ACL_H
-# undef WITH_CAPNG
-# undef WITH_CURL
-# undef WITH_DBUS
-# undef WITH_DEVMAPPER
-# undef WITH_DTRACE_PROBES
-# undef WITH_GNUTLS
-# undef WITH_GNUTLS_GCRYPT
-# undef WITH_LIBSSH
-# undef WITH_MACVTAP
-# undef WITH_NUMACTL
-# undef WITH_SASL
-# undef WITH_SSH2
-# undef WITH_SYSTEMD_DAEMON
-# undef WITH_VIRTUALPORT
-# undef WITH_YAJL
-# undef WITH_YAJL2
-#endif
-
-/*
- * With the NSS module it's the same story as virt-login-shell. See the
- * explanation above.
- */
-#ifdef LIBVIRT_NSS
-# undef HAVE_LIBNL
-# undef HAVE_LIBNL3
-# undef HAVE_LIBSASL2
-# undef HAVE_SYS_ACL_H
-# undef WITH_CAPNG
-# undef WITH_CURL
-# undef WITH_DEVMAPPER
-# undef WITH_DTRACE_PROBES
-# undef WITH_GNUTLS
-# undef WITH_GNUTLS_GCRYPT
-# undef WITH_LIBSSH
-# undef WITH_MACVTAP
-# undef WITH_NUMACTL
-# undef WITH_SASL
-# undef WITH_SSH2
-# undef WITH_VIRTUALPORT
-# undef WITH_SECDRIVER_SELINUX
-# undef WITH_SECDRIVER_APPARMOR
-# undef WITH_CAPNG
-#endif /* LIBVIRT_NSS */
-
-#ifndef __GNUC__
-# error "Libvirt requires GCC >= 4.4, or CLang"
-#endif
-
-/*
- * Define __GNUC_PREREQ to a sane default if it isn't yet defined.
- * This is done here so that it's included as early as possible; gnulib relies
- * on this to be defined in features.h, which should be included from ctype.h.
- * This doesn't happen on many non-glibc systems.
- * When __GNUC_PREREQ is not defined, gnulib defines it to 0, which breaks things.
- */
-#ifndef __GNUC_PREREQ
-# define __GNUC_PREREQ(maj, min)                                        \
-    ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
-#endif
-
-#if !(__GNUC_PREREQ(4, 4) || defined(__clang__))
-# error "Libvirt requires GCC >= 4.4, or CLang"
-#endif
--- a/configure.ac
+++ b/configure.ac
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@@ -1,6 +1,6 @@
 ## Process this file with automake to produce Makefile.in

-## Copyright (C) 2005-2015 Red Hat, Inc.
+## Copyright (C) 2005-2013 Red Hat, Inc.
 ##
 ## This library is free software; you can redistribute it and/or
 ## modify it under the terms of the GNU Lesser General Public
@@ -18,145 +18,80 @@

 INCLUDES = \
 	-I$(top_builddir)/gnulib/lib -I$(top_srcdir)/gnulib/lib \
-	-I$(top_srcdir) \
 	-I$(top_builddir)/include -I$(top_srcdir)/include \
 	-I$(top_builddir)/src -I$(top_srcdir)/src \
 	-I$(top_srcdir)/src/util \
 	-I$(top_srcdir)/src/conf \
 	-I$(top_srcdir)/src/rpc \
 	-I$(top_srcdir)/src/remote \
-	-I$(top_srcdir)/src/admin \
 	-I$(top_srcdir)/src/access \
 	$(GETTEXT_CPPFLAGS)

 CLEANFILES =

-WARN_CFLAGS += $(STRICT_FRAME_LIMIT_CFLAGS)
-
-DAEMON_GENERATED =			\
-		remote_dispatch.h	\
-		lxc_dispatch.h		\
-		qemu_dispatch.h		\
-		admin_dispatch.h	\
+DAEMON_GENERATED =					\
+		$(srcdir)/remote_dispatch.h		\
+		$(srcdir)/lxc_dispatch.h		\
+		$(srcdir)/qemu_dispatch.h		\
 		$(NULL)

 DAEMON_SOURCES =					\
 		libvirtd.c libvirtd.h			\
+		libvirtd-config.c libvirtd-config.h	\
 		remote.c remote.h			\
 		stream.c stream.h			\
+		../src/remote/remote_protocol.c		\
+		../src/remote/lxc_protocol.c		\
+		../src/remote/qemu_protocol.c		\
 		$(DAEMON_GENERATED)

-LIBVIRTD_CONF_SOURCES = libvirtd-config.c libvirtd-config.h
-
-PODFILES = \
-	libvirtd.pod \
-	$(NULL)
-
-MANINFILES = \
-	libvirtd.8.in \
-	$(NULL)
-
 DISTCLEANFILES =
 EXTRA_DIST =						\
 	remote_dispatch.h				\
 	lxc_dispatch.h					\
 	qemu_dispatch.h					\
-	admin_dispatch.h				\
 	libvirtd.conf					\
 	libvirtd.init.in				\
 	libvirtd.upstart				\
 	libvirtd.policy.in				\
-	libvirt.rules					\
 	libvirtd.sasl					\
 	libvirtd.service.in				\
-	virt-guest-shutdown.target		\
 	libvirtd.sysconf				\
 	libvirtd.sysctl					\
 	libvirtd.aug                                    \
 	libvirtd.logrotate.in                           \
 	libvirtd.qemu.logrotate.in                      \
 	libvirtd.lxc.logrotate.in                       \
-	libvirtd.libxl.logrotate.in                     \
 	libvirtd.uml.logrotate.in                       \
 	test_libvirtd.aug.in                             \
 	THREADS.txt					\
-	$(PODFILES)					\
-	$(MANINFILES)					\
-	$(DAEMON_SOURCES)				\
-	$(LIBVIRTD_CONF_SOURCES)			\
-	$(NULL)
+	libvirtd.pod.in					\
+	libvirtd.8.in					\
+	$(DAEMON_SOURCES)

 BUILT_SOURCES =

 REMOTE_PROTOCOL = $(top_srcdir)/src/remote/remote_protocol.x
 LXC_PROTOCOL = $(top_srcdir)/src/remote/lxc_protocol.x
 QEMU_PROTOCOL = $(top_srcdir)/src/remote/qemu_protocol.x
-ADMIN_PROTOCOL = $(top_srcdir)/src/admin/admin_protocol.x

-remote_dispatch.h: $(top_srcdir)/src/rpc/gendispatch.pl \
+$(srcdir)/remote_dispatch.h: $(srcdir)/../src/rpc/gendispatch.pl \
 		$(REMOTE_PROTOCOL)
-	$(AM_V_GEN)$(PERL) -w $(top_srcdir)/src/rpc/gendispatch.pl \
-	  --mode=server remote REMOTE $(REMOTE_PROTOCOL) \
-	  > $(srcdir)/remote_dispatch.h
+	$(AM_V_GEN)$(PERL) -w $(srcdir)/../src/rpc/gendispatch.pl \
+	  --mode=server remote REMOTE $(REMOTE_PROTOCOL) > $@

-lxc_dispatch.h: $(top_srcdir)/src/rpc/gendispatch.pl \
+$(srcdir)/lxc_dispatch.h: $(srcdir)/../src/rpc/gendispatch.pl \
 		$(LXC_PROTOCOL)
-	$(AM_V_GEN)$(PERL) -w $(top_srcdir)/src/rpc/gendispatch.pl \
-	  --mode=server lxc LXC $(LXC_PROTOCOL) \
-	  > $(srcdir)/lxc_dispatch.h
+	$(AM_V_GEN)$(PERL) -w $(srcdir)/../src/rpc/gendispatch.pl \
+	  --mode=server lxc LXC $(LXC_PROTOCOL) > $@

-qemu_dispatch.h: $(top_srcdir)/src/rpc/gendispatch.pl \
+$(srcdir)/qemu_dispatch.h: $(srcdir)/../src/rpc/gendispatch.pl \
 		$(QEMU_PROTOCOL)
-	$(AM_V_GEN)$(PERL) -w $(top_srcdir)/src/rpc/gendispatch.pl \
-	  --mode=server qemu QEMU $(QEMU_PROTOCOL) \
-	  > $(srcdir)/qemu_dispatch.h
-
-admin_dispatch.h: $(top_srcdir)/src/rpc/gendispatch.pl \
-		$(ADMIN_PROTOCOL)
-	$(AM_V_GEN)$(PERL) -w $(top_srcdir)/src/rpc/gendispatch.pl \
-	  --mode=server admin ADMIN $(ADMIN_PROTOCOL) \
-	  > $(srcdir)/admin_dispatch.h
+	$(AM_V_GEN)$(PERL) -w $(srcdir)/../src/rpc/gendispatch.pl \
+	  --mode=server qemu QEMU $(QEMU_PROTOCOL) > $@

 if WITH_LIBVIRTD

-# Build a convenience library, for reuse in tests/libvirtdconftest
-noinst_LTLIBRARIES = libvirtd_conf.la
-libvirtd_conf_la_SOURCES = $(LIBVIRTD_CONF_SOURCES)
-libvirtd_conf_la_CFLAGS = \
-	$(LIBXML_CFLAGS) \
-	$(XDR_CFLAGS) \
-	$(WARN_CFLAGS) $(PIE_CFLAGS) \
-	$(COVERAGE_CFLAGS) \
-	$(NULL)
-libvirtd_conf_la_LDFLAGS =				\
-	$(RELRO_LDFLAGS)				\
-	$(PIE_LDFLAGS)					\
-	$(COVERAGE_LDFLAGS)				\
-	$(NO_INDIRECT_LDFLAGS)				\
-	$(NULL)
-libvirtd_conf_la_LIBADD = $(LIBXML_LIBS)
-
-noinst_LTLIBRARIES += libvirtd_admin.la
-libvirtd_admin_la_SOURCES = \
-		admin.c admin.h admin_server.c admin_server.h
-
-libvirtd_admin_la_CFLAGS = \
-		$(AM_CFLAGS)		\
-		$(XDR_CFLAGS)		\
-		$(PIE_CFLAGS)		\
-		$(WARN_CFLAGS)		\
-		$(LIBXML_CFLAGS)	\
-		$(COVERAGE_CFLAGS)	\
-		$(NULL)
-libvirtd_admin_la_LDFLAGS = \
-		$(PIE_LDFLAGS)		\
-		$(RELRO_LDFLAGS)	\
-		$(COVERAGE_LDFLAGS)	\
-		$(NO_INDIRECT_LDFLAGS)  \
-		$(NULL)
-libvirtd_admin_la_LIBADD =	\
-		../src/libvirt-admin.la
-
 man8_MANS = libvirtd.8

 sbin_PROGRAMS = libvirtd
@@ -172,41 +107,96 @@ augeastests_DATA = test_libvirtd.aug

 CLEANFILES += test_libvirtd.aug

+libvirtd.8: $(srcdir)/libvirtd.8.in
+	$(AM_V_GEN)sed \
+	    -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \
+	    -e 's|[@]localstatedir[@]|$(localstatedir)|g' \
+	    < $< > $@-t && \
+	mv $@-t $@
+
 libvirtd_SOURCES = $(DAEMON_SOURCES)

 #-D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_POSIX_C_SOURCE=199506L
 libvirtd_CFLAGS = \
 	$(LIBXML_CFLAGS) $(GNUTLS_CFLAGS) $(SASL_CFLAGS) \
-	$(XDR_CFLAGS) $(DBUS_CFLAGS) $(LIBNL_CFLAGS) \
+	$(XDR_CFLAGS) $(POLKIT_CFLAGS) $(DBUS_CFLAGS) $(LIBNL_CFLAGS) \
 	$(WARN_CFLAGS) $(PIE_CFLAGS) \
 	$(COVERAGE_CFLAGS) \
 	-DQEMUD_PID_FILE="\"$(QEMUD_PID_FILE)\""

 libvirtd_LDFLAGS =					\
-	$(RELRO_LDFLAGS)				\
 	$(PIE_LDFLAGS)					\
-	$(COVERAGE_LDFLAGS)				\
-	$(NO_INDIRECT_LDFLAGS)				\
-	$(NULL)
+	$(RELRO_LDFLAGS)				\
+	$(COVERAGE_LDFLAGS)

 libvirtd_LDADD =					\
 	$(LIBXML_LIBS)					\
 	$(GNUTLS_LIBS)					\
 	$(SASL_LIBS)					\
 	$(DBUS_LIBS)					\
+	$(POLKIT_LIBS)					\
 	$(LIBNL_LIBS)

 if WITH_DTRACE_PROBES
 libvirtd_LDADD += ../src/libvirt_probes.lo
-endif WITH_DTRACE_PROBES
+endif

 libvirtd_LDADD += \
-	libvirtd_conf.la \
-	libvirtd_admin.la \
 	../src/libvirt-lxc.la \
-	../src/libvirt-qemu.la \
-	../src/libvirt_driver_remote.la \
-	$(NULL)
+	../src/libvirt-qemu.la
+
+if ! WITH_DRIVER_MODULES
+if WITH_QEMU
+    libvirtd_LDADD += ../src/libvirt_driver_qemu.la
+if WITH_DTRACE_PROBES
+    libvirtd_LDADD += ../src/libvirt_qemu_probes.lo
+endif
+endif
+
+if WITH_LXC
+    libvirtd_LDADD += ../src/libvirt_driver_lxc.la
+endif
+
+if WITH_XEN
+    libvirtd_LDADD += ../src/libvirt_driver_xen.la
+endif
+
+if WITH_LIBXL
+    libvirtd_LDADD += ../src/libvirt_driver_libxl.la
+endif
+
+if WITH_UML
+    libvirtd_LDADD += ../src/libvirt_driver_uml.la
+endif
+
+if WITH_VBOX
+    libvirtd_LDADD += ../src/libvirt_driver_vbox.la
+endif
+
+if WITH_STORAGE
+    libvirtd_LDADD += ../src/libvirt_driver_storage.la
+endif
+
+if WITH_NETWORK
+    libvirtd_LDADD += ../src/libvirt_driver_network.la
+endif
+
+if WITH_INTERFACE
+    libvirtd_LDADD += ../src/libvirt_driver_interface.la
+endif
+
+if WITH_NODE_DEVICES
+    libvirtd_LDADD += ../src/libvirt_driver_nodedev.la
+endif
+
+if WITH_SECRETS
+    libvirtd_LDADD += ../src/libvirt_driver_secret.la
+endif
+
+if WITH_NWFILTER
+    libvirtd_LDADD += ../src/libvirt_driver_nwfilter.la
+endif
+endif

 libvirtd_LDADD += ../src/libvirt.la

@@ -214,13 +204,11 @@ if WITH_POLKIT
 if WITH_POLKIT0
 policydir = $(datadir)/PolicyKit/policy
 policyauth = auth_admin_keep_session
-else ! WITH_POLKIT0
+else
 policydir = $(datadir)/polkit-1/actions
 policyauth = auth_admin_keep
-rulesdir = $(datadir)/polkit-1/rules.d
-rulesfile = libvirt.rules
-endif ! WITH_POLKIT0
-endif WITH_POLKIT
+endif
+endif

 libvirtd.policy: libvirtd.policy.in $(top_builddir)/config.status
 	$(AM_V_GEN) sed \
@@ -229,16 +217,14 @@ libvirtd.policy: libvirtd.policy.in $(top_builddir)/config.status
 	mv $@-t $@
 BUILT_SOURCES += libvirtd.policy

-install-data-local: install-init-redhat install-init-systemd \
-		install-init-upstart \
+install-data-local: install-init-redhat install-init-systemd install-init-upstart \
 		install-data-sasl install-data-polkit \
 		install-logrotate install-sysctl
 	$(MKDIR_P) $(DESTDIR)$(localstatedir)/log/libvirt \
 		   $(DESTDIR)$(localstatedir)/run/libvirt \
 		   $(DESTDIR)$(localstatedir)/lib/libvirt

-uninstall-local:: uninstall-init-redhat uninstall-init-systemd \
-		uninstall-init-upstart \
+uninstall-local:: uninstall-init-redhat uninstall-init-systemd uninstall-init-upstart \
 		uninstall-data-sasl uninstall-data-polkit \
 		uninstall-logrotate uninstall-sysctl
 	rmdir $(DESTDIR)$(localstatedir)/log/libvirt || :
@@ -249,32 +235,19 @@ if WITH_POLKIT
 install-data-polkit::
 	$(MKDIR_P) $(DESTDIR)$(policydir)
 	$(INSTALL_DATA) libvirtd.policy $(DESTDIR)$(policydir)/org.libvirt.unix.policy
-if ! WITH_POLKIT0
-	$(MKDIR_P) $(DESTDIR)$(rulesdir)
-	$(INSTALL_DATA) $(srcdir)/$(rulesfile) $(DESTDIR)$(rulesdir)/50-libvirt.rules
-endif ! WITH_POLKIT0
-
 uninstall-data-polkit::
 	rm -f $(DESTDIR)$(policydir)/org.libvirt.unix.policy
 	rmdir $(DESTDIR)$(policydir) || :
-if ! WITH_POLKIT0
-	rm -f $(DESTDIR)$(rulesdir)/50-libvirt.rules
-	rmdir $(DESTDIR)$(rulesdir) || :
-endif ! WITH_POLKIT0
-
-else ! WITH_POLKIT
+else
 install-data-polkit::
 uninstall-data-polkit::
-endif ! WITH_POLKIT
+endif

 remote.c: $(DAEMON_GENERATED)
 remote.h: $(DAEMON_GENERATED)
-admin.c: $(DAEMON_GENERATED)
-admin.h: $(DAEMON_GENERATED)

 LOGROTATE_CONFS = libvirtd.qemu.logrotate libvirtd.lxc.logrotate \
-		  libvirtd.libxl.logrotate libvirtd.uml.logrotate \
-		  libvirtd.logrotate
+		  libvirtd.uml.logrotate libvirtd.logrotate

 BUILT_SOURCES += $(LOGROTATE_CONFS)

@@ -296,12 +269,6 @@ libvirtd.lxc.logrotate: libvirtd.lxc.logrotate.in
 	    < $< > $@-t &&					\
 	    mv $@-t $@

-libvirtd.libxl.logrotate: libvirtd.libxl.logrotate.in
-	$(AM_V_GEN)sed						\
-	    -e 's|[@]localstatedir[@]|$(localstatedir)|g'	\
-	    < $< > $@-t &&					\
-	    mv $@-t $@
-
 libvirtd.uml.logrotate: libvirtd.uml.logrotate.in
 	$(AM_V_GEN)sed						\
 	    -e 's|[@]localstatedir[@]|$(localstatedir)|g'	\
@@ -313,22 +280,15 @@ install-logrotate: $(LOGROTATE_CONFS)
 		   $(DESTDIR)$(localstatedir)/log/libvirt/lxc/ \
 		   $(DESTDIR)$(localstatedir)/log/libvirt/uml/ \
 		   $(DESTDIR)$(sysconfdir)/logrotate.d/
-	$(INSTALL_DATA) libvirtd.logrotate \
-		$(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd
-	$(INSTALL_DATA) libvirtd.qemu.logrotate \
-		$(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.qemu
-	$(INSTALL_DATA) libvirtd.lxc.logrotate \
-		$(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.lxc
-	$(INSTALL_DATA) libvirtd.libxl.logrotate \
-		$(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.libxl
-	$(INSTALL_DATA) libvirtd.uml.logrotate \
-		$(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.uml
+	$(INSTALL_DATA) libvirtd.logrotate $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd
+	$(INSTALL_DATA) libvirtd.qemu.logrotate $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.qemu
+	$(INSTALL_DATA) libvirtd.lxc.logrotate $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.lxc
+	$(INSTALL_DATA) libvirtd.uml.logrotate $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.uml

 uninstall-logrotate:
 	rm -f $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd \
 	      $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.qemu \
 	      $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.lxc \
-	      $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.libxl \
 	      $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.uml
 	rmdir $(DESTDIR)$(localstatedir)/log/libvirt/qemu || :
 	rmdir $(DESTDIR)$(localstatedir)/log/libvirt/lxc || :
@@ -349,15 +309,15 @@ if WITH_SYSCTL
 install-sysctl:
 	$(MKDIR_P) $(DESTDIR)$(prefix)/lib/sysctl.d
 	$(INSTALL_DATA) $(srcdir)/libvirtd.sysctl \
-	  $(DESTDIR)$(prefix)/lib/sysctl.d/60-libvirtd.conf
+	  $(DESTDIR)$(prefix)/lib/sysctl.d/libvirtd.conf

 uninstall-sysctl:
-	rm -f $(DESTDIR)$(prefix)/lib/sysctl.d/60-libvirtd.conf
+	rm -f $(DESTDIR)$(prefix)/lib/sysctl.d/libvirtd.conf
 	rmdir $(DESTDIR)$(prefix)/lib/sysctl.d || :
-else ! WITH_SYSCTL
+else
 install-sysctl:
 uninstall-sysctl:
-endif ! WITH_SYSCTL
+endif

 if LIBVIRT_INIT_SCRIPT_RED_HAT

@@ -371,10 +331,10 @@ install-init-redhat: install-sysconfig libvirtd.init
 uninstall-init-redhat: uninstall-sysconfig
 	rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/libvirtd
 	rmdir $(DESTDIR)$(sysconfdir)/rc.d/init.d || :
-else ! LIBVIRT_INIT_SCRIPT_RED_HAT
+else
 install-init-redhat:
 uninstall-init-redhat:
-endif ! LIBVIRT_INIT_SCRIPT_RED_HAT
+endif # LIBVIRT_INIT_SCRIPT_RED_HAT


 if LIBVIRT_INIT_SCRIPT_UPSTART
@@ -387,32 +347,29 @@ install-init-upstart: install-sysconfig
 uninstall-init-upstart: uninstall-sysconfig
 	rm -f $(DESTDIR)$(sysconfdir)/event.d/libvirtd
 	rmdir $(DESTDIR)$(sysconfdir)/event.d || :
-else ! LIBVIRT_INIT_SCRIPT_UPSTART
+else
 install-init-upstart:
 uninstall-init-upstart:
-endif ! LIBVIRT_INIT_SCRIPT_UPSTART
+endif # LIBVIRT_INIT_SCRIPT_UPSTART


 if LIBVIRT_INIT_SCRIPT_SYSTEMD

-SYSTEMD_UNIT_DIR = $(prefix)/lib/systemd/system
+SYSTEMD_UNIT_DIR = /lib/systemd/system
 BUILT_SOURCES += libvirtd.service

 install-init-systemd: install-sysconfig libvirtd.service
 	$(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR)
 	$(INSTALL_DATA) libvirtd.service \
 	  $(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirtd.service
-	$(INSTALL_DATA) $(srcdir)/virt-guest-shutdown.target \
-	  $(DESTDIR)$(SYSTEMD_UNIT_DIR)/virt-guest-shutdown.target

 uninstall-init-systemd: uninstall-sysconfig
-	rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/virt-guest-shutdown.target
 	rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirtd.service
 	rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) || :
-else ! LIBVIRT_INIT_SCRIPT_SYSTEMD
+else
 install-init-systemd:
 uninstall-init-systemd:
-endif ! LIBVIRT_INIT_SCRIPT_SYSTEMD
+endif # LIBVIRT_INIT_SCRIPT_SYSTEMD

 libvirtd.init: libvirtd.init.in $(top_builddir)/config.status
 	$(AM_V_GEN)sed						\
@@ -449,47 +406,34 @@ check-augeas: test_libvirtd.aug
 # are used by nearly every other library.
 libvirtd_LDADD += ../gnulib/lib/libgnu.la $(LIBSOCKET)

-else ! WITH_LIBVIRTD
+else # WITH_LIBVIRTD
 install-data-local: install-data-sasl
 uninstall-local:: uninstall-data-sasl
-endif ! WITH_LIBVIRTD
+endif # WITH_LIBVIRTD

-POD2MAN = pod2man -c "Virtualization Support" -r "$(PACKAGE)-$(VERSION)"
+POD2MAN = pod2man -c "Virtualization Support" \
+			-r "$(PACKAGE)-$(VERSION)" -s 8

-%.8.in: %.pod
-	$(AM_V_GEN)$(POD2MAN) --section=8 $< $@-t1 && \
-	if grep 'POD ERROR' $@-t1; then rm $@-t1; exit 1; fi && \
-	sed \
-		-e 's|SYSCONFDIR|\@sysconfdir\@|g' \
-		-e 's|LOCALSTATEDIR|\@localstatedir\@|g' \
-		< $@-t1 > $@-t2 && \
-	rm -f $@-t1 && \
-	mv $@-t2 $@
-
-%.8: %.8.in $(top_srcdir)/configure.ac
-	$(AM_V_GEN)sed \
-		-e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \
-		-e 's|[@]localstatedir[@]|$(localstatedir)|g' \
-		< $< > $@-t && \
-	mv $@-t $@
+$(srcdir)/libvirtd.8.in: libvirtd.pod.in $(top_srcdir)/configure.ac
+	$(AM_V_GEN)$(POD2MAN) --name LIBVIRTD $< $@ \
+	    && if grep 'POD ERROR' $@ ; then rm $@; exit 1; fi

 # This is needed for clients too, so can't wrap in
 # the WITH_LIBVIRTD conditional
 if WITH_SASL
 install-data-sasl:
 	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/sasl2/
-	$(INSTALL_DATA) $(srcdir)/libvirtd.sasl \
-		$(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
+	$(INSTALL_DATA) $(srcdir)/libvirtd.sasl $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf

 uninstall-data-sasl:
 	rm -f $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
 	rmdir $(DESTDIR)$(sysconfdir)/sasl2/ || :
-else ! WITH_SASL
+else
 install-data-sasl:
 uninstall-data-sasl:
-endif ! WITH_SASL
+endif


 CLEANFILES += $(BUILT_SOURCES) $(man8_MANS)
 CLEANFILES += *.cov *.gcov .libs/*.gcda .libs/*.gcno *.gcno *.gcda
-MAINTAINERCLEANFILES = $(MANINFILES) $(DAEMON_GENERATED)
+MAINTAINERCLEANFILES = $(srcdir)/libvirtd.8.in $(DAEMON_GENERATED)
--- a/daemon/THREADS.txt
+++ b/daemon/THREADS.txt
@@ -42,7 +42,7 @@ event loop thread handles I/O from the client socket, and once a
 complete RPC message has been read off the wire (and optionally
 decrypted), it will be placed on the 'dx' job queue for the
 associated client object. The job condition will be signalled and
-a worker will wakeup and process it.
+a worker will wakup and process it.

 The worker thread must quickly drop its locks on the server and
 client to allow the main event loop thread to continue running
--- a/daemon/admin.c
+++ b/daemon/admin.c
@@ -1,490 +0,0 @@
-/*
- * admin.c: handlers for admin RPC method calls
- *
- * Copyright (C) 2014-2016 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library.  If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * Author: Martin Kletzander <mkletzan@redhat.com>
- */
-
-#include <config.h>
-
-#include "internal.h"
-#include "libvirtd.h"
-#include "libvirt_internal.h"
-
-#include "admin_protocol.h"
-#include "admin.h"
-#include "admin_server.h"
-#include "datatypes.h"
-#include "viralloc.h"
-#include "virerror.h"
-#include "virlog.h"
-#include "virnetdaemon.h"
-#include "virnetserver.h"
-#include "virstring.h"
-#include "virthreadjob.h"
-#include "virtypedparam.h"
-
-#define VIR_FROM_THIS VIR_FROM_ADMIN
-
-VIR_LOG_INIT("daemon.admin");
-
-
-void
-remoteAdmClientFreeFunc(void *data)
-{
-    struct daemonAdmClientPrivate *priv = data;
-
-    virMutexDestroy(&priv->lock);
-    virObjectUnref(priv->dmn);
-    VIR_FREE(priv);
-}
-
-void *
-remoteAdmClientInitHook(virNetServerClientPtr client ATTRIBUTE_UNUSED,
-                        void *opaque)
-{
-    struct daemonAdmClientPrivate *priv;
-
-    if (VIR_ALLOC(priv) < 0)
-        return NULL;
-
-    if (virMutexInit(&priv->lock) < 0) {
-        VIR_FREE(priv);
-        virReportSystemError(errno, "%s", _("unable to init mutex"));
-        return NULL;
-    }
-
-    /*
-     * We don't necessarily need to ref this object right now as there
-     * must be one ref being held throughout the life of the daemon,
-     * but let's just be safe for future.
-     */
-    priv->dmn = virObjectRef(opaque);
-
-    return priv;
-}
-
-/* Helpers */
-
-static virNetServerPtr
-get_nonnull_server(virNetDaemonPtr dmn, admin_nonnull_server srv)
-{
-    return virNetDaemonGetServer(dmn, srv.name);
-}
-
-static void
-make_nonnull_server(admin_nonnull_server *srv_dst,
-                    virNetServerPtr srv_src)
-{
-    ignore_value(VIR_STRDUP_QUIET(srv_dst->name, virNetServerGetName(srv_src)));
-}
-
-static virNetServerClientPtr
-get_nonnull_client(virNetServerPtr srv, admin_nonnull_client clnt)
-{
-    return virNetServerGetClient(srv, clnt.id);
-}
-
-static void
-make_nonnull_client(admin_nonnull_client *clt_dst,
-                    virNetServerClientPtr clt_src)
-{
-    clt_dst->id = virNetServerClientGetID(clt_src);
-    clt_dst->timestamp = virNetServerClientGetTimestamp(clt_src);
-    clt_dst->transport = virNetServerClientGetTransport(clt_src);
-}
-
-/* Functions */
-static int
-adminDispatchConnectOpen(virNetServerPtr server ATTRIBUTE_UNUSED,
-                         virNetServerClientPtr client,
-                         virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                         virNetMessageErrorPtr rerr,
-                         struct admin_connect_open_args *args)
-{
-    unsigned int flags;
-    struct daemonAdmClientPrivate *priv =
-        virNetServerClientGetPrivateData(client);
-    int ret = -1;
-
-    VIR_DEBUG("priv=%p dmn=%p", priv, priv->dmn);
-    virMutexLock(&priv->lock);
-
-    flags = args->flags;
-    virCheckFlagsGoto(0, cleanup);
-
-    ret = 0;
- cleanup:
-    if (ret < 0)
-        virNetMessageSaveError(rerr);
-    virMutexUnlock(&priv->lock);
-    return ret;
-}
-
-static int
-adminDispatchConnectClose(virNetServerPtr server ATTRIBUTE_UNUSED,
-                          virNetServerClientPtr client,
-                          virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                          virNetMessageErrorPtr rerr ATTRIBUTE_UNUSED)
-{
-    virNetServerClientDelayedClose(client);
-    return 0;
-}
-
-static int
-adminConnectGetLibVersion(virNetDaemonPtr dmn ATTRIBUTE_UNUSED,
-                          unsigned long long *libVer)
-{
-    if (libVer)
-        *libVer = LIBVIR_VERSION_NUMBER;
-    return 0;
-}
-
-static int
-adminDispatchServerGetThreadpoolParameters(virNetServerPtr server ATTRIBUTE_UNUSED,
-                                           virNetServerClientPtr client,
-                                           virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                                           virNetMessageErrorPtr rerr,
-                                           struct admin_server_get_threadpool_parameters_args *args,
-                                           struct admin_server_get_threadpool_parameters_ret *ret)
-{
-    int rv = -1;
-    virNetServerPtr srv = NULL;
-    virTypedParameterPtr params = NULL;
-    int nparams = 0;
-    struct daemonAdmClientPrivate *priv =
-        virNetServerClientGetPrivateData(client);
-
-    if (!(srv = virNetDaemonGetServer(priv->dmn, args->srv.name)))
-        goto cleanup;
-
-    if (adminServerGetThreadPoolParameters(srv, &params, &nparams,
-                                           args->flags) < 0)
-        goto cleanup;
-
-    if (nparams > ADMIN_SERVER_THREADPOOL_PARAMETERS_MAX) {
-        virReportError(VIR_ERR_INTERNAL_ERROR,
-                       _("Number of threadpool parameters %d exceeds max "
-                         "allowed limit: %d"), nparams,
-                       ADMIN_SERVER_THREADPOOL_PARAMETERS_MAX);
-        goto cleanup;
-    }
-
-    if (virTypedParamsSerialize(params, nparams,
-                                (virTypedParameterRemotePtr *) &ret->params.params_val,
-                                &ret->params.params_len, 0) < 0)
-        goto cleanup;
-
-    rv = 0;
- cleanup:
-    if (rv < 0)
-        virNetMessageSaveError(rerr);
-
-    virTypedParamsFree(params, nparams);
-    virObjectUnref(srv);
-    return rv;
-}
-
-static int
-adminDispatchServerSetThreadpoolParameters(virNetServerPtr server ATTRIBUTE_UNUSED,
-                                           virNetServerClientPtr client,
-                                           virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                                           virNetMessageErrorPtr rerr,
-                                           struct admin_server_set_threadpool_parameters_args *args)
-{
-    int rv = -1;
-    virNetServerPtr srv = NULL;
-    virTypedParameterPtr params = NULL;
-    int nparams = 0;
-    struct daemonAdmClientPrivate *priv =
-        virNetServerClientGetPrivateData(client);
-
-    if (!(srv = virNetDaemonGetServer(priv->dmn, args->srv.name))) {
-        virReportError(VIR_ERR_NO_SERVER,
-                       _("no server with matching name '%s' found"),
-                       args->srv.name);
-        goto cleanup;
-    }
-
-    if (virTypedParamsDeserialize((virTypedParameterRemotePtr) args->params.params_val,
-                                  args->params.params_len,
-                                  ADMIN_SERVER_THREADPOOL_PARAMETERS_MAX,
-                                  &params,
-                                  &nparams) < 0)
-        goto cleanup;
-
-
-    if (adminServerSetThreadPoolParameters(srv, params,
-                                           nparams, args->flags) < 0)
-        goto cleanup;
-
-    rv = 0;
- cleanup:
-    if (rv < 0)
-        virNetMessageSaveError(rerr);
-
-    virTypedParamsFree(params, nparams);
-    virObjectUnref(srv);
-    return rv;
-}
-
-static int
-adminDispatchClientGetInfo(virNetServerPtr server ATTRIBUTE_UNUSED,
-                           virNetServerClientPtr client,
-                           virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                           virNetMessageErrorPtr rerr,
-                           struct admin_client_get_info_args *args,
-                           struct admin_client_get_info_ret *ret)
-{
-    int rv = -1;
-    virNetServerPtr srv = NULL;
-    virNetServerClientPtr clnt = NULL;
-    virTypedParameterPtr params = NULL;
-    int nparams = 0;
-    struct daemonAdmClientPrivate *priv =
-        virNetServerClientGetPrivateData(client);
-
-    if (!(srv = virNetDaemonGetServer(priv->dmn, args->clnt.srv.name))) {
-        virReportError(VIR_ERR_NO_SERVER,
-                       _("no server with matching name '%s' found"),
-                       args->clnt.srv.name);
-        goto cleanup;
-    }
-
-    if (!(clnt = virNetServerGetClient(srv, args->clnt.id))) {
-        virReportError(VIR_ERR_NO_CLIENT,
-                       _("no client with matching id '%llu' found"),
-                       (unsigned long long) args->clnt.id);
-        goto cleanup;
-    }
-
-    if (adminClientGetInfo(clnt, &params, &nparams, args->flags) < 0)
-        goto cleanup;
-
-    if (nparams > ADMIN_CLIENT_INFO_PARAMETERS_MAX) {
-        virReportError(VIR_ERR_INTERNAL_ERROR,
-                       _("Number of client info parameters %d exceeds max "
-                         "allowed limit: %d"), nparams,
-                       ADMIN_CLIENT_INFO_PARAMETERS_MAX);
-        goto cleanup;
-    }
-
-    if (virTypedParamsSerialize(params, nparams,
-                                (virTypedParameterRemotePtr *) &ret->params.params_val,
-                                &ret->params.params_len,
-                                VIR_TYPED_PARAM_STRING_OKAY) < 0)
-        goto cleanup;
-
-    rv = 0;
-
- cleanup:
-    if (rv < 0)
-        virNetMessageSaveError(rerr);
-
-    virTypedParamsFree(params, nparams);
-    virObjectUnref(clnt);
-    virObjectUnref(srv);
-    return rv;
-}
-
-static int
-adminDispatchServerGetClientLimits(virNetServerPtr server ATTRIBUTE_UNUSED,
-                                   virNetServerClientPtr client,
-                                   virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                                   virNetMessageErrorPtr rerr ATTRIBUTE_UNUSED,
-                                   admin_server_get_client_limits_args *args,
-                                   admin_server_get_client_limits_ret *ret)
-{
-    int rv = -1;
-    virNetServerPtr srv = NULL;
-    virTypedParameterPtr params = NULL;
-    int nparams = 0;
-    struct daemonAdmClientPrivate *priv =
-        virNetServerClientGetPrivateData(client);
-
-    if (!(srv = virNetDaemonGetServer(priv->dmn, args->srv.name)))
-        goto cleanup;
-
-    if (adminServerGetClientLimits(srv, &params, &nparams, args->flags) < 0)
-        goto cleanup;
-
-    if (nparams > ADMIN_SERVER_CLIENT_LIMITS_MAX) {
-        virReportError(VIR_ERR_INTERNAL_ERROR,
-                       _("Number of client processing parameters %d exceeds "
-                         "max allowed limit: %d"), nparams,
-                       ADMIN_SERVER_CLIENT_LIMITS_MAX);
-        goto cleanup;
-    }
-
-    if (virTypedParamsSerialize(params, nparams,
-                                (virTypedParameterRemotePtr *) &ret->params.params_val,
-                                &ret->params.params_len, 0) < 0)
-        goto cleanup;
-
-    rv = 0;
- cleanup:
-    if (rv < 0)
-        virNetMessageSaveError(rerr);
-
-    virTypedParamsFree(params, nparams);
-    virObjectUnref(srv);
-    return rv;
-}
-
-static int
-adminDispatchServerSetClientLimits(virNetServerPtr server ATTRIBUTE_UNUSED,
-                                   virNetServerClientPtr client,
-                                   virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                                   virNetMessageErrorPtr rerr ATTRIBUTE_UNUSED,
-                                   admin_server_set_client_limits_args *args)
-{
-    int rv = -1;
-    virNetServerPtr srv = NULL;
-    virTypedParameterPtr params = NULL;
-    int nparams = 0;
-    struct daemonAdmClientPrivate *priv =
-        virNetServerClientGetPrivateData(client);
-
-    if (!(srv = virNetDaemonGetServer(priv->dmn, args->srv.name))) {
-        virReportError(VIR_ERR_NO_SERVER,
-                       _("no server with matching name '%s' found"),
-                       args->srv.name);
-        goto cleanup;
-    }
-
-    if (virTypedParamsDeserialize((virTypedParameterRemotePtr) args->params.params_val,
-        args->params.params_len,
-        ADMIN_SERVER_CLIENT_LIMITS_MAX, &params, &nparams) < 0)
-        goto cleanup;
-
-    if (adminServerSetClientLimits(srv, params, nparams, args->flags) < 0)
-        goto cleanup;
-
-    rv = 0;
- cleanup:
-    if (rv < 0)
-        virNetMessageSaveError(rerr);
-    virTypedParamsFree(params, nparams);
-    virObjectUnref(srv);
-    return rv;
-}
-
-/* Returns the number of outputs stored in @outputs */
-static int
-adminConnectGetLoggingOutputs(char **outputs, unsigned int flags)
-{
-    char *tmp = NULL;
-
-    virCheckFlags(0, -1);
-
-    if (!(tmp = virLogGetOutputs()))
-        return -1;
-
-    *outputs = tmp;
-    return virLogGetNbOutputs();
-}
-
-/* Returns the number of defined filters or -1 in case of an error */
-static int
-adminConnectGetLoggingFilters(char **filters, unsigned int flags)
-{
-    char *tmp = NULL;
-    int ret = 0;
-
-    virCheckFlags(0, -1);
-
-    if ((ret = virLogGetNbFilters()) > 0 && !(tmp = virLogGetFilters()))
-        return -1;
-
-    *filters = tmp;
-    return ret;
-}
-
-static int
-adminConnectSetLoggingOutputs(virNetDaemonPtr dmn ATTRIBUTE_UNUSED,
-                              const char *outputs,
-                              unsigned int flags)
-{
-    virCheckFlags(0, -1);
-
-    return virLogSetOutputs(outputs);
-}
-
-static int
-adminConnectSetLoggingFilters(virNetDaemonPtr dmn ATTRIBUTE_UNUSED,
-                              const char *filters,
-                              unsigned int flags)
-{
-    virCheckFlags(0, -1);
-
-    return virLogSetFilters(filters);
-}
-
-static int
-adminDispatchConnectGetLoggingOutputs(virNetServerPtr server ATTRIBUTE_UNUSED,
-                                      virNetServerClientPtr client ATTRIBUTE_UNUSED,
-                                      virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                                      virNetMessageErrorPtr rerr,
-                                      admin_connect_get_logging_outputs_args *args,
-                                      admin_connect_get_logging_outputs_ret *ret)
-{
-    char *outputs = NULL;
-    int noutputs = 0;
-
-    if ((noutputs = adminConnectGetLoggingOutputs(&outputs, args->flags) < 0)) {
-        virNetMessageSaveError(rerr);
-        return -1;
-    }
-
-    VIR_STEAL_PTR(ret->outputs, outputs);
-    ret->noutputs = noutputs;
-
-    return 0;
-}
-
-static int
-adminDispatchConnectGetLoggingFilters(virNetServerPtr server ATTRIBUTE_UNUSED,
-                                      virNetServerClientPtr client ATTRIBUTE_UNUSED,
-                                      virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                                      virNetMessageErrorPtr rerr,
-                                      admin_connect_get_logging_filters_args *args,
-                                      admin_connect_get_logging_filters_ret *ret)
-{
-    char *filters = NULL;
-    int nfilters = 0;
-
-    if ((nfilters = adminConnectGetLoggingFilters(&filters, args->flags)) < 0) {
-        virNetMessageSaveError(rerr);
-        return -1;
-    }
-
-    if (nfilters == 0) {
-        ret->filters = NULL;
-    } else {
-        char **ret_filters = NULL;
-        if (VIR_ALLOC(ret_filters) < 0)
-            return -1;
-
-        *ret_filters = filters;
-        ret->filters = ret_filters;
-    }
-    ret->nfilters = nfilters;
-
-    return 0;
-}
-#include "admin_dispatch.h"
--- a/daemon/admin.h
+++ b/daemon/admin.h
@@ -1,36 +0,0 @@
-/*
- * admin.h: handlers for admin RPC method calls
- *
- * Copyright (C) 2014-2016 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library.  If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * Author: Martin Kletzander <mkletzan@redhat.com>
- */
-
-#ifndef __LIBVIRTD_ADMIN_H__
-# define __LIBVIRTD_ADMIN_H__
-
-# include "rpc/virnetserverprogram.h"
-# include "rpc/virnetserverclient.h"
-
-
-extern virNetServerProgramProc adminProcs[];
-extern size_t adminNProcs;
-
-void remoteAdmClientFreeFunc(void *data);
-void *remoteAdmClientInitHook(virNetServerClientPtr client, void *opaque);
-
-#endif /* __ADMIN_REMOTE_H__ */
--- a/daemon/admin_server.c
+++ b/daemon/admin_server.c
@@ -1,390 +0,0 @@
-/*
- * admin_server.c: admin methods to manage daemons and clients
- *
- * Copyright (C) 2016 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library.  If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * Authors: Erik Skultety <eskultet@redhat.com>
- *          Martin Kletzander <mkletzan@redhat.com>
- */
-
-#include <config.h>
-
-#include "admin_server.h"
-#include "datatypes.h"
-#include "viralloc.h"
-#include "virerror.h"
-#include "viridentity.h"
-#include "virlog.h"
-#include "virnetdaemon.h"
-#include "virnetserver.h"
-#include "virstring.h"
-#include "virthreadpool.h"
-#include "virtypedparam.h"
-
-#define VIR_FROM_THIS VIR_FROM_ADMIN
-
-VIR_LOG_INIT("daemon.admin_server");
-
-int
-adminConnectListServers(virNetDaemonPtr dmn,
-                        virNetServerPtr **servers,
-                        unsigned int flags)
-{
-    int ret = -1;
-    virNetServerPtr *srvs = NULL;
-
-    virCheckFlags(0, -1);
-
-    if ((ret = virNetDaemonGetServers(dmn, &srvs)) < 0)
-        goto cleanup;
-
-    if (servers) {
-        *servers = srvs;
-        srvs = NULL;
-    }
- cleanup:
-    if (ret > 0)
-        virObjectListFreeCount(srvs, ret);
-    return ret;
-}
-
-virNetServerPtr
-adminConnectLookupServer(virNetDaemonPtr dmn,
-                         const char *name,
-                         unsigned int flags)
-{
-    virCheckFlags(flags, NULL);
-
-    return virNetDaemonGetServer(dmn, name);
-}
-
-int
-adminServerGetThreadPoolParameters(virNetServerPtr srv,
-                                   virTypedParameterPtr *params,
-                                   int *nparams,
-                                   unsigned int flags)
-{
-    int ret = -1;
-    int maxparams = 0;
-    size_t minWorkers;
-    size_t maxWorkers;
-    size_t nWorkers;
-    size_t freeWorkers;
-    size_t nPrioWorkers;
-    size_t jobQueueDepth;
-    virTypedParameterPtr tmpparams = NULL;
-
-    virCheckFlags(0, -1);
-
-    if (virNetServerGetThreadPoolParameters(srv, &minWorkers, &maxWorkers,
-                                            &nWorkers, &freeWorkers,
-                                            &nPrioWorkers,
-                                            &jobQueueDepth) < 0) {
-        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
-                       _("Unable to retrieve threadpool parameters"));
-        goto cleanup;
-    }
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams,
-                              &maxparams, VIR_THREADPOOL_WORKERS_MIN,
-                              minWorkers) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams,
-                              &maxparams, VIR_THREADPOOL_WORKERS_MAX,
-                              maxWorkers) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams,
-                              &maxparams, VIR_THREADPOOL_WORKERS_CURRENT,
-                              nWorkers) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams,
-                              &maxparams, VIR_THREADPOOL_WORKERS_FREE,
-                              freeWorkers) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams,
-                              &maxparams, VIR_THREADPOOL_WORKERS_PRIORITY,
-                              nPrioWorkers) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams,
-                              &maxparams, VIR_THREADPOOL_JOB_QUEUE_DEPTH,
-                              jobQueueDepth) < 0)
-        goto cleanup;
-
-    *params = tmpparams;
-    tmpparams = NULL;
-    ret = 0;
-
- cleanup:
-    virTypedParamsFree(tmpparams, *nparams);
-    return ret;
-}
-
-int
-adminServerSetThreadPoolParameters(virNetServerPtr srv,
-                                   virTypedParameterPtr params,
-                                   int nparams,
-                                   unsigned int flags)
-{
-    long long int minWorkers = -1;
-    long long int maxWorkers = -1;
-    long long int prioWorkers = -1;
-    virTypedParameterPtr param = NULL;
-
-    virCheckFlags(0, -1);
-
-    if (virTypedParamsValidate(params, nparams,
-                               VIR_THREADPOOL_WORKERS_MIN,
-                               VIR_TYPED_PARAM_UINT,
-                               VIR_THREADPOOL_WORKERS_MAX,
-                               VIR_TYPED_PARAM_UINT,
-                               VIR_THREADPOOL_WORKERS_PRIORITY,
-                               VIR_TYPED_PARAM_UINT,
-                               NULL) < 0)
-        return -1;
-
-    if ((param = virTypedParamsGet(params, nparams,
-                                   VIR_THREADPOOL_WORKERS_MIN)))
-        minWorkers = param->value.ui;
-
-    if ((param = virTypedParamsGet(params, nparams,
-                                   VIR_THREADPOOL_WORKERS_MAX)))
-        maxWorkers = param->value.ui;
-
-    if ((param = virTypedParamsGet(params, nparams,
-                                   VIR_THREADPOOL_WORKERS_PRIORITY)))
-        prioWorkers = param->value.ui;
-
-    if (virNetServerSetThreadPoolParameters(srv, minWorkers,
-                                            maxWorkers, prioWorkers) < 0)
-        return -1;
-
-    return 0;
-}
-
-int
-adminServerListClients(virNetServerPtr srv,
-                       virNetServerClientPtr **clients,
-                       unsigned int flags)
-{
-    int ret = -1;
-    virNetServerClientPtr *clts;
-
-    virCheckFlags(0, -1);
-
-    if ((ret = virNetServerGetClients(srv, &clts)) < 0)
-        return -1;
-
-    if (clients) {
-        *clients = clts;
-        clts = NULL;
-    }
-
-    virObjectListFreeCount(clts, ret);
-    return ret;
-}
-
-virNetServerClientPtr
-adminServerLookupClient(virNetServerPtr srv,
-                        unsigned long long id,
-                        unsigned int flags)
-{
-    virCheckFlags(0, NULL);
-
-    return virNetServerGetClient(srv, id);
-}
-
-int
-adminClientGetInfo(virNetServerClientPtr client,
-                   virTypedParameterPtr *params,
-                   int *nparams,
-                   unsigned int flags)
-{
-    int ret = -1;
-    int maxparams = 0;
-    bool readonly;
-    char *sock_addr = NULL;
-    const char *attr = NULL;
-    virTypedParameterPtr tmpparams = NULL;
-    virIdentityPtr identity = NULL;
-
-    virCheckFlags(0, -1);
-
-    if (virNetServerClientGetInfo(client, &readonly,
-                                  &sock_addr, &identity) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddBoolean(&tmpparams, nparams, &maxparams,
-                                 VIR_CLIENT_INFO_READONLY,
-                                 readonly) < 0)
-        goto cleanup;
-
-    if (virIdentityGetSASLUserName(identity, &attr) < 0 ||
-        (attr &&
-         virTypedParamsAddString(&tmpparams, nparams, &maxparams,
-                                 VIR_CLIENT_INFO_SASL_USER_NAME,
-                                 attr) < 0))
-        goto cleanup;
-
-    if (!virNetServerClientIsLocal(client)) {
-        if (virTypedParamsAddString(&tmpparams, nparams, &maxparams,
-                                    VIR_CLIENT_INFO_SOCKET_ADDR,
-                                    sock_addr) < 0)
-            goto cleanup;
-
-        if (virIdentityGetX509DName(identity, &attr) < 0 ||
-            (attr &&
-             virTypedParamsAddString(&tmpparams, nparams, &maxparams,
-                                     VIR_CLIENT_INFO_X509_DISTINGUISHED_NAME,
-                                     attr) < 0))
-            goto cleanup;
-    } else {
-        pid_t pid;
-        uid_t uid;
-        gid_t gid;
-        if (virIdentityGetUNIXUserID(identity, &uid) < 0 ||
-            virTypedParamsAddInt(&tmpparams, nparams, &maxparams,
-                                 VIR_CLIENT_INFO_UNIX_USER_ID, uid) < 0)
-            goto cleanup;
-
-        if (virIdentityGetUNIXUserName(identity, &attr) < 0 ||
-            virTypedParamsAddString(&tmpparams, nparams, &maxparams,
-                                    VIR_CLIENT_INFO_UNIX_USER_NAME,
-                                    attr) < 0)
-            goto cleanup;
-
-        if (virIdentityGetUNIXGroupID(identity, &gid) < 0 ||
-            virTypedParamsAddInt(&tmpparams, nparams, &maxparams,
-                                 VIR_CLIENT_INFO_UNIX_GROUP_ID, gid) < 0)
-            goto cleanup;
-
-        if (virIdentityGetUNIXGroupName(identity, &attr) < 0 ||
-            virTypedParamsAddString(&tmpparams, nparams, &maxparams,
-                                    VIR_CLIENT_INFO_UNIX_GROUP_NAME,
-                                    attr) < 0)
-            goto cleanup;
-
-        if (virIdentityGetUNIXProcessID(identity, &pid) < 0 ||
-            virTypedParamsAddInt(&tmpparams, nparams, &maxparams,
-                                 VIR_CLIENT_INFO_UNIX_PROCESS_ID, pid) < 0)
-            goto cleanup;
-    }
-
-    if (virIdentityGetSELinuxContext(identity, &attr) < 0 ||
-        (attr &&
-         virTypedParamsAddString(&tmpparams, nparams, &maxparams,
-                                VIR_CLIENT_INFO_SELINUX_CONTEXT, attr) < 0))
-        goto cleanup;
-
-    *params = tmpparams;
-    tmpparams = NULL;
-    ret = 0;
-
- cleanup:
-    virObjectUnref(identity);
-    VIR_FREE(sock_addr);
-    return ret;
-}
-
-int adminClientClose(virNetServerClientPtr client,
-                     unsigned int flags)
-{
-    virCheckFlags(0, -1);
-
-    virNetServerClientClose(client);
-    return 0;
-}
-
-int
-adminServerGetClientLimits(virNetServerPtr srv,
-                           virTypedParameterPtr *params,
-                           int *nparams,
-                           unsigned int flags)
-{
-    int ret = -1;
-    int maxparams = 0;
-    virTypedParameterPtr tmpparams = NULL;
-
-    virCheckFlags(0, -1);
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams, &maxparams,
-                              VIR_SERVER_CLIENTS_MAX,
-                              virNetServerGetMaxClients(srv)) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams, &maxparams,
-                              VIR_SERVER_CLIENTS_CURRENT,
-                              virNetServerGetCurrentClients(srv)) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams, &maxparams,
-                              VIR_SERVER_CLIENTS_UNAUTH_MAX,
-                              virNetServerGetMaxUnauthClients(srv)) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams, &maxparams,
-                              VIR_SERVER_CLIENTS_UNAUTH_CURRENT,
-                              virNetServerGetCurrentUnauthClients(srv)) < 0)
-        goto cleanup;
-
-    *params = tmpparams;
-    tmpparams = NULL;
-    ret = 0;
-
- cleanup:
-    virTypedParamsFree(tmpparams, *nparams);
-    return ret;
-}
-
-int
-adminServerSetClientLimits(virNetServerPtr srv,
-                           virTypedParameterPtr params,
-                           int nparams,
-                           unsigned int flags)
-{
-    long long int maxClients = -1;
-    long long int maxClientsUnauth = -1;
-    virTypedParameterPtr param = NULL;
-
-    virCheckFlags(0, -1);
-
-    if (virTypedParamsValidate(params, nparams,
-                               VIR_SERVER_CLIENTS_MAX,
-                               VIR_TYPED_PARAM_UINT,
-                               VIR_SERVER_CLIENTS_UNAUTH_MAX,
-                               VIR_TYPED_PARAM_UINT,
-                               NULL) < 0)
-        return -1;
-
-    if ((param = virTypedParamsGet(params, nparams,
-                                   VIR_SERVER_CLIENTS_MAX)))
-        maxClients = param->value.ui;
-
-    if ((param = virTypedParamsGet(params, nparams,
-                                   VIR_SERVER_CLIENTS_UNAUTH_MAX)))
-        maxClientsUnauth = param->value.ui;
-
-    if (virNetServerSetClientLimits(srv, maxClients,
-                                    maxClientsUnauth) < 0)
-        return -1;
-
-    return 0;
-}
--- a/daemon/admin_server.h
+++ b/daemon/admin_server.h
@@ -1,75 +0,0 @@
-/*
- * admin_server.h: admin methods to manage daemons and clients
- *
- * Copyright (C) 2016 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library.  If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * Authors: Erik Skultety <eskultet@redhat.com>
- *          Martin Kletzander <mkletzan@redhat.com>
- */
-
-#ifndef __LIBVIRTD_ADMIN_SERVER_H__
-# define __LIBVIRTD_ADMIN_SERVER_H__
-
-# include "rpc/virnetdaemon.h"
-# include "rpc/virnetserver.h"
-
-int adminConnectListServers(virNetDaemonPtr dmn,
-                            virNetServerPtr **servers,
-                            unsigned int flags);
-
-virNetServerPtr adminConnectLookupServer(virNetDaemonPtr dmn,
-                                         const char *name,
-                                         unsigned int flags);
-
-int
-adminServerGetThreadPoolParameters(virNetServerPtr srv,
-                                   virTypedParameterPtr *params,
-                                   int *nparams,
-                                   unsigned int flags);
-int
-adminServerSetThreadPoolParameters(virNetServerPtr srv,
-                                   virTypedParameterPtr params,
-                                   int nparams,
-                                   unsigned int flags);
-
-int adminServerListClients(virNetServerPtr srv,
-                           virNetServerClientPtr **clients,
-                           unsigned int flags);
-
-virNetServerClientPtr adminServerLookupClient(virNetServerPtr srv,
-                                              unsigned long long id,
-                                              unsigned int flags);
-
-int adminClientGetInfo(virNetServerClientPtr client,
-                       virTypedParameterPtr *params,
-                       int *nparams,
-                       unsigned int flags);
-
-int adminClientClose(virNetServerClientPtr client,
-                     unsigned int flags);
-
-int adminServerGetClientLimits(virNetServerPtr srv,
-                               virTypedParameterPtr *params,
-                               int *nparams,
-                               unsigned int flags);
-
-int adminServerSetClientLimits(virNetServerPtr srv,
-                               virTypedParameterPtr params,
-                               int nparams,
-                               unsigned int flags);
-
-#endif /* __LIBVIRTD_ADMIN_SERVER_H__ */
--- a/daemon/libvirt.rules
+++ b/daemon/libvirt.rules
@@ -1,9 +0,0 @@
-// Allow any user in the 'libvirt' group to connect to system libvirtd
-// without entering a password.
-
-polkit.addRule(function(action, subject) {
-    if (action.id == "org.libvirt.unix.manage" &&
-        subject.isInGroup("libvirt")) {
-        return polkit.Result.YES;
-    }
-});
--- a/daemon/libvirtd-config.c
+++ b/daemon/libvirtd-config.c
@@ -1,7 +1,7 @@
 /*
- * libvirtd-config.c: daemon start of day, guest process & i/o management
+ * libvirtd.c: daemon start of day, guest process & i/o management
 *
- * Copyright (C) 2006-2012, 2014, 2015 Red Hat, Inc.
+ * Copyright (C) 2006-2012 Red Hat, Inc.
 * Copyright (C) 2006 Daniel P. Berrange
 *
 * This library is free software; you can redistribute it and/or
@@ -32,46 +32,157 @@
 #include "configmake.h"
 #include "remote/remote_protocol.h"
 #include "remote/remote_driver.h"
-#include "util/virnetdevopenvswitch.h"
 #include "virstring.h"
 #include "virutil.h"

 #define VIR_FROM_THIS VIR_FROM_CONF

-VIR_LOG_INIT("daemon.libvirtd-config");
-
-
+/* Allocate an array of malloc'd strings from the config file, filename
+ * (used only in diagnostics), using handle "conf".  Upon error, return -1
+ * and free any allocated memory.  Otherwise, save the array in *list_arg
+ * and return 0.
+ */
 static int
-remoteConfigGetAuth(virConfPtr conf,
-                    const char *filename,
-                    const char *key,
-                    int *auth)
+remoteConfigGetStringList(virConfPtr conf, const char *key, char ***list_arg,
+                          const char *filename)
 {
-    char *authstr = NULL;
-
-    if (virConfGetValueString(conf, key, &authstr) < 0)
-        return -1;
-
-    if (!authstr)
+    char **list;
+    virConfValuePtr p = virConfGetValue(conf, key);
+    if (!p)
        return 0;

-    if (STREQ(authstr, "none")) {
-        *auth = VIR_NET_SERVER_SERVICE_AUTH_NONE;
-#if WITH_SASL
-    } else if (STREQ(authstr, "sasl")) {
-        *auth = VIR_NET_SERVER_SERVICE_AUTH_SASL;
-#endif
-    } else if (STREQ(authstr, "polkit")) {
-        *auth = VIR_NET_SERVER_SERVICE_AUTH_POLKIT;
-    } else {
+    switch (p->type) {
+    case VIR_CONF_STRING:
+        if (VIR_ALLOC_N(list, 2) < 0) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                           _("failed to allocate memory for %s config list"),
+                           key);
+            return -1;
+        }
+        if (VIR_STRDUP(list[0], p->str) < 0) {
+            VIR_FREE(list);
+            return -1;
+        }
+        list[1] = NULL;
+        break;
+
+    case VIR_CONF_LIST: {
+        int i, len = 0;
+        virConfValuePtr pp;
+        for (pp = p->list; pp; pp = pp->next)
+            len++;
+        if (VIR_ALLOC_N(list, 1+len) < 0) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                           _("failed to allocate memory for %s config list"),
+                           key);
+            return -1;
+        }
+        for (i = 0, pp = p->list; pp; ++i, pp = pp->next) {
+            if (pp->type != VIR_CONF_STRING) {
+                virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                               _("remoteReadConfigFile: %s: %s:"
+                                 " must be a string or list of strings"),
+                               filename, key);
+                VIR_FREE(list);
+                return -1;
+            }
+            if (VIR_STRDUP(list[i], pp->str) < 0) {
+                int j;
+                for (j = 0; j < i; j++)
+                    VIR_FREE(list[j]);
+                VIR_FREE(list);
+                return -1;
+            }
+
+        }
+        list[i] = NULL;
+        break;
+    }
+
+    default:
        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                       _("%s: %s: unsupported auth %s"),
-                       filename, key, authstr);
-        VIR_FREE(authstr);
+                       _("remoteReadConfigFile: %s: %s:"
+                         " must be a string or list of strings"),
+                       filename, key);
+        return -1;
+    }
+
+    *list_arg = list;
+    return 0;
+}
+
+/* A helper function used by each of the following macros.  */
+static int
+checkType(virConfValuePtr p, const char *filename,
+          const char *key, virConfType required_type)
+{
+    if (p->type != required_type) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                       _("remoteReadConfigFile: %s: %s: invalid type:"
+                         " got %s; expected %s"), filename, key,
+                       virConfTypeName(p->type),
+                       virConfTypeName(required_type));
+        return -1;
+    }
+    return 0;
+}
+
+/* If there is no config data for the key, #var_name, then do nothing.
+   If there is valid data of type VIR_CONF_STRING, and VIR_STRDUP succeeds,
+   store the result in var_name.  Otherwise, (i.e. invalid type, or VIR_STRDUP
+   failure), give a diagnostic and "goto" the cleanup-and-fail label.  */
+#define GET_CONF_STR(conf, filename, var_name)                          \
+    do {                                                                \
+        virConfValuePtr p = virConfGetValue(conf, #var_name);           \
+        if (p) {                                                        \
+            if (checkType(p, filename, #var_name, VIR_CONF_STRING) < 0) \
+                goto error;                                             \
+            VIR_FREE(data->var_name);                                   \
+            if (VIR_STRDUP(data->var_name, p->str) < 0)                 \
+                goto error;                                             \
+        }                                                               \
+    } while (0)
+
+/* Like GET_CONF_STR, but for integral values.  */
+#define GET_CONF_INT(conf, filename, var_name)                          \
+    do {                                                                \
+        virConfValuePtr p = virConfGetValue(conf, #var_name);           \
+        if (p) {                                                        \
+            if (checkType(p, filename, #var_name, VIR_CONF_LONG) < 0)   \
+                goto error;                                             \
+            data->var_name = p->l;                                      \
+        }                                                               \
+    } while (0)
+
+
+static int remoteConfigGetAuth(virConfPtr conf, const char *key, int *auth, const char *filename) {
+    virConfValuePtr p;
+
+    p = virConfGetValue(conf, key);
+    if (!p)
+        return 0;
+
+    if (checkType(p, filename, key, VIR_CONF_STRING) < 0)
+        return -1;
+
+    if (!p->str)
+        return 0;
+
+    if (STREQ(p->str, "none")) {
+        *auth = VIR_NET_SERVER_SERVICE_AUTH_NONE;
+#if WITH_SASL
+    } else if (STREQ(p->str, "sasl")) {
+        *auth = VIR_NET_SERVER_SERVICE_AUTH_SASL;
+#endif
+    } else if (STREQ(p->str, "polkit")) {
+        *auth = VIR_NET_SERVER_SERVICE_AUTH_POLKIT;
+    } else {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                       _("remoteReadConfigFile: %s: %s: unsupported auth %s"),
+                       filename, key, p->str);
        return -1;
    }

-    VIR_FREE(authstr);
    return 0;
 }

@@ -89,14 +200,16 @@ daemonConfigFilePath(bool privileged, char **configfile)

        if (virAsprintf(configfile, "%s/libvirtd.conf", configdir) < 0) {
            VIR_FREE(configdir);
-            goto error;
+            goto no_memory;
        }
        VIR_FREE(configdir);
    }

    return 0;

- error:
+no_memory:
+    virReportOOMError();
+error:
    return -1;
 }

@@ -107,8 +220,10 @@ daemonConfigNew(bool privileged ATTRIBUTE_UNUSED)
    char *localhost;
    int ret;

-    if (VIR_ALLOC(data) < 0)
+    if (VIR_ALLOC(data) < 0) {
+        virReportOOMError();
        return NULL;
+    }

    data->listen_tls = 1;
    data->listen_tcp = 0;
@@ -132,8 +247,7 @@ daemonConfigNew(bool privileged ATTRIBUTE_UNUSED)

    if (VIR_STRDUP(data->unix_sock_rw_perms,
                   data->auth_unix_rw == REMOTE_AUTH_POLKIT ? "0777" : "0700") < 0 ||
-        VIR_STRDUP(data->unix_sock_ro_perms, "0777") < 0 ||
-        VIR_STRDUP(data->unix_sock_admin_perms, "0700") < 0)
+        VIR_STRDUP(data->unix_sock_ro_perms, "0777") < 0)
        goto error;

 #if WITH_SASL
@@ -147,31 +261,21 @@ daemonConfigNew(bool privileged ATTRIBUTE_UNUSED)

    data->min_workers = 5;
    data->max_workers = 20;
-    data->max_clients = 5000;
-    data->max_queued_clients = 1000;
-    data->max_anonymous_clients = 20;
+    data->max_clients = 20;

    data->prio_workers = 5;

    data->max_requests = 20;
    data->max_client_requests = 5;

+    data->log_buffer_size = 64;
+
    data->audit_level = 1;
    data->audit_logging = 0;

    data->keepalive_interval = 5;
    data->keepalive_count = 5;
-
-    data->admin_min_workers = 5;
-    data->admin_max_workers = 20;
-    data->admin_max_clients = 5000;
-    data->admin_max_queued_clients = 20;
-    data->admin_max_client_requests = 5;
-
-    data->admin_keepalive_interval = 5;
-    data->admin_keepalive_count = 5;
-
-    data->ovs_timeout = VIR_NETDEV_OVS_DEFAULT_TIMEOUT;
+    data->keepalive_required = 0;

    localhost = virGetHostname();
    if (localhost == NULL) {
@@ -190,11 +294,13 @@ daemonConfigNew(bool privileged ATTRIBUTE_UNUSED)
    }
    VIR_FREE(localhost);
    if (ret < 0)
-        goto error;
+        goto no_memory;

    return data;

- error:
+no_memory:
+    virReportOOMError();
+error:
    daemonConfigFree(data);
    return NULL;
 }
@@ -217,7 +323,6 @@ daemonConfigFree(struct daemonConfig *data)
    }
    VIR_FREE(data->access_drivers);

-    VIR_FREE(data->unix_sock_admin_perms);
    VIR_FREE(data->unix_sock_ro_perms);
    VIR_FREE(data->unix_sock_rw_perms);
    VIR_FREE(data->unix_sock_group);
@@ -237,7 +342,6 @@ daemonConfigFree(struct daemonConfig *data)
        tmp++;
    }
    VIR_FREE(data->sasl_allowed_username_list);
-    VIR_FREE(data->tls_priority);

    VIR_FREE(data->key_file);
    VIR_FREE(data->ca_file);
@@ -245,7 +349,6 @@ daemonConfigFree(struct daemonConfig *data)
    VIR_FREE(data->crl_file);

    VIR_FREE(data->host_uuid);
-    VIR_FREE(data->host_uuid_source);
    VIR_FREE(data->log_filters);
    VIR_FREE(data->log_outputs);

@@ -257,18 +360,13 @@ daemonConfigLoadOptions(struct daemonConfig *data,
                        const char *filename,
                        virConfPtr conf)
 {
-    if (virConfGetValueBool(conf, "listen_tcp", &data->listen_tcp) < 0)
-        goto error;
-    if (virConfGetValueBool(conf, "listen_tls", &data->listen_tls) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "tls_port", &data->tls_port) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "tcp_port", &data->tcp_port) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "listen_addr", &data->listen_addr) < 0)
-        goto error;
+    GET_CONF_INT(conf, filename, listen_tcp);
+    GET_CONF_INT(conf, filename, listen_tls);
+    GET_CONF_STR(conf, filename, tls_port);
+    GET_CONF_STR(conf, filename, tcp_port);
+    GET_CONF_STR(conf, filename, listen_addr);

-    if (remoteConfigGetAuth(conf, filename, "auth_unix_rw", &data->auth_unix_rw) < 0)
+    if (remoteConfigGetAuth(conf, "auth_unix_rw", &data->auth_unix_rw, filename) < 0)
        goto error;
 #if WITH_POLKIT
    /* Change default perms to be wide-open if PolicyKit is enabled.
@@ -280,123 +378,70 @@ daemonConfigLoadOptions(struct daemonConfig *data,
            goto error;
    }
 #endif
-    if (remoteConfigGetAuth(conf, filename, "auth_unix_ro", &data->auth_unix_ro) < 0)
+    if (remoteConfigGetAuth(conf, "auth_unix_ro", &data->auth_unix_ro, filename) < 0)
        goto error;
-    if (remoteConfigGetAuth(conf, filename, "auth_tcp", &data->auth_tcp) < 0)
+    if (remoteConfigGetAuth(conf, "auth_tcp", &data->auth_tcp, filename) < 0)
        goto error;
-    if (remoteConfigGetAuth(conf, filename, "auth_tls", &data->auth_tls) < 0)
+    if (remoteConfigGetAuth(conf, "auth_tls", &data->auth_tls, filename) < 0)
        goto error;

-    if (virConfGetValueStringList(conf, "access_drivers", false,
-                                  &data->access_drivers) < 0)
+    if (remoteConfigGetStringList(conf, "access_drivers",
+                                  &data->access_drivers, filename) < 0)
        goto error;

-    if (virConfGetValueString(conf, "unix_sock_group", &data->unix_sock_group) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "unix_sock_admin_perms", &data->unix_sock_admin_perms) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "unix_sock_ro_perms", &data->unix_sock_ro_perms) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "unix_sock_rw_perms", &data->unix_sock_rw_perms) < 0)
-        goto error;
+    GET_CONF_STR(conf, filename, unix_sock_group);
+    GET_CONF_STR(conf, filename, unix_sock_ro_perms);
+    GET_CONF_STR(conf, filename, unix_sock_rw_perms);

-    if (virConfGetValueString(conf, "unix_sock_dir", &data->unix_sock_dir) < 0)
-        goto error;
+    GET_CONF_STR(conf, filename, unix_sock_dir);

-    if (virConfGetValueBool(conf, "mdns_adv", &data->mdns_adv) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "mdns_name", &data->mdns_name) < 0)
-        goto error;
+    GET_CONF_INT(conf, filename, mdns_adv);
+    GET_CONF_STR(conf, filename, mdns_name);

-    if (virConfGetValueBool(conf, "tls_no_sanity_certificate", &data->tls_no_sanity_certificate) < 0)
-        goto error;
-    if (virConfGetValueBool(conf, "tls_no_verify_certificate", &data->tls_no_verify_certificate) < 0)
-        goto error;
+    GET_CONF_INT(conf, filename, tls_no_sanity_certificate);
+    GET_CONF_INT(conf, filename, tls_no_verify_certificate);

-    if (virConfGetValueString(conf, "key_file", &data->key_file) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "cert_file", &data->cert_file) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "ca_file", &data->ca_file) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "crl_file", &data->crl_file) < 0)
-        goto error;
+    GET_CONF_STR(conf, filename, key_file);
+    GET_CONF_STR(conf, filename, cert_file);
+    GET_CONF_STR(conf, filename, ca_file);
+    GET_CONF_STR(conf, filename, crl_file);

-    if (virConfGetValueStringList(conf, "tls_allowed_dn_list", false,
-                                  &data->tls_allowed_dn_list) < 0)
+    if (remoteConfigGetStringList(conf, "tls_allowed_dn_list",
+                                  &data->tls_allowed_dn_list, filename) < 0)
        goto error;


-    if (virConfGetValueStringList(conf, "sasl_allowed_username_list", false,
-                                  &data->sasl_allowed_username_list) < 0)
+    if (remoteConfigGetStringList(conf, "sasl_allowed_username_list",
+                                  &data->sasl_allowed_username_list, filename) < 0)
        goto error;

-    if (virConfGetValueString(conf, "tls_priority", &data->tls_priority) < 0)
-        goto error;

-    if (virConfGetValueUInt(conf, "min_workers", &data->min_workers) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "max_workers", &data->max_workers) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "max_clients", &data->max_clients) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "max_queued_clients", &data->max_queued_clients) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "max_anonymous_clients", &data->max_anonymous_clients) < 0)
-        goto error;
+    GET_CONF_INT(conf, filename, min_workers);
+    GET_CONF_INT(conf, filename, max_workers);
+    GET_CONF_INT(conf, filename, max_clients);

-    if (virConfGetValueUInt(conf, "prio_workers", &data->prio_workers) < 0)
-        goto error;
+    GET_CONF_INT(conf, filename, prio_workers);

-    if (virConfGetValueUInt(conf, "max_requests", &data->max_requests) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "max_client_requests", &data->max_client_requests) < 0)
-        goto error;
+    GET_CONF_INT(conf, filename, max_requests);
+    GET_CONF_INT(conf, filename, max_client_requests);

-    if (virConfGetValueUInt(conf, "admin_min_workers", &data->admin_min_workers) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "admin_max_workers", &data->admin_max_workers) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "admin_max_clients", &data->admin_max_clients) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "admin_max_queued_clients", &data->admin_max_queued_clients) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "admin_max_client_requests", &data->admin_max_client_requests) < 0)
-        goto error;
+    GET_CONF_INT(conf, filename, audit_level);
+    GET_CONF_INT(conf, filename, audit_logging);

-    if (virConfGetValueUInt(conf, "audit_level", &data->audit_level) < 0)
-        goto error;
-    if (virConfGetValueBool(conf, "audit_logging", &data->audit_logging) < 0)
-        goto error;
+    GET_CONF_STR(conf, filename, host_uuid);

-    if (virConfGetValueString(conf, "host_uuid", &data->host_uuid) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "host_uuid_source", &data->host_uuid_source) < 0)
-        goto error;
+    GET_CONF_INT(conf, filename, log_level);
+    GET_CONF_STR(conf, filename, log_filters);
+    GET_CONF_STR(conf, filename, log_outputs);
+    GET_CONF_INT(conf, filename, log_buffer_size);

-    if (virConfGetValueUInt(conf, "log_level", &data->log_level) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "log_filters", &data->log_filters) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "log_outputs", &data->log_outputs) < 0)
-        goto error;
-
-    if (virConfGetValueInt(conf, "keepalive_interval", &data->keepalive_interval) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "keepalive_count", &data->keepalive_count) < 0)
-        goto error;
-
-    if (virConfGetValueInt(conf, "admin_keepalive_interval", &data->admin_keepalive_interval) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "admin_keepalive_count", &data->admin_keepalive_count) < 0)
-        goto error;
-
-    if (virConfGetValueUInt(conf, "ovs_timeout", &data->ovs_timeout) < 0)
-        goto error;
+    GET_CONF_INT(conf, filename, keepalive_interval);
+    GET_CONF_INT(conf, filename, keepalive_count);
+    GET_CONF_INT(conf, filename, keepalive_required);

    return 0;

- error:
+error:
    return -1;
 }

--- a/daemon/libvirtd-config.h
+++ b/daemon/libvirtd-config.h
@@ -1,7 +1,7 @@
 /*
- * libvirtd-config.h: daemon start of day, guest process & i/o management
+ * libvirtd.c: daemon start of day, guest process & i/o management
 *
- * Copyright (C) 2006-2012, 2015 Red Hat, Inc.
+ * Copyright (C) 2006-2012 Red Hat, Inc.
 * Copyright (C) 2006 Daniel P. Berrange
 *
 * This library is free software; you can redistribute it and/or
@@ -28,15 +28,13 @@

 struct daemonConfig {
    char *host_uuid;
-    char *host_uuid_source;

-    bool listen_tls;
-    bool listen_tcp;
+    int listen_tls;
+    int listen_tcp;
    char *listen_addr;
    char *tls_port;
    char *tcp_port;

-    char *unix_sock_admin_perms;
    char *unix_sock_ro_perms;
    char *unix_sock_rw_perms;
    char *unix_sock_group;
@@ -49,51 +47,39 @@ struct daemonConfig {

    char **access_drivers;

-    bool mdns_adv;
+    int mdns_adv;
    char *mdns_name;

-    bool tls_no_verify_certificate;
-    bool tls_no_sanity_certificate;
+    int tls_no_verify_certificate;
+    int tls_no_sanity_certificate;
    char **tls_allowed_dn_list;
    char **sasl_allowed_username_list;
-    char *tls_priority;

    char *key_file;
    char *cert_file;
    char *ca_file;
    char *crl_file;

-    unsigned int min_workers;
-    unsigned int max_workers;
-    unsigned int max_clients;
-    unsigned int max_queued_clients;
-    unsigned int max_anonymous_clients;
+    int min_workers;
+    int max_workers;
+    int max_clients;

-    unsigned int prio_workers;
+    int prio_workers;

-    unsigned int max_requests;
-    unsigned int max_client_requests;
+    int max_requests;
+    int max_client_requests;

-    unsigned int log_level;
+    int log_level;
    char *log_filters;
    char *log_outputs;
+    int log_buffer_size;

-    unsigned int audit_level;
-    bool audit_logging;
+    int audit_level;
+    int audit_logging;

    int keepalive_interval;
    unsigned int keepalive_count;
-
-    unsigned int admin_min_workers;
-    unsigned int admin_max_workers;
-    unsigned int admin_max_clients;
-    unsigned int admin_max_queued_clients;
-    unsigned int admin_max_client_requests;
-
-    int admin_keepalive_interval;
-    unsigned int admin_keepalive_count;
-
-    unsigned int ovs_timeout;
+    int keepalive_required;
 };


--- a/daemon/libvirtd.aug
+++ b/daemon/libvirtd.aug
@@ -13,7 +13,7 @@ module Libvirtd =

   let str_val = del /\"/ "\"" . store /[^\"]*/ . del /\"/ "\""
   let bool_val = store /0|1/
-   let int_val = store /-?[0-9]+/
+   let int_val = store /[0-9]+/
   let str_array_element = [ seq "el" . str_val ] . del /[ \t\n]*/ ""
   let str_array_val = counter "el" . array_start . ( str_array_element . ( array_sep . str_array_element ) * ) ? . array_end

@@ -35,7 +35,6 @@ module Libvirtd =
   let sock_acl_entry = str_entry "unix_sock_group"
                      | str_entry "unix_sock_ro_perms"
                      | str_entry "unix_sock_rw_perms"
-                      | str_entry "unix_sock_admin_perms"
                      | str_entry "unix_sock_dir"

   let authentication_entry = str_entry "auth_unix_ro"
@@ -53,23 +52,14 @@ module Libvirtd =
                           | str_array_entry "tls_allowed_dn_list"
                           | str_array_entry "sasl_allowed_username_list"
                           | str_array_entry "access_drivers"
-                           | str_entry "tls_priority"

   let processing_entry = int_entry "min_workers"
                        | int_entry "max_workers"
                        | int_entry "max_clients"
-                        | int_entry "max_queued_clients"
-                        | int_entry "max_anonymous_clients"
                        | int_entry "max_requests"
                        | int_entry "max_client_requests"
                        | int_entry "prio_workers"

-   let admin_processing_entry = int_entry "admin_min_workers"
-                              | int_entry "admin_max_workers"
-                              | int_entry "admin_max_clients"
-                              | int_entry "admin_max_queued_clients"
-                              | int_entry "admin_max_client_requests"
-
   let logging_entry = int_entry "log_level"
                     | str_entry "log_filters"
                     | str_entry "log_outputs"
@@ -82,13 +72,7 @@ module Libvirtd =
                       | int_entry "keepalive_count"
                       | bool_entry "keepalive_required"

-   let admin_keepalive_entry = int_entry "admin_keepalive_interval"
-                             | int_entry "admin_keepalive_count"
-                             | bool_entry "admin_keepalive_required"
-
   let misc_entry = str_entry "host_uuid"
-                  | str_entry "host_uuid_source"
-                  | int_entry "ovs_timeout"

   (* Each enty in the config is one of the following three ... *)
   let entry = network_entry
@@ -97,11 +81,9 @@ module Libvirtd =
             | certificate_entry
             | authorization_entry
             | processing_entry
-             | admin_processing_entry
             | logging_entry
             | auditing_entry
             | keepalive_entry
-             | admin_keepalive_entry
             | misc_entry
   let comment = [ label "#comment" . del /#[ \t]*/ "# " .  store /([^ \t\n][^\n]*)?/ . del /\n/ "\n" ]
   let empty = [ label "#empty" . eol ]
--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
--- a/daemon/libvirtd.conf
+++ b/daemon/libvirtd.conf
@@ -48,10 +48,6 @@
 # Override the default configuration which binds to all network
 # interfaces. This can be a numeric IPv4/6 address, or hostname
 #
-# If the libvirtd service is started in parallel with network
-# startup (e.g. with systemd), binding to addresses other than
-# the wildcards (0.0.0.0/::) might not be available yet.
-#
 #listen_addr = "192.168.0.1"


@@ -67,7 +63,7 @@
 # unique on the immediate broadcast network.
 #
 # The default is "Virtualization Host HOSTNAME", where HOSTNAME
-# is substituted for the short hostname of the machine (without domain)
+# is subsituted for the short hostname of the machine (without domain)
 #
 #mdns_name = "Virtualization Host Joe Demo"

@@ -87,8 +83,8 @@
 # Set the UNIX socket permissions for the R/O socket. This is used
 # for monitoring VM status only
 #
-# Default allows any user. If setting group ownership, you may want to
-# restrict this too.
+# Default allows any user. If setting group ownership may want to
+# restrict this to:
 #unix_sock_ro_perms = "0777"

 # Set the UNIX socket permissions for the R/W socket. This is used
@@ -98,20 +94,12 @@
 # the default will change to allow everyone (eg, 0777)
 #
 # If not using PolicyKit and setting group ownership for access
-# control, then you may want to relax this too.
+# control then you may want to relax this to:
 #unix_sock_rw_perms = "0770"

-# Set the UNIX socket permissions for the admin interface socket.
-#
-# Default allows only owner (root), do not change it unless you are
-# sure to whom you are exposing the access to.
-#unix_sock_admin_perms = "0700"
-
 # Set the name of the directory in which sockets will be found/created.
 #unix_sock_dir = "/var/run/libvirt"

-
-
 #################################################################
 #
 # Authentication.
@@ -125,7 +113,7 @@
 #  - sasl: use SASL infrastructure. The actual auth scheme is then
 #          controlled from /etc/sasl2/libvirt.conf. For the TCP
 #          socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
-#          For non-TCP or TLS sockets, any scheme is allowed.
+#          For non-TCP or TLS sockets,  any scheme is allowed.
 #
 #  - polkit: use PolicyKit to authenticate. This is only suitable
 #            for use on the UNIX sockets. The default policy will
@@ -228,7 +216,7 @@
 #tls_no_verify_certificate = 1


-# A whitelist of allowed x509 Distinguished Names
+# A whitelist of allowed x509  Distinguished Names
 # This list may contain wildcards such as
 #
 #    "C=GB,ST=London,L=London,O=Red Hat,CN=*"
@@ -242,7 +230,7 @@
 #tls_allowed_dn_list = ["DN1", "DN2"]


-# A whitelist of allowed SASL usernames. The format for username
+# A whitelist of allowed SASL usernames. The format for usernames
 # depends on the SASL authentication mechanism. Kerberos usernames
 # look like username@REALM
 #
@@ -259,13 +247,6 @@
 #sasl_allowed_username_list = ["joe@EXAMPLE.COM", "fred@EXAMPLE.COM" ]


-# Override the compile time default TLS priority string. The
-# default is usually "NORMAL" unless overridden at build time.
-# Only set this is it is desired for libvirt to deviate from
-# the global default settings.
-#
-#tls_priority="NORMAL"
-

 #################################################################
 #
@@ -274,18 +255,8 @@

 # The maximum number of concurrent client connections to allow
 # over all sockets combined.
-#max_clients = 5000
+#max_clients = 20

-# The maximum length of queue of connections waiting to be
-# accepted by the daemon. Note, that some protocols supporting
-# retransmission may obey this so that a later reattempt at
-# connection succeeds.
-#max_queued_clients = 1000
-
-# The maximum length of queue of accepted but not yet
-# authenticated clients. The default value is 20. Set this to
-# zero to turn this feature off.
-#max_anonymous_clients = 20

 # The minimum limit sets the number of workers to start up
 # initially. If the number of active clients exceeds this,
@@ -297,13 +268,13 @@


 # The number of priority workers. If all workers from above
-# pool are stuck, some calls marked as high priority
+# pool will stuck, some calls marked as high priority
 # (notably domainDestroy) can be executed in this pool.
 #prio_workers = 5

 # Total global limit on concurrent RPC calls. Should be
 # at least as large as max_workers. Beyond this, RPC requests
-# will be read into memory and queued. This directly impacts
+# will be read into memory and queued. This directly impact
 # memory usage, currently each request requires 256 KB of
 # memory. So by default up to 5 MB of memory is used
 #
@@ -317,16 +288,6 @@
 # and max_workers parameter
 #max_client_requests = 5

-# Same processing controls, but this time for the admin interface.
-# For description of each option, be so kind to scroll few lines
-# upwards.
-
-#admin_min_workers = 1
-#admin_max_workers = 5
-#admin_max_clients = 5
-#admin_max_queued_clients = 5
-#admin_max_client_requests = 5
-
 #################################################################
 #
 # Logging controls
@@ -334,10 +295,6 @@

 # Logging level: 4 errors, 3 warnings, 2 information, 1 debug
 # basically 1 will log everything possible
-# Note: Journald may employ rate limiting of the messages logged
-# and thus lock up the libvirt daemon. To use the debug level with
-# journald you have to specify it explicitly in 'log_outputs', otherwise
-# only information level messages will be logged.
 #log_level = 3

 # Logging filters:
@@ -346,22 +303,16 @@
 # The format for a filter is one of:
 #    x:name
 #    x:+name
-
-#      where name is a string which is matched against the category
-#      given in the VIR_LOG_INIT() at the top of each libvirt source
-#      file, e.g., "remote", "qemu", or "util.json" (the name in the
-#      filter can be a substring of the full category name, in order
-#      to match multiple similar categories), the optional "+" prefix
-#      tells libvirt to log stack trace for each message matching
-#      name, and x is the minimal level where matching messages should
-#      be logged:
-
+#      where name is a string which is matched against source file name,
+#      e.g., "remote", "qemu", or "util/json", the optional "+" prefix
+#      tells libvirt to log stack trace for each message matching name,
+#      and x is the minimal level where matching messages should be logged:
 #    1: DEBUG
 #    2: INFO
 #    3: WARNING
 #    4: ERROR
 #
-# Multiple filters can be defined in a single @filters, they just need to be
+# Multiple filter can be defined in a single @filters, they just need to be
 # separated by spaces.
 #
 # e.g. to only get warning or errors from the remote layer and only errors
@@ -377,24 +328,22 @@
 #      use syslog for the output and use the given name as the ident
 #    x:file:file_path
 #      output to a file, with the given filepath
-#    x:journald
-#      output to journald logging system
 # In all case the x prefix is the minimal level, acting as a filter
 #    1: DEBUG
 #    2: INFO
 #    3: WARNING
 #    4: ERROR
 #
-# Multiple outputs can be defined, they just need to be separated by spaces.
+# Multiple output can be defined, they just need to be separated by spaces.
 # e.g. to log all warnings and errors to syslog under the libvirtd ident:
 #log_outputs="3:syslog:libvirtd"
 #

-# Log debug buffer size:
-#
-# This configuration option is no longer used, since the global
-# log buffer functionality has been removed. Please configure
-# suitable log_outputs/log_filters settings to obtain logs.
+# Log debug buffer size: default 64
+# The daemon keeps an internal debug log buffer which will be dumped in case
+# of crash or upon receiving a SIGUSR2 signal. This setting allows to override
+# the default buffer size in kilobytes.
+# If value is 0 or less the debug log buffer is deactivated
 #log_buffer_size = 64


@@ -417,16 +366,10 @@

 ###################################################################
 # UUID of the host:
-# Host UUID is read from one of the sources specified in host_uuid_source.
-#
-# - 'smbios': fetch the UUID from 'dmidecode -s system-uuid'
-# - 'machine-id': fetch the UUID from /etc/machine-id
-#
-# The host_uuid_source default is 'smbios'. If 'dmidecode' does not provide
-# a valid UUID a temporary UUID will be generated.
-#
-# Another option is to specify host UUID in host_uuid.
-#
+# Provide the UUID of the host here in case the command
+# 'dmidecode -s system-uuid' does not provide a valid uuid. In case
+# 'dmidecode' does not provide a valid UUID and none is provided here, a
+# temporary UUID will be generated.
 # Keep the format of the example UUID below. UUID must not have all digits
 # be the same.

@@ -434,12 +377,11 @@
 # it with the output of the 'uuidgen' command and then
 # uncomment this entry
 #host_uuid = "00000000-0000-0000-0000-000000000000"
-#host_uuid_source = "smbios"

 ###################################################################
 # Keepalive protocol:
 # This allows libvirtd to detect broken client connections or even
-# dead clients.  A keepalive message is sent to a client after
+# dead client.  A keepalive message is sent to a client after
 # keepalive_interval seconds of inactivity to check if the client is
 # still responding; keepalive_count is a maximum number of keepalive
 # messages that are allowed to be sent to the client without getting
@@ -448,31 +390,15 @@
 # keepalive_interval * (keepalive_count + 1) seconds since the last
 # message received from the client.  If keepalive_interval is set to
 # -1, libvirtd will never send keepalive requests; however clients
-# can still send them and the daemon will send responses.  When
+# can still send them and the deamon will send responses.  When
 # keepalive_count is set to 0, connections will be automatically
 # closed after keepalive_interval seconds of inactivity without
 # sending any keepalive messages.
 #
 #keepalive_interval = 5
 #keepalive_count = 5
-
 #
-# These configuration options are no longer used.  There is no way to
-# restrict such clients from connecting since they first need to
-# connect in order to ask for keepalive.
+# If set to 1, libvirtd will refuse to talk to clients that do not
+# support keepalive protocol.  Defaults to 0.
 #
 #keepalive_required = 1
-#admin_keepalive_required = 1
-
-# Keepalive settings for the admin interface
-#admin_keepalive_interval = 5
-#admin_keepalive_count = 5
-
-###################################################################
-# Open vSwitch:
-# This allows to specify a timeout for openvswitch calls made by
-# libvirt. The ovs-vsctl utility is used for the configuration and
-# its timeout option is set by default to 5 seconds to avoid
-# potential infinite waits blocking libvirt.
-#
-#ovs_timeout = 5
--- a/daemon/libvirtd.h
+++ b/daemon/libvirtd.h
@@ -1,7 +1,7 @@
 /*
 * libvirtd.h: daemon data structure definitions
 *
- * Copyright (C) 2006-2015 Red Hat, Inc.
+ * Copyright (C) 2006-2013 Red Hat, Inc.
 * Copyright (C) 2006 Daniel P. Berrange
 *
 * This library is free software; you can redistribute it and/or
@@ -30,11 +30,10 @@
 # include <rpc/types.h>
 # include <rpc/xdr.h>
 # include "remote_protocol.h"
-# include "admin_protocol.h"
 # include "lxc_protocol.h"
 # include "qemu_protocol.h"
+# include "virlog.h"
 # include "virthread.h"
-
 # if WITH_SASL
 #  include "virnetsaslcontext.h"
 # endif
@@ -44,29 +43,13 @@ typedef struct daemonClientStream daemonClientStream;
 typedef daemonClientStream *daemonClientStreamPtr;
 typedef struct daemonClientPrivate daemonClientPrivate;
 typedef daemonClientPrivate *daemonClientPrivatePtr;
-typedef struct daemonAdmClientPrivate daemonAdmClientPrivate;
-typedef daemonAdmClientPrivate *daemonAdmClientPrivatePtr;
-typedef struct daemonClientEventCallback daemonClientEventCallback;
-typedef daemonClientEventCallback *daemonClientEventCallbackPtr;

 /* Stores the per-client connection state */
 struct daemonClientPrivate {
    /* Hold while accessing any data except conn */
    virMutex lock;

-    daemonClientEventCallbackPtr *domainEventCallbacks;
-    size_t ndomainEventCallbacks;
-    daemonClientEventCallbackPtr *networkEventCallbacks;
-    size_t nnetworkEventCallbacks;
-    daemonClientEventCallbackPtr *qemuEventCallbacks;
-    size_t nqemuEventCallbacks;
-    daemonClientEventCallbackPtr *storageEventCallbacks;
-    size_t nstorageEventCallbacks;
-    daemonClientEventCallbackPtr *nodeDeviceEventCallbacks;
-    size_t nnodeDeviceEventCallbacks;
-    daemonClientEventCallbackPtr *secretEventCallbacks;
-    size_t nsecretEventCallbacks;
-    bool closeRegistered;
+    int domainEventCallbackID[VIR_DOMAIN_EVENT_ID_LAST];

 # if WITH_SASL
    virNetSASLSessionPtr sasl;
@@ -79,14 +62,7 @@ struct daemonClientPrivate {
    virConnectPtr conn;

    daemonClientStreamPtr streams;
-};
-
-/* Separate private data for admin connection */
-struct daemonAdmClientPrivate {
-    /* Just a placeholder, not that there is anything to be locked */
-    virMutex lock;
-
-    virNetDaemonPtr dmn;
+    bool keepalive_supported;
 };

 # if WITH_SASL
--- a/daemon/libvirtd.init.in
+++ b/daemon/libvirtd.init.in
@@ -1,16 +1,17 @@
 #!/bin/sh

 # the following is the LSB init header see
-# http://refspecs.linuxfoundation.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic/initscrcomconv.html
+# http://www.linux-foundation.org/spec//booksets/LSB-Core-generic/LSB-Core-generic.html#INITSCRCOMCONV
 #
 ### BEGIN INIT INFO
 # Provides: libvirtd
-# Default-Start: 3 4 5
-# Default-Stop: 0 1 2 6
-# Required-Start: $network messagebus virtlogd
+# Required-Start: $network messagebus
+# Should-Start: $named
+# Should-Start: xend
+# Should-Start: avahi-daemon
 # Required-Stop: $network messagebus
-# Should-Start: $named xend avahi-daemon virtlockd
 # Should-Stop: $named
+# Default-Start: 3 4 5
 # Short-Description: daemon for libvirt virtualization API
 # Description: This is a daemon for managing guest instances
 #              and libvirt virtual networks
--- a/daemon/libvirtd.libxl.logrotate.in
+++ b/daemon/libvirtd.libxl.logrotate.in
@@ -1,9 +0,0 @@
-@localstatedir@/log/libvirt/libxl/*.log {
-        weekly
-        missingok
-        rotate 4
-        compress
-        delaycompress
-        copytruncate
-        minsize 100k
-}
--- a/daemon/libvirtd.pod
+++ b/daemon/libvirtd.pod
@@ -1,206 +0,0 @@
-=head1 NAME
-
-libvirtd - libvirtd management daemon
-
-=head1 SYNOPSIS
-
-B<libvirtd> [I<OPTION>]...
-
-=head1 DESCRIPTION
-
-The B<libvirtd> program is the server side daemon component of the libvirt
-virtualization management system.
-
-This daemon runs on host servers and performs required management tasks for
-virtualized guests.  This includes activities such as starting, stopping
-and migrating guests between host servers, configuring and manipulating
-networking, and managing storage for use by guests.
-
-The libvirt client libraries and utilities connect to this daemon to issue
-tasks and collect information about the configuration and resources of the host
-system and guests.
-
-By default, the libvirtd daemon listens for requests on a local Unix domain
-socket.  Using the B<-l>|B<--listen> command line option, the libvirtd daemon
-can be instructed to additionally listen on a TCP/IP socket.  The TCP/IP socket
-to use is defined in the libvirtd configuration file.
-
-Restarting libvirtd does not impact running guests.  Guests continue to operate
-and will be picked up automatically if their XML configuration has been
-defined.  Any guests whose XML configuration has not been defined will be lost
-from the configuration.
-
-=head1 OPTIONS
-
-=over
-
-=item B<-h, --help>
-
-Display command line help usage then exit.
-
-=item B<-d, --daemon>
-
-Run as a daemon & write PID file.
-
-=item B<-f, --config> I<FILE>
-
-Use this configuration file, overriding the default value.
-
-=item B<-l, --listen>
-
-Listen for TCP/IP connections.
-
-=item B<-p, --pid-file> I<FILE>
-
-Use this name for the PID file, overriding the default value.
-
-=item B<-t, --timeout> I<SECONDS>
-
-Exit after timeout period (in seconds) elapse with no client connections
-or registered resources.  Be aware that resources such as autostart
-networks will result in never reaching the timeout, even when there are
-no client connections.
-
-=item B<-v, --verbose>
-
-Enable output of verbose messages.
-
-=item B<    --version>
-
-Display version information then exit.
-
-=back
-
-=head1 SIGNALS
-
-On receipt of B<SIGHUP> libvirtd will reload its configuration.
-
-=head1 FILES
-
-=head2 When run as B<root>.
-
-=over
-
-=item F<SYSCONFDIR/libvirt/libvirtd.conf>
-
-The default configuration file used by libvirtd, unless overridden on the
-command line using the B<-f>|B<--config> option.
-
-=item F<LOCALSTATEDIR/run/libvirt/libvirt-sock>
-
-=item F<LOCALSTATEDIR/run/libvirt/libvirt-sock-ro>
-
-The sockets libvirtd will use.
-
-=item F<SYSCONFDIR/pki/CA/cacert.pem>
-
-The TLS B<Certificate Authority> certificate libvirtd will use.
-
-=item F<SYSCONFDIR/pki/libvirt/servercert.pem>
-
-The TLS B<Server> certificate libvirtd will use.
-
-=item F<SYSCONFDIR/pki/libvirt/private/serverkey.pem>
-
-The TLS B<Server> private key libvirtd will use.
-
-=item F<LOCALSTATEDIR/run/libvirtd.pid>
-
-The PID file to use, unless overridden by the B<-p>|B<--pid-file> option.
-
-=back
-
-=head2 When run as B<non-root>.
-
-=over
-
-=item F<$XDG_CONFIG_HOME/libvirt/libvirtd.conf>
-
-The default configuration file used by libvirtd, unless overridden on the
-command line using the B<-f>|B<--config> option.
-
-=item F<$XDG_RUNTIME_DIR/libvirt/libvirt-sock>
-
-The socket libvirtd will use.
-
-=item F<$HOME/.pki/libvirt/cacert.pem>
-
-The TLS B<Certificate Authority> certificate libvirtd will use.
-
-=item F<$HOME/.pki/libvirt/servercert.pem>
-
-The TLS B<Server> certificate libvirtd will use.
-
-=item F<$HOME/.pki/libvirt/serverkey.pem>
-
-The TLS B<Server> private key libvirtd will use.
-
-=item F<$XDG_RUNTIME_DIR/libvirt/libvirtd.pid>
-
-The PID file to use, unless overridden by the B<-p>|B<--pid-file> option.
-
-=item If $XDG_CONFIG_HOME is not set in your environment, libvirtd will use F<$HOME/.config>
-
-=item If $XDG_RUNTIME_DIR is not set in your environment, libvirtd will use F<$HOME/.cache>
-
-=back
-
-=head1 EXAMPLES
-
-To retrieve the version of libvirtd:
-
- # libvirtd --version
- libvirtd (libvirt) 0.8.2
- #
-
-To start libvirtd, instructing it to daemonize and create a PID file:
-
- # libvirtd -d
- # ls -la LOCALSTATEDIR/run/libvirtd.pid
- -rw-r--r-- 1 root root 6 Jul  9 02:40 LOCALSTATEDIR/run/libvirtd.pid
- #
-
-=head1 BUGS
-
-Please report all bugs you discover.  This should be done via either:
-
-=over
-
-=item a) the mailing list
-
-L<http://libvirt.org/contact.html>
-
-=item or,
-
-B<>
-
-=item b) the bug tracker
-
-L<http://libvirt.org/bugs.html>
-
-=item Alternatively, you may report bugs to your software distributor / vendor.
-
-=back
-
-=head1 AUTHORS
-
-Please refer to the AUTHORS file distributed with libvirt.
-
-=head1 COPYRIGHT
-
-Copyright (C) 2006-2012 Red Hat, Inc., and the authors listed in the
-libvirt AUTHORS file.
-
-=head1 LICENSE
-
-libvirtd is distributed under the terms of the GNU LGPL v2.1+.
-This is free software; see the source for copying conditions. There
-is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
-PURPOSE
-
-=head1 SEE ALSO
-
-L<virsh(1)>, L<virt-install(1)>, L<virt-xml-validate(1)>, L<virt-top(1)>,
-L<virt-df(1)>, L<http://www.libvirt.org/>
-
-=cut
--- a/daemon/libvirtd.pod.in
+++ b/daemon/libvirtd.pod.in
@@ -0,0 +1,204 @@
+=head1 NAME
+
+libvirtd - libvirtd management daemon
+
+=head1 SYNOPSIS
+
+B<libvirtd> [ -dlv ] [ -f config_file ] [ -p pid_file ] [ -t timeout_seconds ]
+
+B<libvirtd> --version
+
+=head1 DESCRIPTION
+
+The B<libvirtd> program is the server side daemon component of the libvirt
+virtualization management system.
+
+This daemon runs on host servers and performs required management tasks for
+virtualized guests.  This includes activities such as starting, stopping
+and migrating guests between host servers, configuring and manipulating
+networking, and managing storage for use by guests.
+
+The libvirt client libraries and utilities connect to this daemon to issue
+tasks and collect information about the configuration and resources of the host
+system and guests.
+
+By default, the libvirtd daemon listens for requests on a local Unix domain
+socket.  Using the B<-l>|B<--listen> command line option, the libvirtd daemon
+can be instructed to additionally listen on a TCP/IP socket.  The TCP/IP socket
+to use is defined in the libvirtd configuration file.
+
+Restarting libvirtd does not impact running guests.  Guests continue to operate
+and will be picked up automatically if their XML configuration has been
+defined.  Any guests whose XML configuration has not been defined will be lost
+from the configuration.
+
+=head1 OPTIONS
+
+=over
+
+=item B<-d, --daemon>
+
+Run as a daemon & write PID file.
+
+=item B<-f, --config> I<FILE>
+
+Use this configuration file, overriding the default value.
+
+=item B<-l, --listen>
+
+Listen for TCP/IP connections.
+
+=item B<-p, --pid-file> I<FILE>
+
+Use this name for the PID file, overriding the default value.
+
+=item B<-t, --timeout> I<SECONDS>
+
+Exit after timeout period (in seconds) elapse with no client connections
+or registered resources.  Be aware that resources such as autostart
+networks will result in never reaching the timeout, even when there are
+no client connections.
+
+=item B<-v, --verbose>
+
+Enable output of verbose messages.
+
+=item B<    --version>
+
+Display version information then exit.
+
+=back
+
+=head1 SIGNALS
+
+On receipt of B<SIGHUP> libvirtd will reload its configuration.
+
+=head1 FILES
+
+=head2 When run as B<root>.
+
+=over
+
+=item F<SYSCONFDIR/libvirtd.conf>
+
+The default configuration file used by libvirtd, unless overridden on the
+command line using the B<-f>|B<--config> option.
+
+=item F<LOCALSTATEDIR/run/libvirt/libvirt-sock>
+
+=item F<LOCALSTATEDIR/run/libvirt/libvirt-sock-ro>
+
+The sockets libvirtd will use.
+
+=item F<SYSCONFDIR/pki/CA/cacert.pem>
+
+The TLS B<Certificate Authority> certificate libvirtd will use.
+
+=item F<SYSCONFDIR/pki/libvirt/servercert.pem>
+
+The TLS B<Server> certificate libvirtd will use.
+
+=item F<SYSCONFDIR/pki/libvirt/private/serverkey.pem>
+
+The TLS B<Server> private key libvirtd will use.
+
+=item F<LOCALSTATEDIR/run/libvirtd.pid>
+
+The PID file to use, unless overridden by the B<-p>|B<--pid-file> option.
+
+=back
+
+=head2 When run as B<non-root>.
+
+=over
+
+=item F<$XDG_CONFIG_HOME/libvirtd.conf>
+
+The default configuration file used by libvirtd, unless overridden on the
+command line using the B<-f>|B<--config> option.
+
+=item F<$XDG_RUNTIME_DIR/libvirt/libvirt-sock>
+
+The socket libvirtd will use.
+
+=item F<$HOME/.pki/libvirt/cacert.pem>
+
+The TLS B<Certificate Authority> certificate libvirtd will use.
+
+=item F<$HOME/.pki/libvirt/servercert.pem>
+
+The TLS B<Server> certificate libvirtd will use.
+
+=item F<$HOME/.pki/libvirt/serverkey.pem>
+
+The TLS B<Server> private key libvirtd will use.
+
+=item F<$XDG_RUNTIME_DIR/libvirt/libvirtd.pid>
+
+The PID file to use, unless overridden by the B<-p>|B<--pid-file> option.
+
+=item If $XDG_CONFIG_HOME is not set in your environment, libvirtd will use F<$HOME/.config>
+
+=item If $XDG_RUNTIME_DIR is not set in your environment, libvirtd will use F<$HOME/.cache>
+
+=back
+
+=head1 EXAMPLES
+
+To retrieve the version of libvirtd:
+
+ # libvirtd --version
+ libvirtd (libvirt) 0.8.2
+ #
+
+To start libvirtd, instructing it to daemonize and create a PID file:
+
+ # libvirtd -d
+ # ls -la LOCALSTATEDIR/run/libvirtd.pid
+ -rw-r--r-- 1 root root 6 Jul  9 02:40 LOCALSTATEDIR/run/libvirtd.pid
+ #
+
+=head1 BUGS
+
+Please report all bugs you discover.  This should be done via either:
+
+=over
+
+=item a) the mailing list
+
+L<http://libvirt.org/contact.html>
+
+=item or,
+
+B<>
+
+=item b) the bug tracker
+
+L<http://libvirt.org/bugs.html>
+
+=item Alternatively, you may report bugs to your software distributor / vendor.
+
+=back
+
+=head1 AUTHORS
+
+Please refer to the AUTHORS file distributed with libvirt.
+
+=head1 COPYRIGHT
+
+Copyright (C) 2006-2012 Red Hat, Inc., and the authors listed in the
+libvirt AUTHORS file.
+
+=head1 LICENSE
+
+libvirtd is distributed under the terms of the GNU LGPL v2.1+.
+This is free software; see the source for copying conditions. There
+is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
+PURPOSE
+
+=head1 SEE ALSO
+
+L<virsh(1)>, L<virt-install(1)>, L<virt-xml-validate(1)>, L<virt-top(1)>,
+L<virt-df(1)>, L<http://www.libvirt.org/>
+
+=cut
--- a/daemon/libvirtd.sasl
+++ b/daemon/libvirtd.sasl
@@ -1,45 +1,31 @@
-# If you want to use the non-TLS socket, then you *must* pick a
-# mechanism which provides session encryption as well as
-# authentication.
+# If you want to use the non-TLS socket, then you *must* include
+# the GSSAPI or DIGEST-MD5 mechanisms, because they are the only
+# ones that can offer session encryption as well as authentication.
 #
-# If you are only using TLS, then you can turn on any mechanisms
+# If you're only using TLS, then you can turn on any mechanisms
 # you like for authentication, because TLS provides the encryption
 #
-# If you are only using UNIX, sockets then encryption is not
-# required at all.
-#
-# Since SASL is the default for the libvirtd non-TLS socket, we
-# pick a strong mechanism by default.
-#
-# NB, previously DIGEST-MD5 was set as the default mechanism for
-# libvirt. Per RFC 6331 this is vulnerable to many serious security
-# flaws and should no longer be used. Thus GSSAPI is now the default.
-#
-# To use GSSAPI requires that a libvirtd service principal is
-# added to the Kerberos server for each host running libvirtd.
-# This principal needs to be exported to the keytab file listed below
-mech_list: gssapi
-
-# If using a TLS socket or UNIX socket only, it is possible to
-# enable plugins which don't provide session encryption. The
-# 'scram-sha-1' plugin allows plain username/password authentication
-# to be performed
-#
-#mech_list: scram-sha-1
+# Default to a simple username+password mechanism
+mech_list: digest-md5

+# Before you can use GSSAPI, you need a service principle on the
+# KDC server for libvirt, and that to be exported to the keytab
+# file listed below
+#mech_list: gssapi
 #
 # You can also list many mechanisms at once, then the user can choose
 # by adding  '?auth=sasl.gssapi' to their libvirt URI, eg
 #   qemu+tcp://hostname/system?auth=sasl.gssapi
-#mech_list: scram-sha-1 gssapi
+#mech_list: digest-md5 gssapi

 # Some older builds of MIT kerberos on Linux ignore this option &
 # instead need KRB5_KTNAME env var.
 # For modern Linux, and other OS, this should be sufficient
 #
-keytab: /etc/libvirt/krb5.tab
+# There is no default value here, uncomment if you need this
+#keytab: /etc/libvirt/krb5.tab

-# If using scram-sha-1 for username/passwds, then this is the file
+# If using digest-md5 for username/passwds, then this is the file
 # containing the passwds. Use 'saslpasswd2 -a libvirt [username]'
-# to add entries, and 'sasldblistusers2 -f [sasldb_path]' to browse it
-#sasldb_path: /etc/libvirt/passwd.db
+# to add entries, and 'sasldblistusers2 -a libvirt' to browse it
+sasldb_path: /etc/libvirt/passwd.db
--- a/daemon/libvirtd.service.in
+++ b/daemon/libvirtd.service.in
@@ -5,37 +5,18 @@

 [Unit]
 Description=Virtualization daemon
-Requires=virtlogd.socket
-Requires=virtlockd.socket
 Before=libvirt-guests.service
 After=network.target
 After=dbus.service
 After=iscsid.service
-After=apparmor.service
-After=local-fs.target
-After=remote-fs.target
-Documentation=man:libvirtd(8)
-Documentation=http://libvirt.org

 [Service]
-Type=notify
 EnvironmentFile=-/etc/sysconfig/libvirtd
 ExecStart=@sbindir@/libvirtd $LIBVIRTD_ARGS
 ExecReload=/bin/kill -HUP $MAINPID
 KillMode=process
-Restart=on-failure
-# At least 1 FD per guest, often 2 (eg qemu monitor + qemu agent).
-# eg if we want to support 4096 guests, we'll typically need 8192 FDs
-# If changing this, also consider virtlogd.service & virtlockd.service
-# limits which are also related to number of guests
-LimitNOFILE=8192
-# The cgroups pids controller can limit the number of tasks started by
-# the daemon, which can limit the number of domains for some hypervisors.
-# A conservative default of 8 tasks per guest results in a TasksMax of
-# 32k to support 4096 guests.
-TasksMax=32768
+# Override the maximum number of opened files
+#LimitNOFILE=2048

 [Install]
 WantedBy=multi-user.target
-Also=virtlockd.socket
-Also=virtlogd.socket
--- a/daemon/libvirtd.sysconf
+++ b/daemon/libvirtd.sysconf
@@ -20,14 +20,5 @@
 #
 #SDL_AUDIODRIVER=pulse

-# Override the maximum number of opened files.
-# This only works with traditional init scripts.
-# In the systemd world, the limit can only be changed by overriding
-# LimitNOFILE for libvirtd.service. To do that, just create a *.conf
-# file in /etc/systemd/system/libvirtd.service.d/ (for example
-# /etc/systemd/system/libvirtd.service.d/openfiles.conf) and write
-# the following two lines in it:
-#   [Service]
-#   LimitNOFILE=2048
-#
+# Override the maximum number of opened files
 #LIBVIRTD_NOFILES_LIMIT=2048
--- a/daemon/remote.c
+++ b/daemon/remote.c
--- a/daemon/stream.c
+++ b/daemon/stream.c
@@ -1,7 +1,7 @@
 /*
 * stream.c: APIs for managing client streams
 *
- * Copyright (C) 2009-2014 Red Hat, Inc.
+ * Copyright (C) 2009, 2011 Red Hat, Inc.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -29,12 +29,9 @@
 #include "virlog.h"
 #include "virnetserverclient.h"
 #include "virerror.h"
-#include "libvirt_internal.h"

 #define VIR_FROM_THIS VIR_FROM_STREAMS

-VIR_LOG_INIT("daemon.stream");
-
 struct daemonClientStream {
    daemonClientPrivatePtr priv;
    int refs;
@@ -43,18 +40,15 @@ struct daemonClientStream {

    virStreamPtr st;
    int procedure;
-    unsigned int serial;
+    int serial;

-    bool recvEOF;
-    bool closed;
+    unsigned int recvEOF : 1;
+    unsigned int closed : 1;

    int filterID;

    virNetMessagePtr rx;
-    bool tx;
-
-    bool allowSkip;
-    size_t dataLen; /* How much data is there remaining until we see a hole */
+    int tx;

    daemonClientStreamPtr next;
 };
@@ -80,8 +74,6 @@ static void
 daemonStreamUpdateEvents(daemonClientStream *stream)
 {
    int newEvents = 0;
-    if (stream->closed)
-        return;
    if (stream->rx)
        newEvents |= VIR_STREAM_EVENT_WRITABLE;
    if (stream->tx && !stream->recvEOF)
@@ -98,14 +90,14 @@ daemonStreamUpdateEvents(daemonClientStream *stream)
 * fast stream, but slow client
 */
 static void
-daemonStreamMessageFinished(virNetMessagePtr msg,
+daemonStreamMessageFinished(virNetMessagePtr msg ATTRIBUTE_UNUSED,
                            void *opaque)
 {
    daemonClientStream *stream = opaque;
-    VIR_DEBUG("stream=%p proc=%d serial=%u",
+    VIR_DEBUG("stream=%p proc=%d serial=%d",
              stream, msg->header.proc, msg->header.serial);

-    stream->tx = true;
+    stream->tx = 1;
    daemonStreamUpdateEvents(stream);

    daemonFreeClientStream(NULL, stream);
@@ -203,8 +195,8 @@ daemonStreamEvent(virStreamPtr st, int events, void *opaque)
        (events & VIR_STREAM_EVENT_HANGUP)) {
        virNetMessagePtr msg;
        events &= ~(VIR_STREAM_EVENT_HANGUP);
-        stream->tx = false;
-        stream->recvEOF = true;
+        stream->tx = 0;
+        stream->recvEOF = 1;
        if (!(msg = virNetMessageNew(false))) {
            daemonRemoveClientStream(client, stream);
            virNetServerClientClose(client);
@@ -231,23 +223,17 @@ daemonStreamEvent(virStreamPtr st, int events, void *opaque)
        int ret;
        virNetMessagePtr msg;
        virNetMessageError rerr;
-        virErrorPtr origErr = virSaveLastError();

        memset(&rerr, 0, sizeof(rerr));
-        stream->closed = true;
+        stream->closed = 1;
        virStreamEventRemoveCallback(stream->st);
        virStreamAbort(stream->st);
-        if (origErr && origErr->code != VIR_ERR_OK) {
-            virSetError(origErr);
-        } else {
-            if (events & VIR_STREAM_EVENT_HANGUP)
-                virReportError(VIR_ERR_RPC,
-                               "%s", _("stream had unexpected termination"));
-            else
-                virReportError(VIR_ERR_RPC,
-                               "%s", _("stream had I/O failure"));
-        }
-        virFreeError(origErr);
+        if (events & VIR_STREAM_EVENT_HANGUP)
+            virReportError(VIR_ERR_RPC,
+                           "%s", _("stream had unexpected termination"));
+        else
+            virReportError(VIR_ERR_RPC,
+                           "%s", _("stream had I/O failure"));

        msg = virNetMessageNew(false);
        if (!msg) {
@@ -272,7 +258,7 @@ daemonStreamEvent(virStreamPtr st, int events, void *opaque)
        daemonStreamUpdateEvents(stream);
    }

- cleanup:
+cleanup:
    virMutexUnlock(&priv->lock);
 }

@@ -295,8 +281,7 @@ daemonStreamFilter(virNetServerClientPtr client ATTRIBUTE_UNUSED,

    virMutexLock(&stream->priv->lock);

-    if (msg->header.type != VIR_NET_STREAM &&
-        msg->header.type != VIR_NET_STREAM_HOLE)
+    if (msg->header.type != VIR_NET_STREAM)
        goto cleanup;

    if (!virNetServerProgramMatches(stream->prog, msg))
@@ -306,7 +291,7 @@ daemonStreamFilter(virNetServerClientPtr client ATTRIBUTE_UNUSED,
        msg->header.serial != stream->serial)
        goto cleanup;

-    VIR_DEBUG("Incoming client=%p, rx=%p, serial=%u, proc=%d, status=%d",
+    VIR_DEBUG("Incoming client=%p, rx=%p, serial=%d, proc=%d, status=%d",
              client, stream->rx, msg->header.proc,
              msg->header.serial, msg->header.status);

@@ -314,7 +299,7 @@ daemonStreamFilter(virNetServerClientPtr client ATTRIBUTE_UNUSED,
    daemonStreamUpdateEvents(stream);
    ret = 1;

- cleanup:
+cleanup:
    virMutexUnlock(&stream->priv->lock);
    return ret;
 }
@@ -332,17 +317,18 @@ daemonClientStream *
 daemonCreateClientStream(virNetServerClientPtr client,
                         virStreamPtr st,
                         virNetServerProgramPtr prog,
-                         virNetMessageHeaderPtr header,
-                         bool allowSkip)
+                         virNetMessageHeaderPtr header)
 {
    daemonClientStream *stream;
    daemonClientPrivatePtr priv = virNetServerClientGetPrivateData(client);

-    VIR_DEBUG("client=%p, proc=%d, serial=%u, st=%p",
+    VIR_DEBUG("client=%p, proc=%d, serial=%d, st=%p",
              client, header->proc, header->serial, st);

-    if (VIR_ALLOC(stream) < 0)
+    if (VIR_ALLOC(stream) < 0) {
+        virReportOOMError();
        return NULL;
+    }

    stream->refs = 1;
    stream->priv = priv;
@@ -351,7 +337,6 @@ daemonCreateClientStream(virNetServerClientPtr client,
    stream->serial = header->serial;
    stream->filterID = -1;
    stream->st = st;
-    stream->allowSkip = allowSkip;

    return stream;
 }
@@ -375,7 +360,7 @@ int daemonFreeClientStream(virNetServerClientPtr client,
    if (stream->refs)
        return 0;

-    VIR_DEBUG("client=%p, proc=%d, serial=%u",
+    VIR_DEBUG("client=%p, proc=%d, serial=%d",
              client, stream->procedure, stream->serial);

    virObjectUnref(stream->prog);
@@ -398,7 +383,7 @@ int daemonFreeClientStream(virNetServerClientPtr client,
        msg = tmp;
    }

-    virObjectUnref(stream->st);
+    virStreamFree(stream->st);
    VIR_FREE(stream);

    return ret;
@@ -413,7 +398,7 @@ int daemonAddClientStream(virNetServerClientPtr client,
                          daemonClientStream *stream,
                          bool transmit)
 {
-    VIR_DEBUG("client=%p, proc=%d, serial=%u, st=%p, transmit=%d",
+    VIR_DEBUG("client=%p, proc=%d, serial=%d, st=%p, transmit=%d",
              client, stream->procedure, stream->serial, stream->st, transmit);
    daemonClientPrivatePtr priv = virNetServerClientGetPrivateData(client);

@@ -437,7 +422,7 @@ int daemonAddClientStream(virNetServerClientPtr client,
    }

    if (transmit)
-        stream->tx = true;
+        stream->tx = 1;

    virMutexLock(&priv->lock);
    stream->next = priv->streams;
@@ -457,13 +442,13 @@ int daemonAddClientStream(virNetServerClientPtr client,
 *
 * Removes a stream from the list of active streams for the client
 *
- * Returns 0 if the stream was removed, -1 if it doesn't exist
+ * Returns 0 if the stream was removd, -1 if it doesn't exist
 */
 int
 daemonRemoveClientStream(virNetServerClientPtr client,
                         daemonClientStream *stream)
 {
-    VIR_DEBUG("client=%p, proc=%d, serial=%u, st=%p",
+    VIR_DEBUG("client=%p, proc=%d, serial=%d, st=%p",
              client, stream->procedure, stream->serial, stream->st);
    daemonClientPrivatePtr priv = virNetServerClientGetPrivateData(client);
    daemonClientStream *curr = priv->streams;
@@ -476,7 +461,6 @@ daemonRemoveClientStream(virNetServerClientPtr client,
    }

    if (!stream->closed) {
-        stream->closed = true;
        virStreamEventRemoveCallback(stream->st);
        virStreamAbort(stream->st);
    }
@@ -507,7 +491,6 @@ daemonRemoveAllClientStreams(daemonClientStream *stream)
        tmp = stream->next;

        if (!stream->closed) {
-            stream->closed = true;
            virStreamEventRemoveCallback(stream->st);
            virStreamAbort(stream->st);
        }
@@ -532,7 +515,7 @@ daemonStreamHandleWriteData(virNetServerClientPtr client,
 {
    int ret;

-    VIR_DEBUG("client=%p, stream=%p, proc=%d, serial=%u, len=%zu, offset=%zu",
+    VIR_DEBUG("client=%p, stream=%p, proc=%d, serial=%d, len=%zu, offset=%zu",
              client, stream, msg->header.proc, msg->header.serial,
              msg->bufferLength, msg->bufferOffset);

@@ -555,10 +538,7 @@ daemonStreamHandleWriteData(virNetServerClientPtr client,
        memset(&rerr, 0, sizeof(rerr));

        VIR_INFO("Stream send failed");
-        stream->closed = true;
-        virStreamEventRemoveCallback(stream->st);
-        virStreamAbort(stream->st);
-
+        stream->closed = 1;
        return virNetServerProgramSendReplyError(stream->prog,
                                                 client,
                                                 msg,
@@ -585,10 +565,10 @@ daemonStreamHandleFinish(virNetServerClientPtr client,
 {
    int ret;

-    VIR_DEBUG("client=%p, stream=%p, proc=%d, serial=%u",
+    VIR_DEBUG("client=%p, stream=%p, proc=%d, serial=%d",
              client, stream, msg->header.proc, msg->header.serial);

-    stream->closed = true;
+    stream->closed = 1;
    virStreamEventRemoveCallback(stream->st);
    ret = virStreamFinish(stream->st);

@@ -622,91 +602,34 @@ daemonStreamHandleAbort(virNetServerClientPtr client,
                        daemonClientStream *stream,
                        virNetMessagePtr msg)
 {
-    VIR_DEBUG("client=%p, stream=%p, proc=%d, serial=%u",
+    VIR_DEBUG("client=%p, stream=%p, proc=%d, serial=%d",
              client, stream, msg->header.proc, msg->header.serial);
-    int ret;
-    bool raise_error = false;
+    virNetMessageError rerr;

-    stream->closed = true;
+    memset(&rerr, 0, sizeof(rerr));
+
+    stream->closed = 1;
    virStreamEventRemoveCallback(stream->st);
-    ret = virStreamAbort(stream->st);
+    virStreamAbort(stream->st);

-    if (msg->header.status == VIR_NET_ERROR) {
-        VIR_INFO("stream aborted at client request");
-        raise_error = (ret < 0);
-    } else {
+    if (msg->header.status == VIR_NET_ERROR)
+        virReportError(VIR_ERR_RPC,
+                       "%s", _("stream aborted at client request"));
+    else {
+        VIR_WARN("unexpected stream status %d", msg->header.status);
        virReportError(VIR_ERR_RPC,
                       _("stream aborted with unexpected status %d"),
                       msg->header.status);
-        raise_error = true;
    }

-    if (raise_error) {
-        virNetMessageError rerr;
-        memset(&rerr, 0, sizeof(rerr));
-        return virNetServerProgramSendReplyError(remoteProgram,
-                                                 client,
-                                                 msg,
-                                                 &rerr,
-                                                 &msg->header);
-    } else {
-        /* Send zero-length confirm */
-        return virNetServerProgramSendStreamData(stream->prog,
-                                                 client,
-                                                 msg,
-                                                 stream->procedure,
-                                                 stream->serial,
-                                                 NULL, 0);
-    }
+    return virNetServerProgramSendReplyError(remoteProgram,
+                                             client,
+                                             msg,
+                                             &rerr,
+                                             &msg->header);
 }


-static int
-daemonStreamHandleHole(virNetServerClientPtr client,
-                       daemonClientStream *stream,
-                       virNetMessagePtr msg)
-{
-    int ret;
-    virNetStreamHole data;
-
-    VIR_DEBUG("client=%p, stream=%p, proc=%d, serial=%u",
-              client, stream, msg->header.proc, msg->header.serial);
-
-    /* Let's check if client plays nicely and advertised usage of
-     * sparse stream upfront. */
-    if (!stream->allowSkip) {
-        virReportError(VIR_ERR_RPC, "%s",
-                       _("Unexpected stream hole"));
-        return -1;
-    }
-
-    if (virNetMessageDecodePayload(msg,
-                                   (xdrproc_t) xdr_virNetStreamHole,
-                                   &data) < 0)
-        return -1;
-
-    ret = virStreamSendHole(stream->st, data.length, data.flags);
-
-    if (ret < 0) {
-        virNetMessageError rerr;
-
-        memset(&rerr, 0, sizeof(rerr));
-
-        VIR_INFO("Stream send hole failed");
-        stream->closed = true;
-        virStreamEventRemoveCallback(stream->st);
-        virStreamAbort(stream->st);
-
-        return virNetServerProgramSendReplyError(stream->prog,
-                                                 client,
-                                                 msg,
-                                                 &rerr,
-                                                 &msg->header);
-    }
-
-    return 0;
-}
-

 /*
 * Called when the stream is signalled has being able to accept
@@ -725,31 +648,19 @@ daemonStreamHandleWrite(virNetServerClientPtr client,
        virNetMessagePtr msg = stream->rx;
        int ret;

-        if (msg->header.type == VIR_NET_STREAM_HOLE) {
-            /* Handle special case when the client sent us a hole.
-             * Otherwise just carry on with processing stream
-             * data. */
-            ret = daemonStreamHandleHole(client, stream, msg);
-        } else if (msg->header.type == VIR_NET_STREAM) {
-            switch (msg->header.status) {
-            case VIR_NET_OK:
-                ret = daemonStreamHandleFinish(client, stream, msg);
-                break;
+        switch (msg->header.status) {
+        case VIR_NET_OK:
+            ret = daemonStreamHandleFinish(client, stream, msg);
+            break;

-            case VIR_NET_CONTINUE:
-                ret = daemonStreamHandleWriteData(client, stream, msg);
-                break;
+        case VIR_NET_CONTINUE:
+            ret = daemonStreamHandleWriteData(client, stream, msg);
+            break;

-            case VIR_NET_ERROR:
-            default:
-                ret = daemonStreamHandleAbort(client, stream, msg);
-                break;
-            }
-        } else {
-            virReportError(VIR_ERR_RPC,
-                           _("Unexpected message type: %d"),
-                           msg->header.type);
-            ret = -1;
+        case VIR_NET_ERROR:
+        default:
+            ret = daemonStreamHandleAbort(client, stream, msg);
+            break;
        }

        if (ret > 0)
@@ -790,7 +701,7 @@ daemonStreamHandleWrite(virNetServerClientPtr client,
 * worth of data, and then queues that for transmission
 * to the client.
 *
- * Returns 0 if data was queued for TX, or an error RPC
+ * Returns 0 if data was queued for TX, or a error RPC
 * was sent, or -1 on fatal error, indicating client should
 * be killed
 */
@@ -798,14 +709,9 @@ static int
 daemonStreamHandleRead(virNetServerClientPtr client,
                       daemonClientStream *stream)
 {
-    virNetMessagePtr msg = NULL;
-    virNetMessageError rerr;
    char *buffer;
    size_t bufferLen = VIR_NET_MESSAGE_LEGACY_PAYLOAD_MAX;
-    int ret = -1;
-    int rv;
-    int inData = 0;
-    long long length = 0;
+    int ret;

    VIR_DEBUG("client=%p, stream=%p tx=%d closed=%d",
              client, stream, stream->tx, stream->closed);
@@ -822,104 +728,50 @@ daemonStreamHandleRead(virNetServerClientPtr client,
    if (!stream->tx)
        return 0;

-    memset(&rerr, 0, sizeof(rerr));
-
    if (VIR_ALLOC_N(buffer, bufferLen) < 0)
        return -1;

-    if (!(msg = virNetMessageNew(false)))
-        goto cleanup;
-
-    if (stream->allowSkip && stream->dataLen == 0) {
-        /* Handle skip. We want to send some data to the client. But we might
-         * be in a hole. Seek to next data. But if we are in data already, just
-         * carry on. */
-
-        rv = virStreamInData(stream->st, &inData, &length);
-        VIR_DEBUG("rv=%d inData=%d length=%lld", rv, inData, length);
-
-        if (rv < 0) {
-            if (virNetServerProgramSendStreamError(remoteProgram,
-                                                   client,
-                                                   msg,
-                                                   &rerr,
-                                                   stream->procedure,
-                                                   stream->serial) < 0)
-                goto cleanup;
-            msg = NULL;
-
-            /* We're done with this call */
-            goto done;
-        } else {
-            if (!inData && length) {
-                stream->tx = false;
-                msg->cb = daemonStreamMessageFinished;
-                msg->opaque = stream;
-                stream->refs++;
-                if (virNetServerProgramSendStreamHole(remoteProgram,
-                                                      client,
-                                                      msg,
-                                                      stream->procedure,
-                                                      stream->serial,
-                                                      length,
-                                                      0) < 0)
-                    goto cleanup;
-
-                msg = NULL;
-
-                /* We have successfully sent stream skip to the other side.
-                 * To keep streams in sync seek locally too. */
-                virStreamSendHole(stream->st, length, 0);
-                /* We're done with this call */
-                goto done;
-            }
-        }
-
-        stream->dataLen = length;
-    }
-
-    if (stream->allowSkip &&
-        bufferLen > stream->dataLen)
-        bufferLen = stream->dataLen;
-
-    rv = virStreamRecv(stream->st, buffer, bufferLen);
-    if (rv == -2) {
+    ret = virStreamRecv(stream->st, buffer, bufferLen);
+    if (ret == -2) {
        /* Should never get this, since we're only called when we know
         * we're readable, but hey things change... */
-    } else if (rv < 0) {
-        if (virNetServerProgramSendStreamError(remoteProgram,
-                                               client,
-                                               msg,
-                                               &rerr,
-                                               stream->procedure,
-                                               stream->serial) < 0)
-            goto cleanup;
-        msg = NULL;
+        ret = 0;
+    } else if (ret < 0) {
+        virNetMessagePtr msg;
+        virNetMessageError rerr;
+
+        memset(&rerr, 0, sizeof(rerr));
+
+        if (!(msg = virNetMessageNew(false)))
+            ret = -1;
+        else
+            ret = virNetServerProgramSendStreamError(remoteProgram,
+                                                     client,
+                                                     msg,
+                                                     &rerr,
+                                                     stream->procedure,
+                                                     stream->serial);
    } else {
-        if (stream->allowSkip)
-            stream->dataLen -= rv;
+        virNetMessagePtr msg;
+        stream->tx = 0;
+        if (ret == 0)
+            stream->recvEOF = 1;
+        if (!(msg = virNetMessageNew(false)))
+            ret = -1;

-        stream->tx = false;
-        if (rv == 0)
-            stream->recvEOF = true;
-
-        msg->cb = daemonStreamMessageFinished;
-        msg->opaque = stream;
-        stream->refs++;
-        if (virNetServerProgramSendStreamData(remoteProgram,
-                                              client,
-                                              msg,
-                                              stream->procedure,
-                                              stream->serial,
-                                              buffer, rv) < 0)
-            goto cleanup;
-        msg = NULL;
+        if (msg) {
+            msg->cb = daemonStreamMessageFinished;
+            msg->opaque = stream;
+            stream->refs++;
+            ret = virNetServerProgramSendStreamData(remoteProgram,
+                                                    client,
+                                                    msg,
+                                                    stream->procedure,
+                                                    stream->serial,
+                                                    buffer, ret);
+        }
    }

- done:
-    ret = 0;
- cleanup:
    VIR_FREE(buffer);
-    virNetMessageFree(msg);
    return ret;
 }
--- a/daemon/stream.h
+++ b/daemon/stream.h
@@ -26,12 +26,13 @@

 # include "libvirtd.h"

+
+
 daemonClientStream *
 daemonCreateClientStream(virNetServerClientPtr client,
                         virStreamPtr st,
                         virNetServerProgramPtr prog,
-                         virNetMessageHeaderPtr hdr,
-                         bool allowSkip);
+                         virNetMessageHeaderPtr hdr);

 int daemonFreeClientStream(virNetServerClientPtr client,
                           daemonClientStream *stream);
--- a/daemon/test_libvirtd.aug.in
+++ b/daemon/test_libvirtd.aug.in
@@ -12,7 +12,6 @@ module Test_libvirtd =
        { "unix_sock_group" = "libvirt" }
        { "unix_sock_ro_perms" = "0777" }
        { "unix_sock_rw_perms" = "0770" }
-        { "unix_sock_admin_perms" = "0700" }
        { "unix_sock_dir" = "/var/run/libvirt" }
        { "auth_unix_ro" = "none" }
        { "auth_unix_rw" = "none" }
@@ -35,20 +34,12 @@ module Test_libvirtd =
             { "1" = "joe@EXAMPLE.COM" }
             { "2" = "fred@EXAMPLE.COM" }
        }
-        { "tls_priority" = "NORMAL" }
-        { "max_clients" = "5000" }
-        { "max_queued_clients" = "1000" }
-        { "max_anonymous_clients" = "20" }
+        { "max_clients" = "20" }
        { "min_workers" = "5" }
        { "max_workers" = "20" }
        { "prio_workers" = "5" }
        { "max_requests" = "20" }
        { "max_client_requests" = "5" }
-        { "admin_min_workers" = "1" }
-        { "admin_max_workers" = "5" }
-        { "admin_max_clients" = "5" }
-        { "admin_max_queued_clients" = "5" }
-        { "admin_max_client_requests" = "5" }
        { "log_level" = "3" }
        { "log_filters" = "3:remote 4:event" }
        { "log_outputs" = "3:syslog:libvirtd" }
@@ -56,11 +47,6 @@ module Test_libvirtd =
        { "audit_level" = "2" }
        { "audit_logging" = "1" }
        { "host_uuid" = "00000000-0000-0000-0000-000000000000" }
-        { "host_uuid_source" = "smbios" }
        { "keepalive_interval" = "5" }
        { "keepalive_count" = "5" }
        { "keepalive_required" = "1" }
-        { "admin_keepalive_required" = "1" }
-        { "admin_keepalive_interval" = "5" }
-        { "admin_keepalive_count" = "5" }
-        { "ovs_timeout" = "5" }
--- a/daemon/virt-guest-shutdown.target
+++ b/daemon/virt-guest-shutdown.target
@@ -1,3 +0,0 @@
-[Unit]
-Description=Libvirt guests shutdown
-Documentation=http://libvirt.org
--- a/docs/404.html.in
+++ b/docs/404.html.in
@@ -15,5 +15,10 @@
        locate the content on this site or mailing list archives</li>
    </ul>

+    <p class="image">
+      <img src="/libvirtLogo404.png" alt="libvirt Logo"/>
+    </p>
+
+
  </body>
 </html>
--- a/docs/Makefile.am
+++ b/docs/Makefile.am
@@ -1,6 +1,6 @@
 ## Process this file with automake to produce Makefile.in

-## Copyright (C) 2005-2016 Red Hat, Inc.
+## Copyright (C) 2005-2013 Red Hat, Inc.
 ##
 ## This library is free software; you can redistribute it and/or
 ## modify it under the terms of the GNU Lesser General Public
@@ -16,25 +16,20 @@
 ## License along with this library.  If not, see
 ## <http://www.gnu.org/licenses/>.

+SUBDIRS= schemas
+
+PERL = perl
+
+# The directory containing the source code (if it contains documentation).
+DOC_SOURCE_DIR=../src
+
 DEVHELP_DIR=$(datadir)/gtk-doc/html/libvirt

-apihtml =					\
-  html/index.html				\
-  $(apihtml_generated)
+BUILT_SOURCES=hvsupport.html.in

-apihtml_generated = \
-  html/libvirt-libvirt-common.html		\
-  html/libvirt-libvirt-domain.html		\
-  html/libvirt-libvirt-domain-snapshot.html	\
-  html/libvirt-libvirt-event.html		\
-  html/libvirt-libvirt-host.html		\
-  html/libvirt-libvirt-interface.html		\
-  html/libvirt-libvirt-network.html		\
-  html/libvirt-libvirt-nodedev.html		\
-  html/libvirt-libvirt-nwfilter.html		\
-  html/libvirt-libvirt-secret.html		\
-  html/libvirt-libvirt-storage.html		\
-  html/libvirt-libvirt-stream.html		\
+apihtml =			\
+  html/index.html		\
+  html/libvirt-libvirt.html	\
  html/libvirt-virterror.html

 apipng =	\
@@ -47,6 +42,7 @@ devhelphtml =			\
  devhelp/libvirt.devhelp	\
  devhelp/index.html		\
  devhelp/general.html		\
+  devhelp/libvirt-libvirt.html	\
  devhelp/libvirt-virterror.html

 css =         \
@@ -54,20 +50,6 @@ css =         \
  libvirt.css \
  main.css

-fonts = \
-  fonts/LICENSE.md \
-  fonts/stylesheet.css \
-  fonts/overpass-bold-italic.woff \
-  fonts/overpass-bold.woff \
-  fonts/overpass-italic.woff \
-  fonts/overpass-light-italic.woff \
-  fonts/overpass-light.woff \
-  fonts/overpass-mono-bold.woff \
-  fonts/overpass-mono-light.woff \
-  fonts/overpass-mono-regular.woff \
-  fonts/overpass-mono-semibold.woff \
-  fonts/overpass-regular.woff
-
 devhelppng =		\
  devhelp/home.png	\
  devhelp/left.png	\
@@ -78,30 +60,20 @@ devhelpcss = devhelp/style.css

 devhelpxsl = devhelp/devhelp.xsl devhelp/html.xsl

-logofiles = \
-  logos/logo-base.svg \
-  logos/logo-square.svg \
-  logos/logo-square-powered.svg \
-  logos/logo-banner-dark.svg \
-  logos/logo-banner-light.svg \
-  logos/logo-square-96.png \
-  logos/logo-square-128.png \
-  logos/logo-square-192.png \
-  logos/logo-square-256.png \
-  logos/logo-square-powered-96.png \
-  logos/logo-square-powered-128.png \
-  logos/logo-square-powered-192.png \
-  logos/logo-square-powered-256.png \
-  logos/logo-banner-dark-256.png \
-  logos/logo-banner-dark-800.png \
-  logos/logo-banner-light-256.png \
-  logos/logo-banner-light-800.png
-
 png = \
  32favicon.png \
+  footer_corner.png \
+  footer_pattern.png \
+  libvirt-header-bg.png \
+  libvirt-header-logo.png \
+  libvirtLogo.png \
+  libvirt-net-logical.png \
+  libvirt-net-physical.png \
  libvirt-daemon-arch.png \
  libvirt-driver-arch.png \
  libvirt-object-model.png \
+  madeWith.png \
+  et.png \
  migration-managed-direct.png \
  migration-managed-p2p.png \
  migration-native.png \
@@ -117,14 +89,9 @@ internals_html_in = \
  $(patsubst $(srcdir)/%,%,$(wildcard $(srcdir)/internals/*.html.in))
 internals_html = $(internals_html_in:%.html.in=%.html)

-# Since we ship pre-built html in the tarball, we must also
-# ship the sources, even when those sources are themselves
-# generated.
-# Generate hvsupport.html and news.html first, since they take one extra step.
-dot_html_in = \
-  hvsupport.html.in \
-  news.html.in \
-  $(notdir $(wildcard $(srcdir)/*.html.in))
+dot_html_in = $(notdir $(wildcard $(srcdir)/*.html.in)) \
+  todo.html.in \
+  hvsupport.html.in
 dot_html = $(dot_html_in:%.html.in=%.html)

 dot_php_in = $(notdir $(wildcard $(srcdir)/*.php.in))
@@ -145,18 +112,12 @@ lxc_xml = \
  libvirt-lxc-api.xml \
  libvirt-lxc-refs.xml

-admin_xml = \
-  libvirt-admin-api.xml \
-  libvirt-admin-refs.xml
-
 apidir = $(pkgdatadir)/api
-api_DATA = \
-       libvirt-api.xml \
-       libvirt-qemu-api.xml \
-       libvirt-lxc-api.xml \
-       libvirt-admin-api.xml
+api_DATA = libvirt-api.xml libvirt-qemu-api.xml libvirt-lxc-api.xml

 fig = \
+  libvirt-net-logical.fig \
+  libvirt-net-physical.fig \
  libvirt-daemon-arch.fig \
  libvirt-driver-arch.fig \
  libvirt-object-model.fig \
@@ -166,105 +127,73 @@ fig = \
  migration-tunnel.fig \
  migration-unmanaged-direct.fig

-schemadir = $(pkgdatadir)/schemas
-schema_DATA = $(wildcard $(srcdir)/schemas/*.rng)
-
 EXTRA_DIST=					\
-  apibuild.py genaclperms.pl \
-  site.xsl subsite.xsl newapi.xsl page.xsl \
-  wrapstring.xsl \
+  apibuild.py \
+  site.xsl newapi.xsl news.xsl page.xsl \
+  hacking1.xsl hacking2.xsl wrapstring.xsl \
  $(dot_html) $(dot_html_in) $(gif) $(apihtml) $(apipng) \
  $(devhelphtml) $(devhelppng) $(devhelpcss) $(devhelpxsl) \
-  $(xml) $(qemu_xml) $(lxc_xml) $(admin_xml) $(fig) $(png) $(css) \
-  $(logofiles) $(patches) $(dot_php_in) $(dot_php_code_in) $(dot_php)\
-  $(internals_html_in) $(internals_html) $(fonts) \
-  aclperms.htmlinc \
-  hvsupport.pl \
-  $(schema_DATA)
-
-acl_generated = aclperms.htmlinc
-
-$(srcdir)/aclperms.htmlinc: $(top_srcdir)/src/access/viraccessperm.h \
-        $(srcdir)/genaclperms.pl Makefile.am
-	$(AM_V_GEN)$(PERL) $(srcdir)/genaclperms.pl $< > $@
+  $(xml) $(qemu_xml) $(lxc_xml) $(fig) $(png) $(css) \
+  $(patches) $(dot_php_in) $(dot_php_code_in) $(dot_php)\
+  $(internals_html_in) $(internals_html) \
+  sitemap.html.in \
+  todo.pl hvsupport.pl todo.cfg-example

 MAINTAINERCLEANFILES = \
  $(addprefix $(srcdir)/,$(dot_html)) \
  $(addprefix $(srcdir)/,$(apihtml)) \
  $(addprefix $(srcdir)/,$(devhelphtml)) \
  $(addprefix $(srcdir)/,$(internals_html)) \
-  $(addprefix $(srcdir)/,$(dot_php)) \
-  $(srcdir)/hvsupport.html.in $(srcdir)/aclperms.htmlinc
-
-timestamp="$(shell if test -n "$$SOURCE_DATE_EPOCH"; \
-		   then \
-		     date -u --date="@$$SOURCE_DATE_EPOCH"; \
-		   else \
-		     date -u; \
-		   fi)"
+  $(addprefix $(srcdir)/,$(dot_php))

 all-am: web

 api: $(srcdir)/libvirt-api.xml $(srcdir)/libvirt-refs.xml
 qemu_api: $(srcdir)/libvirt-qemu-api.xml $(srcdir)/libvirt-qemu-refs.xml
 lxc_api: $(srcdir)/libvirt-lxc-api.xml $(srcdir)/libvirt-lxc-refs.xml
-admin_api: $(srcdir)/libvirt-admin-api.xml $(srcdir)/libvirt-admin-refs.xml

 web: $(dot_html) $(internals_html) html/index.html devhelp/index.html \
  $(dot_php)

-hvsupport.html: $(srcdir)/hvsupport.html.in
-
-$(srcdir)/hvsupport.html.in: $(srcdir)/hvsupport.pl $(api_DATA) \
-		$(top_srcdir)/src/libvirt_public.syms \
-	$(top_srcdir)/src/libvirt_qemu.syms $(top_srcdir)/src/libvirt_lxc.syms \
-	$(top_srcdir)/src/driver.h
-	$(AM_V_GEN)$(PERL) $(srcdir)/hvsupport.pl $(top_srcdir)/src > $@ \
-		|| { rm $@ && exit 1; }
-
-# xsltproc seems to add the xmlns="" attribute to random output elements:
-# use sed to strip it out, as leaving it there triggers XML errors during
-# further transformation steps
-news.html.in: \
-	  $(srcdir)/news.xml \
-	  $(srcdir)/news-html.xsl
-	$(AM_V_GEN) \
-	if [ -x $(XSLTPROC) ]; then \
-	  $(XSLTPROC) --nonet \
-	    $(srcdir)/news-html.xsl \
-	    $(srcdir)/news.xml \
-	  >$@-tmp \
-	    || { rm -f $@-tmp; exit 1; }; \
-	  sed 's/ xmlns=""//g' $@-tmp >$@ \
-	    || { rm -f $@-tmp; exit 1; }; \
-	  rm -f $@-tmp; \
+todo.html.in: todo.pl
+	if [ -f  todo.cfg ]; then \
+		echo "Generating $@"; \
+		$(PERL) $< > $@ \
+		|| { rm $@ && exit 1; }; \
+	else \
+		echo "Stubbing $@"; \
+		echo "<html xmlns=\"http://www.w3.org/1999/xhtml\"><body><h1>Todo list unavailable: no config file</h1></body></html>" > $@ ; \
 	fi
-EXTRA_DIST += \
-	$(srcdir)/news.xml \
-	$(srcdir)/news.rng \
-	$(srcdir)/news-html.xsl
-MAINTAINERCLEANFILES += \
-	$(srcdir)/news.html.in
+
+todo:
+	rm -f todo.html.in
+	$(MAKE) todo.html
+
+hvsupport.html.in: $(srcdir)/hvsupport.pl $(srcdir)/../src/libvirt_public.syms \
+	$(srcdir)/../src/libvirt_qemu.syms $(srcdir)/../src/libvirt_lxc.syms \
+	$(srcdir)/../src/driver.h
+	$(AM_V_GEN)$(PERL) $(srcdir)/hvsupport.pl $(srcdir)/../src > $@ || { rm $@ && exit 1; }
+
+.PHONY: todo

 %.png: %.fig
 	convert -rotate 90 $< $@

-%.html.tmp: %.html.in site.xsl subsite.xsl page.xsl \
-		$(acl_generated)
+internals/%.html.tmp: internals/%.html.in subsite.xsl page.xsl sitemap.html.in
+	@if [ -x $(XSLTPROC) ] ; then \
+	  echo "Generating $@"; \
+	  $(MKDIR_P) internals; \
+	  name=`echo $@ | sed -e 's/.tmp//'`; \
+	  $(XSLTPROC) --stringparam pagename $$name --nonet \
+	    $(top_srcdir)/docs/subsite.xsl $< > $@ \
+	    || { rm $@ && exit 1; }; fi
+
+%.html.tmp: %.html.in site.xsl page.xsl sitemap.html.in
 	@if [ -x $(XSLTPROC) ] ; then \
 	  echo "Generating $@"; \
 	  name=`echo $@ | sed -e 's/.tmp//'`; \
-	  dir=`dirname $@` ; \
-	  if test "$$dir" = "."; \
-	  then \
-	    style=site.xsl; \
-	  else \
-	    $(MKDIR_P) $$dir; \
-	    style=subsite.xsl; \
-	  fi; \
-	  $(XSLTPROC) --stringparam pagename $$name \
-	    --stringparam timestamp $(timestamp) --nonet \
-	    $(top_srcdir)/docs/$$style $< > $@ \
+	  $(XSLTPROC) --stringparam pagename $$name --nonet \
+	    $(top_srcdir)/docs/site.xsl $< > $@ \
 	    || { rm $@ && exit 1; }; fi

 %.html: %.html.tmp
@@ -275,49 +204,43 @@ MAINTAINERCLEANFILES += \
 	  SGML_CATALOG_FILES='$(XML_CATALOG_FILE)' \
 	  $(XMLLINT) --catalogs --nonet --format --valid $< > $(srcdir)/$@ \
 	  || { rm $(srcdir)/$@ && exit 1; }; \
-	  else echo "missing XHTML1 DTD"; cat $< > $(srcdir)/$@ ; fi ; fi
+	  else echo "missing XHTML1 DTD" ; fi ; fi

-%.php.tmp: %.php.in site.xsl page.xsl
-	if [ -x $(XSLTPROC) ] ; then \
+%.php.tmp: %.php.in site.xsl page.xsl sitemap.html.in
+	@if [ -x $(XSLTPROC) ] ; then \
 	  echo "Generating $@"; \
-	  $(XSLTPROC) --stringparam pagename $(@:.tmp=) \
-	    --stringparam timestamp $(timestamp) --nonet \
+	  $(XSLTPROC) --stringparam pagename $(@:.tmp=) --nonet \
 	    $(top_srcdir)/docs/site.xsl $< > $@ \
 	    || { rm $@ && exit 1; }; fi

 %.php: %.php.tmp %.php.code.in
 	@if [ -x $(XSLTPROC) ] ; then \
 	  echo "Scripting $@"; \
-	    sed -e '/<span id="php_placeholder"><\/span>/r '"$(srcdir)/$@.code.in" \
+	    sed -e '/<a id="php_placeholder"><\/a>/r '"$(srcdir)/$@.code.in" \
 	    -e /php_placeholder/d < $@.tmp > $(srcdir)/$@ \
 	    || { rm $(srcdir)/$@ && exit 1; }; fi

-$(apihtml_generated): html/index.html
-
-html/index.html: libvirt-api.xml newapi.xsl page.xsl $(APIBUILD_STAMP)
+html/index.html: libvirt-api.xml newapi.xsl page.xsl sitemap.html.in
 	$(AM_V_GEN)if [ -x $(XSLTPROC) ] ; then \
 	  $(XSLTPROC) --nonet -o $(srcdir)/ \
-	  --stringparam builddir '$(abs_top_builddir)' \
-	  --stringparam timestamp $(timestamp) \
 	  $(srcdir)/newapi.xsl $(srcdir)/libvirt-api.xml ; fi && \
 	if test -x $(XMLLINT) && test -x $(XMLCATALOG) ; then \
 	  if $(XMLCATALOG) '$(XML_CATALOG_FILE)' "-//W3C//DTD XHTML 1.0 Strict//EN" \
 	    > /dev/null ; then \
 	  SGML_CATALOG_FILES='$(XML_CATALOG_FILE)' \
 	  $(XMLLINT) --catalogs --nonet --valid --noout $(srcdir)/html/*.html ; \
-	  else echo "missing XHTML1 DTD"; cat $< > $(srcdir)/$@ ; fi ; fi
+	  else echo "missing XHTML1 DTD" ; fi ; fi

 $(addprefix $(srcdir)/,$(devhelphtml)): $(srcdir)/libvirt-api.xml $(devhelpxsl)
 	$(AM_V_GEN)if [ -x $(XSLTPROC) ] ; then \
-	  $(XSLTPROC) --stringparam timestamp $(timestamp) \
-	    --nonet -o $(srcdir)/devhelp/ \
+	  $(XSLTPROC) --nonet -o $(srcdir)/devhelp/ \
 	  $(top_srcdir)/docs/devhelp/devhelp.xsl $(srcdir)/libvirt-api.xml ; fi


 python_generated_files = \
+		$(srcdir)/html/libvirt-libvirt.html \
 		$(srcdir)/html/libvirt-libvirt-lxc.html \
 		$(srcdir)/html/libvirt-libvirt-qemu.html \
-		$(srcdir)/html/libvirt-libvirt-admin.html \
 		$(srcdir)/html/libvirt-virterror.html \
 		$(srcdir)/libvirt-api.xml \
 		$(srcdir)/libvirt-refs.xml \
@@ -325,8 +248,6 @@ python_generated_files = \
 		$(srcdir)/libvirt-lxc-refs.xml \
 		$(srcdir)/libvirt-qemu-api.xml \
 		$(srcdir)/libvirt-qemu-refs.xml \
-		$(srcdir)/libvirt-admin-api.xml \
-		$(srcdir)/libvirt-admin-refs.xml \
 		$(NULL)

 APIBUILD=$(srcdir)/apibuild.py
@@ -336,66 +257,37 @@ EXTRA_DIST += $(APIBUILD_STAMP)
 $(python_generated_files): $(APIBUILD_STAMP)

 $(APIBUILD_STAMP): $(srcdir)/apibuild.py \
-		$(top_srcdir)/include/libvirt/libvirt.h \
-		$(top_srcdir)/include/libvirt/libvirt-common.h.in \
-		$(top_srcdir)/include/libvirt/libvirt-domain-snapshot.h \
-		$(top_srcdir)/include/libvirt/libvirt-domain.h \
-		$(top_srcdir)/include/libvirt/libvirt-event.h \
-		$(top_srcdir)/include/libvirt/libvirt-host.h \
-		$(top_srcdir)/include/libvirt/libvirt-interface.h \
-		$(top_srcdir)/include/libvirt/libvirt-network.h \
-		$(top_srcdir)/include/libvirt/libvirt-nodedev.h \
-		$(top_srcdir)/include/libvirt/libvirt-nwfilter.h \
-		$(top_srcdir)/include/libvirt/libvirt-secret.h \
-		$(top_srcdir)/include/libvirt/libvirt-storage.h \
-		$(top_srcdir)/include/libvirt/libvirt-stream.h \
-		$(top_srcdir)/include/libvirt/libvirt-lxc.h \
-		$(top_srcdir)/include/libvirt/libvirt-qemu.h \
-		$(top_srcdir)/include/libvirt/libvirt-admin.h \
-		$(top_srcdir)/include/libvirt/virterror.h \
-		$(top_srcdir)/src/libvirt.c \
-		$(top_srcdir)/src/libvirt-domain-snapshot.c \
-		$(top_srcdir)/src/libvirt-domain.c \
-		$(top_srcdir)/src/libvirt-host.c \
-		$(top_srcdir)/src/libvirt-interface.c \
-		$(top_srcdir)/src/libvirt-network.c \
-		$(top_srcdir)/src/libvirt-nodedev.c \
-		$(top_srcdir)/src/libvirt-nwfilter.c \
-		$(top_srcdir)/src/libvirt-secret.c \
-		$(top_srcdir)/src/libvirt-storage.c \
-		$(top_srcdir)/src/libvirt-stream.c \
-		$(top_srcdir)/src/libvirt-lxc.c \
-		$(top_srcdir)/src/libvirt-qemu.c \
-		$(top_srcdir)/src/libvirt-admin.c \
-		$(top_srcdir)/src/util/virerror.c \
-		$(top_srcdir)/src/util/virevent.c \
-		$(top_srcdir)/src/util/virtypedparam.c
-	$(AM_V_GEN)srcdir=$(srcdir) builddir=$(builddir) $(PYTHON) $(APIBUILD)
+		$(srcdir)/../include/libvirt/libvirt.h.in \
+		$(srcdir)/../include/libvirt/libvirt-lxc.h \
+		$(srcdir)/../include/libvirt/libvirt-qemu.h \
+		$(srcdir)/../include/libvirt/virterror.h \
+		$(srcdir)/../src/libvirt.c \
+		$(srcdir)/../src/libvirt-lxc.c \
+		$(srcdir)/../src/libvirt-qemu.c \
+		$(srcdir)/../src/util/virerror.c \
+		$(srcdir)/../src/util/virevent.c \
+		$(srcdir)/../src/util/virtypedparam.c
+	$(AM_V_GEN)srcdir=$(srcdir) $(PYTHON) $(APIBUILD)
 	touch $@


 check-local: all
-dist-local: all

 clean-local:
-	rm -f *~ *.bak *.hierarchy *.signals *-unused.txt *.html html/*.html
+	rm -f *~ *.bak *.hierarchy *.signals *-unused.txt *.html

 maintainer-clean-local: clean-local
-	rm -rf $(srcdir)/libvirt-api.xml $(srcdir)/libvirt-refs.xml
+	rm -rf $(srcdir)/libvirt-api.xml $(srcdir)/libvirt-refs.xml todo.html.in hvsupport.html.in
 	rm -rf $(srcdir)/libvirt-qemu-api.xml $(srcdir)/libvirt-qemu-refs.xml
 	rm -rf $(srcdir)/libvirt-lxc-api.xml $(srcdir)/libvirt-lxc-refs.xml
-	rm -rf $(srcdir)/libvirt-admin-api.xml $(srcdir)/libvirt-admin-refs.xml
 	rm -rf $(APIBUILD_STAMP)

-rebuild: api qemu_api lxc_api admin_api all
+rebuild: api qemu_api lxc_api all

 install-data-local:
 	$(mkinstalldirs) $(DESTDIR)$(HTML_DIR)
 	for f in $(css) $(dot_html) $(gif) $(png); do \
 	  $(INSTALL) -m 0644 $(srcdir)/$$f $(DESTDIR)$(HTML_DIR); done
-	$(mkinstalldirs) $(DESTDIR)$(HTML_DIR)/logos
-	for f in $(logofiles); do \
-	  $(INSTALL) -m 0644 $(srcdir)/$$f $(DESTDIR)$(HTML_DIR)/logos; done
 	$(mkinstalldirs) $(DESTDIR)$(HTML_DIR)/html
 	for h in $(apihtml); do \
 	  $(INSTALL) -m 0644 $(srcdir)/$$h $(DESTDIR)$(HTML_DIR)/html; done
@@ -408,23 +300,11 @@ install-data-local:
 	for file in $(devhelphtml) $(devhelppng) $(devhelpcss); do \
 	    $(INSTALL) -m 0644 $(srcdir)/$${file} $(DESTDIR)$(DEVHELP_DIR) ; \
 	done
-	$(mkinstalldirs) $(DESTDIR)$(HTML_DIR)/fonts
-	for f in $(fonts); do \
-	  $(INSTALL) -m 0644 $(srcdir)/$$f $(DESTDIR)$(HTML_DIR)/fonts; \
-	done
+	$(INSTALL_DATA) $(srcdir)/libvirtLogo.png $(DESTDIR)$(pkgdatadir)

 uninstall-local:
-	for f in $(css) $(dot_html) $(gif) $(png) $(fonts); do \
-	  rm -f $(DESTDIR)$(HTML_DIR)/$$f; \
-	done
-	for f in $(logofiles); do \
-	  rm -f $(DESTDIR)$(HTML_DIR)/$$f; \
-	done
-	for h in $(apihtml); do rm -f $(DESTDIR)$(HTML_DIR)/$$h; done
-	for p in $(apipng); do rm -f $(DESTDIR)$(HTML_DIR)/$$p; done
-	for f in $(internals_html); do \
-	  rm -f $(DESTDIR)$(HTML_DIR)/$$f; \
-	done
+	for h in $(apihtml); do rm $(DESTDIR)$(HTML_DIR)/$$h; done
+	for p in $(apipng); do rm $(DESTDIR)$(HTML_DIR)/$$p; done
 	for f in $(devhelphtml) $(devhelppng) $(devhelpcss); do \
-	  rm -f $(DESTDIR)$(DEVHELP_DIR)/$$(basename $$f); \
+	  rm $(DESTDIR)$(DEVHELP_DIR)/$$(basename $$f); \
 	done
--- a/docs/acl.html.in
+++ b/docs/acl.html.in
@@ -1,100 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Client access control</h1>
-    <p>
-      Libvirt's client access control framework allows administrators
-      to setup fine grained permission rules across client users,
-      managed objects and API operations. This allows client connections
-      to be locked down to a minimal set of privileges.
-    </p>
-
-    <ul id="toc"></ul>
-
-    <h2><a name="intro">Access control introduction</a></h2>
-
-    <p>
-      In a default configuration, the libvirtd daemon has three levels
-      of access control. All connections start off in an unauthenticated
-      state, where the only API operations allowed are those required
-      to complete authentication. After successful authentication, a
-      connection either has full, unrestricted access to all libvirt
-      API calls, or is locked down to only "read only" operations,
-      according to what socket a client connection originated on.
-    </p>
-
-    <p>
-      The access control framework allows authenticated connections to
-      have fine grained permission rules to be defined by the administrator.
-      Every API call in libvirt has a set of permissions that will
-      be validated against the object being used. For example, the
-      <code>virDomainSetSchedulerParametersFlags</code> method will
-      check whether the client user has the <code>write</code>
-      permission on the <code>domain</code> object instance passed
-      in as a parameter. Further permissions will also be checked
-      if certain flags are set in the API call. In addition to
-      checks on the object passed in to an API call, some methods
-      will filter their results. For example the <code>virConnectListAllDomains</code>
-      method will check the <code>search_domains</code> on the <code>connect</code>
-      object, but will also filter the returned <code>domain</code>
-      objects to only those on which the client user has the
-      <code>getattr</code> permission.
-    </p>
-
-    <h2><a name="drivers">Access control drivers</a></h2>
-
-    <p>
-      The access control framework is designed as a pluggable
-      system to enable future integration with arbitrary access
-      control technologies. By default, the <code>none</code>
-      driver is used, which does no access control checks at
-      all. At this time, libvirt ships with support for using
-      <a href="http://www.freedesktop.org/wiki/Software/polkit/">polkit</a> as a real access
-      control driver. To learn how to use the polkit access
-      driver consult <a href="aclpolkit.html">the configuration
-      docs</a>.
-    </p>
-
-    <p>
-      The access driver is configured in the <code>libvirtd.conf</code>
-      configuration file, using the <code>access_drivers</code>
-      parameter. This parameter accepts an array of access control
-      driver names. If more than one access driver is requested,
-      then all must succeed in order for access to be granted.
-      To enable 'polkit' as the driver:
-    </p>
-
-    <pre>
-# augtool -s set '/files/etc/libvirt/libvirtd.conf/access_drivers[1]' polkit
-    </pre>
-
-    <p>
-      And to reset back to the default (no-op) driver
-    </p>
-
-
-    <pre>
-# augtool -s rm /files/etc/libvirt/libvirtd.conf/access_drivers
-    </pre>
-
-    <p>
-      <strong>Note:</strong> changes to libvirtd.conf require that
-      the libvirtd daemon be restarted.
-    </p>
-
-    <h2><a name="perms">Objects and permissions</a></h2>
-
-    <p>
-      Libvirt applies access control to all the main object
-      types in its API. Each object type, in turn, has a set
-      of permissions defined. To determine what permissions
-      are checked for specific API call, consult the
-      <a href="html/index.html">API reference manual</a>
-      documentation for the API in question.
-    </p>
-
-    <div id="include" filename="aclperms.htmlinc"/>
-
-  </body>
-</html>
--- a/docs/aclpolkit.html.in
+++ b/docs/aclpolkit.html.in
@@ -1,418 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Polkit access control</h1>
-
-    <p>
-      Libvirt's client <a href="acl.html">access control framework</a> allows
-      administrators to setup fine grained permission rules across client users,
-      managed objects and API operations. This allows client connections
-      to be locked down to a minimal set of privileges. The polkit driver
-      provides a simple implementation of the access control framework.
-    </p>
-
-    <ul id="toc"></ul>
-
-    <h2><a name="intro">Introduction</a></h2>
-
-    <p>
-      A default install of libvirt will typically use
-      <a href="http://www.freedesktop.org/wiki/Software/polkit/">polkit</a>
-      to authenticate the initial user connection to libvirtd. This is a
-      very coarse grained check though, either allowing full read-write
-      access to all APIs, or just read-only access. The polkit access
-      control driver in libvirt builds on this capability to allow for
-      fine grained control over the operations a user may perform on an
-      object.
-    </p>
-
-    <h2><a name="perms">Permission names</a></h2>
-
-    <p>
-      The libvirt <a href="acl.html#perms">object names and permission names</a>
-      are mapped onto polkit action names using the simple pattern:
-    </p>
-
-    <pre>org.libvirt.api.$object.$permission
-</pre>
-
-    <p>
-      The only caveat is that any underscore characters in the
-      object or permission names are converted to hyphens. So,
-      for example, the <code>search_storage_vols</code> permission
-      on the <code>storage_pool</code> object maps to the polkit
-      action:
-    </p>
-    <pre>org.libvirt.api.storage-pool.search-storage-vols
-</pre>
-
-    <p>
-      The default policy for any permission which corresponds to
-      a "read only" operation, is to allow access. All other
-      permissions default to deny access.
-    </p>
-
-    <h2><a name="attrs">Object identity attributes</a></h2>
-
-    <p>
-      To allow polkit authorization rules to be written to match
-      against individual object instances, libvirt provides a number
-      of authorization detail attributes when performing a permission
-      check. The set of attributes varies according to the type
-      of object being checked
-    </p>
-
-    <h3><a name="object_connect">virConnectPtr</a></h3>
-    <table class="acl">
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a name="object_domain">virDomainPtr</a></h3>
-    <table class="acl">
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>domain_name</td>
-          <td>Name of the domain, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>domain_uuid</td>
-          <td>UUID of the domain, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a name="object_interface">virInterfacePtr</a></h3>
-    <table class="acl">
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>interface_name</td>
-          <td>Name of the network interface, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>interface_macaddr</td>
-          <td>MAC address of the network interface, not unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a name="object_network">virNetworkPtr</a></h3>
-    <table class="acl">
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>network_name</td>
-          <td>Name of the network, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>network_uuid</td>
-          <td>UUID of the network, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a name="object_node_device">virNodeDevicePtr</a></h3>
-    <table class="acl">
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>node_device_name</td>
-          <td>Name of the node device, unique to the local host</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a name="object_nwfilter">virNWFilterPtr</a></h3>
-    <table class="acl">
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>nwfilter_name</td>
-          <td>Name of the network filter, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>nwfilter_uuid</td>
-          <td>UUID of the network filter, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a name="object_secret">virSecretPtr</a></h3>
-    <table class="acl">
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>secret_uuid</td>
-          <td>UUID of the secret, globally unique</td>
-        </tr>
-        <tr>
-          <td>secret_usage_volume</td>
-          <td>Name of the associated volume, if any</td>
-        </tr>
-        <tr>
-          <td>secret_usage_ceph</td>
-          <td>Name of the associated Ceph server, if any</td>
-        </tr>
-        <tr>
-          <td>secret_usage_target</td>
-          <td>Name of the associated iSCSI target, if any</td>
-        </tr>
-        <tr>
-          <td>secret_usage_name</td>
-          <td>Name of the associated TLS secret, if any</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a name="object_storage_pool">virStoragePoolPtr</a></h3>
-    <table class="acl">
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>pool_name</td>
-          <td>Name of the storage pool, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>pool_uuid</td>
-          <td>UUID of the storage pool, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a name="object_storage_vol">virStorageVolPtr</a></h3>
-    <table class="acl">
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>pool_name</td>
-          <td>Name of the storage pool, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>pool_uuid</td>
-          <td>UUID of the storage pool, globally unique</td>
-        </tr>
-        <tr>
-          <td>vol_name</td>
-          <td>Name of the storage volume, unique to the pool</td>
-        </tr>
-        <tr>
-          <td>vol_key</td>
-          <td>Key of the storage volume, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-
-    <h2><a name="user">User identity attributes</a></h2>
-
-    <p>
-      At this point in time, the only attribute provided by
-      libvirt to identify the user invoking the operation
-      is the PID of the client program. This means that the
-      polkit access control driver is only useful if connections
-      to libvirt are restricted to its UNIX domain socket. If
-      connections are being made to a TCP socket, no identifying
-      information is available and access will be denied.
-      Also note that if the client is connecting via an SSH
-      tunnel, it is the local SSH user that will be identified.
-      In future versions, it is expected that more information
-      about the client user will be provided, including the
-      SASL / Kerberos username and/or x509 distinguished
-      name obtained from the authentication provider in use.
-    </p>
-
-
-    <h2><a name="checks">Writing access control policies</a></h2>
-
-    <p>
-      If using versions of polkit prior to 0.106 then it is only
-      possible to validate (user, permission) pairs via the <code>.pkla</code>
-      files. Fully validation of the (user, permission, object) triple
-      requires the new JavaScript <code>.rules</code> support that
-      was introduced in version 0.106. The latter is what will be
-      described here.
-    </p>
-
-    <p>
-      Libvirt does not ship any rules files by default. It merely
-      provides a definition of the default behaviour for each
-      action (permission). As noted earlier, permissions which
-      correspond to read-only operations in libvirt will be allowed
-      to all users by default; everything else is denied by default.
-      Defining custom rules requires creation of a file in the
-      <code>/etc/polkit-1/rules.d</code> directory with a name
-      chosen by the administrator (<code>100-libvirt-acl.rules</code>
-      would be a reasonable choice). See the <code>polkit(8)</code>
-      manual page for a description of how to write these files
-      in general. The key idea is to create a file containing
-      something like
-    </p>
-
-    <pre>
-polkit.addRule(function(action, subject) {
-  ....logic to check 'action' and 'subject'...
-});
-    </pre>
-
-    <p>
-      In this code snippet above, the <code>action</code> object
-      instance will represent the libvirt permission being checked
-      along with identifying attributes for the object it is being
-      applied to. The <code>subject</code> meanwhile will identify
-      the libvirt client app (with the caveat above about it only
-      dealing with local clients connected via the UNIX socket).
-      On the <code>action</code> object, the permission name is
-      accessible via the <code>id</code> attribute, while the
-      object identifying attributes are exposed via the
-      <code>lookup</code> method.
-    </p>
-
-    <p>
-    See
-    <a href="http://libvirt.org/git/?p=libvirt.git;a=tree;f=examples/polkit;hb=HEAD">source code</a>
-    for a more complex example.
-    </p>
-
-    <h3><a name="exconnect">Example: restricting ability to connect to drivers</a></h3>
-
-    <p>
-      Consider a local user <code>berrange</code>
-      who has been granted permission to connect to libvirt in
-      full read-write mode. The goal is to only allow them to
-      use the <code>QEMU</code> driver and not the Xen or LXC
-      drivers which are also available in libvirtd.
-      To achieve this we need to write a rule which checks
-      whether the <code>connect_driver</code> attribute
-      is <code>QEMU</code>, and match on an action
-      name of <code>org.libvirt.api.connect.getattr</code>. Using
-      the javascript rules format, this ends up written as
-    </p>
-
-    <pre>
-polkit.addRule(function(action, subject) {
-    if (action.id == "org.libvirt.api.connect.getattr" &amp;&amp;
-        subject.user == "berrange") {
-          if (action.lookup("connect_driver") == 'QEMU') {
-            return polkit.Result.YES;
-          } else {
-            return polkit.Result.NO;
-          }
-    }
-});
-    </pre>
-
-    <h3><a name="exdomain">Example: restricting access to a single domain</a></h3>
-
-    <p>
-      Consider a local user <code>berrange</code>
-      who has been granted permission to connect to libvirt in
-      full read-write mode. The goal is to only allow them to
-      see the domain called <code>demo</code> on the LXC driver.
-      To achieve this we need to write a rule which checks
-      whether the <code>connect_driver</code> attribute
-      is <code>LXC</code> and the <code>domain_name</code>
-      attribute is <code>demo</code>, and match on a action
-      name of <code>org.libvirt.api.domain.getattr</code>. Using
-      the javascript rules format, this ends up written as
-    </p>
-
-    <pre>
-polkit.addRule(function(action, subject) {
-    if (action.id == "org.libvirt.api.domain.getattr" &amp;&amp;
-        subject.user == "berrange") {
-          if (action.lookup("connect_driver") == 'LXC' &amp;&amp;
-              action.lookup("domain_name") == 'demo') {
-            return polkit.Result.YES;
-          } else {
-            return polkit.Result.NO;
-          }
-    }
-});
-    </pre>
-  </body>
-</html>
--- a/docs/api.html.in
+++ b/docs/api.html.in
@@ -16,7 +16,7 @@
    manipulated through the API is the <code>virConnectPtr</code>, which
    represents the connection to a hypervisor. Any application using libvirt
    is likely to start using the
-    API by calling one of <a href="html/libvirt-libvirt-host.html#virConnectOpen"
+    API by calling one of <a href="html/libvirt-libvirt.html#virConnectOpen"
    >the virConnectOpen functions</a>. You will note that those functions take
    a name argument which is actually a <a href="uri.html">connection URI</a>
    to select the right hypervisor to open.
@@ -26,10 +26,7 @@
    name will default to a preselected hypervisor, but it's probably not a
    wise thing to do in most cases. See the <a href="uri.html">connection
    URI</a> page for a full descriptions of the values allowed.</p>
-    <p> OnDevice the application obtains a
-      <a href="/html/libvirt-libvirt-host.html#virConnectPtr">
-        <code>virConnectPtr</code>
-      </a>
+    <p> Once the application obtains a <code class='docref'>virConnectPtr</code>
    connection to the hypervisor it can then use it to manage the hypervisor's
    available domains and related virtualization
    resources, such as storage and networking. All those are
@@ -41,61 +38,33 @@
    </p>
    <p> The figure above shows the five main objects exported by the API:</p>
    <ul>
-      <li>
-        <a href="html/libvirt-libvirt-host.html#virConnectPtr">
-          <code>virConnectPtr</code>
-        </a>
+      <li><code class='docref'>virConnectPtr</code>
      <p>Represents the connection to a hypervisor. Use one of the
-      <a href="html/libvirt-libvirt-host.html#virConnectOpen">virConnectOpen</a>
+      <a href="html/libvirt-libvirt.html#virConnectOpen">virConnectOpen</a>
      functions to obtain connection to the hypervisor which is then used
      as a parameter to other connection API's.</p></li>
-      <li>
-        <a href="html/libvirt-libvirt-domain.html#virDomainPtr">
-          <code>virDomainPtr</code>
-        </a>
+      <li><code class='docref'>virDomainPtr</code>
      <p>Represents one domain either active or defined (i.e. existing as
      permanent config file and storage but not currently running on that
-      node). The function
-        <a href="html/libvirt-libvirt-domain.html#virConnectListAllDomains">
-          <code>virConnectListAllDomains</code>
-        </a>
+      node). The function <code class='docref'>virConnectListAllDomains</code>
      lists all the domains for the hypervisor.</p></li>
-      <li>
-        <a href="html/libvirt-libvirt-network.html#virNetworkPtr">
-          <code>virNetworkPtr</code>
-        </a>
+      <li><code class='docref'>virNetworkPtr</code>
      <p>Represents one network either active or defined (i.e. existing
      as permanent config file and storage but not currently activated).
-      The function
-        <a href="html/libvirt-libvirt-network.html#virConnectListAllNetworks">
-          <code>virConnectListAllNetworks</code>
-        </a>
+      The function <code class='docref'>virConnectListAllNetworks</code>
      lists all the virtualization networks for the hypervisor.</p></li>
-      <li>
-        <a href="html/libvirt-libvirt-storage.html#virStorageVolPtr">
-          <code>virStorageVolPtr</code>
-        </a>
+      <li><code class='docref'>virStorageVolPtr</code>
      <p>Represents one storage volume generally used
      as a block device available to one of the domains. The function
-        <a href="html/libvirt-libvirt-storage.html#virStorageVolLookupByPath">
-          <code>virStorageVolLookupByPath</code>
-        </a>
-      finds the storage volume object based on its path on the node.</p></li>
-      <li>
-        <a href="html/libvirt-libvirt-storage.html#virStoragePoolPtr">
-          <code>virStoragePoolPtr</code>
-        </a>
+      <code class="docref">virStorageVolLookupByPath</code> finds
+      the storage volume object based on its path on the node.</p></li>
+      <li><code class='docref'>virStoragePoolPtr</code>
      <p>Represents a storage pool, which is a logical area
      used to allocate and store storage volumes. The function
-        <a href="html/libvirt-libvirt-storage.html#virConnectListAllStoragePools">
-          <code>virConnectListAllStoragePools</code>
-        </a>
-      lists all of the virtualization storage pools on the hypervisor.
-      The function
-        <a href="html/libvirt-libvirt-storage.html#virStoragePoolLookupByVolume">
-          <code>virStoragePoolLookupByVolume</code>
-        </a>
-      finds the storage pool containing a given storage volume.</p></li>
+      <code class='docref'>virConnectListAllStoragePools</code> lists
+      all of the virtualization storage pools on the hypervisor. The function
+      <code class="docref">virStoragePoolLookupByVolume</code> finds
+      the storage pool containing a given storage volume.</p></li>
    </ul>
    <p> Most objects manipulated by the library can also be represented using
      XML descriptions. This is used primarily to create those object, but is
@@ -132,114 +101,42 @@
      <p>Used to perform lookups on objects by some type of identifier,
      such as:</p>
          <ul>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virDomainLookupByID">
-                <code>virDomainLookupByID</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virDomainLookupByName">
-                <code>virDomainLookupByName</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virDomainLookupByUUID">
-                <code>virDomainLookupByUUID</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virDomainLookupByUUIDString">
-                <code>virDomainLookupByUUIDString</code>
-              </a>
-            </li>
+            <li><code class='docref'>virDomainLookupByID</code></li>
+            <li><code class='docref'>virDomainLookupByName</code></li>
+            <li><code class='docref'>virDomainLookupByUUID</code></li>
+            <li><code class='docref'>virDomainLookupByUUIDString</code></li>
          </ul>
      </li>
      <li><b>Enumeration</b> [virConnectList..., virConnectNumOf...]
      <p>Used to enumerate a set of object available to an given
      hypervisor connection such as:</p>
          <ul>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virConnectListDomains">
-                <code>virConnectListDomains</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virConnectNumOfDomains">
-                <code>virConnectNumOfDomains</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-network.html#virConnectListNetworks">
-                <code>virConnectListNetworks</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-storage.html#virConnectListStoragePools">
-                <code>virConnectListStoragePools</code>
-              </a>
-            </li>
+            <li><code class='docref'>virConnectListDomains</code></li>
+            <li><code class='docref'>virConnectNumOfDomains</code></li>
+            <li><code class='docref'>virConnectListNetworks</code></li>
+            <li><code class='docref'>virConnectListStoragePools</code></li>
          </ul>
      </li>
      <li><b>Description</b> [...GetInfo]
      <p>Generic accessor providing a set of generic information about an
      object, such as: </p>
        <ul>
-          <li>
-            <a href="html/libvirt-libvirt-host.html#virNodeGetInfo">
-              <code>virNodeGetInfo</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainGetInfo">
-              <code>virDomainGetInfo</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-storage.html#virStoragePoolGetInfo">
-              <code>virStoragePoolGetInfo</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-storage.html#virStorageVolGetInfo">
-              <code>virStorageVolGetInfo</code>
-            </a>
-          </li>
+          <li><code class='docref'>virNodeGetInfo</code></li>
+          <li><code class='docref'>virDomainGetInfo</code></li>
+          <li><code class='docref'>virStoragePoolGetInfo</code></li>
+          <li><code class='docref'>virStorageVolGetInfo</code></li>
        </ul>
      </li>
      <li><b>Accessors</b> [...Get..., ...Set...]
      <p>Specific accessors used to query or modify data for the given object,
      such as: </p>
        <ul>
-          <li>
-            <a href="html/libvirt-libvirt-host.html#virConnectGetType">
-              <code>virConnectGetType</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainGetMaxMemory">
-              <code>virDomainGetMaxMemory</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainSetMemory">
-              <code>virDomainSetMemory</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainGetVcpus">
-              <code>virDomainGetVcpus</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-storage.html#virStoragePoolSetAutostart">
-              <code>virStoragePoolSetAutostart</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-network.html#virNetworkGetBridgeName">
-              <code>virNetworkGetBridgeName</code>
-            </a>
-          </li>
+          <li><code class='docref'>virConnectGetType</code></li>
+          <li><code class='docref'>virDomainGetMaxMemory</code></li>
+          <li><code class='docref'>virDomainSetMemory</code></li>
+          <li><code class='docref'>virDomainGetVcpus</code></li>
+          <li><code class='docref'>virStoragePoolSetAutostart</code></li>
+          <li><code class='docref'>virNetworkGetBridgeName</code></li>
        </ul>
      </li>
      <li><b>Creation</b> [...Create, ...CreateXML]
@@ -247,53 +144,21 @@
      the object based on an XML description, while the ...Create APIs will
      create the object based on existing object pointer, such as: </p>
        <ul>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainCreate">
-              <code>virDomainCreate</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainCreateXML">
-              <code>virDomainCreateXML</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-network.html#virNetworkCreate">
-              <code>virNetworkCreate</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-network.html#virNetworkCreateXML">
-              <code>virNetworkCreateXML</code>
-            </a>
-          </li>
+          <li><code class='docref'>virDomainCreate</code></li>
+          <li><code class='docref'>virDomainCreateXML</code></li>
+          <li><code class='docref'>virNetworkCreate</code></li>
+          <li><code class='docref'>virNetworkCreateXML</code></li>
        </ul>
      </li>
      <li><b>Destruction</b> [...Destroy]
      <p>Used to shutdown or deactivate and destroy objects, such as: </p>
        <ul>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainDestroy">
-              <code>virDomainDestroy</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-network.html#virNetworkDestroy">
-              <code>virNetworkDestroy</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-storage.html#virStoragePoolDestroy">
-              <code>virStoragePoolDestroy</code>
-            </a>
-          </li>
+          <li><code class='docref'>virDomainDestroy</code></li>
+          <li><code class='docref'>virNetworkDestroy</code></li>
+          <li><code class='docref'>virStoragePoolDestroy</code></li>
        </ul>
      </li>
    </ul>
-    <p>Note: functions returning vir*Ptr (like the virDomainLookup functions)
-    allocate memory which needs to be freed by the caller by the corresponding
-    vir*Free function (e.g. virDomainFree for a virDomainPtr object).
-    </p>
    <p> For more in-depth details of the storage related APIs see
      <a href="storage.html">the storage management page</a>.
    </p>
@@ -301,11 +166,7 @@
    <p>Drivers are the basic building block for libvirt functionality
    to support the capability to handle specific hypervisor driver calls.
    Drivers are discovered and registered during connection processing as
-    part of the
-      <a href="html/libvirt-libvirt-host.html#virInitialize">
-        <code>virInitialize</code>
-      </a>
-    API. Each driver
+    part of the <code class='docref'>virInitialize</code> API. Each driver
    has a registration API which loads up the driver specific function
    references for the libvirt APIs to call. The following is a simplistic
    view of the hypervisor driver mechanism. Consider the stacked list of
@@ -330,14 +191,11 @@
    daemon through the <a href="remote.html">remote</a> driver via an
    <a href="internals/rpc.html">RPC</a>. Some hypervisors do support
    client-side connections and responses, such as Test, OpenVZ, VMware,
-    Power VM (phyp), VirtualBox (vbox), ESX, Hyper-V, Xen, and Virtuozzo.
+    Power VM (phyp), VirtualBox (vbox), ESX, Hyper-V, Xen, and Parallels.
    The libvirtd daemon service is started on the host at system boot
    time and can also be restarted at any time by a properly privileged
    user, such as root. The libvirtd daemon uses the same libvirt API
-    <a href="html/libvirt-libvirt-host.html#virInitialize">
-      <code>virInitialize</code>
-    </a>
-    sequence as applications
+    <code class='docref'>virInitialize</code> sequence as applications
    for client-side driver registrations, but then extends the registered
    driver list to encompass all known drivers supported for all driver
    types supported on the host. </p>
@@ -349,7 +207,7 @@
    virtualization <a href="#Functions">functions</a>. Depending upon the
    driver being used, calls will be routed through the remote driver to
    the libvirtd daemon. The daemon will reference the connection specific
-    driver in order to retrieve the requested information and then pass
+    driver in order to retreive the requested information and then pass
    back status and/or data through the connection back to the application.
    The application can then decide what to do with that data, such as
    display, write log data, etc. <a href="migration.html">Migration</a>
--- a/docs/api_extension.html.in
+++ b/docs/api_extension.html.in
@@ -180,13 +180,12 @@
        being called and its parameters;</li>
      <li>MUST call virResetLastError();</li>
      <li>SHOULD confirm that the connection is valid with
-        virCheckConnectReturn() or virCheckConnectGoto();</li>
+        VIR_IS_CONNECT(conn);</li>
      <li><strong>SECURITY: If the API requires a connection with write
          privileges, MUST confirm that the connection flags do not
-          indicate that the connection is read-only with
-          virCheckReadOnlyGoto();</strong></li>
+          indicate that the connection is read-only;</strong></li>
      <li>SHOULD do basic validation of the parameters that are being
-        passed in, using helpers like virCheckNonNullArgGoto();</li>
+        passed in;</li>
      <li>MUST confirm that the driver for this connection exists and that
        it implements this function;</li>
      <li>MUST call the internal API;</li>
--- a/docs/apibuild.py
+++ b/docs/apibuild.py
--- a/docs/apps.html.in
+++ b/docs/apps.html.in
@@ -2,7 +2,7 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
  <body>
-    <h1>Applications using libvirt</h1>
+    <h1>Applications using <strong>libvirt</strong></h1>

    <p>
      This page provides an illustration of the wide variety of
@@ -19,15 +19,12 @@
      be added here, or simply send a patch against the documentation
      in the libvirt.git docs subdirectory.
      If your application uses libvirt as its API,
-      the following graphics are available for your website to advertise
+      the following graphic is available for your website to advertise
      support for libvirt:
    </p>

    <p class="image">
-      <img src="logos/logo-square-powered-96.png" alt="libvirt powered"/>
-      <img src="logos/logo-square-powered-128.png" alt="libvirt powered"/>
-      <img src="logos/logo-square-powered-192.png" alt="libvirt powered"/>
-      <img src="logos/logo-square-powered-256.png" alt="libvirt powered"/>
+      <img src="madeWith.png" alt="Made with libvirt"/>
    </p>

    <h2><a name="clientserver">Client/Server applications</a></h2>
@@ -106,19 +103,6 @@
        in a virtual machine.  It prints out a list of facts about the
        virtual machine, derived from heuristics.
      </dd>
-      <dt><a href="http://sourceware.org/systemtap/">stap</a></dt>
-      <dd>
-        SystemTap is a tool used to gather rich information about a running
-        system through the use of scripts. Starting from v2.4, the front-end
-        application stap can use libvirt to gather data within virtual
-        machines.
-      </dd>
-      <dt><a href="https://github.com/pradels/vagrant-libvirt/">vagrant-libvirt</a></dt>
-      <dd>
-        Vagrant-Libvirt is a Vagrant plugin that uses libvirt to manage virtual
-        machines. It is a command line tool for developers that makes it very
-        fast and easy to deploy and re-deploy an environment of vm's.
-      </dd>
    </dl>

    <h2><a name="configmgmt">Configuration Management</a></h2>
@@ -166,21 +150,25 @@
    <h2><a name="conversion">Conversion</a></h2>

    <dl>
-      <dt><a href="http://libguestfs.org/virt-p2v.1.html">virt-p2v</a></dt>
+      <dt><a href="https://rwmj.wordpress.com/2009/10/13/poor-mans-p2v/">Poor mans p2v</a></dt>
      <dd>
-        Convert a physical machine to run on KVM.  It is a LiveCD
-        which is booted on the machine to be converted.  It collects a
-        little information from the user, then copies the disks over
-        to a remote machine and defines the XML for a domain to run
-        the guest.  (Note this tool is included with libguestfs)
+        A simple approach for converting a physical machine to a virtual
+        machine, using a rescue CD.
      </dd>
-      <dt><a href="http://libguestfs.org/virt-v2v.1.html">virt-v2v</a></dt>
+      <dt><a href="http://et.redhat.com/~rjones/virt-p2v/">virt-p2v</a></dt>
      <dd>
-        virt-v2v converts guests from a foreign hypervisor to run on
-        KVM, managed by libvirt.  It can convert guests from VMware or
-        Xen to run on OpenStack, oVirt (RHEV-M), or local libvirt.  It
+        An older tool for converting a physical machine into a virtual
+        machine.  It is a LiveCD which is booted on the machine to be
+        converted.  It collects a little information from the user, then
+        copies the disks over to a remote machine and defines the XML for a
+        domain to run the guest.
+      </dd>
+      <dt><a href="http://git.fedorahosted.org/git/?p=virt-v2v.git;a=summary">virt-v2v</a></dt>
+      <dd>
+        virt-v2v converts guests from a foreign hypervisor to run on KVM,
+        managed by libvirt.  It can currently convert Red Hat Enterprise
+        Linux (RHEL) and Fedora guests running on Xen and VMware ESX.  It
        will enable VirtIO drivers in the converted guest if possible.
-        (Note this tool is included with libguestfs)
      </dd>
      <dd>
        For RHEL customers of Red Hat, conversion of Windows guests is also
@@ -211,17 +199,6 @@
        to remote consoles supporting the VNC protocol. Also provides
        an optional mozilla browser plugin.
      </dd>
-      <dt><a href="http://f1ash.github.io/qt-virt-manager">qt-virt-manager</a></dt>
-      <dd>
-        The Qt GUI for create and control VMs and another virtual entities
-        (aka networks, storages, interfaces, secrets, network filters).
-        Contains integrated LXC/SPICE/VNC viewer for accessing the graphical or
-        text console associated with a virtual machine or container.
-      </dd>
-      <dt><a href="http://f1ash.github.io/qt-virt-manager/#virtual-machines-viewer">qt-remote-viewer</a></dt>
-      <dd>
-        The Qt VNC/SPICE viewer for access to remote desktops or VMs.
-      </dd>
    </dl>

    <h2><a name="iaas">Infrastructure as a Service (IaaS)</a></h2>
@@ -267,25 +244,6 @@
        integrates libvirt for VM monitoring, live migration, and life-cycle
        management.
      </dd>
-
-      <dt><a href="http://www.openstack.org">OpenStack</a></dt>
-      <dd>
-        OpenStack is a "cloud operating system" usable for both public
-        and private clouds.  Its various parts take care of compute,
-        storage and networking resources and interface with the user
-        using a dashboard.  Compute part uses libvirt to manage VM
-        life-cycle, monitoring and so on.
-      </dd>
-
-      <dt><a href="https://github.com/gustavfranssonnyvell/cherrypop">Cherrypop</a></dt>
-      <dd>
-        A cloud software with no masters or central points. Nodes
-        autodetect other nodes and autodistribute virtual
-        machines and autodivide up the workload. Also there is no
-        minimum limit for hosts, well, one might be nice. It's
-        perfect for setting up low-end servers in a cloud or a
-        cloud where you want the most bang for the bucks.
-      </dd>
    </dl>

    <h2><a name="libraries">Libraries</a></h2>
@@ -303,24 +261,19 @@
        host, and there is a subproject to allow merging changes into the
        Windows Registry in Windows guests.
      </dd>
-
-      <dt><a href="http://sandbox.libvirt.org">libvirt-sandbox</a></dt>
-      <dd>
-        A library and command line tools for simplifying the creation of
-        application sandboxes using virtualization technology. It currently
-        supports either KVM, QEMU or LXC as backends. Integration with
-        systemd facilitates sandboxing of system services like apache.
-      </dd>
-      <dt><a href="https://github.com/ohadlevy/virt#readme">Ruby
-          Libvirt Object bindings</a></dt>
-      <dd>
-        Allows using simple ruby objects to manipulate
-        hypervisors, guests, storage, network etc.  It is
-        based on top of
-        the <a href="http://libvirt.org/ruby">native ruby bindings</a>.
-      </dd>
    </dl>

+        <dl>
+            <dt><a href="https://github.com/ohadlevy/virt#readme">Ruby
+            Libvirt Object bindings</a></dt>
+            <dd>
+                Allows using simple ruby objects to manipulate
+                hypervisors, guests, storage, network etc.  It is
+                based on top of
+                the <a href="http://libvirt.org/ruby">native ruby
+                bindings</a>.
+            </dd>
+        </dl>
    <h2><a name="livecd">LiveCD / Appliances</a></h2>

    <dl>
@@ -345,12 +298,6 @@
        For a full description, please refer to the libvirt section in the
        collectd.conf(5) manual page.
      </dd>
-      <dt><a href="http://host-sflow.sourceforge.net/">Host sFlow</a></dt>
-      <dd>
-        Host sFlow is a lightweight agent running on KVM hypervisors that
-        links to libvirt library and exports standardized cpu, memory, network
-        and disk metrics for all virtual machines.
-      </dd>
      <dt><a href="http://honk.sigxcpu.org/projects/libvirt/#munin">Munin</a></dt>
      <dd>
        The plugins provided by Guido G&uuml;nther allow to monitor various things
@@ -365,14 +312,6 @@
        your Xen or QEMU/KVM guests, or to integrate with your existing Nagios
        installation.
      </dd>
-      <dt><a href="http://www.pcp.io/man/man1/pmdalibvirt.1.html" shape="rect">PCP</a></dt>
-      <dd>
-        The PCP libvirt PMDA (plugin) is part of the
-        <a href="http://pcp.io/" shape="rect">PCP</a> toolkit and provides
-        hypervisor and guest information and complete set of guest performance
-        metrics. It supports pCPU, vCPU, memory, block device, network interface,
-        and performance event metrics for each virtual guest.
-      </dd>
      <dt><a href="http://community.zenoss.org/docs/DOC-4687">Zenoss</a></dt>
      <dd>
        The Zenoss libvirt Zenpack adds support for monitoring virtualization
@@ -426,14 +365,6 @@
        infrastructure. You can deploy a new service just dragging and
        dropping a VM.
      </dd>
-      <dt><a href="https://kimchi-project.github.io/kimchi/">Kimchi</a></dt>
-      <dd>
-        Kimchi is an HTML5 based management tool for KVM. It is designed to
-        make it as easy as possible to get started with KVM and create your first guest.
-
-        Kimchi manages KVM guests through libvirt. The management interface is accessed
-        over the web using a browser that supports HTML5.
-      </dd>
      <dt><a href="http://ovirt.org/">oVirt</a></dt>
      <dd>
        oVirt provides the ability to manage large numbers of virtual
@@ -441,31 +372,6 @@
        with FreeIPA for Kerberos authentication, and in the future,
        certificate management.
      </dd>
-      <dt><a href="http://ispsystem.com/en/software/vmmanager">VMmanager</a></dt>
-      <dd>
-        VMmanager is a software solution for virtualization management
-        that can be used both for hosting virtual machines and
-        building a cloud.  VMmanager can manage not only one server,
-        but a large cluster of hypervisors.  It delivers a number of
-        functions, such as live migration that allows for load
-        balancing between cluster nodes, monitoring CPU, memory.
-      </dd>
-      <dt><a href="http://mist.io/">mist.io</a></dt>
-      <dd>
-        Mist.io is an open source project and a service that can assist you in
-        managing your virtual machines on a unified way, providing a simple
-        interface for all of your infrastructure (multiple public cloud
-        providers, OpenStack based public/private clouds, Docker servers, bare
-        metal servers and now KVM hypervisors).
-      </dd>
-      <dt><a href="http://ravada.upc.edu/">Ravada</a></dt>
-      <dd>
-        Ravada is an open source tool for managing Virtual Desktop
-        Infrastructure (VDI). It is very easy to install and use. Following
-        the documentation, you'll be ready to deploy virtual machines in
-        minutes. The only requirements for the users are a Web browser and
-        a lightweight remote viewer.
-      </dd>
    </dl>

    <h2><a name="mobile">Mobile applications</a></h2>
@@ -479,19 +385,5 @@
      </dd>
    </dl>

-    <h2><a name="other">Other</a></h2>
-
-    <dl>
-      <dt><a href="http://cuckoosandbox.org/">Cuckoo Sandbox</a></dt>
-      <dd>
-        Cuckoo Sandbox is a malware analysis system.  You can throw
-        any suspicious file at it and in a matter of seconds Cuckoo
-        will provide you back some detailed results outlining what
-        such file did when executed inside an isolated environment.
-        And libvirt is one of the backends that can be used for the
-        isolated environment.
-      </dd>
-    </dl>
-
  </body>
 </html>
--- a/docs/archdomain.html.in
+++ b/docs/archdomain.html.in
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+    <h1>Domain management architecture</h1>
+  </body>
+</html>
--- a/docs/archnetwork.html.in
+++ b/docs/archnetwork.html.in
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+    <h1>Network management architecture</h1>
+
+    <ul id="toc"></ul>
+
+    <h2><a name="architecture">Architecture illustration</a></h2>
+
+    <p>
+      The diagrams below illustrate some of the network configurations
+      enabled by the libvirt networking APIs
+    </p>
+
+    <ul>
+      <li><strong>VLAN 1</strong>. This virtual network has connectivity
+        to <code>LAN 2</code> with traffic forwarded and NATed.
+      </li>
+      <li><strong>VLAN 2</strong>. This virtual network is completely
+        isolated from any physical LAN.
+      </li>
+      <li><strong>Guest A</strong>. The first network interface is bridged
+        to the physical <code>LAN 1</code>. The second interface is connected
+        to a virtual network <code>VLAN 1</code>.
+      </li>
+      <li><strong>Guest B</strong>. The first network interface is connected
+        to a virtual network <code>VLAN 1</code>, giving it limited NAT
+        based connectivity to LAN2. It has a second network interface
+        connected to <code>VLAN 2</code>. It acts a router allowing limited
+        traffic between the two VLANs, thus giving <code>Guest C</code>
+        connectivity to the physical <code>LAN 2</code>.
+        </li>
+      <li><strong>Guest C</strong>. The only network interface is connected
+        to a virtual network <code>VLAN 2</code>. It has no direct connectivity
+        to a physical LAN, relying on <code>Guest B</code> to route traffic
+        on its behalf.
+      </li>
+    </ul>
+
+    <h3><a name="logical">Logical diagram</a></h3>
+
+    <p class="image">
+      <img src="libvirt-net-logical.png" alt="Logical network architecture"/>
+    </p>
+
+    <h3><a name="physical">Physical diagram</a></h3>
+
+    <p class="image">
+      <img src="libvirt-net-physical.png" alt="Physical network architecture"/>
+    </p>
+
+  </body>
+</html>
--- a/docs/archnode.html.in
+++ b/docs/archnode.html.in
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+    <h1>Node device management architecture</h1>
+  </body>
+</html>
--- a/docs/archstorage.html.in
+++ b/docs/archstorage.html.in
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+    <h1>Storage management architecture</h1>
+
+    <p>
+      The storage management APIs are based around 2 core concepts
+    </p>
+    <ol>
+      <li>
+        <strong>Volume</strong> - a single storage volume which can
+        be assigned to a guest, or used for creating further pools. A
+        volume is either a block device, a raw file, or a special format
+        file.
+      </li>
+      <li>
+        <strong>Pool</strong> - provides a means for taking a chunk
+        of storage and carving it up into volumes. A pool can be used to
+        manage things such as a physical disk, a NFS server, a iSCSI target,
+        a host adapter, an LVM group.
+      </li>
+    </ol>
+
+    <p>
+      These two concepts are mapped through to two libvirt objects, a
+      <code>virStorageVolPtr</code> and a <code>virStoragePoolPtr</code>,
+      each with a collection of APIs for their management.
+    </p>
+
+  </body>
+</html>
--- a/docs/auditlog.html.in
+++ b/docs/auditlog.html.in
@@ -1,375 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Audit log</h1>
-
-    <ul id="toc"></ul>
-
-    <h2><a name="intro">Introduction</a></h2>
-
-    <p>
-      A number of the libvirt virtualization drivers (QEMU/KVM and LXC) include
-      support for logging details of important operations to the host's audit
-      subsystem. This provides administrators / auditors with a canonical historical
-      record of changes to virtual machines' / containers' lifecycle states and
-      their configuration. On hosts which are running the Linux audit daemon,
-      the logs will usually end up in <code>/var/log/audit/audit.log</code>
-    </p>
-
-    <h2><a name="config">Configuration</a></h2>
-
-    <p>
-      The libvirt audit integration is enabled by default on any host which has
-      the Linux audit subsystem active, and disabled otherwise. It is possible
-      to alter this behaviour in the <code>/etc/libvirt/libvirtd.conf</code>
-      configuration file, via the <code>audit_level</code> parameter
-    </p>
-
-    <ul>
-      <li><code>audit_level=0</code> - libvirt auditing is disabled regardless
-        of host audit subsystem enablement.</li>
-      <li><code>audit_level=1</code> - libvirt auditing is enabled if the host
-        audit subsystem is enabled, otherwise it is disabled. This is the
-        default behaviour.</li>
-      <li><code>audit_level=2</code> - libvirt auditing is enabled regardless
-        of host audit subsystem enablement. If the host audit subsystem is
-        disabled, then libvirtd will refuse to complete startup and exit with
-        an error.</li>
-    </ul>
-
-    <p>
-      In addition to have formal messages sent to the audit subsystem it is
-      possible to tell libvirt to inject messages into its own logging
-      layer. This will result in messages ending up in the systemd journal
-      or <code>/var/log/libvirt/libivrtd.log</code> on non-systemd hosts.
-      This is disabled by default, but can be requested by setting the
-      <code>audit_logging=1</code> configuration parameter in the same file
-      mentioned above.
-    </p>
-
-    <h2><a name="types">Message types</a></h2>
-
-    <p>
-      Libvirt defines three core audit message types each of which will
-      be described below. There are a number of common fields that will
-      be reported for all message types.
-    </p>
-
-    <dl>
-      <dt><code>pid</code></dt>
-      <dd>Process ID of the libvirtd daemon generating the audit record.</dd>
-      <dt><code>uid</code></dt>
-      <dd>User ID of the libvirtd daemon process generating the audit record.</dd>
-      <dt><code>subj</code></dt>
-      <dd>Security context of the libvirtd daemon process generating the audit record.</dd>
-      <dt><code>msg</code></dt>
-      <dd>String containing a list of key=value pairs specific to the type of audit record being reported.</dd>
-    </dl>
-
-    <p>
-      Some fields in the <code>msg</code> string are common to audit records
-    </p>
-
-    <dl>
-      <dt><code>virt</code></dt>
-      <dd>Type of virtualization driver used. One of <code>qemu</code> or <code>lxc</code></dd>
-      <dt><code>vm</code></dt>
-      <dd>Host driver unique name of the guest</dd>
-      <dt><code>uuid</code></dt>
-      <dd>Globally unique identifier for the guest</dd>
-      <dt><code>exe</code></dt>
-      <dd>Path of the libvirtd daemon</dd>
-      <dt><code>hostname</code></dt>
-      <dd>Currently unused</dd>
-      <dt><code>addr</code></dt>
-      <dd>Currently unused</dd>
-      <dt><code>terminal</code></dt>
-      <dd>Currently unused</dd>
-      <dt><code>res</code></dt>
-      <dd>Result of the action, either <code>success</code> or <code>failed</code></dd>
-    </dl>
-
-    <h3><a name="typecontrol">VIRT_CONTROL</a></h3>
-
-    <p>
-      Reports change in the lifecycle state of a virtual machine. The <code>msg</code>
-      field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>op</code></dt>
-      <dd>Type of operation performed. One of <code>start</code>, <code>stop</code> or <code>init</code></dd>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the operation to happen</dd>
-      <dt><code>vm-pid</code></dt>
-      <dd>ID of the primary/leading process associated with the guest</dd>
-      <dt><code>init-pid</code></dt>
-      <dd>ID of the <code>init</code> process in a container. Only if <code>op=init</code> and <code>virt=lxc</code></dd>
-      <dt><code>pid-ns</code></dt>
-      <dd>Namespace ID of the <code>init</code> process in a container. Only if <code>op=init</code> and <code>virt=lxc</code></dd>
-    </dl>
-
-    <h3><a name="typemachine">VIRT_MACHINE_ID</a></h3>
-
-    <p>
-      Reports the association of a security context with a guest. The <code>msg</code>
-      field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>model</code></dt>
-      <dd>The security driver type. One of <code>selinux</code> or <code>apparmor</code></dd>
-      <dt><code>vm-ctx</code></dt>
-      <dd>Security context for the guest process</dd>
-      <dt><code>img-ctx</code></dt>
-      <dd>Security context for the guest disk images and other assigned host resources</dd>
-    </dl>
-
-    <h3><a name="typeresource">VIRT_RESOURCE</a></h3>
-
-    <p>
-      Reports the usage of a host resource by a guest. The fields include will
-      vary according to the type of device being reported. When the guest is
-      initially booted records will be generated for all assigned resources.
-      If any changes are made to the running guest configuration, for example
-      hotplug devices, or adjust resources allocation, further records will
-      be generated.
-    </p>
-
-    <h4><a name="typeresourcevcpu">Virtual CPU</a></h4>
-
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>vcpu</code></dd>
-      <dt><code>old-vcpu</code></dt>
-      <dd>Original vCPU count, or 0</dd>
-      <dt><code>new-vcpu</code></dt>
-      <dd>Updated vCPU count</dd>
-    </dl>
-
-
-    <h4><a name="typeresourcemem">Memory</a></h4>
-
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>mem</code></dd>
-      <dt><code>old-mem</code></dt>
-      <dd>Original memory size in bytes, or 0</dd>
-      <dt><code>new-mem</code></dt>
-      <dd>Updated memory size in bytes</dd>
-    </dl>
-
-    <h4><a name="typeresourcedisk">Disk</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>disk</code></dd>
-      <dt><code>old-disk</code></dt>
-      <dd>Original host file or device path acting as the disk backing file</dd>
-      <dt><code>new-disk</code></dt>
-      <dd>Updated host file or device path acting as the disk backing file</dd>
-    </dl>
-
-    <h4><a name="typeresourcenic">Network interface</a></h4>
-
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>net</code></dd>
-      <dt><code>old-net</code></dt>
-      <dd>Original MAC address of the guest network interface</dd>
-      <dt><code>new-net</code></dt>
-      <dd>Updated MAC address of the guest network interface</dd>
-    </dl>
-
-    <p>
-      If there is a host network interface associated with the guest NIC then
-      further records may be generated
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>net</code></dd>
-      <dt><code>net</code></dt>
-      <dd>MAC address of the host network interface</dd>
-      <dt><code>rdev</code></dt>
-      <dd>Name of the host network interface</dd>
-    </dl>
-
-    <h4><a name="typeresourcefs">Filesystem</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>fs</code></dd>
-      <dt><code>old-fs</code></dt>
-      <dd>Original host directory, file or device path backing the filesystem </dd>
-      <dt><code>new-fs</code></dt>
-      <dd>Updated host directory, file or device path backing the filesystem</dd>
-    </dl>
-
-    <h4><a name="typeresourcehost">Host device</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>hostdev</code> or <code>dev</code></dd>
-      <dt><code>dev</code></dt>
-      <dd>The unique bus identifier of the USB, PCI or SCSI device, if <code>resrc=dev</code></dd>
-      <dt><code>disk</code></dt>
-      <dd>The path of the block device assigned to the guest, if <code>resrc=hostdev</code></dd>
-      <dt><code>chardev</code></dt>
-      <dd>The path of the character device assigned to the guest, if <code>resrc=hostdev</code></dd>
-    </dl>
-
-    <h4><a name="typeresourcetpm">TPM</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>tpm</code></dd>
-      <dt><code>device</code></dt>
-      <dd>The path of the host TPM device assigned to the guest</dd>
-    </dl>
-
-    <h4><a name="typeresourcerng">RNG</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>rng</code></dd>
-      <dt><code>old-rng</code></dt>
-      <dd>Original path of the host entropy source for the RNG</dd>
-      <dt><code>new-rng</code></dt>
-      <dd>Updated path of the host entropy source for the RNG</dd>
-    </dl>
-
-    <h4><a name="typeresourcechardev">console/serial/parallel/channel</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>chardev</code></dd>
-      <dt><code>old-chardev</code></dt>
-      <dd>Original path of the backing character device for given emulated device</dd>
-      <dt><code>new-chardev</code></dt>
-      <dd>Updated path of the backing character device for given emulated device</dd>
-    </dl>
-
-    <h4><a name="typeresourcesmartcard">smartcard</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>smartcard</code></dd>
-      <dt><code>old-smartcard</code></dt>
-      <dd>Original path of the backing character device, certificate store or
-          "nss-smartcard-device" for host smartcard passthrough.
-      </dd>
-      <dt><code>new-smartcard</code></dt>
-      <dd>Updated path of the backing character device, certificate store or
-          "nss-smartcard-device" for host smartcard passthrough.
-      </dd>
-    </dl>
-
-    <h4><a name="typeresourceredir">Redirected device</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>redir</code></dd>
-      <dt><code>bus</code></dt>
-      <dd>The bus type, only <code>usb</code> allowed</dd>
-      <dt><code>device</code></dt>
-      <dd>The device type, only <code>USB redir</code> allowed</dd>
-    </dl>
-
-    <h4><a name="typeresourcecgroup">Control group</a></h4>
-
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>cgroup</code></dd>
-      <dt><code>cgroup</code></dt>
-      <dd>The name of the cgroup controller</dd>
-    </dl>
-
-
-    <h4><a name="typeresourceshmem">Shared memory</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>shmem</code></dd>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>size</code></dt>
-      <dd>The size of the shared memory region</dd>
-      <dt><code>shmem</code></dt>
-      <dd>Name of the shared memory region</dd>
-      <dt><code>source</code></dt>
-      <dd>Path of the backing character device for given emulated device</dd>
-    </dl>
-
-  </body>
-</html>
--- a/docs/auth.html.in
+++ b/docs/auth.html.in
@@ -2,14 +2,12 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
  <body>
-    <h1>Connection authentication</h1>
+    <h1 >Authentication &amp; access control</h1>
    <p>
      When connecting to libvirt, some connections may require client
      authentication before allowing use of the APIs. The set of possible
      authentication mechanisms is administrator controlled, independent
-      of applications using libvirt. Once authenticated, libvirt can apply
-      fine grained <a href="acl.html">access control</a> to the operations
-      performed by a client.
+      of applications using libvirt.
    </p>

    <ul id="toc"></ul>
@@ -76,11 +74,7 @@ password=letmein

 [credentials-dev]
 username=joe
-password=hello
-
-[credentials-defgrp]
-username=defuser
-password=defpw</pre>
+password=hello</pre>

    <p>
      The second set of groups provide mappings of credentials to
@@ -94,8 +88,7 @@ credentials=$CREDENTIALS</pre>

    <p>
      For example, following the previous example, here is how to
-      map some machines. For convenience libvirt supports a default
-      mapping of credentials to machines:
+      list some machines
    </p>

    <pre>
@@ -111,15 +104,8 @@ credentials=test
 [auth-libvirt-prod1.example.com]
 credentials=prod

-[auth-libvirt-default]
-credentials=defgrp
-
 [auth-esx-dev1.example.com]
-credentials=dev
-
-[auth-esx-default]
-credentials=defgrp</pre>
-
+credentials=dev</pre>

    <p>
      The following service types are known to libvirt
@@ -173,7 +159,7 @@ the libvirt daemon.
    <h2><a name="ACL_server_polkit">UNIX socket PolicyKit auth</a></h2>
    <p>
 If libvirt contains support for PolicyKit, then access control options are
-more advanced. The <code>auth_unix_rw</code> parameter will default to
+more advanced. The <code>unix_sock_auth</code> parameter will default to
 <code>polkit</code>, and the file permissions will default to <code>0777</code>
 even on the RW socket. Upon connecting to the socket, the client application
 will be required to identify itself with PolicyKit. The default policy for the
@@ -204,72 +190,16 @@ ResultActive=yes</pre>
 Further examples of PolicyKit setup can be found on the
 <a href="http://wiki.libvirt.org/page/SSHPolicyKitSetup">wiki page</a>.
    </p>
-    <h2><a name="ACL_server_sasl">SASL pluggable authentication</a></h2>
-
+    <h2><a name="ACL_server_username">Username/password auth</a></h2>
    <p>
-Libvirt integrates with the cyrus-sasl library to provide a pluggable authentication
-system using the SASL protocol. SASL can be used in combination with libvirtd's TLS
-or TCP socket listeners. When used with the TCP listener, the SASL mechanism is
-rqeuired to provide session encryption in addition to authentication. Only a very
-few SASL mechanisms are able to do this, and of those that can do it, only the
-GSSAPI plugin is considered acceptably secure by modern standards:
-    </p>
-
-    <dl>
-      <dt>GSSAPI</dt>
-      <dd><strong>This is the current default mechanism to use with libvirtd</strong>.
-        It uses the Kerberos v5 authentication protocol underneath, and assuming
-        the Kerberos client/server are configured with modern ciphers (AES),
-        it provides strong session encryption capabilities.</dd>
-
-      <dt>DIGEST-MD5</dt>
-      <dd>This was previously set as the default mechanism to use with libvirtd.
-        It provides a simple username/password based authentication mechanism
-        that includes session encryption.
-        <a href="https://tools.ietf.org/html/rfc6331">RFC 6331</a>, however,
-        documents a number of serious security flaws with DIGEST-MD5 and as a
-        result marks it as <code>OBSOLETE</code>. Specific concerns are that
-        it is vulnerable to MITM attacks and the MD5 hash can be brute-forced
-        to reveal the password. A replacement is provided via the SCRAM mechanism,
-        however, note that this does not provide encryption, so the SCRAM
-        mechanism can only be used on the libvirtd TLS listener.
-      </dd>
-
-      <dt>PASSDSS-3DES-1</dt>
-      <dd>This provides a simple username/password based authentication
-        mechanism that includes session encryption. The current cyrus-sasl
-        implementation does not provide a way to validate the server's
-        public key identity, thus it is susceptible to a MITM attacker
-        impersonating the server. It is also not enabled in many OS
-        distros when building SASL libraries.</dd>
-
-      <dt>KERBEROS_V4</dt>
-      <dd>This uses the obsolete Kerberos v4 protocol to provide both authentication
-        and session encryption. Kerberos v4 protocol has been obsolete since the
-        early 1990's and has known security vulnerabilities so this will never be
-        used in practice.</dd>
-    </dl>
-
-    <p>
-      Other SASL mechanisms, not listed above, can only be used when the libvirtd
-      TLS or UNIX socket listeners.
-    </p>
-
-    <h3><a name="ACL_server_username">Username/password auth</a></h3>
-    <p>
-As noted above, the DIGEST-MD5 mechanism is considered obsolete and should
-not be used anymore. To provide a simple username/password auth scheme on
-the libvirt UNIX socket or TLS listeners, however, it is possible to use
-the SCRAM mechanism. The <code>auth_unix_ro</code>, <code>auth_unix_rw</code>,
-<code>auth_tls</code> config params in <code>libvirt.conf</code> can be used
-to turn on SASL auth in these listeners.
-    </p>
-    <p>
-Since the libvirt SASL config file defaults to using GSSAPI (Kerberos), a
-config change is rquired to enable plain password auth. This is done by
-editting <code>/etc/sasl2/libvirt.conf</code> to set the <code>mech_list</code>
-parameter to <code>scram-sha-1</code>.
-    </p>
+The plain TCP socket of the libvirt daemon defaults to using SASL for authentication.
+The SASL mechanism configured by default is DIGEST-MD5, which provides a basic
+username+password style authentication. It also provides for encryption of the data
+stream, so the security of the plain TCP socket is on a par with that of the TLS
+socket. If desired the UNIX socket and TLS socket can also have SASL enabled by
+setting the <code>auth_unix_ro</code>, <code>auth_unix_rw</code>, <code>auth_tls</code>
+config params in <code>libvirt.conf</code>.
+</p>
    <p>
 Out of the box, no user accounts are defined, so no clients will be able to authenticate
 on the TCP socket. Adding users and setting their passwords is done with the <code>saslpasswd2</code>
@@ -297,13 +227,17 @@ again:
    <pre>
 # saslpasswd2 -a libvirt -d fred
 </pre>
-    <h3><a name="ACL_server_kerberos">GSSAPI/Kerberos auth</a></h3>
+    <h2><a name="ACL_server_kerberos">Kerberos auth</a></h2>
    <p>
-The plain TCP listener of the libvirt daemon defaults to using SASL for authentication.
-The libvirt SASL config also defaults to GSSAPI, so there is no need to edit the
-SASL config when using GSSAPI. If the libvirtd TLS or UNIX listeners are used,
-then the Kerberos session encryption will be disabled since it is not required
-in these scenarios - only the plain TCP listener needs encryption
+The plain TCP socket of the libvirt daemon defaults to using SASL for authentication.
+The SASL mechanism configured by default is DIGEST-MD5, which provides a basic
+username+password style authentication. To enable Kerberos single-sign-on instead,
+the libvirt SASL configuration file must be changed. This is <code>/etc/sasl2/libvirt.conf</code>.
+The <code>mech_list</code> parameter must first be changed to <code>gssapi</code>
+instead of the default <code>digest-md5</code>, and keytab should be set to
+<code>/etc/libvirt/krb5.tab</code> . If SASL is enabled on the UNIX
+and/or TLS sockets, Kerberos will also be used for them. Like DIGEST-MD5, the Kerberos
+mechanism provides data encryption of the session.
 </p>
    <p>
 Some operating systems do not install the SASL kerberos plugin by default. It
--- a/docs/bindings.html.in
+++ b/docs/bindings.html.in
@@ -14,10 +14,6 @@
        <strong>C#</strong>: Arnaud Champion develops
        <a href="csharp.html">C# bindings</a>.
      </li>
-     <li>
-        <strong>Go</strong>: Daniel Berrange develops
-        <a href="https://godoc.org/github.com/libvirt/libvirt-go">Go bindings</a>.
-      </li>
      <li>
        <strong>Java</strong>: Daniel Veillard develops
        <a href="java.html">Java bindings</a>.
@@ -48,10 +44,8 @@
      </li>
      <li>
        <p>
-          <strong>Python</strong>: Libvirt's python bindings are split to a
-          separate <a href="http://libvirt.org/git/?p=libvirt-python.git">package</a>
-          since version 1.2.0, older versions came with direct support for the
-          Python language.
+          <strong>Python</strong>: Libvirt comes with direct support for
+          the Python language.
        </p>
        <p>
          If your libvirt is installed as packages, rather than compiled
--- a/docs/bugs.html.in
+++ b/docs/bugs.html.in
@@ -11,7 +11,7 @@

    <p>
      If you think that an issue with libvirt may have security
-      implications, <strong>please do not</strong> publicly
+      implications, <strong>please do not</strong> publically
      report it in the bug tracker, mailing lists, or irc. Libvirt
      has <a href="securityprocess.html">a dedicated process for handling (potential) security issues</a>
      that should be used instead. So if your issue has security
@@ -132,7 +132,7 @@
      crash, the simplest is to run the program under gdb, reproduce the
      steps leading to the crash and then issue a gdb "bt -a" command to
      get the stack trace, attach it to the bug. Note that for the
-      data to be really useful libvirt debug information must be present
+      data to be really useful libvirt debug informations must be present
      for example by installing libvirt debuginfo package on Fedora or
      Red Hat Enterprise Linux (with debuginfo-install libvirt) prior
      to running gdb.</p>
@@ -147,11 +147,11 @@
      <pre> #  ps -o etime,pid `pgrep libvirt`
 ... note the process id from the output
 # gdb /usr/sbin/libvirtd
-.... some information about gdb and loading debug data
-(gdb) attach $the_daemon_process_id
+.... some informations about gdb and loading debug data
+(gdb) attach $the_damon_process_id
 ....
 (gdb) thread apply all bt
-.... information to attach to the bug
+.... informations to attach to the bug
 (gdb)
 </pre>

--- a/docs/cgroups.html.in
+++ b/docs/cgroups.html.in
@@ -33,9 +33,9 @@

    <p>
      The LXC driver is capable of using the <code>cpuset</code>,
-      <code>cpu</code>, <code>cpuacct</code>, <code>freezer</code>,
+      <code>cpu</code>, <code>cpuset</code>, <code>freezer</code>,
      <code>memory</code>, <code>blkio</code> and <code>devices</code>
-      controllers. The <code>cpuacct</code>, <code>devices</code>
+      controllers. The <code>cpuset</code>, <code>devices</code>
      and <code>memory</code> controllers are compulsory. Without
      them mounted, no containers can be started. If any of the
      other controllers are not mounted, the resource management APIs
@@ -47,121 +47,17 @@
    <p>
      As of libvirt 1.0.5 or later, the cgroups layout created by libvirt has been
      simplified, in order to facilitate the setup of resource control policies by
-      administrators / management applications. The new layout is based on the concepts
-      of "partitions" and "consumers". A "consumer" is a cgroup which holds the
-      processes for a single virtual machine or container. A "partition" is a cgroup
-      which does not contain any processes, but can have resource controls applied.
-      A "partition" will have zero or more child directories which may be either
-      "consumer" or "partition".
-    </p>
-
-    <p>
-      As of libvirt 1.1.1 or later, the cgroups layout will have some slight
-      differences when running on a host with systemd 205 or later. The overall
-      tree structure is the same, but there are some differences in the naming
-      conventions for the cgroup directories. Thus the following docs split
-      in two, one describing systemd hosts and the other non-systemd hosts.
-    </p>
-
-    <h3><a name="currentLayoutSystemd">Systemd cgroups integration</a></h3>
-
-    <p>
-      On hosts which use systemd, each consumer maps to a systemd scope unit,
-      while partitions map to a system slice unit.
-    </p>
-
-    <h4><a name="systemdScope">Systemd scope naming</a></h4>
-
-    <p>
-      The systemd convention is for the scope name of virtual machines / containers
-      to be of the general format <code>machine-$NAME.scope</code>. Libvirt forms the
-      <code>$NAME</code> part of this by concatenating the driver type with the name
-      of the guest, and then escaping any systemd reserved characters.
-      So for a guest <code>demo</code> running under the <code>lxc</code> driver,
-      we get a <code>$NAME</code> of <code>lxc-demo</code> which when escaped is
-      <code>lxc\x2ddemo</code>. So the complete scope name is <code>machine-lxc\x2ddemo.scope</code>.
-      The scope names map directly to the cgroup directory names.
-    </p>
-
-    <h4><a name="systemdSlice">Systemd slice naming</a></h4>
-
-    <p>
-      The systemd convention for slice naming is that a slice should include the
-      name of all of its parents prepended on its own name. So for a libvirt
-      partition <code>/machine/engineering/testing</code>, the slice name will
-      be <code>machine-engineering-testing.slice</code>. Again the slice names
-      map directly to the cgroup directory names. Systemd creates three top level
-      slices by default, <code>system.slice</code> <code>user.slice</code> and
-      <code>machine.slice</code>. All virtual machines or containers created
-      by libvirt will be associated with <code>machine.slice</code> by default.
-    </p>
-
-    <h4><a name="systemdLayout">Systemd cgroup layout</a></h4>
-
-    <p>
-      Given this, a possible systemd cgroups layout involving 3 qemu guests,
-      3 lxc containers and 3 custom child slices, would be:
-    </p>
-
-    <pre>
-$ROOT
-  |
-  +- system.slice
-  |   |
-  |   +- libvirtd.service
-  |
-  +- machine.slice
-      |
-      +- machine-qemu\x2dvm1.scope
-      |   |
-      |   +- emulator
-      |   +- vcpu0
-      |   +- vcpu1
-      |
-      +- machine-qemu\x2dvm2.scope
-      |   |
-      |   +- emulator
-      |   +- vcpu0
-      |   +- vcpu1
-      |
-      +- machine-qemu\x2dvm3.scope
-      |   |
-      |   +- emulator
-      |   +- vcpu0
-      |   +- vcpu1
-      |
-      +- machine-engineering.slice
-      |   |
-      |   +- machine-engineering-testing.slice
-      |   |   |
-      |   |   +- machine-lxc\x2dcontainer1.scope
-      |   |
-      |   +- machine-engineering-production.slice
-      |       |
-      |       +- machine-lxc\x2dcontainer2.scope
-      |
-      +- machine-marketing.slice
-          |
-          +- machine-lxc\x2dcontainer3.scope
-    </pre>
-
-    <h3><a name="currentLayoutGeneric">Non-systemd cgroups layout</a></h3>
-
-    <p>
-      On hosts which do not use systemd, each consumer has a corresponding cgroup
-      named <code>$VMNAME.libvirt-{qemu,lxc}</code>. Each consumer is associated
-      with exactly one partition, which also have a corresponding cgroup usually
-      named <code>$PARTNAME.partition</code>. The exceptions to this naming rule
-      are the three top level default partitions, named <code>/system</code> (for
-      system services), <code>/user</code> (for user login sessions) and
-      <code>/machine</code> (for virtual machines and containers). By default
-      every consumer will of course be associated with the <code>/machine</code>
-      partition.
-    </p>
-
-    <p>
-      Given this, a possible systemd cgroups layout involving 3 qemu guests,
-      3 lxc containers and 2 custom child slices, would be:
+      administrators / management applications. The layout is based on the concepts of
+      "partitions" and "consumers". Each virtual machine or container is a consumer,
+      and has a corresponding cgroup named <code>$VMNAME.libvirt-{qemu,lxc}</code>.
+      Each consumer is associated with exactly one partition, which also have a
+      corresponding cgroup usually named <code>$PARTNAME.partition</code>. The
+      exceptions to this naming rule are the three top level default partitions,
+      named <code>/system</code> (for system services), <code>/user</code> (for
+      user login sessions) and <code>/machine</code> (for virtual machines and
+      containers). By default every consumer will of course be associated with
+      the <code>/machine</code> partition. This leads to a hierarchy that looks
+      like
    </p>

    <pre>
@@ -191,21 +87,23 @@ $ROOT
      |   +- vcpu0
      |   +- vcpu1
      |
-      +- engineering.partition
-      |   |
-      |   +- testing.partition
-      |   |   |
-      |   |   +- container1.libvirt-lxc
-      |   |
-      |   +- production.partition
-      |       |
-      |       +- container2.libvirt-lxc
+      +- container1.libvirt-lxc
      |
-      +- marketing.partition
-          |
-          +- container3.libvirt-lxc
+      +- container2.libvirt-lxc
+      |
+      +- container3.libvirt-lxc
    </pre>

+    <p>
+      The default cgroups layout ensures that, when there is contention for
+      CPU time, it is shared equally between system services, user sessions
+      and virtual machines / containers. This prevents virtual machines from
+      locking the administrator out of the host, or impacting execution of
+      system services. Conversely, when there is no contention from
+      system services / user sessions, it is possible for virtual machines
+      to fully utilize the host CPUs.
+    </p>
+
    <h2><a name="customPartiton">Using custom partitions</a></h2>

    <p>
@@ -221,62 +119,20 @@ $ROOT
    </p>

    <pre>
-...
-&lt;resource&gt;
-  &lt;partition&gt;/machine/production&lt;/partition&gt;
-&lt;/resource&gt;
-...
+  ...
+  &lt;resource&gt;
+    &lt;partition&gt;/machine/production&lt;/partition&gt;
+  &lt;/resource&gt;
+  ...
    </pre>

-    <p>
-      Note that the partition names in the guest XML are using a
-      generic naming format, not the low level naming convention
-      required by the underlying host OS. That is, you should not include
-      any of the <code>.partition</code> or <code>.slice</code>
-      suffixes in the XML config. Given a partition name
-      <code>/machine/production</code>, libvirt will automatically
-      apply the platform specific translation required to get
-      <code>/machine/production.partition</code> (non-systemd)
-      or <code>/machine.slice/machine-production.slice</code>
-      (systemd) as the underlying cgroup name
-    </p>
-
    <p>
      Libvirt will not auto-create the cgroups directory to back
      this partition. In the future, libvirt / virsh will provide
      APIs / commands to create custom partitions, but currently
-      this is left as an exercise for the administrator.
-    </p>
-
-    <p>
-      <strong>Note:</strong> the ability to place guests in custom
-      partitions is only available with libvirt &gt;= 1.0.5, using
-      the new cgroup layout. The legacy cgroups layout described
-      later in this document did not support customization per guest.
-    </p>
-
-    <h3><a name="createSystemd">Creating custom partitions (systemd)</a></h3>
-
-    <p>
-      Given the XML config above, the admin on a systemd based host would
-      need to create a unit file <code>/etc/systemd/system/machine-production.slice</code>
-    </p>
-
-    <pre>
-# cat &gt; /etc/systemd/system/machine-testing.slice &lt;&lt;EOF
-[Unit]
-Description=VM testing slice
-Before=slices.target
-Wants=machine.slice
-EOF
-# systemctl start machine-testing.slice
-    </pre>
-
-    <h3><a name="createNonSystemd">Creating custom partitions (non-systemd)</a></h3>
-
-    <p>
-      Given the XML config above, the admin on a non-systemd based host
-      would need to create a cgroup named '/machine/production.partition'
+      this is left as an exercise for the administrator. For
+      example, given the XML config above, the admin would need
+      to create a cgroup named '/machine/production.partition'
    </p>

    <pre>
@@ -291,6 +147,18 @@ EOF
  done
 </pre>

+    <p>
+      <strong>Note:</strong> the cgroups directory created as a ".partition"
+      suffix, but the XML config does not require this suffix.
+    </p>
+
+    <p>
+      <strong>Note:</strong> the ability to place guests in custom
+      partitions is only available with libvirt &gt;= 1.0.5, using
+      the new cgroup layout. The legacy cgroups layout described
+      later did not support customization per guest.
+    </p>
+
    <h2><a name="resourceAPIs">Resource management APIs/commands</a></h2>

    <p>
--- a/docs/compiling.html.in
+++ b/docs/compiling.html.in
@@ -13,9 +13,9 @@
    </p>

    <pre>
-$ xz -c libvirt-x.x.x.tar.xz | tar xvf -
-$ cd libvirt-x.x.x
-$ ./configure</pre>
+      $ gunzip -c libvirt-x.x.x.tar.gz | tar xvf -
+      $ cd libvirt-x.x.x
+      $ ./configure</pre>

    <p>
      The <i>configure</i> script can be given options to change its default
@@ -28,7 +28,7 @@ $ ./configure</pre>
    </p>

    <pre>
-$ ./configure <i>--help</i></pre>
+      $ ./configure <i>--help</i></pre>

    <p>
      When you have determined which options you want to use (if any),
@@ -49,9 +49,9 @@ $ ./configure <i>--help</i></pre>
    </p>

    <pre>
-$ ./configure <i>[possible options]</i>
-$ make
-$ <b>sudo</b> <i>make install</i></pre>
+      $ ./configure <i>[possible options]</i>
+      $ make
+      $ <b>sudo</b> <i>make install</i></pre>

    <p>
      At this point you <b>may</b> have to run ldconfig or a similar utility
@@ -91,7 +91,7 @@ $ <b>sudo</b> <i>make install</i></pre>
      drive or manual download, and run this any time libvirt.git
      updates the commit stored in the .gnulib submodule:</p>
    <pre>
-$ GNULIB_SRCDIR=/path/to/gnulib ./autogen.sh --no-git
+      $ GNULIB_SRCDIR=/path/to/gnulib ./autogen.sh --no-git
    </pre>

    <p>To build &amp; install libvirt to your home
@@ -99,9 +99,9 @@ $ GNULIB_SRCDIR=/path/to/gnulib ./autogen.sh --no-git
    </p>

    <pre>
-$ ./autogen.sh --prefix=$HOME/usr
-$ make
-$ <b>sudo</b> make install</pre>
+      $ ./autogen.sh --prefix=$HOME/usr
+      $ make
+      $ <b>sudo</b> make install</pre>

    <p>
      Be aware though, that binaries built with a custom prefix will not
@@ -111,8 +111,8 @@ $ <b>sudo</b> make install</pre>
    </p>

    <pre>
-$ ./autogen.sh --system
-$ make
+      $ ./autogen.sh --system
+      $ make
    </pre>

    <p>
@@ -123,9 +123,9 @@ $ make
    </p>

    <pre>
-$ su -
-# service libvirtd stop  (or systemctl stop libvirtd.service)
-# /home/to/your/checkout/daemon/libvirtd
+      $ su -
+      # service libvirtd stop  (or systemctl stop libvirtd.service)
+      # /home/to/your/checkout/daemon/libvirtd
    </pre>

    <p>
@@ -134,7 +134,7 @@ $ su -
    </p>

    <pre>
-$ ./run ./tools/virsh ....
+      $ ./run ./tools/virsh ....
    </pre>
  </body>
 </html>
--- a/docs/contact.html.in
+++ b/docs/contact.html.in
@@ -2,7 +2,7 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
  <body>
-    <h1>Contacting the project contributors</h1>
+    <h1>Contacting the development team</h1>

    <ul id="toc"></ul>

@@ -10,7 +10,7 @@

    <p>
      If you think that an issue with libvirt may have security
-      implications, <strong>please do not</strong> publicly
+      implications, <strong>please do not</strong> publically
      report it in the bug tracker, mailing lists, or irc. Libvirt
      has <a href="securityprocess.html">a dedicated process for handling (potential) security issues</a>
      that should be used instead. So if your issue has security
@@ -24,7 +24,7 @@
      There are three mailing-lists:
    </p>

-    <dl class="mail">
+    <dl>
      <dt><a href="https://www.redhat.com/mailman/listinfo/libvir-list">libvir-list@redhat.com</a> (for development)</dt>
      <dd>
        Archives at <a href="https://www.redhat.com/archives/libvir-list">https://www.redhat.com/archives/libvir-list</a>
--- a/docs/contribute.html.in
+++ b/docs/contribute.html.in
@@ -1,142 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Contributing to libvirt</h1>
-
-    <p>
-      This page provides guidance on how to contribute to the
-      libvirt project
-    </p>
-
-    <ul id="toc"></ul>
-
-    <h2><a name="skills">Contributions required</a></h2>
-
-    <p>
-      The libvirt project is always looking for new contributors to
-      participate in ongoing activities. While code development is a
-      major part of the project, assistance is needed in many other
-      areas including documentation writing, bug triage, testing,
-      application integration, website / wiki content management,
-      translation, branding, social media and more. The only
-      requirement is an interest in virtualization and desire to
-      help.
-    </p>
-
-    <p>
-      The following is a non-exhaustive list of areas in which
-      people can contribute to libvirt. If you have ideas for
-      other contributions feel free to follow them.
-    </p>
-
-    <ul>
-      <li><strong>Software development</strong>. The core library / daemon (and
-        thus the bulk of coding) is written in C, but there are
-        language bindings written in Python, Perl, Java, Ruby,
-        Php, OCaml and Go. There are also higher level wrappers
-        mapping libvirt into other object frameworks, such GLib,
-        CIM and SNMP. For those interested in working on the core parts of
-        libvirt, the <a href="hacking.html">contributor guidelines</a> are
-        mandatory reading</li>
-      <li><strong>Translation</strong>. All the libvirt modules aim to support
-        translations where appropriate. All translation is
-        handling outside of the normal libvirt review process,
-        using the <a href="http://fedora.zanata.org">Fedora
-        instance</a> of the Zanata tool. Thus people wishing
-        to contribute to translation should join the Fedora
-        translation team</li>
-      <li><strong>Documentation</strong>. There are docbook guides on various
-        aspects of libvirt, particularly application development
-        guides for the C library and Python, and a virsh command
-        reference. There is thus scope for work by people who are
-        familiar with using or developing against libvirt, to
-        write further content for these guides. There is also a
-        need for people to review existing content for copy editing
-        and identifying gaps in the docs</li>
-      <li><strong>Website / wiki curation</strong>. The bulk of the website is
-        maintained in the primary GIT repository, while the wiki
-        site uses mediawiki. In both cases there is a need for
-        people to both write new content and curate existing
-        content to identify outdated information, improve its
-        organization and target gaps.</li>
-      <li><strong>Testing</strong>. There are a number of tests suites that can run
-        automated tests against libvirt. The coverage of the tests
-        is never complete, so there is a need for people to create
-        new test suites and / or provide environments to actually
-        run the tests in a variety of deployment scenarios.</li>
-      <li><strong>Code analysis</strong>. The libvirt project has access to the coverity
-        tool to run static analysis against the codebase, however,
-        there are other types of code analysis that can be useful.
-        In particular fuzzing of the inputs can be very effective
-        at identifying problematic edge cases.</li>
-      <li><strong>Security handling</strong>. Downstream (operating system) vendors
-        who distribute libvirt may wish to propose a person to
-        be part of the security handling team, to get early access
-        to information about forthcoming vulnerability fixes.</li>
-      <li><strong>Evangalism</strong>. Work done by the project is of no benefit
-        unless the (potential) user community knows that it
-        exists. Thus it is critically important to the health
-        and future growth of the project, that there are a people
-        who evangalise the work created by the project. This can
-        take many forms, writing blog posts (about usage of features,
-        personal user experiances, areas for future work, and more),
-        syndicating docs and blogs via social media, giving user
-        group and/or conference talks about libvirt.</li>
-      <li><strong>User assistance</strong>. Since documentation
-        is never perfect, there are inevitably cases where users
-        will struggle to attain a deployment goal they have, or
-        run into trouble with managing an existing deployment.
-        While some users may be able to contact a software vendor
-        to obtain support, it is common to rely on community help
-        forums such as <a href="contact.html#email">libvirt users
-          mailing list</a>, or sites such as
-        <a href="http://stackoverflow.com/questions/tagged/libvirt">stackoverflow.</a>
-        People who are familiar with libvirt and have ability &amp;
-        desire to help other users are encouraged to participate in
-        these help forums.</li>
-    </ul>
-
-    <h2><a name="comms">Communication</a></h2>
-
-    <p>
-      For full details on contacting other project contributors
-      read the <a href="contact.html">contact</a> page. There
-      are two main channels that libvirt uses for communication
-      between contributors:
-    </p>
-
-    <h3><a name="email">Mailing lists</a></h3>
-
-    <p>
-      The project has a number of
-      <a href="contact.html#email">mailing lists</a> for
-      general communication between contributors.
-      In general any design discussions and review
-      of contributions will take place on the mailing
-      lists, so it is important for all contributors
-      to follow the traffic.
-    </p>
-
-    <h3><a name="irc">Instant messaging / chat</a></h3>
-
-    <p>
-      Contributors to libvirt are encouraged to join the
-      <a href="contact.html#irc">IRC channel</a> used by
-      the project, where they can have live conversations
-      with others members.
-    </p>
-
-    <h2><a name="outreach">Student / outreach coding programs</a></h2>
-
-    <p>
-      Since 2016, the libvirt project directly participates as an
-      organization in the <a href="http://wiki.libvirt.org/page/Google_Summer_of_Code_Ideas">Google Summer of Code program</a>. Prior to
-      this the project had a number of students in the program
-      via a joint application with the QEMU project. People are
-      encouraged to look at both the libvirt and QEMU programs
-      to identify potentially interesting projects to work on.
-    </p>
-
-  </body>
-</html>
--- a/docs/deployment.html.in
+++ b/docs/deployment.html.in
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+    <h1>Deployment</h1>
+
+    <ul id="toc"></ul>
+
+    <h2><a name="packages">Pre-packaged releases</a></h2>
+
+    <p>
+      The libvirt API is now available in all major Linux distributions,
+      so the simplest deployment approach is to use your distributions'
+      package management software to install the <code>libvirt</code>
+      module.
+    </p>
+
+    <h2><a name="tarball">Self-built releases</a></h2>
+
+    <p>
+      libvirt uses GNU autotools for its build system, so deployment
+      follows the usual process of <code>configure; make ; make install</code>
+    </p>
+
+    <pre>
+
+      # ./configure --prefix=$HOME/usr
+      # make
+      # make install
+    </pre>
+
+    <h2><a name="git">Built from GIT</a></h2>
+
+    <p>
+      When building from GIT it is necessary to generate the autotools
+      support files. This requires having <code>autoconf</code>,
+      <code>automake</code>, <code>libtool</code> and <code>intltool</code>
+      installed. The process can be automated with the <code>autogen.sh</code>
+      script.
+    </p>
+
+    <pre>
+
+      # ./autogen.sh --prefix=$HOME/usr
+      # make
+      # make install
+    </pre>
+
+  </body>
+</html>
--- a/docs/devguide.html.in
+++ b/docs/devguide.html.in
@@ -2,41 +2,55 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
  <body>
-    <h1>libvirt Application Development Guides</h1>
+    <h1>libvirt Application Development Guide</h1>
+
+    <ul id="toc"></ul>

    <p>
-      The libvirt API is accessible from a number of programming languages.
-      At this time, there are application development guides available
-      which cover the C API and the Python API. Of the two, the Python guide
-      is currently the more comprehensive document.
+      The guide is both a learning tool for developing with libvirt and an
+      API reference document. It is a work in progress, composed by a
+      professional author from contributions written by members of the
+      libvirt team.
    </p>

+    <p>
+      Contributions to the guide are <b>VERY</b> welcome. If you'd like to get
+      your name on this and demonstrate your virtualisation prowess, a solid
+      contribution to the content here will do it. :)
+    </p>
+
+    <h2><a name="online">Browsable online</a></h2>
+
    <ul>
-      <li><a href="http://libvirt.org/docs/libvirt-appdev-guide/en-US/html/">Application Development Guide (C language) HTML</a></li>
-      <li><a href="http://libvirt.org/docs/libvirt-appdev-guide/en-US/pdf/">Application Development Guide (C language) PDF</a></li>
-      <li><a href="http://libvirt.org/docs/libvirt-appdev-guide-python/en-US/html/">Application Development Guide (Python language) HTML</a></li>
-      <li><a href="http://libvirt.org/docs/libvirt-appdev-guide-python/en-US/pdf/">Application Development Guide (Python language) PDF</a></li>
+      <li><a href="http://libvirt.org/guide/html/">
+        HTML format using multiple pages</a></li>
+      <li><a href="http://libvirt.org/guide/html-single/">
+        HTML format using one big page</a></li>
+      <li><a href="http://libvirt.org/guide/pdf/Application_Development_Guide.pdf">
+        PDF format</a></li>
+      <li><a href="http://libvirt.org/guide/libvirt-0.7.5-Application_Development_Guide-en-US.epub">
+        ePub format</a></li>
+      <li><a href="http://libvirt.org/guide/txt/Application_Development_Guide.txt">
+        Plain text format</a></li>
+      <li><a href="http://libvirt.org/guide/libvirt-Application_Development_Guide-0.7.5-web-en-US-1-9.el5.src.rpm">
+        Source RPM format</a></li>
    </ul>

-    <h2>Contributing content</h2>
+    <h2><a name="git">GIT source repository</a></h2>

    <p>
-      These guides are written in DocBook and published with the
-      publican tool, which is also used for Fedora and Red Hat
-      documentation. The original content is provided in GIT and
-      any contributions to the guide are welcome.
+      The source is in a git repository:
    </p>

    <pre>
-# C language
-$ git clone <a href="http://libvirt.org/git/?p=libvirt-appdev-guide.git">git://libvirt.org/libvirt-appdev-guide.git</a>
+      git clone git://libvirt.org/libvirt-appdev-guide.git</pre>

-# Python language
-$ git clone <a href="http://libvirt.org/git/?p=libvirt-appdev-guide-python.git">git://libvirt.org/libvirt-appdev-guide-python.git</a>
+    <p>
+      Browsable here:
+    </p>

-# Publican Style/Theme
-$ git clone <a href="http://libvirt.org/git/?p=libvirt-publican.git">git://libvirt.org/libvirt-publican.git</a>
-    </pre>
+    <pre>
+      <a href="http://libvirt.org/git/?p=libvirt-appdev-guide.git;a=summary">http://libvirt.org/git/?p=libvirt-appdev-guide.git;a=summary</a></pre>

  </body>
 </html>
--- a/docs/docs.html.in
+++ b/docs/docs.html.in
@@ -1,166 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
-  <body class="docs">
-    <div class="panel">
-      <h2>Deployment / operation</h2>
-
-      <dl>
-        <dt><a href="apps.html">Applications</a></dt>
-        <dd>Applications known to use libvirt</dd>
-
-        <dt><a href="windows.html">Windows</a></dt>
-        <dd>Downloads for Windows</dd>
-
-        <dt><a href="migration.html">Migration</a></dt>
-        <dd>Migrating guests between machines</dd>
-
-        <dt><a href="remote.html">Remote access</a></dt>
-        <dd>Enable remote access over TCP</dd>
-
-        <dt><a href="auth.html">Authentication</a></dt>
-        <dd>Configure authentication for the libvirt daemon</dd>
-
-        <dt><a href="acl.html">Access control</a></dt>
-        <dd>Configure access control libvirt APIs with <a href="aclpolkit.html">polkit</a></dd>
-
-        <dt><a href="logging.html">Logging</a></dt>
-        <dd>The library and the daemon logging support</dd>
-
-        <dt><a href="auditlog.html">Audit log</a></dt>
-        <dd>Audit trail logs for host operations</dd>
-
-        <dt><a href="firewall.html">Firewall</a></dt>
-        <dd>Firewall and network filter configuration</dd>
-
-        <dt><a href="hooks.html">Hooks</a></dt>
-        <dd>Hooks for system specific management</dd>
-
-        <dt><a href="nss.html">NSS module</a></dt>
-        <dd>Enable domain host name translation to IP addresses</dd>
-
-        <dt><a href="http://wiki.libvirt.org/page/FAQ">FAQ</a></dt>
-        <dd>Frequently asked questions</dd>
-      </dl>
-
-    </div>
-
-    <div class="panel">
-      <h2>Application development</h2>
-      <dl>
-        <dt><a href="devguide.html">Development Guide</a></dt>
-        <dd>A guide and reference for developing with libvirt</dd>
-
-        <dt><a href="virshcmdref.html">Virsh Commands</a></dt>
-        <dd>Command reference for virsh</dd>
-
-        <dt><a href="bindings.html">Language bindings</a></dt>
-        <dd>Bindings of the libvirt API for
-          <a href="csharp.html">c#</a>,
-          <a href="https://godoc.org/github.com/libvirt/libvirt-go">go</a>,
-          <a href="java.html">java</a>,
-          <a href="http://libvirt.org/ocaml/">ocaml</a>.
-          <a href="http://search.cpan.org/dist/Sys-Virt/">perl</a>,
-          <a href="python.html">python</a>,
-          <a href="php.html">php</a>,
-          <a href="http://libvirt.org/ruby/">ruby</a></dd>
-
-
-        <dt><a href="format.html">XML schemas</a></dt>
-        <dd>Description of the XML schemas for
-          <a href="formatdomain.html">domains</a>,
-          <a href="formatnetwork.html">networks</a>,
-          <a href="formatnwfilter.html">network filtering</a>,
-          <a href="formatstorage.html">storage</a>,
-          <a href="formatstorageencryption.html">storage encryption</a>,
-          <a href="formatcaps.html">capabilities</a>,
-          <a href="formatdomaincaps.html">domain capabilities</a>,
-          <a href="formatnode.html">node devices</a>,
-          <a href="formatsecret.html">secrets</a>,
-          <a href="formatsnapshot.html">snapshots</a></dd>
-
-        <dt><a href="uri.html">URI format</a></dt>
-        <dd>The URI formats used for connecting to libvirt</dd>
-
-        <dt><a href="locking.html">Disk locking</a></dt>
-        <dd>Ensuring exclusive guest access to disks with
-          <a href="locking-lockd.html">virtlockd</a> or
-          <a href="locking-sanlock.html">Sanlock</a></dd>
-
-        <dt><a href="cgroups.html">CGroups</a></dt>
-        <dd>Control groups integration</dd>
-
-        <dt><a href="html/index.html">API reference</a></dt>
-        <dd>Reference manual for the C public API, split in
-          <a href="html/libvirt-libvirt-common.html">common</a>,
-          <a href="html/libvirt-libvirt-domain.html">domain</a>,
-          <a href="html/libvirt-libvirt-domain-snapshot.html">domain snapshot</a>,
-          <a href="html/libvirt-virterror.html">error</a>,
-          <a href="html/libvirt-libvirt-event.html">event</a>,
-          <a href="html/libvirt-libvirt-host.html">host</a>,
-          <a href="html/libvirt-libvirt-interface.html">interface</a>,
-          <a href="html/libvirt-libvirt-network.html">network</a>,
-          <a href="html/libvirt-libvirt-nodedev.html">node device</a>,
-          <a href="html/libvirt-libvirt-nwfilter.html">network filter</a>,
-          <a href="html/libvirt-libvirt-secret.html">secret</a>,
-          <a href="html/libvirt-libvirt-storage.html">storage</a>,
-          <a href="html/libvirt-libvirt-stream.html">stream</a>
-        </dd>
-
-        <dt><a href="drivers.html">Drivers</a></dt>
-        <dd>Hypervisor specific driver information</dd>
-
-        <dt><a href="hvsupport.html">Driver support</a></dt>
-        <dd>matrix of API support per hypervisor per release</dd>
-
-        <dt><a href="secureusage.html">Secure usage</a></dt>
-        <dd>Secure usage of the libvirt APIs</dd>
-      </dl>
-    </div>
-
-    <div class="panel">
-      <h2>Project development</h2>
-      <dl>
-        <dt><a href="hacking.html">Contributor guidelines</a></dt>
-        <dd>General hacking guidelines for contributors</dd>
-
-        <dt><a href="bugs.html">Bug reports</a></dt>
-        <dd>How and where to report bugs and request features</dd>
-
-        <dt><a href="compiling.html">Compiling</a></dt>
-        <dd>How to compile libvirt</dd>
-
-        <dt><a href="goals.html">Goals</a></dt>
-        <dd>Terminology and goals of libvirt API</dd>
-
-        <dt><a href="api.html">API concepts</a></dt>
-        <dd>The libvirt API concepts</dd>
-
-        <dt><a href="api_extension.html">API extensions</a></dt>
-        <dd>Adding new public libvirt APIs</dd>
-
-        <dt><a href="internals/eventloop.html">Event loop and worker pool</a></dt>
-        <dd>Libvirt's event loop and worker pool mode</dd>
-
-        <dt><a href="internals/command.html">Spawning commands</a></dt>
-        <dd>Spawning commands from libvirt driver code</dd>
-
-        <dt><a href="internals/rpc.html">RPC protocol &amp; APIs</a></dt>
-        <dd>RPC protocol information and API / dispatch guide</dd>
-
-        <dt><a href="internals/locking.html">Lock managers</a></dt>
-        <dd>Use lock managers to protect disk content</dd>
-
-        <dt><a href="internals/oomtesting.html">Out of memory testing</a></dt>
-        <dd>Simulating OOM conditions in the test suite</dd>
-
-        <dt><a href="testsuites.html">Functional testing</a></dt>
-        <dd>Testing libvirt with <a href="testtck.html">TCK test suite</a> and
-         <a href="testapi.html">Libvirt-test-API</a></dd>
-      </dl>
-    </div>
-
-    <br class="clear"/>
-
+  <body>
+    <h1>Documentation</h1>
  </body>
 </html>
--- a/docs/downloads.html.in
+++ b/docs/downloads.html.in
@@ -6,433 +6,15 @@

    <ul id="toc"></ul>

-    <h2><a name="releases">Project modules</a></h2>
+    <h2><a name="releases">Official Releases</a></h2>

    <p>
-      The libvirt project maintains a number of inter-related modules beyond
-      the core C library/daemon.
-    </p>
-
-    <table class="top_table downloads">
-      <thead>
-        <tr>
-          <th>Module</th>
-          <th>Releases</th>
-          <th>GIT Repo</th>
-          <th>GIT Mirrors</th>
-          <th>Resources</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>libvirt</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/">ftp</a>
-            <a href="http://libvirt.org/sources/">http</a>
-            <a href="https://libvirt.org/sources/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt">github</a>
-          </td>
-          <td>
-            <a href="html/index.html">api ref</a>
-            <a href="news.html">changes</a>
-          </td>
-        </tr>
-        <tr>
-          <th colspan="7">Language bindings</th>
-        </tr>
-        <tr>
-          <td>C#</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/csharp/">ftp</a>
-            <a href="http://libvirt.org/sources/csharp/">http</a>
-            <a href="https://libvirt.org/sources/csharp/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-csharp.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-csharp">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-csharp">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>Go</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/go/">ftp</a>
-            <a href="http://libvirt.org/sources/go/">http</a>
-            <a href="https://libvirt.org/sources/go/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-go.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-go">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-go">github</a>
-          </td>
-          <td>
-            <a href="https://godoc.org/github.com/libvirt/libvirt-go">api ref</a>
-          </td>
-        </tr>
-        <tr>
-          <td>Java</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/java/">ftp</a>
-            <a href="http://libvirt.org/sources/java/">http</a>
-            <a href="https://libvirt.org/sources/java/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-java.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-java">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-java">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>OCaml</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/ocaml/">ftp</a>
-            <a href="http://libvirt.org/sources/ocaml/">http</a>
-            <a href="https://libvirt.org/sources/ocaml/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-ocaml.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-ocaml">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-ocaml">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>Perl (Sys::Virt)</td>
-          <td>
-            <a href="http://search.cpan.org/dist/Sys-Virt/">cpan</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-perl.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-perl">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-perl">github</a>
-          </td>
-          <td>
-            <a href="http://search.cpan.org/dist/Sys-Virt/">api ref</a>
-            <a href="http://libvirt.org/git/?p=libvirt-perl.git;a=blob;f=Changes;hb=HEAD">changes</a>
-          </td>
-        </tr>
-        <tr>
-          <td>PHP</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/php/">ftp</a>
-            <a href="http://libvirt.org/sources/php/">http</a>
-            <a href="https://libvirt.org/sources/php/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-php.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-php">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-php">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>Python</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/python/">ftp</a>
-            <a href="http://libvirt.org/sources/python/">http</a>
-            <a href="https://libvirt.org/sources/python/">https</a>
-            <a href="https://pypi.python.org/pypi/libvirt-python">pypi</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-python.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-python">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-python">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>Ruby</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/ruby/">ftp</a>
-            <a href="http://libvirt.org/sources/ruby/">http</a>
-            <a href="https://libvirt.org/sources/ruby/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=ruby-libvirt.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/ruby-libvirt">gitlab</a>
-            <a href="https://github.com/libvirt/ruby-libvirt">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>Rust</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/rust/">ftp</a>
-            <a href="http://libvirt.org/sources/rust/">http</a>
-            <a href="https://libvirt.org/sources/rust/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-rust.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-rust">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-rust">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <th colspan="7">Integration modules</th>
-        </tr>
-        <tr>
-          <td>GLib / GConfig / GObject</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/glib/">ftp</a>
-            <a href="http://libvirt.org/sources/glib/">http</a>
-            <a href="https://libvirt.org/sources/glib/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-glib.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-glib">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-glib">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>Go XML</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/go/">ftp</a>
-            <a href="http://libvirt.org/sources/go/">http</a>
-            <a href="https://libvirt.org/sources/go/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-go-xml.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-go-xml">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-go-xml">github</a>
-          </td>
-          <td>
-            <a href="https://godoc.org/github.com/libvirt/libvirt-go-xml">api ref</a>
-          </td>
-        </tr>
-        <tr>
-          <td>Console Proxy</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/consoleproxy/">ftp</a>
-            <a href="http://libvirt.org/sources/consoleproxy/">http</a>
-            <a href="https://libvirt.org/sources/consoleproxy/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-console-proxy.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-console-proxy">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-console-proxy">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>CIM provider</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/CIM/">ftp</a>
-            <a href="http://libvirt.org/sources/CIM/">http</a>
-            <a href="https://libvirt.org/sources/CIM/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-cim.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-cim">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-cim">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>CIM utils</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/CIM/">ftp</a>
-            <a href="http://libvirt.org/sources/CIM/">http</a>
-            <a href="https://libvirt.org/sources/CIM/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libcmpiutil.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libcmpiutil">gitlab</a>
-            <a href="https://github.com/libvirt/libcmpiutil">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>SNMP</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/snmp/">ftp</a>
-            <a href="http://libvirt.org/sources/snmp/">http</a>
-            <a href="https://libvirt.org/sources/snmp/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-snmp.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-snmp">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-snmp">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>Application Sandbox</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/sandbox/">ftp</a>
-            <a href="http://libvirt.org/sources/sandbox/">http</a>
-            <a href="https://libvirt.org/sources/sandbox/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-sandbox.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-sandbox">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-sandbox">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <th colspan="7">Testing</th>
-        </tr>
-        <tr>
-          <td>TCK</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/tck/">ftp</a>
-            <a href="http://libvirt.org/sources/tck/">http</a>
-            <a href="https://libvirt.org/sources/tck/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-tck.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-tck">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-tck">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>Test API</td>
-          <td></td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-test-API.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-test-API">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-test-API">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>Jenkins Config</td>
-          <td></td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-jenkins-ci.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-jenkins-ci">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-jenkins-ci">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>CIM Test</td>
-          <td></td>
-          <td>
-            <a href="http://libvirt.org/git/?p=cimtest.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/cimtest">gitlab</a>
-            <a href="https://github.com/libvirt/cimtest">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <th colspan="7">Documentation</th>
-        </tr>
-        <tr>
-          <td>Publican Brand</td>
-          <td></td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-publican.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-publican">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-publican">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>App Development Guide</td>
-          <td></td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-appdev-guide.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-appdev-guide">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-appdev-guide">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>App Development Guide Python</td>
-          <td></td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-appdev-guide-python.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-appdev-guide-python">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-appdev-guide-python">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>virsh Command Reference</td>
-          <td></td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-virshcmdref.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-virshcmdref">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-virshcmdref">github</a>
-          </td>
-          <td></td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h2>Primary download site</h2>
-
-    <p>
-      Most modules have releases made available for download on the project
-      site, via FTP, HTTP or HTTPS. Some modules are instead made available
-      at alternative locations, for example, the Perl binding is made
-      available only on CPAN.
+      The latest versions of the libvirt C library can be downloaded from:
    </p>

    <ul>
      <li><a href="ftp://libvirt.org/libvirt/">libvirt.org FTP server</a></li>
      <li><a href="http://libvirt.org/sources/">libvirt.org HTTP server</a></li>
-      <li><a href="https://libvirt.org/sources/">libvirt.org HTTPS server</a></li>
    </ul>

    <h2><a name="hourly">Hourly development snapshots</a></h2>
@@ -440,114 +22,79 @@
    <p>
      Once an hour, an automated snapshot is made from the git server
      source tree. These snapshots should be usable, but we make no guarantees
-      about their stability; furthermore, they should NOT be
-      considered formal releases, and they may have transient security
-      problems that will not be assigned a CVE.
+      about their stability:
    </p>

    <ul>
-      <li><a href="ftp://libvirt.org/libvirt/libvirt-git-snapshot.tar.xz">libvirt.org FTP server</a></li>
-      <li><a href="http://libvirt.org/sources/libvirt-git-snapshot.tar.xz">libvirt.org HTTP server</a></li>
+      <li><a href="ftp://libvirt.org/libvirt/libvirt-git-snapshot.tar.gz">libvirt.org FTP server</a></li>
+      <li><a href="http://libvirt.org/sources/libvirt-git-snapshot.tar.gz">libvirt.org HTTP server</a></li>
    </ul>

-    <h2><a name="schedule">Primary release schedule</a></h2>
-
-    <p>
-      The core libvirt module follows a time based plan, with releases made
-      once a month on the 1st of each month give or take a few days. The only
-      exception is at the start of the year where there are two 6 weeks gaps
-      (first release in the middle of Jan, then skip the Feb release), giving
-      a total of 11 releases a year. The Python and Perl modules will aim to
-      release at the same time as the core libvirt module. Other modules have
-      independant ad-hoc releases with no fixed time schedle.
-    </p>
-
-    <h2><a name="numbering">Release numbering</a></h2>
-
-    <p>
-      Since libvirt 2.0.0, a time based version numbering rule
-      is applied to the core library releases. As such, the changes
-      in version number have do not have any implications with respect
-      to the scope of features or bugfixes included, the stability of
-      the code, or the API / ABI compatibility (libvirt API / ABI is
-      guaranteed stable forever). The rules applied for changing the
-      libvirt version number are:
-    </p>
-
-    <dl>
-      <dt><code>major</code></dt>
-      <dd>incremented by 1 for the first release of the year (the
-        Jan 15th release)</dd>
-      <dt><code>minor</code></dt>
-      <dd>reset to 0 with every major increment, otherwise incremented by 1
-        for each monthly release from git master</dd>
-      <dt><code>micro</code></dt>
-      <dd>always 0 for releases from git master, incremented by 1
-        for each stable maintenance release</dd>
-    </dl>
-
-    <p>
-      Prior to 2.0.0, the major/minor numbers were incremented
-      fairly arbitrarily, and maintenance releases appended a
-      fourth digit. The language bindings will aim to use the
-      same version number as the most recent core library API
-      they support. The other modules have their own distinct
-      release numbering sequence, though they generally aim
-      to follow the above rules for incrementing major/minor/micro
-      digits.
-    </p>
-
-    <h2><a name="maintenance">Maintenance releases</a></h2>
-    <p>
-      In the git repository are several stable maintenance branches
-      for the core library, matching the
-      pattern <code>v<i>major</i>.<i>minor</i>-maint</code>;
-      these branches are forked off the corresponding
-      <code>v<i>major</i>.<i>minor</i>.0</code> formal
-      release, and may have further releases of the
-      form <code>v<i>major</i>.<i>minor</i>.<i>micro</i></code>.
-      These maintenance branches should only contain bug fixes, and no
-      new features, backported from the master branch, and are
-      supported as long as at least one downstream distribution
-      expresses interest in a given branch.  These maintenance
-      branches are considered during CVE analysis. In contrast
-      to the primary releases which are made once a month, there
-      is no formal schedule for the maintenance releases, which
-      are made whenever there is a need to make available key
-      bugfixes to downstream consumers. The language bindings
-      and other modules generally do not provide stable branch
-      releases.
-    </p>
-
-    <p>
-      For more details about contents of maintenance releases, see
-      <a href="http://wiki.libvirt.org/page/Maintenance_Releases">the
-      wiki page</a>.
-    </p>
-
    <h2><a name="git">GIT source repository</a></h2>

    <p>
-      All modules maintained by the libvirt project have their primary
-      source available in the <a href="http://libvirt.org/git/">project GIT server</a>.
-      Each module can be cloned anonymously using:
+      Libvirt code source is now maintained in a <a href="http://git-scm.com/">git</a>
+      repository available on <a href="http://libvirt.org/git/">libvirt.org</a>:
    </p>

    <pre>
-git clone git://libvirt.org/[module name].git</pre>
+      git clone git://libvirt.org/libvirt.git</pre>

    <p>
-      In addition to this primary repository, there are the following read-only git
-      repositories which mirror the master one. Note that we currently do not
-      use the full set of features on these mirrors (e.g. pull requests on
-      GitHub, so please don't use them). All patch review and discussion only
-      occurs on the <a href="contact.html">libvir-list</a> mailing list. Also
-      note that some repositories listed below allow HTTP checkouts too.
+      It can also be browsed at:
    </p>

    <pre>
-<a href="https://github.com/libvirt/">https://github.com/libvirt/</a>
-<a href="https://gitlab.com/libvirt/libvirt">https://gitlab.com/libvirt/</a></pre>
+      <a href="http://libvirt.org/git/?p=libvirt.git;a=summary">http://libvirt.org/git/?p=libvirt.git;a=summary</a></pre>

+    <br />
+
+    <h1>libvirt Application Development Guide</h1>
+
+    <p>
+      The guide is both a learning tool for developing with libvirt and an
+      API reference document. It is a work in progress, composed by a
+      professional author from contributions written by members of the
+      libvirt team.
+    </p>
+
+    <p>
+      Contributions to the guide are <b>VERY</b> welcome. If you'd like to get
+      your name on this and demonstrate your virtualisation prowess, a solid
+      contribution to the content here will do it. :)
+    </p>
+
+    <h2><a name="appdevpdf">Application Development Guide PDF</a></h2>
+
+    <p>
+      PDF download is available here:
+    </p>
+
+    <ul>
+      <li><a href="http://libvirt.org/guide/pdf/Application_Development_Guide.pdf">libvirt App Dev Guide</a> (PDF)</li>
+    </ul>
+
+    <h2><a name="appdevgit">Application Development Guide source GIT repository</a></h2>
+
+    <p>
+      The source is also in a git repository:
+    </p>
+
+    <pre>
+      git clone git://libvirt.org/libvirt-appdev-guide.git</pre>
+
+    <p>
+      Browsable at:
+    </p>
+
+    <pre>
+      <a href="http://libvirt.org/git/?p=libvirt-appdev-guide.git;a=summary">http://libvirt.org/git/?p=libvirt-appdev-guide.git;a=summary</a></pre>
+
+    <br />
+
+    <p>
+      Once you've have obtained the libvirt source code, you can compile it
+      using the <a href="compiling.html">instructions here</a>.
+    </p>
  </body>
 </html>
--- a/docs/drivers.html.in
+++ b/docs/drivers.html.in
@@ -4,11 +4,7 @@
  <body>
    <h1>Internal drivers</h1>

-    <ul>
-      <li><a href="#hypervisor">Hypervisor drivers</a></li>
-      <li><a href="#storage">Storage drivers</a></li>
-      <li><a href="drvnodedev.html">Node device driver</a></li>
-    </ul>
+    <ul id="toc"></ul>

    <p>
      The libvirt public API delegates its implementation to one or
@@ -36,8 +32,7 @@
      <li><strong><a href="drvxen.html">Xen</a></strong></li>
      <li><strong><a href="drvhyperv.html">Microsoft Hyper-V</a></strong></li>
      <li><strong><a href="drvphyp.html">IBM PowerVM (phyp)</a></strong></li>
-      <li><strong><a href="drvvirtuozzo.html">Virtuozzo</a></strong></li>
-      <li><strong><a href="drvbhyve.html">Bhyve</a></strong> - The BSD Hypervisor</li>
+      <li><strong><a href="drvparallels.html">Parallels</a></strong></li>
    </ul>

    <h2><a name="storage">Storage drivers</a></h2>
--- a/docs/drvbhyve.html.in
+++ b/docs/drvbhyve.html.in
@@ -1,428 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Bhyve driver</h1>
-
-    <ul id="toc"></ul>
-
-<p>
-Bhyve is a FreeBSD hypervisor. It first appeared in FreeBSD 10.0. However, it's
-recommended to keep tracking FreeBSD 10-STABLE to make sure all new features
-of bhyve are supported.
-
-In order to enable bhyve on your FreeBSD host, you'll need to load the <code>vmm</code>
-kernel module. Additionally, <code>if_tap</code> and <code>if_bridge</code> modules
-should be loaded for networking support. Also, <span class="since">since 3.2.0</span> the
-<code>virt-host-validate(1)</code> supports the bhyve host validation and could be
-used like this:
-</p>
-
-<pre>
-$ virt-host-validate bhyve
- BHYVE: Checking for vmm module                                              : PASS
- BHYVE: Checking for if_tap module                                           : PASS
- BHYVE: Checking for if_bridge module                                        : PASS
- BHYVE: Checking for nmdm module                                             : PASS
-$
-</pre>
-
-<p>
-Additional information on bhyve could be obtained on <a href="http://bhyve.org/">bhyve.org</a>.
-</p>
-
-<h2><a name="uri">Connections to the Bhyve driver</a></h2>
-<p>
-The libvirt bhyve driver is a single-instance privileged driver. Some sample
-connection URIs are:
-</p>
-
-<pre>
-bhyve:///system                     (local access)
-bhyve+unix:///system                (local access)
-bhyve+ssh://root@example.com/system (remote access, SSH tunnelled)
-</pre>
-
-<h2><a name="exconfig">Example guest domain XML configurations</a></h2>
-
-<h3>Example config</h3>
-<p>
-The bhyve driver in libvirt is in its early stage and under active development. So it supports
-only limited number of features bhyve provides.
-</p>
-
-<p>
-Note: in older libvirt versions, only a single network device and a single
-disk device were supported per-domain. However,
-<span class="since">since 1.2.6</span> the libvirt bhyve driver supports
-up to 31 PCI devices.
-</p>
-
-<p>
-Note: the Bhyve driver in libvirt will boot whichever device is first. If you
-want to install from CD, put the CD device first. If not, put the root HDD
-first.
-</p>
-
-<p>
-Note: Only the SATA bus is supported. Only <code>cdrom</code>- and
-<code>disk</code>-type disks are supported.
-</p>
-
-<pre>
-&lt;domain type='bhyve'&gt;
-    &lt;name&gt;bhyve&lt;/name&gt;
-    &lt;uuid&gt;df3be7e7-a104-11e3-aeb0-50e5492bd3dc&lt;/uuid&gt;
-    &lt;memory&gt;219136&lt;/memory&gt;
-    &lt;currentMemory&gt;219136&lt;/currentMemory&gt;
-    &lt;vcpu&gt;1&lt;/vcpu&gt;
-    &lt;os&gt;
-       &lt;type&gt;hvm&lt;/type&gt;
-    &lt;/os&gt;
-    &lt;features&gt;
-      &lt;apic/&gt;
-      &lt;acpi/&gt;
-    &lt;/features&gt;
-    &lt;clock offset='utc'/&gt;
-    &lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;
-    &lt;on_reboot&gt;restart&lt;/on_reboot&gt;
-    &lt;on_crash&gt;destroy&lt;/on_crash&gt;
-    &lt;devices&gt;
-      &lt;disk type='file'&gt;
-        &lt;driver name='file' type='raw'/&gt;
-        &lt;source file='/path/to/bhyve_freebsd.img'/&gt;
-        &lt;target dev='hda' bus='sata'/&gt;
-      &lt;/disk&gt;
-      &lt;disk type='file' device='cdrom'&gt;
-        &lt;driver name='file' type='raw'/&gt;
-        &lt;source file='/path/to/cdrom.iso'/&gt;
-        &lt;target dev='hdc' bus='sata'/&gt;
-        &lt;readonly/&gt;
-      &lt;/disk&gt;
-      &lt;interface type='bridge'&gt;
-        &lt;model type='virtio'/&gt;
-        &lt;source bridge="virbr0"/&gt;
-      &lt;/interface&gt;
-    &lt;/devices&gt;
-&lt;/domain&gt;
-</pre>
-
-<p>(The &lt;disk&gt; sections may be swapped in order to install from
-<em>cdrom.iso</em>.)</p>
-
-<h3>Example config (Linux guest)</h3>
-
-<p>
-Note the addition of &lt;bootloader&gt;.
-</p>
-
-<pre>
-&lt;domain type='bhyve'&gt;
-    &lt;name&gt;linux_guest&lt;/name&gt;
-    &lt;uuid&gt;df3be7e7-a104-11e3-aeb0-50e5492bd3dc&lt;/uuid&gt;
-    &lt;memory&gt;131072&lt;/memory&gt;
-    &lt;currentMemory&gt;131072&lt;/currentMemory&gt;
-    &lt;vcpu&gt;1&lt;/vcpu&gt;
-    &lt;bootloader&gt;/usr/local/sbin/grub-bhyve&lt;/bootloader&gt;
-    &lt;os&gt;
-       &lt;type&gt;hvm&lt;/type&gt;
-    &lt;/os&gt;
-    &lt;features&gt;
-      &lt;apic/&gt;
-      &lt;acpi/&gt;
-    &lt;/features&gt;
-    &lt;clock offset='utc'/&gt;
-    &lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;
-    &lt;on_reboot&gt;restart&lt;/on_reboot&gt;
-    &lt;on_crash&gt;destroy&lt;/on_crash&gt;
-    &lt;devices&gt;
-      &lt;disk type='file' device='disk'&gt;
-        &lt;driver name='file' type='raw'/&gt;
-        &lt;source file='/path/to/guest_hdd.img'/&gt;
-        &lt;target dev='hda' bus='sata'/&gt;
-      &lt;/disk&gt;
-      &lt;disk type='file' device='cdrom'&gt;
-        &lt;driver name='file' type='raw'/&gt;
-        &lt;source file='/path/to/cdrom.iso'/&gt;
-        &lt;target dev='hdc' bus='sata'/&gt;
-        &lt;readonly/&gt;
-      &lt;/disk&gt;
-      &lt;interface type='bridge'&gt;
-        &lt;model type='virtio'/&gt;
-        &lt;source bridge="virbr0"/&gt;
-      &lt;/interface&gt;
-    &lt;/devices&gt;
-&lt;/domain&gt;
-</pre>
-
-<h3>Example config (Linux UEFI guest, VNC, tablet)</h3>
-
-<p>This is an example to boot into Fedora 25 installation:</p>
-
-<pre>
-&lt;domain type='bhyve'&gt;
-    &lt;name&gt;fedora_uefi_vnc_tablet&lt;/name&gt;
-    &lt;memory unit='G'&gt;4&lt;/memory&gt;
-    &lt;vcpu&gt;2&lt;/vcpu&gt;
-    &lt;os&gt;
-       &lt;type&gt;hvm&lt;/type&gt;
-       <b>&lt;loader readonly=&quot;yes&quot; type=&quot;pflash&quot;&gt;/usr/local/share/uefi-firmware/BHYVE_UEFI.fd&lt;/loader&gt;</b>
-    &lt;/os&gt;
-    &lt;features&gt;
-      &lt;apic/&gt;
-      &lt;acpi/&gt;
-    &lt;/features&gt;
-    &lt;clock offset='utc'/&gt;
-    &lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;
-    &lt;on_reboot&gt;restart&lt;/on_reboot&gt;
-    &lt;on_crash&gt;destroy&lt;/on_crash&gt;
-    &lt;devices&gt;
-      &lt;disk type='file' device='cdrom'&gt;
-        &lt;driver name='file' type='raw'/&gt;
-          &lt;source file='/path/to/Fedora-Workstation-Live-x86_64-25-1.3.iso'/&gt;
-        &lt;target dev='hdc' bus='sata'/&gt;
-        &lt;readonly/&gt;
-      &lt;/disk&gt;
-      &lt;disk type='file' device='disk'&gt;
-        &lt;driver name='file' type='raw'/&gt;
-        &lt;source file='/path/to/linux_uefi.img'/&gt;
-        &lt;target dev='hda' bus='sata'/&gt;
-        &lt;/disk&gt;
-      &lt;interface type='bridge'&gt;
-        &lt;model type='virtio'/&gt;
-        &lt;source bridge=&quot;virbr0&quot;/&gt;
-      &lt;/interface&gt;
-      &lt;serial type=&quot;nmdm&quot;&gt;
-        &lt;source master=&quot;/dev/nmdm0A&quot; slave=&quot;/dev/nmdm0B&quot;/&gt;
-      &lt;/serial&gt;
-      <b>&lt;graphics type='vnc' port='5904'&gt;
-        &lt;listen type='address' address='127.0.0.1'/&gt;
-      &lt;/graphics&gt;
-      &lt;controller type='usb' model='nec-xhci'/&gt;
-      &lt;input type='tablet' bus='usb'/&gt;</b>
-    &lt;/devices&gt;
-&lt;/domain&gt;
-</pre>
-
-<p>Please refer to the <a href="#uefi">UEFI</a> section for a more detailed explanation.</p>
-
-<h2><a name="usage">Guest usage / management</a></h2>
-
-<h3><a name="console">Connecting to a guest console</a></h3>
-
-<p>
-Guest console connection is supported through the <code>nmdm</code> device. It could be enabled by adding
-the following to the domain XML (<span class="since">Since 1.2.4</span>):
-</p>
-
-<pre>
-...
-&lt;devices&gt;
-  &lt;serial type="nmdm"&gt;
-    &lt;source master="/dev/nmdm0A" slave="/dev/nmdm0B"/&gt;
-  &lt;/serial&gt;
-&lt;/devices&gt;
-...</pre>
-
-
-<p>Make sure to load the <code>nmdm</code> kernel module if you plan to use that.</p>
-
-<p>
-Then <code>virsh console</code> command can be used to connect to the text console
-of a guest.</p>
-
-<p><b>NB:</b> Some versions of bhyve have a bug that prevents guests from booting
-until the console is opened by a client. This bug was fixed in FreeBSD
-<a href="http://svnweb.freebsd.org/changeset/base/262884">r262884</a>. If
-an older version is used, one either has to open a console manually with <code>virsh console</code>
-to let a guest boot or start a guest using:</p>
-
-<pre>start --console domname</pre>
-
-<p><b>NB:</b> An bootloader configured to require user interaction will prevent
-the domain from starting (and thus <code>virsh console</code> or <code>start
--console</code> from functioning) until the user interacts with it manually on
-the VM host. Because users typically do not have access to the VM host,
-interactive bootloaders are unsupported by libvirt. <em>However,</em> if you happen to
-run into this scenario and also happen to have access to the Bhyve host
-machine, you may select a boot option and allow the domain to finish starting
-by using an alternative terminal client on the VM host to connect to the
-domain-configured null modem device. One example (assuming
-<code>/dev/nmdm0B</code> is configured as the slave end of the domain serial
-device) is:</p>
-
-<pre>cu -l /dev/nmdm0B</pre>
-
-<h3><a name="xmltonative">Converting from domain XML to Bhyve args</a></h3>
-
-<p>
-The <code>virsh domxml-to-native</code> command can preview the actual
-<code>bhyve</code> commands that will be executed for a given domain.
-It outputs two lines, the first line is a <code>bhyveload</code> command and
-the second is a <code>bhyve</code> command.
-</p>
-
-<p>Please note that the <code>virsh domxml-to-native</code> doesn't do any
-real actions other than printing the command, for example, it doesn't try to
-find a proper TAP interface and create it, like what is done when starting
-a domain; and always returns <code>tap0</code> for the network interface. So
-if you're going to run these commands manually, most likely you might want to
-tweak them.</p>
-
-<pre>
-# virsh -c "bhyve:///system"  domxml-to-native --format bhyve-argv --xml /path/to/bhyve.xml
-/usr/sbin/bhyveload -m 214 -d /home/user/vm1.img vm1
-/usr/sbin/bhyve -c 2 -m 214 -A -I -H -P -s 0:0,hostbridge -s 3:0,virtio-net,tap0,mac=52:54:00:5d:74:e3 -s 2:0,virtio-blk,/home/user/vm1.img -s 1,lpc -l com1,/dev/nmdm0A vm1
-</pre>
-
-<h3><a name="zfsvolume">Using ZFS volumes</a></h3>
-
-<p>It's possible to use ZFS volumes as disk devices <span class="since">since 1.2.8</span>.
-An example of domain XML device entry for that will look like:</p>
-
-<pre>
-...
-&lt;disk type='volume' device='disk'&gt;
-  &lt;source pool='zfspool' volume='vol1'/&gt;
-  &lt;target dev='vdb' bus='virtio'/&gt;
-&lt;/disk&gt;
-...</pre>
-
-<p>Please refer to the <a href="storage.html">Storage documentation</a> for more details on storage
-management.</p>
-
-<h3><a name="grubbhyve">Using grub2-bhyve or Alternative Bootloaders</a></h3>
-
-<p>It's possible to boot non-FreeBSD guests by specifying an explicit
-bootloader, e.g. <code>grub-bhyve(1)</code>. Arguments to the bootloader may be
-specified as well. If the bootloader is <code>grub-bhyve</code> and arguments
-are omitted, libvirt will try and infer boot ordering from user-supplied
-&lt;boot order='N'&gt; configuration in the domain. Failing that, it will boot
-the first disk in the domain (either <code>cdrom</code>- or
-<code>disk</code>-type devices). If the disk type is <code>disk</code>, it will
-attempt to boot from the first partition in the disk image.</p>
-
-<pre>
-...
-&lt;bootloader&gt;/usr/local/sbin/grub-bhyve&lt;/bootloader&gt;
-&lt;bootloader_args&gt;...&lt;/bootloader_args&gt;
-...
-</pre>
-
-<p>Caveat: <code>bootloader_args</code> does not support any quoting.
-Filenames, etc, must not have spaces or they will be tokenized incorrectly.</p>
-
-<h3><a name="uefi">Using UEFI bootrom, VNC, and USB tablet</a></h3>
-
-<p><span class="since">Since 3.2.0</span>, in addition to <a href="#grubbhyve">grub-bhyve</a>,
-non-FreeBSD guests could be also booted using an UEFI boot ROM, provided both guest OS and
-installed <code>bhyve(1)</code> version support UEFI. To use that, <code>loader</code>
-should be specified in the <code>os</code> section:</p>
-
-<pre>
-&lt;domain type='bhyve'&gt;
-    ...
-    &lt;os&gt;
-       &lt;type&gt;hvm&lt;/type&gt;
-       &lt;loader readonly="yes" type="pflash"&gt;/usr/local/share/uefi-firmware/BHYVE_UEFI.fd&lt;/loader&gt;
-    &lt;/os&gt;
-    ...
-</pre>
-
-<p>This uses the UEFI firmware provided by
-the <a href="https://www.freshports.org/sysutils/bhyve-firmware/">sysutils/bhyve-firmware</a>
-FreeBSD port.</p>
-
-<p>VNC and the tablet input device could be configured this way:</p>
-
-<pre>
-&lt;domain type='bhyve'&gt;
-    &lt;devices&gt;
-      ...
-      &lt;graphics type='vnc' port='5904'&gt;
-        &lt;listen type='address' address='127.0.0.1'/&gt;
-      &lt;/graphics&gt;
-      &lt;controller type='usb' model='nec-xhci'/&gt;
-      &lt;input type='tablet' bus='usb'/&gt;
-    &lt;/devices&gt;
-    ...
-&lt;/domain&gt;
-</pre>
-
-<p>This way, VNC will be accessible on <code>127.0.0.1:5904</code>.</p>
-
-<p>Please note that the tablet device requires to have a USB controller
-of the <code>nec-xhci</code> model. Currently, only a single controller of this
-type and a single tablet are supported per domain.</p>
-
-<p><span class="since">Since 3.5.0</span>, it's possible to configure how the video device is exposed
-to the guest using the <code>vgaconf</code> attribute:</p>
-
-<pre>
-&lt;domain type='bhyve'&gt;
-    &lt;devices&gt;
-    ...
-      &lt;graphics type='vnc' port='5904'&gt;
-        &lt;listen type='address' address='127.0.0.1'/&gt;
-      &lt;/graphics&gt;
-      &lt;video&gt;
-        &lt;driver vgaconf='on'/&gt;
-        &lt;model type='gop' heads='1' primary='yes'/&gt;
-      &lt;/video&gt;
-      ...
-    &lt;/devices&gt;
-    ...
-&lt;/domain&gt;
-</pre>
-
-<p>If not specified, bhyve's default mode for <code>vgaconf</code>
-will be used. Please refer to the
-<a href="https://www.freebsd.org/cgi/man.cgi?query=bhyve&amp;sektion=8&amp;manpath=FreeBSD+12-current">bhyve(8)</a>
-manual page and the <a href="https://wiki.freebsd.org/bhyve">bhyve wiki</a> for more details on using
-the <code>vgaconf</code> option.</p>
-
-<h3><a name="clockconfig">Clock configuration</a></h3>
-
-<p>Originally bhyve supported only localtime for RTC. Support for UTC time was introduced in
-<a href="http://svnweb.freebsd.org/changeset/base/284894">r284894</a> for <i>10-STABLE</i> and
-in <a href="http://svnweb.freebsd.org/changeset/base/279225">r279225</a> for <i>-CURRENT</i>.
-It's possible to use this in libvirt <span class="since">since 1.2.18</span>, just place the
-following to domain XML:</p>
-
-<pre>
-&lt;domain type="bhyve"&gt;
-    ...
-    &lt;clock offset='utc'/&gt;
-    ...
-&lt;/domain&gt;
-</pre>
-
-<p>Please note that if you run the older bhyve version that doesn't support UTC time, you'll
-fail to start a domain. As UTC is used as a default when you do not specify clock settings,
-you'll need to explicitly specify 'localtime' in this case:</p>
-
-<pre>
-&lt;domain type="bhyve"&gt;
-    ...
-    &lt;clock offset='localtime'/&gt;
-    ...
-&lt;/domain&gt;
-</pre>
-
-<h3><a name="e1000">e1000 NIC</a></h3>
-
-<p>As of <a href="https://svnweb.freebsd.org/changeset/base/302504">r302504</a> bhyve
-supports Intel e1000 network adapter emulation. It's supported in libvirt
-<span class="since">since 3.1.0</span> and could be used as follows:</p>
-
-<pre>
-...
-    &lt;interface type='bridge'&gt;
-      &lt;source bridge='virbr0'/&gt;
-      &lt;model type='<b>e1000</b>'/&gt;
-    &lt;/interface&gt;
-...
-</pre>
-
-  </body>
-</html>
--- a/docs/drvesx.html.in
+++ b/docs/drvesx.html.in
@@ -148,7 +148,7 @@ vpx://example-vcenter.com/folder1/dc1/folder2/example-esx.com
            </td>
            <td>
                If set to 1, this disables libcurl client checks of the server's
-                SSL certificate. The default value is 0. See the
+                SSL certificate. The default value it 0. See the
                <a href="#certificates">Certificates for HTTPS</a> section for
                details.
            </td>
@@ -164,7 +164,7 @@ vpx://example-vcenter.com/folder1/dc1/folder2/example-esx.com
                If set to 1, the driver answers all
                <a href="#questions">questions</a> with the default answer.
                If set to 0, questions are reported as errors. The default
-                value is 0. <span class="since">Since 0.7.5</span>.
+                value it 0. <span class="since">Since 0.7.5</span>.
            </td>
        </tr>
        <tr>
@@ -467,14 +467,14 @@ ethernet0.checkMACAddress = "false"
        Here a domain XML snippet:
    </p>
 <pre>
-...
-&lt;disk type='file' device='disk'&gt;
-  &lt;source file='[local-storage] Fedora11/Fedora11.vmdk'/&gt;
-  &lt;target dev='sda' bus='scsi'/&gt;
-  &lt;address type='drive' controller='0' bus='0' unit='0'/&gt;
-&lt;/disk&gt;
-&lt;controller type='scsi' index='0' model='<strong>lsilogic</strong>'/&gt;
-...
+    ...
+    &lt;disk type='file' device='disk'&gt;
+      &lt;source file='[local-storage] Fedora11/Fedora11.vmdk'/&gt;
+      &lt;target dev='sda' bus='scsi'/&gt;
+      &lt;address type='drive' controller='0' bus='0' unit='0'/&gt;
+    &lt;/disk&gt;
+    &lt;controller type='scsi' index='0' model='<strong>lsilogic</strong>'/&gt;
+    ...
 </pre>
    <p>
        The controller element is supported <span class="since">since 0.8.2</span>.
@@ -482,13 +482,13 @@ ethernet0.checkMACAddress = "false"
        specify the SCSI controller model. This attribute usage is deprecated now.
    </p>
 <pre>
-...
-&lt;disk type='file' device='disk'&gt;
-  &lt;driver name='<strong>lsilogic</strong>'/&gt;
-  &lt;source file='[local-storage] Fedora11/Fedora11.vmdk'/&gt;
-  &lt;target dev='sda' bus='scsi'/&gt;
-&lt;/disk&gt;
-...
+    ...
+    &lt;disk type='file' device='disk'&gt;
+      &lt;driver name='<strong>lsilogic</strong>'/&gt;
+      &lt;source file='[local-storage] Fedora11/Fedora11.vmdk'/&gt;
+      &lt;target dev='sda' bus='scsi'/&gt;
+    &lt;/disk&gt;
+    ...
 </pre>


@@ -513,13 +513,13 @@ ethernet0.checkMACAddress = "false"
        Here a domain XML snippet:
    </p>
 <pre>
-...
-&lt;interface type='bridge'&gt;
-  &lt;mac address='00:50:56:25:48:c7'/&gt;
-  &lt;source bridge='VM Network'/&gt;
-  &lt;model type='<strong>e1000</strong>'/&gt;
-&lt;/interface&gt;
-...
+    ...
+    &lt;interface type='bridge'&gt;
+      &lt;mac address='00:50:56:25:48:c7'/&gt;
+      &lt;source bridge='VM Network'/&gt;
+      &lt;model type='<strong>e1000</strong>'/&gt;
+    &lt;/interface&gt;
+    ...
 </pre>


--- a/docs/drvhyperv.html.in
+++ b/docs/drvhyperv.html.in
@@ -5,7 +5,7 @@
    <h1>Microsoft Hyper-V hypervisor driver</h1>
    <ul id="toc"></ul>
    <p>
-        The libvirt Microsoft Hyper-V driver can manage Hyper-V 2008 R2 and newer.
+        The libvirt Microsoft Hyper-V driver can manage Hyper-V 2008 R2.
    </p>


--- a/docs/drvlxc.html.in
+++ b/docs/drvlxc.html.in
@@ -40,11 +40,15 @@ primary "host" OS environment, the libvirt LXC driver requires that
 certain kernel namespaces are compiled in. Libvirt currently requires
 the 'mount', 'ipc', 'pid', and 'uts' namespaces to be available. If
 separate network interfaces are desired, then the 'net' namespace is
-required. If the guest configuration declares a
-<a href="formatdomain.html#elementsOSContainer">UID or GID mapping</a>,
-the 'user' namespace will be enabled to apply these. <strong>A suitably
-configured UID/GID mapping is a pre-requisite to making containers
-secure, in the absence of sVirt confinement.</strong>
+required. In the near future, the 'user' namespace will optionally be
+supported.
+</p>
+
+<p>
+<strong>NOTE: In the absence of support for the 'user' namespace,
+processes inside containers cannot be securely isolated from host
+process without the use of a mandatory access control technology
+such as SELinux or AppArmor.</strong>
 </p>

 <h2><a name="init">Default container setup</a></h2>
@@ -62,12 +66,12 @@ would use the following XML
 </p>

 <pre>
-&lt;os&gt;
-  &lt;type arch='x86_64'&gt;exe&lt;/type&gt;
-  &lt;init&gt;/bin/systemd&lt;/init&gt;
-  &lt;initarg&gt;--unit&lt;/initarg&gt;
-  &lt;initarg&gt;emergency.service&lt;/initarg&gt;
-&lt;/os&gt;
+  &lt;os&gt;
+    &lt;type arch='x86_64'&gt;exe&lt;/type&gt;
+    &lt;init&gt;/bin/systemd&lt;/init&gt;
+    &lt;initarg&gt;--unit&lt;/initarg&gt;
+    &lt;initarg&gt;emergency.service&lt;/initarg&gt;
+  &lt;/os&gt;
 </pre>

 <h3><a name="envvars">Environment variables</a></h3>
@@ -80,16 +84,14 @@ to be provided by all container technologies on Linux.
 </p>

 <dl>
-<dt><code>container</code></dt>
+<dt>container</dt>
 <dd>The fixed string <code>libvirt-lxc</code> to identify libvirt as the creator</dd>
-<dt><code>container_uuid</code></dt>
+<dt>container_uuid</dt>
 <dd>The UUID assigned to the container by libvirt</dd>
-<dt><code>PATH</code></dt>
+<dt>PATH</dt>
 <dd>The fixed string <code>/bin:/usr/bin</code></dd>
-<dt><code>TERM</code></dt>
+<dt>TERM</dt>
 <dd>The fixed string <code>linux</code></dd>
-<dt><code>HOME</code></dt>
-<dd>The fixed string <code>/</code></dd>
 </dl>

 <p>
@@ -98,11 +100,11 @@ environment variables are also provided
 </p>

 <dl>
-<dt><code>LIBVIRT_LXC_NAME</code></dt>
+<dt>LIBVIRT_LXC_NAME</dt>
 <dd>The name assigned to the container by libvirt</dd>
-<dt><code>LIBVIRT_LXC_UUID</code></dt>
+<dt>LIBVIRT_LXC_UUID</dt>
 <dd>The UUID assigned to the container by libvirt</dd>
-<dt><code>LIBVIRT_LXC_CMDLINE</code></dt>
+<dt>LIBVIRT_LXC_CMDLINE</dt>
 <dd>The unparsed command line arguments specified in the container configuration.
 Use of this is discouraged, in favour of passing arguments directly to the
 container init process via the <code>initarg</code> config element.</dd>
@@ -165,240 +167,11 @@ first console will be <code>/dev/tty1</code>, with further consoles
 numbered incrementally from there.
 </p>

-<p>
-Since /dev/ttyN and /dev/console are linked to the pts devices. The
-tty device of login program is pts device. The pam module securetty
-may prevent root user from logging in container. If you want root
-user to log in container successfully, add the pts device to the file
-/etc/securetty of container.
-</p>
-
 <p>
 Further block or character devices will be made available to containers
 depending on their configuration.
 </p>

-<h2><a name="security">Security considerations</a></h2>
-
-<p>
-The libvirt LXC driver is fairly flexible in how it can be configured,
-and as such does not enforce a requirement for strict security
-separation between a container and the host. This allows it to be used
-in scenarios where only resource control capabilities are important,
-and resource sharing is desired. Applications wishing to ensure secure
-isolation between a container and the host must ensure that they are
-writing a suitable configuration.
-</p>
-
-<h3><a name="securenetworking">Network isolation</a></h3>
-
-<p>
-If the guest configuration does not list any network interfaces,
-the <code>network</code> namespace will not be activated, and thus
-the container will see all the host's network interfaces. This will
-allow apps in the container to bind to/connect from TCP/UDP addresses
-and ports from the host OS. It also allows applications to access
-UNIX domain sockets associated with the host OS, which are in the
-abstract namespace. If access to UNIX domains sockets in the abstract
-namespace is not wanted, then applications should set the
-<code>&lt;privnet/&gt;</code> flag in the
-<code>&lt;features&gt;....&lt;/features&gt;</code> element.
-</p>
-
-<h3><a name="securefs">Filesystem isolation</a></h3>
-
-<p>
-If the guest configuration does not list any filesystems, then
-the container will be set up with a root filesystem that matches
-the host's root filesystem. As noted earlier, only a few locations
-such as <code>/dev</code>, <code>/proc</code> and <code>/sys</code>
-will be altered. This means that, in the absence of restrictions
-from sVirt, a process running as user/group N:M inside the container
-will be able to access almost exactly the same files as a process
-running as user/group N:M in the host.
-</p>
-
-<p>
-There are multiple options for restricting this. It is possible to
-simply map the existing root filesystem through to the container in
-read-only mode. Alternatively a completely separate root filesystem
-can be configured for the guest. In both cases, further sub-mounts
-can be applied to customize the content that is made visible. Note
-that in the absence of sVirt controls, it is still possible for the
-root user in a container to unmount any sub-mounts applied. The user
-namespace feature can also be used to restrict access to files based
-on the UID/GID mappings.
-</p>
-
-<p>
-Sharing the host filesystem tree, also allows applications to access
-UNIX domains sockets associated with the host OS, which are in the
-filesystem namespaces. It should be noted that a number of init
-systems including at least <code>systemd</code> and <code>upstart</code>
-have UNIX domain socket which are used to control their operation.
-Thus, if the directory/filesystem holding their UNIX domain socket is
-exposed to the container, it will be possible for a user in the container
-to invoke operations on the init service in the same way it could if
-outside the container. This also applies to other applications in the
-host which use UNIX domain sockets in the filesystem, such as DBus,
-Libvirtd, and many more. If this is not desired, then applications
-should either specify the UID/GID mapping in the configuration to
-enable user namespaces and thus block access to the UNIX domain socket
-based on permissions, or should ensure the relevant directories have
-a bind mount to hide them. This is particularly important for the
-<code>/run</code> or <code>/var/run</code> directories.
-</p>
-
-
-<h3><a name="secureusers">User and group isolation</a></h3>
-
-<p>
-If the guest configuration does not list any ID mapping, then the
-user and group IDs used inside the container will match those used
-outside the container. In addition, the capabilities associated with
-a process in the container will infer the same privileges they would
-for a process in the host. This has obvious implications for security,
-since a root user inside the container will be able to access any
-file owned by root that is visible to the container, and perform more
-or less any privileged kernel operation. In the absence of additional
-protection from sVirt, this means that the root user inside a container
-is effectively as powerful as the root user in the host. There is no
-security isolation of the root user.
-</p>
-
-<p>
-The ID mapping facility was introduced to allow for stricter control
-over the privileges of users inside the container. It allows apps to
-define rules such as "user ID 0 in the container maps to user ID 1000
-in the host". In addition the privileges associated with capabilities
-are somewhat reduced so that they cannot be used to escape from the
-container environment. A full description of user namespaces is outside
-the scope of this document, however LWN has
-<a href="https://lwn.net/Articles/532593/">a good write-up on the topic</a>.
-From the libvirt point of view, the key thing to remember is that defining
-an ID mapping for users and groups in the container XML configuration
-causes libvirt to activate the user namespace feature.
-</p>
-
-
-<h2><a name="activation">Systemd Socket Activation Integration</a></h2>
-
-<p>
-The libvirt LXC driver provides the ability to pass across pre-opened file
-descriptors when starting LXC guests. This allows for libvirt LXC to support
-systemd's <a href="http://0pointer.de/blog/projects/socket-activated-containers.html">socket
-activation capability</a>, where an incoming client connection
-in the host OS will trigger the startup of a container, which runs another
-copy of systemd which gets passed the server socket, and then activates the
-actual service handler in the container.
-</p>
-
-<p>
-Let us assume that you already have a LXC guest created, running
-a systemd instance as PID 1 inside the container, which has an
-SSHD service configured. The goal is to automatically activate
-the container when the first SSH connection is made. The first
-step is to create a couple of unit files for the host OS systemd
-instance. The <code>/etc/systemd/system/mycontainer.service</code>
-unit file specifies how systemd will start the libvirt LXC container
-</p>
-
-<pre>
-[Unit]
-Description=My little container
-
-[Service]
-ExecStart=/usr/bin/virsh -c lxc:/// start --pass-fds 3 mycontainer
-ExecStop=/usr/bin/virsh -c lxc:/// destroy mycontainer
-Type=oneshot
-RemainAfterExit=yes
-KillMode=none
-</pre>
-
-<p>
-The <code>--pass-fds 3</code> argument specifies that the file
-descriptor number 3 that <code>virsh</code> inherits from systemd,
-is to be passed into the container. Since <code>virsh</code> will
-exit immediately after starting the container, the <code>RemainAfterExit</code>
-and <code>KillMode</code> settings must be altered from their defaults.
-</p>
-
-<p>
-Next, the <code>/etc/systemd/system/mycontainer.socket</code> unit
-file is created to get the host systemd to listen on port 23 for
-TCP connections. When this unit file is activated by the first
-incoming connection, it will cause the <code>mycontainer.service</code>
-unit to be activated with the FD corresponding to the listening TCP
-socket passed in as FD 3.
-</p>
-
-<pre>
-[Unit]
-Description=The SSH socket of my little container
-
-[Socket]
-ListenStream=23
-</pre>
-
-<p>
-Port 23 was picked here so that the container doesn't conflict
-with the host's SSH which is on the normal port 22. That's it
-in terms of host side configuration.
-</p>
-
-<p>
-Inside the container, the <code>/etc/systemd/system/sshd.socket</code>
-unit file must be created
-</p>
-
-<pre>
-[Unit]
-Description=SSH Socket for Per-Connection Servers
-
-[Socket]
-ListenStream=23
-Accept=yes
-</pre>
-
-<p>
-The <code>ListenStream</code> value listed in this unit file, must
-match the value used in the host file. When systemd in the container
-receives the pre-opened FD from libvirt during container startup, it
-looks at the <code>ListenStream</code> values to figure out which
-FD to give to which service. The actual service to start is defined
-by a correspondingly named <code>/etc/systemd/system/sshd@.service</code>
-</p>
-
-<pre>
-[Unit]
-Description=SSH Per-Connection Server for %I
-
-[Service]
-ExecStart=-/usr/sbin/sshd -i
-StandardInput=socket
-</pre>
-
-<p>
-Finally, make sure this SSH service is set to start on boot of the container,
-by running the following command inside the container:
-</p>
-
-<pre>
-# mkdir -p /etc/systemd/system/sockets.target.wants/
-# ln -s /etc/systemd/system/sshd.socket /etc/systemd/system/sockets.target.wants/
-</pre>
-
-<p>
-This example shows how to activate the container based on an incoming
-SSH connection. If the container was also configured to have an httpd
-service, it may be desirable to activate it upon either an httpd or a
-sshd connection attempt. In this case, the <code>mycontainer.socket</code>
-file in the host would simply list multiple socket ports. Inside the
-container a separate <code>xxxxx.socket</code> file would need to be
-created for each service, with a corresponding <code>ListenStream</code>
-value set.
-</p>
-
 <!--
 <h2>Container configuration</h2>

@@ -542,78 +315,6 @@ debootstrap, whatever) under /opt/vm-1-root:
 &lt;/domain&gt;
 </pre>

-<h2><a name="capabilities">Altering the available capabilities</a></h2>
-
-<p>
-By default the libvirt LXC driver drops some capabilities among which CAP_MKNOD.
-However <span class="since">since 1.2.6</span> libvirt can be told to keep or
-drop some capabilities using a domain configuration like the following:
-</p>
-<pre>
-...
-&lt;features&gt;
-  &lt;capabilities policy='default'&gt;
-    &lt;mknod state='on'/&gt;
-    &lt;sys_chroot state='off'/&gt;
-  &lt;/capabilities&gt;
-&lt;/features&gt;
-...
-</pre>
-<p>
-The capabilities children elements are named after the capabilities as defined in
-<code>man 7 capabilities</code>. An <code>off</code> state tells libvirt to drop the
-capability, while an <code>on</code> state will force to keep the capability even though
-this one is dropped by default.
-</p>
-<p>
-The <code>policy</code> attribute can be one of <code>default</code>, <code>allow</code>
-or <code>deny</code>. It defines the default rules for capabilities: either keep the
-default behavior that is dropping a few selected capabilities, or keep all capabilities
-or drop all capabilities. The interest of <code>allow</code> and <code>deny</code> is that
-they guarantee that all capabilities will be kept (or removed) even if new ones are added
-later.
-</p>
-<p>
-The following example, drops all capabilities but CAP_MKNOD:
-</p>
-<pre>
-...
-&lt;features&gt;
-  &lt;capabilities policy='deny'&gt;
-    &lt;mknod state='on'/&gt;
-  &lt;/capabilities&gt;
-&lt;/features&gt;
-...
-</pre>
-<p>
-Note that allowing capabilities that are normally dropped by default can seriously
-affect the security of the container and the host.
-</p>
-
-<h2><a name="share">Inherit namespaces</a></h2>
-
-<p>
-Libvirt allows you to inherit the namespace from container/process just like lxc tools
-or docker provides to share the network namespace. The following can be used to share
-required namespaces. If we want to share only one then the other namespaces can be ignored.
-The netns option is specific to sharenet. It can be used in cases we want to use existing network namespace
-rather than creating new network namespace for the container. In this case privnet option will be
-ignored.
-</p>
-<pre>
-&lt;domain type='lxc' xmlns:lxc='http://libvirt.org/schemas/domain/lxc/1.0'&gt;
-...
-&lt;lxc:namespace&gt;
-  &lt;lxc:sharenet type='netns' value='red'/&gt;
-  &lt;lxc:shareuts type='name' value='container1'/&gt;
-  &lt;lxc:shareipc type='pid' value='12345'/&gt;
-&lt;/lxc:namespace&gt;
-&lt;/domain&gt;
-</pre>
-
-<p>
-The use of namespace passthrough requires libvirt >= 1.2.19
-</p>

 <h2><a name="usage">Container usage / management</a></h2>

@@ -629,7 +330,7 @@ and LXC. For further details about usage of virsh consult its
 manual page.
 </p>

-<h3><a name="usageSave">Defining (saving) container configuration</a></h3>
+<h3><a name="usageSave">Defining (saving) container configuration></a></h3>

 <p>
 The <code>virsh define</code> command takes an XML configuration
@@ -694,7 +395,7 @@ to PID 1 inside the container.

 <p>
 If the container does not respond to the graceful shutdown
-request, it can be forcibly stopped using the <code>virsh destroy</code>
+request, it can be forceably stopped using the <code>virsh destroy</code>
 </p>

 <pre>
@@ -733,25 +434,16 @@ running, this will turn it into a "transient" guest.

 <p>
 The <code>virsh console</code> command can be used to connect
-to the text console associated with a container.
+to the text console associated with a container. If the container
+has been configured with multiple console devices, then the
+<code>--devname</code> argument can be used to choose the
+console to connect to
 </p>

 <pre>
 # virsh -c lxc:/// console myguest
 </pre>

-<p>
-If the container has been configured with multiple console devices,
-then the <code>--devname</code> argument can be used to choose the
-console to connect to.
-In LXC, multiple consoles will be named
-as 'console0', 'console1', 'console2', etc.
-</p>
-
-<pre>
-# virsh -c lxc:/// console myguest --devname console1
-</pre>
-
 <h3><a name="usageEnter">Running commands in a container</a></h3>

 <p>
@@ -776,37 +468,5 @@ host
 # virt-top -c lxc:///
 </pre>

-<h3><a name="usageConvert">Converting LXC container configuration</a></h3>
-
-<p>
-The <code>virsh domxml-from-native</code> command can be used to convert
-most of the LXC container configuration into a domain XML fragment
-</p>
-
-<pre>
-# virsh -c lxc:/// domxml-from-native lxc-tools /var/lib/lxc/myguest/config
-</pre>
-
-<p>
-This conversion has some limitations due to the fact that the
-domxml-from-native command output has to be independent of the host. Here
-are a few things to take care of before converting:
-</p>
-
-<ul>
-<li>
-Replace the fstab file referenced by <tt>lxc.mount</tt> by the corresponding
-lxc.mount.entry lines.
-</li>
-<li>
-Replace all relative sizes of tmpfs mount entries to absolute sizes. Also
-make sure that tmpfs entries all have a size option (default is 50%).
-</li>
-<li>
-Define <tt>lxc.cgroup.memory.limit_in_bytes</tt> to properly limit the memory
-available to the container. The conversion will use 64MiB as the default.
-</li>
-</ul>
-
  </body>
 </html>
--- a/docs/drvnodedev.html.in
+++ b/docs/drvnodedev.html.in
@@ -1,355 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Host device management</h1>
-
-    <p>
-      Libvirt provides management of both physical and virtual host devices
-      (historically also referred to as node devices) like USB, PCI, SCSI, and
-      network devices. This also includes various virtualization capabilities
-      which the aforementioned devices provide for utilization, for example
-      SR-IOV, NPIV, MDEV, DRM, etc.
-    </p>
-
-    <p>
-      The node device driver provides means to list and show details about host
-      devices (<code>virsh nodedev-list</code>,
-      <code>virsh nodedev-dumpxml</code>), which are generic and can be used
-      with all devices. It also provides means to create and destroy devices
-      (<code>virsh nodedev-create</code>, <code>virsh nodedev-destroy</code>)
-      which are meant to be used to create virtual devices, currently only
-      supported by NPIV
-      (<a href="http://wiki.libvirt.org/page/NPIV_in_libvirt">more info about NPIV)</a>).
-      Devices on the host system are arranged in a tree-like hierarchy, with
-      the root node being called <code>computer</code>. The node device driver
-      supports two backends to manage the devices, HAL and udev, with the former
-      being deprecated in favour of the latter.
-    </p>
-
-    <p>
-      The generic format of a host device XML can be seen below.
-      To identify a device both within the host and the device tree hierarchy,
-      the following elements are used:
-    </p>
-      <dl>
-        <dt><code>name</code></dt>
-        <dd>
-          The device's name will be generated by libvirt using the subsystem,
-          like pci and the device's sysfs basename.
-        </dd>
-        <dt><code>path</code></dt>
-        <dd>
-          Fully qualified sysfs path to the device.
-        </dd>
-        <dt><code>parent</code></dt>
-        <dd>
-          This element identifies the parent node in the device hierarchy. The
-          value of the element will correspond with the device parent's
-          <code>name</code> element or <code>computer</code> if the device does
-          not have any parent.
-        </dd>
-        <dt><code>driver</code></dt>
-        <dd>
-          This elements reports the driver in use for this device. The presence
-          of this element in the output XML depends on whether the underlying
-          device manager (most likely udev) exposes information about the
-          driver.
-        </dd>
-        <dt><code>capability</code></dt>
-        <dd>
-          Describes the device in terms of feature support. The element has one
-          mandatory attribute <code>type</code> the value of which determines
-          the type of the device. Currently recognized values for the attribute
-          are:
-          <code>system</code>,
-          <code>pci</code>,
-          <code>usb</code>,
-          <code>usb_device</code>,
-          <code>net</code>,
-          <code>scsi</code>,
-          <code>scsi_host</code> (<span class="since">Since 0.4.7</span>),
-          <code>fc_host</code>,
-          <code>vports</code>,
-          <code>scsi_target</code> (<span class="since">Since 0.7.3</span>),
-          <code>storage</code> (<span class="since">Since 1.0.4</span>),
-          <code>scsi_generic</code> (<span class="since">Since 1.0.7</span>),
-          <code>drm</code> (<span class="since">Since 3.1.0</span>), and
-          <code>mdev</code> (<span class="since">Since 3.4.0</span>).
-          This element can be nested in which case it further specifies a
-          device's capability. Refer to specific device types to see more values
-          for the <code>type</code> attribute which are exclusive.
-        </dd>
-      </dl>
-
-    <h2>Basic structure of a node device</h2>
-    <pre>
-&lt;device&gt;
-  &lt;name&gt;pci_0000_00_17_0&lt;/name&gt;
-  &lt;path&gt;/sys/devices/pci0000:00/0000:00:17.0&lt;/path&gt;
-  &lt;parent&gt;computer&lt;/parent&gt;
-  &lt;driver&gt;
-    &lt;name&gt;ahci&lt;/name&gt;
-  &lt;/driver&gt;
-  &lt;capability type='pci'&gt;
-...
-  &lt;/capability&gt;
-&lt;/device&gt;</pre>
-
-    <ul id="toc"/>
-
-    <h2><a name="PCI">PCI host devices</a></h2>
-    <dl>
-      <dt><code>capability</code></dt>
-      <dd>
-        When used as top level element, the supported values for the
-        <code>type</code> attribute are <code>pci</code> and
-        <code>phys_function</code> (see <a href="#SRIOVCap">SR-IOV below</a>).
-      </dd>
-    </dl>
-    <pre>
-&lt;device&gt;
-  &lt;name&gt;pci_0000_04_00_1&lt;/name&gt;
-  &lt;path&gt;/sys/devices/pci0000:00/0000:00:06.0/0000:04:00.1&lt;/path&gt;
-  &lt;parent&gt;pci_0000_00_06_0&lt;/parent&gt;
-  &lt;driver&gt;
-    &lt;name&gt;igb&lt;/name&gt;
-  &lt;/driver&gt;
-  &lt;capability type='pci'&gt;
-    &lt;domain&gt;0&lt;/domain&gt;
-    &lt;bus&gt;4&lt;/bus&gt;
-    &lt;slot&gt;0&lt;/slot&gt;
-    &lt;function&gt;1&lt;/function&gt;
-    &lt;product id='0x10c9'&gt;82576 Gigabit Network Connection&lt;/product&gt;
-    &lt;vendor id='0x8086'&gt;Intel Corporation&lt;/vendor&gt;
-    &lt;iommuGroup number='15'&gt;
-      &lt;address domain='0x0000' bus='0x04' slot='0x00' function='0x1'/&gt;
-    &lt;/iommuGroup&gt;
-    &lt;numa node='0'/&gt;
-    &lt;pci-express&gt;
-      &lt;link validity='cap' port='1' speed='2.5' width='2'/&gt;
-      &lt;link validity='sta' speed='2.5' width='2'/&gt;
-    &lt;/pci-express&gt;
-  &lt;/capability&gt;
-&lt;/device&gt;</pre>
-
-    <p>
-      The XML format for a PCI device stays the same for any further
-      capabilities it supports, a single nested <code>&lt;capability&gt;</code>
-      element will be included for each capability the device supports.
-    </p>
-
-    <h3><a name="SRIOVCap">SR-IOV capability</a></h3>
-    <p>
-      Single root input/output virtualization (SR-IOV) allows sharing of the
-      PCIe resources by multiple virtual environments. That is achieved by
-      slicing up a single full-featured physical resource called physical
-      function (PF) into multiple devices called virtual functions (VFs) sharing
-      their configuration with the underlying PF. Despite the SR-IOV
-      specification, the amount of VFs that can be created on a PF varies among
-      manufacturers.
-    </p>
-
-    <p>
-      Suppose the NIC <a href="#PCI">above</a> was also SR-IOV capable, it would
-      also include a nested
-      <code>&lt;capability&gt;</code> element enumerating all virtual
-      functions available on the physical device (physical port) like in the
-      example below.
-    </p>
-
-    <pre>
-&lt;capability type='pci'&gt;
-...
-  &lt;capability type='virt_functions' maxCount='7'&gt;
-    &lt;address domain='0x0000' bus='0x04' slot='0x10' function='0x1'/&gt;
-    &lt;address domain='0x0000' bus='0x04' slot='0x10' function='0x3'/&gt;
-    &lt;address domain='0x0000' bus='0x04' slot='0x10' function='0x5'/&gt;
-    &lt;address domain='0x0000' bus='0x04' slot='0x10' function='0x7'/&gt;
-    &lt;address domain='0x0000' bus='0x04' slot='0x11' function='0x1'/&gt;
-    &lt;address domain='0x0000' bus='0x04' slot='0x11' function='0x3'/&gt;
-    &lt;address domain='0x0000' bus='0x04' slot='0x11' function='0x5'/&gt;
-  &lt;/capability&gt;
-...
-&lt;/capability&gt;</pre>
-    <p>
-      A SR-IOV child device on the other hand, would then report its top level
-      capability type as a <code>phys_function</code> instead:
-    </p>
-
-    <pre>
-&lt;device&gt;
-...
-  &lt;capability type='phys_function'&gt;
-    &lt;address domain='0x0000' bus='0x04' slot='0x00' function='0x0'/&gt;
-  &lt;/capability&gt;
-...
-&lt;device&gt;</pre>
-
-    <h3><a name="MDEVCap">MDEV capability</a></h3>
-    <p>
-      A PCI device capable of creating mediated devices will include a nested
-      capability <code>mdev_types</code> which enumerates all supported mdev
-      types on the physical device, along with the type attributes available
-      through sysfs:
-    </p>
-
-    <dl>
-      <dt><code>type</code></dt>
-      <dd>
-        This element describes a mediated device type which acts as an
-        abstract template defining a resource allocation for instances of this
-        device type. The element has one attribute <code>id</code> which holds
-        an official vendor-supplied identifier for the type.
-        <span class="since">Since 3.4.0</span>
-      </dd>
-
-      <dt><code>name</code></dt>
-      <dd>
-        The <code>name</code> element holds a vendor-supplied code name for
-        the given mediated device type. This is an optional element.
-        <span class="since">Since 3.4.0</span>
-      </dd>
-
-      <dt><code>deviceAPI</code></dt>
-      <dd>
-        The value of this element describes how an instance of the given type
-        will be presented to the guest by the VFIO framework.
-        <span class="since">Since 3.4.0</span>
-      </dd>
-
-      <dt><code>availableInstances</code></dt>
-      <dd>
-        This element reports the current state of resource allocation. In other
-        words, how many instances of the given type can still be successfully
-        created on the physical device.
-        <span class="since">Since 3.4.0</span>
-      </dd>
-    </dl>
-
-    <p>
-      For a more info about mediated devices, refer to the
-      <a href="#MDEV">paragraph below</a>.
-    </p>
-
-<pre>
-&lt;device&gt;
-...
-  &lt;driver&gt;
-    &lt;name&gt;nvidia&lt;/name&gt;
-  &lt;/driver&gt;
-  &lt;capability type='pci'&gt;
-...
-    &lt;capability type='mdev_types'&gt;
-      &lt;type id='nvidia-11'&gt;
-        &lt;name&gt;GRID M60-0B&lt;/name&gt;
-        &lt;deviceAPI&gt;vfio-pci&lt;/deviceAPI&gt;
-        &lt;availableInstances&gt;16&lt;/availableInstances&gt;
-      &lt;/type&gt;
-      &lt;!-- Here would come the rest of the available mdev types --&gt;
-    &lt;/capability&gt;
-...
-  &lt;/capability&gt;
-&lt;/device&gt;</pre>
-
-    <h2><a name="MDEV">Mediated devices (MDEVs)</a></h2>
-    <p>
-      Mediated devices (<span class="since">Since 3.2.0</span>) are software
-      devices defining resource allocation on the backing physical device which
-      in turn allows the parent physical device's resources to be divided into
-      several mediated devices, thus sharing the physical device's performance
-      among multiple guests. Unlike SR-IOV however, where a PCIe device appears
-      as multiple separate PCIe devices on the host's PCI bus, mediated devices
-      only appear on the mdev virtual bus. Therefore, no detach/reattach
-      procedure from/to the host driver procedure is involved even though
-      mediated devices are used in a direct device assignment manner.
-    </p>
-
-    <p>
-      The following sub-elements and attributes are exposed within the
-      <code>capability</code> element:
-    </p>
-
-    <dl>
-      <dt><code>type</code></dt>
-      <dd>
-        This element describes a mediated device type which acts as an
-        abstract template defining a resource allocation for instances of this
-        device type. The element has one attribute <code>id</code> which holds
-        an official vendor-supplied identifier for the type.
-        <span class="since">Since 3.4.0</span>
-      </dd>
-
-      <dt><code>iommuGroup</code></dt>
-      <dd>
-        This element supports a single attribute <code>number</code> which holds
-        the IOMMU group number the mediated device belongs to.
-        <span class="since">Since 3.4.0</span>
-      </dd>
-    </dl>
-
-    <h3>Example of a mediated device</h3>
-    <pre>
-&lt;device&gt;
-  &lt;name&gt;mdev_4b20d080_1b54_4048_85b3_a6a62d165c01&lt;/name&gt;
-  &lt;path&gt;/sys/devices/pci0000:00/0000:00:02.0/4b20d080-1b54-4048-85b3-a6a62d165c01&lt;/path&gt;
-  &lt;parent&gt;pci_0000_06_00_0&lt;/parent&gt;
-  &lt;driver&gt;
-    &lt;name&gt;vfio_mdev&lt;/name&gt;
-  &lt;/driver&gt;
-  &lt;capability type='mdev'&gt;
-    &lt;type id='nvidia-11'/&gt;
-    &lt;iommuGroup number='12'/&gt;
-  &lt;capability/&gt;
-&lt;device/&gt;</pre>
-
-    <p>
-      The support of mediated device's framework in libvirt's node device driver
-      covers the following features:
-    </p>
-
-    <ul>
-      <li>
-        list available mediated devices on the host
-        (<span class="since">Since 3.4.0</span>)
-      </li>
-      <li>
-        display device details
-        (<span class="since">Since 3.4.0</span>)
-      </li>
-    </ul>
-
-    <p>
-      Because mediated devices are instantiated from vendor specific templates,
-      simply called 'types', information describing these types is contained
-      within the parent device's capabilities
-      (see the example in <a href="#PCI">PCI host devices</a>).
-    </p>
-
-    <p>
-      To see the supported mediated device types on a specific physical device
-      use the following:
-    </p>
-
-    <pre>
-$ ls /sys/class/mdev_bus/&lt;device&gt;/mdev_supported_types</pre>
-
-    <p>
-      To manually instantiate a mediated device, use one of the following as a
-      reference:
-    </p>
-
-    <pre>
-$ uuidgen &gt; /sys/class/mdev_bus/&lt;device&gt;/mdev_supported_types/&lt;type&gt;/create
-...
-$ echo &lt;UUID&gt; &gt; /sys/class/mdev_bus/&lt;device&gt;/mdev_supported_types/&lt;type&gt;/create</pre>
-
-    <p>
-      Manual removal of a mediated device is then performed as follows:
-    </p>
-
-    <pre>
-$ echo 1 &gt; /sys/bus/mdev/devices/&lt;uuid&gt;/remove</pre>
-
-  </body>
-</html>
--- a/docs/drvparallels.html.in
+++ b/docs/drvparallels.html.in
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+    <h1>Parallels Cloud Server driver</h1>
+    <ul id="toc"></ul>
+    <p>
+        The libvirt Parallels driver can manage Parallels Cloud Server starting from version 6.0.
+    </p>
+
+
+    <h2><a name="project">Project Links</a></h2>
+    <ul>
+      <li>
+        The <a href="http://www.parallels.com/products/server/baremetal/sp/">Parallels Cloud Server</a> Virtualization Solution.
+      </li>
+    </ul>
+
+
+    <h2><a name="uri">Connections to the Parallels Cloud Server driver</a></h2>
+    <p>
+        The libvirt Parallels driver is a single-instance privileged driver, with a driver name of 'parallels'. Some example connection URIs for the libvirt driver are:
+    </p>
+<pre>
+parallels:///system                     (local access)
+parallels+unix:///system                (local access)
+parallels://example.com/system          (remote access, TLS/x509)
+parallels+tcp://example.com/system      (remote access, SASl/Kerberos)
+parallels+ssh://root@example.com/system (remote access, SSH tunnelled)
+</pre>
+
+    <h2><a name="example">Example guest domain XML configuration</a></h2>
+
+    <p>
+    Parallels driver require at least one hard disk for new domains
+    at this time. It is used for defining directory, where VM should
+    be created.
+    </p>
+
+<pre>
+&lt;domain type='parallels'&gt;
+  &lt;name&gt;demo&lt;/name&gt;
+  &lt;uuid&gt;54cdecad-4492-4e31-a209-33cc21d64057&lt;/uuid&gt;
+  &lt;description&gt;some description&lt;/description&gt;
+  &lt;memory unit='KiB'&gt;1048576&lt;/memory&gt;
+  &lt;currentMemory unit='KiB'&gt;1048576&lt;/currentMemory&gt;
+  &lt;vcpu placement='static'&gt;2&lt;/vcpu&gt;
+  &lt;os&gt;
+    &lt;type arch='x86_64'&gt;hvm&lt;/type&gt;
+  &lt;/os&gt;
+  &lt;clock offset='utc'/&gt;
+  &lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;
+  &lt;on_reboot&gt;destroy&lt;/on_reboot&gt;
+  &lt;on_crash&gt;destroy&lt;/on_crash&gt;
+  &lt;devices&gt;
+    &lt;disk type='file' device='disk'&gt;
+      &lt;source file='/storage/vol1'/&gt;
+      &lt;target dev='hda'/&gt;
+    &lt;/disk&gt;
+    &lt;video&gt;
+      &lt;model type='vga' vram='33554432' heads='1'&gt;
+        &lt;acceleration accel3d='no' accel2d='no'/&gt;
+      &lt;/model&gt;
+    &lt;/video&gt;
+  &lt;/devices&gt;
+&lt;/domain&gt;
+
+</pre>
+
+</body></html>
--- a/docs/drvqemu.html.in
+++ b/docs/drvqemu.html.in
@@ -8,7 +8,9 @@

    <p>
      The libvirt KVM/QEMU driver can manage any QEMU emulator from
-      version 0.12.0 or later.
+      version 0.8.1 or later. It can also manage Xenner, which
+      provides the same QEMU command line syntax and monitor
+      interaction.
    </p>

    <h2><a name="project">Project Links</a></h2>
@@ -41,6 +43,12 @@
        node. If both are found, then KVM fullyvirtualized, hardware accelerated
        guests will be available.
      </li>
+      <li>
+        <strong>Xenner hypervisor</strong>: The driver will probe <code>/usr/bin</code>
+        for the presence of <code>xenner</code> and <code>/dev/kvm</code> device
+        node. If both are found, then Xen paravirtualized guests can be run using
+        the KVM hardware acceleration.
+      </li>
    </ul>

    <h2><a name="uris">Connections to QEMU driver</a></h2>
@@ -639,5 +647,9 @@ $ virsh domxml-to-native qemu-argv demo.xml
  &lt;/devices&gt;
 &lt;/domain&gt;</pre>

+    <h3>Xen paravirtualized guests with hardware acceleration</h3>
+
+
+
  </body>
 </html>
--- a/docs/drvuml.html.in
+++ b/docs/drvuml.html.in
@@ -65,7 +65,7 @@ uml+ssh://root@example.com/system    (remote access, SSH tunnelled)
    </p>

    <p>
-      Once booted the primary console is connected to a PTY, and
+      Once booted the primary console is connected toa PTY, and
      thus accessible with "virsh console" or equivalent tools
    </p>

--- a/docs/drvvirtuozzo.html.in
+++ b/docs/drvvirtuozzo.html.in
@@ -1,70 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Virtuozzo driver</h1>
-    <ul id="toc"></ul>
-    <p>
-        The libvirt vz driver can manage Virtuozzo starting from version 6.0.
-    </p>
-
-
-    <h2><a name="project">Project Links</a></h2>
-    <ul>
-      <li>
-        The <a href="http://www.odin.com/products/virtuozzo/">Virtuozzo</a> Solution.
-      </li>
-    </ul>
-
-
-    <h2><a name="uri">Connections to the Virtuozzo driver</a></h2>
-    <p>
-        The libvirt Virtuozzo driver is a single-instance privileged driver, with a driver name of 'virtuozzo'. Some example connection URIs for the libvirt driver are:
-    </p>
-<pre>
-vz:///system                     (local access)
-vz+unix:///system                (local access)
-vz://example.com/system          (remote access, TLS/x509)
-vz+tcp://example.com/system      (remote access, SASl/Kerberos)
-vz+ssh://root@example.com/system (remote access, SSH tunnelled)
-</pre>
-
-    <h2><a name="example">Example guest domain XML configuration</a></h2>
-
-    <p>
-    Virtuozzo driver require at least one hard disk for new domains
-    at this time. It is used for defining directory, where VM should
-    be created.
-    </p>
-
-<pre>
-&lt;domain type='vz'&gt;
-  &lt;name&gt;demo&lt;/name&gt;
-  &lt;uuid&gt;54cdecad-4492-4e31-a209-33cc21d64057&lt;/uuid&gt;
-  &lt;description&gt;some description&lt;/description&gt;
-  &lt;memory unit='KiB'&gt;1048576&lt;/memory&gt;
-  &lt;currentMemory unit='KiB'&gt;1048576&lt;/currentMemory&gt;
-  &lt;vcpu placement='static'&gt;2&lt;/vcpu&gt;
-  &lt;os&gt;
-    &lt;type arch='x86_64'&gt;hvm&lt;/type&gt;
-  &lt;/os&gt;
-  &lt;clock offset='utc'/&gt;
-  &lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;
-  &lt;on_reboot&gt;destroy&lt;/on_reboot&gt;
-  &lt;on_crash&gt;destroy&lt;/on_crash&gt;
-  &lt;devices&gt;
-    &lt;disk type='file' device='disk'&gt;
-      &lt;source file='/storage/vol1'/&gt;
-      &lt;target dev='hda'/&gt;
-    &lt;/disk&gt;
-    &lt;video&gt;
-      &lt;model type='vga' vram='33554432' heads='1'&gt;
-        &lt;acceleration accel3d='no' accel2d='no'/&gt;
-      &lt;/model&gt;
-    &lt;/video&gt;
-  &lt;/devices&gt;
-&lt;/domain&gt;
-
-</pre>
-
-</body></html>
--- a/docs/drvvmware.html.in
+++ b/docs/drvvmware.html.in
@@ -2,11 +2,10 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
    <body>
-        <h1>VMware Workstation / Player / Fusion hypervisors driver</h1>
+        <h1>VMware Workstation / Player hypervisors driver</h1>
        <p>
-        The libvirt VMware driver should be able to manage any Workstation,
-        Player, Fusion version supported by the VMware VIX API. See the
-        compatibility list
+        The libvirt VMware Workstation driver should be able to manage any Workstation and
+        Player version supported by the VMware VIX API. See the compatibility list
        <a href="http://www.vmware.com/support/developer/vix-api/vix110_reference/">here</a>.
    </p>
    <p>
@@ -22,22 +21,17 @@
        The <a href="http://www.vmware.com/">VMware Workstation and
        Player</a> hypervisors
      </li>
-      <li>
-        The <a href="http://www.vmware.com/fusion">VMware Fusion</a>
-        hypervisor
-      </li>
    </ul>

    <h2>Connections to VMware driver</h2>

    <p>
    The libvirt VMware driver provides per-user drivers (the "session" instance).
-    Three uris are available:
+    Two uris are available:
    </p>
    <ul>
      <li>"vmwareplayer" for VMware Player</li>
      <li>"vmwarews" for VMware Workstation</li>
-      <li>"vmwarefusion" for VMware Fusion</li>
    </ul>
    <p>
    Some example connection URIs for the driver are:
@@ -46,7 +40,6 @@
 <pre>
 vmwareplayer:///session                  (local access to VMware Player per-user instance)
 vmwarews:///session                      (local access to VMware Workstation per-user instance)
-vmwarefusion:///session                      (local access to VMware Fusion per-user instance)
 vmwarews+tcp://user@example.com/session  (remote access to VMware Workstation, SASl/Kerberos)
 vmwarews+ssh://user@example.com/session  (remote access to VMware Workstation, SSH tunnelled)
 </pre>
--- a/docs/errors.html.in
+++ b/docs/errors.html.in
@@ -46,9 +46,9 @@ following fields:</p>
      <li>level: the error level, usually VIR_ERR_ERROR, though there is room for
    warnings like VIR_ERR_WARNING</li>
      <li>message: the full human-readable formatted string of the error</li>
-      <li>conn: if available a pointer to the <a href="html/libvirt-libvirt-host.html#virConnectPtr">virConnectPtr</a>
+      <li>conn: if available a pointer to the <a href="html/libvirt-libvirt.html#virConnectPtr">virConnectPtr</a>
    connection to the hypervisor where this happened</li>
-      <li>dom: if available a pointer to the <a href="html/libvirt-libvirt-domain.html#virDomainPtr">virDomainPtr</a> domain
+      <li>dom: if available a pointer to the <a href="html/libvirt-libvirt.html#virDomainPtr">virDomainPtr</a> domain
    targeted in the operation</li>
    </ul>
    <p>and then extra raw information about the error which may be initialized
--- a/docs/et.png
+++ b/docs/et.png
--- a/docs/firewall.html.in
+++ b/docs/firewall.html.in
@@ -142,7 +142,7 @@ MASQUERADE all  --  *      *       192.168.122.0/24    !192.168.122.0/24</pre>
    <p><a href="http://www.dmtf.org/standards/cim/cim_schema_v2230/CIM_Network.pdf">http://www.dmtf.org/standards/cim/cim_schema_v2230/CIM_Network.pdf</a></p>
    <p>The filters are managed in libvirt as a top level, standalone object.
       This allows the filters to then be referenced by any libvirt object
-       that requires their functionality, instead tying them only to use
+       that requires their functionality, instead tieing them only to use
       by guest NICs. In the current implementation, filters can be associated
       with individual guest NICs via the libvirt domain XML format. In the
       future we might allow filters to be associated with the virtual network
@@ -272,7 +272,7 @@ f5c78134-9da4-0c60-a9f0-fb37bc21ac1f  no-other-rarp-traffic
       to update them. This ensures the guests have their iptables/ebtables
       rules recreated.
    </p>
-    <p>To associate the clean-traffic filter with a guest, edit the
+    <p>To associate the clean-trafffic filter with a guest, edit the
       guest XML config and change the <code>&lt;interface&gt;</code> element
       to include a <code>&lt;filterref&gt;</code> and also specify the
       whitelisted <code>&lt;ip address/&gt;</code> the guest is allowed to
--- a/docs/fonts/LICENSE.md
+++ b/docs/fonts/LICENSE.md
@@ -1,90 +0,0 @@
-## License
-
-Copyright (C) 2015 Red Hat, Inc.,
-
-This Font Software is licensed under the SIL Open Font License, Version 1.1.
-This license is copied below, and is also available with a FAQ at:
-http://scripts.sil.org/OFL
-
-
-#### SIL OPEN FONT LICENSE
-Version 1.1 - 26 February 2007
-
---
-
-#### PREAMBLE
-The goals of the Open Font License (OFL) are to stimulate worldwide development
-of collaborative font projects, to support the font creation efforts of
-academic and linguistic communities, and to provide a free and open framework
-in which fonts may be shared and improved in partnership with others.
-
-The OFL allows the licensed fonts to be used, studied, modified and
-redistributed freely as long as they are not sold by themselves. The fonts,
-including any derivative works, can be bundled, embedded, redistributed and/or
-sold with any software provided that any reserved names are not used by
-derivative works. The fonts and derivatives, however, cannot be released under
-any other type of license. The requirement for fonts to remain under this
-license does not apply to any document created using the fonts or their
-derivatives.
-
-#### DEFINITIONS
-“Font Software” refers to the set of files released by the Copyright Holder(s)
-under this license and clearly marked as such. This may include source files,
-build scripts and documentation.
-
-“Reserved Font Name” refers to any names specified as such after the copyright
-statement(s).
-
-“Original Version” refers to the collection of Font Software components as
-distributed by the Copyright Holder(s).
-
-“Modified Version” refers to any derivative made by adding to, deleting, or
-substituting—in part or in whole—any of the components of the Original Version,
-by changing formats or by porting the Font Software to a new environment.
-
-“Author” refers to any designer, engineer, programmer, technical writer or
-other person who contributed to the Font Software.
-
-#### PERMISSION & CONDITIONS
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-the Font Software, to use, study, copy, merge, embed, modify, redistribute, and
-sell modified and unmodified copies of the Font Software, subject to the
-following conditions:
-
-1) Neither the Font Software nor any of its individual components, in Original
-or Modified Versions, may be sold by itself.
-
-2) Original or Modified Versions of the Font Software may be bundled,
-redistributed and/or sold with any software, provided that each copy contains
-the above copyright notice and this license. These can be included either as
-stand-alone text files, human-readable headers or in the appropriate machine-
-readable metadata fields within text or binary files as long as those fields
-can be easily viewed by the user.
-
-3) No Modified Version of the Font Software may use the Reserved Font Name(s)
-unless explicit written permission is granted by the corresponding Copyright
-Holder. This restriction only applies to the primary font name as presented to
-the users.
-
-4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font Software
-shall not be used to promote, endorse or advertise any Modified Version, except
-to acknowledge the contribution(s) of the Copyright Holder(s) and the Author(s)
-or with their explicit written permission.
-
-5) The Font Software, modified or unmodified, in part or in whole, must be
-distributed entirely under this license, and must not be distributed under any
-other license. The requirement for fonts to remain under this license does not
-apply to any document created using the Font Software.
-
-#### TERMINATION
-This license becomes null and void if any of the above conditions are not met.
-
-#### DISCLAIMER
-THE FONT SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF COPYRIGHT, PATENT,
-TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE FOR
-ANY CLAIM, DAMAGES OR OTHER LIABILITY, INCLUDING ANY GENERAL, SPECIAL,
-INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, WHETHER IN AN ACTION OF
-CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF THE USE OR INABILITY TO USE
-THE FONT SOFTWARE OR FROM OTHER DEALINGS IN THE FONT SOFTWARE.
--- a/docs/fonts/overpass-bold-italic.woff
+++ b/docs/fonts/overpass-bold-italic.woff
--- a/docs/fonts/overpass-bold.woff
+++ b/docs/fonts/overpass-bold.woff
--- a/docs/fonts/overpass-italic.woff
+++ b/docs/fonts/overpass-italic.woff
--- a/docs/fonts/overpass-light-italic.woff
+++ b/docs/fonts/overpass-light-italic.woff
--- a/docs/fonts/overpass-light.woff
+++ b/docs/fonts/overpass-light.woff
--- a/docs/fonts/overpass-mono-bold.woff
+++ b/docs/fonts/overpass-mono-bold.woff
--- a/docs/fonts/overpass-mono-light.woff
+++ b/docs/fonts/overpass-mono-light.woff
--- a/Show More
+++ b/Show More