gitlab: Add script_variables and define $MAKEFLAGS there

This new template provides a standardized place where environment variables which are not static, but rather depend on the output of some shell command, can be defined for later use. This pattern is already used in libosinfo's GitLab CI integration. Defining $MAKEFLAGS there means we don't need to call getconf over and over, and the actual build steps don't end up drowned in the noise. Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
docs: virtfs: add section separators
2025-09-24 21:44:59 +03:00 · 2020-03-27 19:08:50 +01:00 · 2020-03-27 17:54:36 +01:00 · 2020-03-27 16:25:48 +01:00 · 2020-03-27 16:25:48 +01:00 · 2020-03-27 16:22:49 +01:00
2981 changed files with 161842 additions and 42718 deletions
--- a/.color_coded.in
+++ b/.color_coded.in
@@ -1,7 +1,5 @@
 -I@abs_top_builddir@
 -I@abs_top_srcdir@
-I@abs_top_builddir@/gnulib/lib
-I@abs_top_srcdir@/gnulib/lib
 -I@abs_top_builddir@/include
 -I@abs_top_srcdir@/include
 -I@abs_top_builddir@/src
--- a/.gitignore
+++ b/.gitignore
@@ -6,6 +6,7 @@
 *#*#
 *.#*#
 .#*
+*~

 # autotools related ignores
 !/m4/virt-*.m4
@@ -14,9 +15,12 @@
 /INSTALL
 /aclocal.m4
 /autom4te.cache
-/build-aux/.gitignore
 /build-aux/compile
+/build-aux/config.guess
+/build-aux/config.sub
 /build-aux/depcomp
+/build-aux/install-sh
+/build-aux/ltmain.sh
 /build-aux/missing
 /build-aux/test-driver
 /config.h.in
@@ -25,16 +29,8 @@
 /m4/*
 Makefile.in

-# gnulib related ignores
-!/gnulib/lib/Makefile.am
-!/gnulib/tests/Makefile.am
-*.rej
-*~
-/gnulib/lib/*
-/gnulib/m4/*
-/gnulib/tests/*
-
 # git related ignores
+*.rej
 *.orig
 .git-module-status

--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,46 +1,243 @@
-.job_template: &job_definition
+variables:
+  MAKE: make
+  GIT_DEPTH: 100
+
+stages:
+  - prebuild
+  - native_build
+  - cross_build
+
+.script_variables: &script_variables |
+  export MAKEFLAGS="-j$(getconf _NPROCESSORS_ONLN)"
+
+# Common templates
+
+# Default native build jobs that are always run
+.native_build_default_job_template: &native_build_default_job_definition
+  stage: native_build
+  cache:
+    paths:
+      - ccache/
+    key: "$CI_JOB_NAME"
+  before_script:
+    - *script_variables
+    - mkdir -p ccache
+    - export CC="ccache gcc"
+    - export CCACHE_BASEDIR=${PWD}
+    - export CCACHE_DIR=${PWD}/ccache
+  script:
+    - mkdir build
+    - cd build
+    - ../autogen.sh || (cat config.log && exit 1)
+    - $MAKE distcheck
+
+# Extra native build jobs that are only run post-merge, or
+# when code is pushed to a branch with "ci-full-" name prefix
+.native_build_extra_job_template: &native_build_extra_job_definition
+  <<: *native_build_default_job_definition
+  only:
+    - master
+    - /^ci-full-.*$/
+
+
+# Default cross build jobs that are always run
+.cross_build_default_job_template: &cross_build_default_job_definition
+  stage: cross_build
+  cache:
+    paths:
+      - ccache/
+    key: "$CI_JOB_NAME"
+  before_script:
+    - *script_variables
+    - mkdir -p ccache
+    - export CC="ccache ${ABI}-gcc"
+    - export CCACHE_BASEDIR=${PWD}
+    - export CCACHE_DIR=${PWD}/ccache
  script:
    - mkdir build
    - cd build
    - ../autogen.sh $CONFIGURE_OPTS || (cat config.log && exit 1)
-    - make -j $(getconf _NPROCESSORS_ONLN)
+    - $MAKE

-# We could run every arch on every versions, but it is a little
-# overkill. Instead we split jobs evenly across 9, 10 and sid
-# to achieve reasonable cross-coverage.
+# Extra cross build jobs that are only run post-merge, or
+# when code is pushed to a branch with "ci-full-" name prefix
+.cross_build_extra_job_template: &cross_build_extra_job_definition
+  <<: *cross_build_default_job_definition
+  only:
+    - master
+    - /^ci-full-.*$/

-debian-9-cross-armv6l:
-  <<: *job_definition
+
+# Native architecture build + test jobs
+
+x64-debian-9:
+  <<: *native_build_extra_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-debian-9:latest
+
+x64-debian-10:
+  <<: *native_build_default_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-debian-10:latest
+
+x64-debian-sid:
+  <<: *native_build_extra_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-debian-sid:latest
+
+x64-centos-7:
+  <<: *native_build_default_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-centos-7:latest
+
+x64-centos-8:
+  <<: *native_build_extra_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-centos-8:latest
+
+x64-fedora-30:
+  <<: *native_build_default_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-fedora-30:latest
+
+x64-fedora-31:
+  <<: *native_build_extra_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-fedora-31:latest
+
+x64-fedora-rawhide:
+  <<: *native_build_default_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-fedora-rawhide:latest
+
+x64-opensuse-151:
+  <<: *native_build_default_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-opensuse-151:latest
+
+x64-ubuntu-1604:
+  <<: *native_build_default_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-ubuntu-1604:latest
+
+x64-ubuntu-1804:
+  <<: *native_build_extra_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-ubuntu-1804:latest
+
+
+# Cross compiled build jobs
+
+armv6l-debian-9:
+  <<: *cross_build_extra_job_definition
  image: quay.io/libvirt/buildenv-libvirt-debian-9-cross-armv6l:latest

-debian-9-cross-mips64el:
-  <<: *job_definition
+mips64el-debian-9:
+  <<: *cross_build_extra_job_definition
  image: quay.io/libvirt/buildenv-libvirt-debian-9-cross-mips64el:latest

-debian-9-cross-mipsel:
-  <<: *job_definition
-  image: quay.io/libvirt/buildenv-libvirt-debian-9-cross-mipsel:latest
+mips-debian-9:
+  <<: *cross_build_extra_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-debian-9-cross-mips:latest

-debian-10-cross-aarch64:
-  <<: *job_definition
+aarch64-debian-10:
+  <<: *cross_build_extra_job_definition
  image: quay.io/libvirt/buildenv-libvirt-debian-10-cross-aarch64:latest

-debian-10-cross-ppc64le:
-  <<: *job_definition
+ppc64le-debian-10:
+  <<: *cross_build_extra_job_definition
  image: quay.io/libvirt/buildenv-libvirt-debian-10-cross-ppc64le:latest

-debian-10-cross-s390x:
-  <<: *job_definition
+s390x-debian-10:
+  <<: *cross_build_default_job_definition
  image: quay.io/libvirt/buildenv-libvirt-debian-10-cross-s390x:latest

-debian-sid-cross-armv7l:
-  <<: *job_definition
+armv7l-debian-sid:
+  <<: *cross_build_default_job_definition
  image: quay.io/libvirt/buildenv-libvirt-debian-sid-cross-armv7l:latest

-debian-sid-cross-i686:
-  <<: *job_definition
+i686-debian-sid:
+  <<: *cross_build_extra_job_definition
  image: quay.io/libvirt/buildenv-libvirt-debian-sid-cross-i686:latest

-debian-sid-cross-mips:
-  <<: *job_definition
-  image: quay.io/libvirt/buildenv-libvirt-debian-sid-cross-mips:latest
+mipsel-debian-sid:
+  <<: *cross_build_extra_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-debian-sid-cross-mipsel:latest
+
+mingw32-fedora-30:
+  <<: *cross_build_default_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-fedora-30-cross-mingw32:latest
+
+mingw64-fedora-30:
+  <<: *cross_build_default_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-fedora-30-cross-mingw64:latest
+
+
+# This artifact published by this job is downloaded by libvirt.org to
+# be deployed to the web root:
+#    https://gitlab.com/libvirt/libvirt/-/jobs/artifacts/master/download?job=website
+website:
+  stage: prebuild
+  before_script:
+    - *script_variables
+  script:
+    - mkdir build
+    - cd build
+    - ../autogen.sh --prefix=$(pwd)/../vroot || (cat config.log && exit 1)
+    - $MAKE -C docs
+    - $MAKE -C docs install
+    - cd ..
+    - mv vroot/share/doc/libvirt/html/ website
+  image: quay.io/libvirt/buildenv-libvirt-fedora-31:latest
+  artifacts:
+    expose_as: 'Website'
+    name: 'website'
+    when: on_success
+    expire_in: 30 days
+    paths:
+      - website
+
+
+codestyle:
+  stage: prebuild
+  before_script:
+    - *script_variables
+  script:
+    - mkdir build
+    - cd build
+    - ../autogen.sh || (cat config.log && exit 1)
+    - $MAKE syntax-check
+  image: quay.io/libvirt/buildenv-libvirt-fedora-31:latest
+
+
+# This artifact published by this job is downloaded to push to Weblate
+# for translation usage:
+#    https://gitlab.com/libvirt/libvirt/-/jobs/artifacts/master/download?job=potfile
+potfile:
+  stage: prebuild
+  only:
+    - master
+  before_script:
+    - *script_variables
+  script:
+    - mkdir build
+    - cd build
+    - ../autogen.sh || (cat config.log && exit 1)
+    - $MAKE -C src generated-sources
+    - $MAKE -C po libvirt.pot
+    - cd ..
+    - mv build/po/libvirt.pot libvirt.pot
+  image: quay.io/libvirt/buildenv-libvirt-fedora-31:latest
+  artifacts:
+    expose_as: 'Potfile'
+    name: 'potfile'
+    when: on_success
+    expire_in: 30 days
+    paths:
+      - libvirt.pot
+
+
+# Check that all commits are signed-off for the DCO. Skip
+# on master branch and -maint branches, since we only need
+# to test developer's personal branches.
+dco:
+  stage: prebuild
+  image: quay.io/libvirt/buildenv-libvirt-fedora-31:latest
+  before_script:
+    - *script_variables
+  script:
+    - ./scripts/require-dco.py
+  only:
+    - branches
+  except:
+    - /^v.*-maint$/
+    - master
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,6 +1,3 @@
-[submodule "gnulib"]
-	path = .gnulib
-	url = https://git.savannah.gnu.org/git/gnulib.git/
 [submodule "keycodemapdb"]
 	path = src/keycodemapdb
 	url = https://gitlab.com/keycodemap/keycodemapdb.git
--- a/.gitpublish
+++ b/.gitpublish
@@ -1,3 +1,4 @@
 [gitpublishprofile "default"]
 base = master
 to = libvir-list@redhat.com
+prefix = libvirt PATCH
--- a/.gnulib
+++ b/.gnulib
--- a/.travis.yml
+++ b/.travis.yml
@@ -14,13 +14,14 @@ addons:
      - xz
      - yajl
      - glib
+      - docutils

 matrix:
  include:
    - services:
        - docker
      env:
-        - IMAGE="ubuntu-18"
+        - IMAGE="ubuntu-1804"
        - MAKE_ARGS="syntax-check distcheck"
      script:
        - make -C ci/ ci-build@$IMAGE CI_MAKE_ARGS="$MAKE_ARGS"
@@ -31,6 +32,13 @@ matrix:
        - MAKE_ARGS="syntax-check distcheck"
      script:
        - make -C ci/ ci-build@$IMAGE CI_MAKE_ARGS="$MAKE_ARGS"
+    - services:
+        - docker
+      env:
+        - IMAGE="debian-9"
+        - MAKE_ARGS="syntax-check distcheck"
+      script:
+        - make -C ci/ ci-build@$IMAGE CI_MAKE_ARGS="$MAKE_ARGS"
    - services:
        - docker
      env:
@@ -48,22 +56,40 @@ matrix:
    - services:
        - docker
      env:
-        - IMAGE="fedora-30"
-        - MINGW="mingw32"
+        - IMAGE="fedora-30-cross-mingw32"
      script:
-        - make -C ci/ ci-build@$IMAGE CI_CONFIGURE="$MINGW-configure"
+        - make -C ci/ ci-build@$IMAGE
    - services:
        - docker
      env:
-        - IMAGE="fedora-30"
-        - MINGW="mingw64"
+        - IMAGE="fedora-30-cross-mingw64"
      script:
-        - make -C ci/ ci-build@$IMAGE CI_CONFIGURE="$MINGW-configure"
+        - make -C ci/ ci-build@$IMAGE
    - compiler: clang
      language: c
      os: osx
+      osx_image: xcode10.3
      env:
        - PATH="/usr/local/opt/gettext/bin:/usr/local/opt/ccache/libexec:/usr/local/opt/rpcgen/bin:$PATH"
+        - PKG_CONFIG_PATH="/usr/local/opt/libxml2/lib/pkgconfig"
+      before_script:
+        # Hack to blow away py2
+        - brew link --overwrite python
+      script:
+        # We can't run 'distcheck' or 'syntax-check' because they fail on
+        # macOS, but doing 'install' and 'dist' gives us some useful coverage
+        - mkdir build && cd build
+        - ../autogen.sh --prefix=$(pwd)/install-root && make -j3 && make -j3 install && make -j3 dist
+    - compiler: clang
+      language: c
+      os: osx
+      osx_image: xcode11.3
+      env:
+        - PATH="/usr/local/opt/gettext/bin:/usr/local/opt/ccache/libexec:/usr/local/opt/rpcgen/bin:$PATH"
+        - PKG_CONFIG_PATH="/usr/local/opt/libxml2/lib/pkgconfig"
+      before_script:
+        # Hack to blow away py2
+        - brew link --overwrite python
      script:
        # We can't run 'distcheck' or 'syntax-check' because they fail on
        # macOS, but doing 'install' and 'dist' gives us some useful coverage
--- a/.ycm_extra_conf.py.in
+++ b/.ycm_extra_conf.py.in
@@ -1,8 +1,6 @@
 flags = [
  '-I@abs_top_builddir@',
  '-I@abs_top_srcdir@',
-  '-I@abs_top_builddir@/gnulib/lib',
-  '-I@abs_top_srcdir@/gnulib/lib',
  '-I@abs_top_builddir@/include',
  '-I@abs_top_srcdir@/include',
  '-I@abs_top_builddir@/src',
--- a/AUTHORS.in
+++ b/AUTHORS.in
@@ -19,6 +19,7 @@ Daniel Veillard <veillard@redhat.com>
 Doug Goldstein <cardoe@gentoo.org>
 Eric Blake <eblake@redhat.com>
 Erik Skultety <eskultet@redhat.com>
+Fabiano Fidêncio <fidencio@redhat.com>
 Gao Feng <gaofeng@cn.fujitsu.com>
 Guido Günther <agx@sigxcpu.org>
 Ján Tomko <jtomko@redhat.com>
--- a/Makefile.am
+++ b/Makefile.am
@@ -23,7 +23,7 @@ GENHTML = genhtml
 # so force it explicitly
 DISTCHECK_CONFIGURE_FLAGS = --enable-werror

-SUBDIRS = . gnulib/lib include/libvirt src tools docs gnulib/tests \
+SUBDIRS = . include/libvirt src tools docs \
  tests po examples

 XZ_OPT ?= -v -T0
@@ -45,26 +45,37 @@ EXTRA_DIST = \
  run.in \
  README.md \
  AUTHORS.in \
+  scripts/apibuild.py \
  scripts/augeas-gentest.py \
  build-aux/check-spacing.pl \
  scripts/check-aclperms.py \
  scripts/check-aclrules.py \
  scripts/check-drivername.py \
  scripts/check-driverimpls.py \
+  scripts/check-file-access.py \
+  scripts/check-remote-protocol.py \
  scripts/check-symfile.py \
  scripts/check-symsorting.py \
  scripts/dtrace2systemtap.py \
+  scripts/esx_vi_generator.py \
+  scripts/genaclperms.py \
  scripts/genpolkit.py \
  scripts/gensystemtap.py \
+  scripts/group-qemu-caps.py \
  scripts/header-ifdef.py \
+  scripts/hvsupport.py \
+  scripts/hyperv_wmi_generator.py \
  scripts/minimize-po.py \
  scripts/mock-noinline.py \
  scripts/prohibit-duplicate-header.py \
+  scripts/reformat-news.py \
+  scripts/test-wrap-argv.py \
  build-aux/syntax-check.mk \
  build-aux/useless-if-before-free \
  build-aux/vc-list-files \
  ci/Makefile \
  ci/build.sh \
+  ci/list-images.sh \
  ci/prepare.sh \
  $(NULL)

@@ -74,7 +85,7 @@ pkgconfig_DATA = libvirt.pc libvirt-qemu.pc libvirt-lxc.pc libvirt-admin.pc
 NEWS: \
 	  $(srcdir)/docs/news.xml \
 	  $(srcdir)/docs/news-ascii.xsl \
-	  $(srcdir)/docs/reformat-news.py
+	  $(top_srcdir)/scripts/reformat-news.py
 	$(AM_V_GEN) \
 	if [ -x $(XSLTPROC) ]; then \
 	  $(XSLTPROC) --nonet \
@@ -82,14 +93,14 @@ NEWS: \
 	    $(srcdir)/docs/news.xml \
 	  >$@-tmp \
 	    || { rm -f $@-tmp; exit 1; }; \
-	  $(RUNUTF8) $(PYTHON) $(srcdir)/docs/reformat-news.py $@-tmp >$@ \
+	  $(RUNUTF8) $(PYTHON) $(top_srcdir)/scripts/reformat-news.py $@-tmp >$@ \
 	    || { rm -f $@-tmp; exit 1; }; \
 	  rm -f $@-tmp; \
 	fi
 EXTRA_DIST += \
 	$(srcdir)/docs/news.xml \
 	$(srcdir)/docs/news-ascii.xsl \
-	$(srcdir)/docs/reformat-news.py
+	$(NULL)

 rpm: clean
 	@(unset CDPATH ; $(MAKE) dist && rpmbuild -ta $(distdir).tar.xz)
@@ -118,6 +129,9 @@ clean-cov:

 MAINTAINERCLEANFILES = .git-module-status

+BUILT_SOURCES = configmake.h
+CLEANFILES = configmake.h
+
 distclean-local: clean-GNUmakefile
 clean-GNUmakefile:
 	test '$(srcdir)' = . || rm -f $(top_builddir)/GNUmakefile
@@ -142,4 +156,45 @@ gen-AUTHORS:
 	fi

 ci-%:
-	$(MAKE) -C ci/ $@
+	$(MAKE) -C $(srcdir)/ci/ $@
+
+# Listed in the same order as the GNU makefile conventions, and
+# provided by autoconf 2.59c+ or 2.70.
+# The Automake-defined pkg* macros are appended, in the order
+# listed in the Automake 1.10a+ documentation.
+configmake.h: Makefile
+	$(AM_V_GEN)rm -f $@-t && \
+	{ echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
+	  echo '#if WIN32'; \
+	  echo '# include <winsock2.h> /* avoid mingw pollution on DATADIR */'; \
+	  echo '#endif'; \
+	  echo '#define PREFIX "$(prefix)"'; \
+	  echo '#define EXEC_PREFIX "$(exec_prefix)"'; \
+	  echo '#define BINDIR "$(bindir)"'; \
+	  echo '#define SBINDIR "$(sbindir)"'; \
+	  echo '#define LIBEXECDIR "$(libexecdir)"'; \
+	  echo '#define DATAROOTDIR "$(datarootdir)"'; \
+	  echo '#define DATADIR "$(datadir)"'; \
+	  echo '#define SYSCONFDIR "$(sysconfdir)"'; \
+	  echo '#define SHAREDSTATEDIR "$(sharedstatedir)"'; \
+	  echo '#define LOCALSTATEDIR "$(localstatedir)"'; \
+	  echo '#define RUNSTATEDIR "$(runstatedir)"'; \
+	  echo '#define INCLUDEDIR "$(includedir)"'; \
+	  echo '#define OLDINCLUDEDIR "$(oldincludedir)"'; \
+	  echo '#define DOCDIR "$(docdir)"'; \
+	  echo '#define INFODIR "$(infodir)"'; \
+	  echo '#define HTMLDIR "$(htmldir)"'; \
+	  echo '#define DVIDIR "$(dvidir)"'; \
+	  echo '#define PDFDIR "$(pdfdir)"'; \
+	  echo '#define PSDIR "$(psdir)"'; \
+	  echo '#define LIBDIR "$(libdir)"'; \
+	  echo '#define LISPDIR "$(lispdir)"'; \
+	  echo '#define LOCALEDIR "$(localedir)"'; \
+	  echo '#define MANDIR "$(mandir)"'; \
+	  echo '#define MANEXT "$(manext)"'; \
+	  echo '#define PKGDATADIR "$(pkgdatadir)"'; \
+	  echo '#define PKGINCLUDEDIR "$(pkgincludedir)"'; \
+	  echo '#define PKGLIBDIR "$(pkglibdir)"'; \
+	  echo '#define PKGLIBEXECDIR "$(pkglibexecdir)"'; \
+	} | sed '/""/d' > $@-t && \
+	mv -f $@-t $@
--- a/9
+++ b/9
@@ -28,18 +28,11 @@ You can get a copy of the source repository like this:
        $ git clone https://libvirt.org/git/libvirt.git
        $ cd libvirt

-As an optional step, if you already have a copy of the gnulib git
-repository on your hard drive, then you can use it as a reference to
-reduce download time and disk space requirements:
-
-        $ export GNULIB_SRCDIR=/path/to/gnulib
-
 We require to have the build directory different than the source directory:

        $ mkdir build && cd build

-The next step is to get all required pieces from gnulib,
-to run autoreconf, and to invoke ../autogen.sh:
+The next step is to invoke ../autogen.sh:

        $ ../autogen.sh

--- a/autogen.sh
+++ b/autogen.sh
@@ -1,208 +1,44 @@
 #!/bin/sh
 # Run this to generate all the initial makefiles, etc.
+test -n "$srcdir" || srcdir=$(dirname "$0")
+test -n "$srcdir" || srcdir=.

-die()
-{
-    echo "error: $1" >&2
+olddir=$(pwd)
+
+cd "$srcdir"
+
+(test -f src/libvirt.c) || {
+    echo -n "**Error**: Directory "\`$srcdir\'" does not look like the"
+    echo " top-level libvirt directory"
    exit 1
 }

-starting_point=$(pwd)
+git submodule update --init || exit 1

-srcdir=$(dirname "$0")
-test "$srcdir" || srcdir=.
+autoreconf --verbose --force --install || exit 1

-cd "$srcdir" || {
-    die "Failed to cd into $srcdir"
-}
-
-test -f src/libvirt.c || {
-    die "$0 must live in the top-level libvirt directory"
-}
-
-dry_run=
-no_git=
-gnulib_srcdir=
-extra_args=
-while test "$#" -gt 0; do
-    case "$1" in
-    --dry-run)
-        # This variable will serve both as an indicator of the fact that
-        # a dry run has been requested, and to store the result of the
-        # dry run. It will be ultimately used as return code for the
-        # script: 0 means no action is necessary, 2 means that autogen.sh
-        # needs to be executed, and 1 is reserved for failures
-        dry_run=0
-        shift
-        ;;
-    --no-git)
-        no_git=" $1"
-        shift
-        ;;
-    --gnulib-srcdir=*)
-        gnulib_srcdir=" $1"
-        shift
-        ;;
-    --gnulib-srcdir)
-        gnulib_srcdir=" $1=$2"
-        shift
-        shift
-        ;;
-    --system)
-        prefix=/usr
-        sysconfdir=/etc
-        localstatedir=/var
-        if test -d $prefix/lib64; then
-            libdir=$prefix/lib64
-        else
-            libdir=$prefix/lib
-        fi
-        extra_args="--prefix=$prefix --localstatedir=$localstatedir"
-        extra_args="$extra_args --sysconfdir=$sysconfdir --libdir=$libdir"
-        shift
-        ;;
-    *)
-        # All remaining arguments will be passed to configure verbatim
-        break
-        ;;
-    esac
-done
-no_git="$no_git$gnulib_srcdir"
-
-gnulib_hash()
-{
-    local no_git=$1
-
-    if test "$no_git"; then
-        echo "no-git"
-        return
-    fi
-
-    # Compute the hash we'll use to determine whether rerunning bootstrap
-    # is required. The first is just the SHA1 that selects a gnulib snapshot.
-    # The second ensures that whenever we change the set of gnulib modules used
-    # by this package, we rerun bootstrap to pull in the matching set of files.
-    # The third ensures that whenever we change the set of local gnulib diffs,
-    # we rerun bootstrap to pull in those diffs.
-    git submodule status .gnulib | awk '{ print $1 }'
-    git hash-object bootstrap.conf
-    git ls-tree -d HEAD gnulib/local | awk '{ print $3 }'
-}
-
-# Only look into git submodules if we're in a git checkout
-if test -d .git || test -f .git; then
-
-    # Check for dirty submodules
-    if test -z "$CLEAN_SUBMODULE"; then
-        for path in $(git submodule status | awk '{ print $2 }'); do
-            case "$(git diff "$path")" in
-                *-dirty*)
-                    echo "error: $path is dirty, please investigate" >&2
-                    echo "set CLEAN_SUBMODULE to discard submodule changes" >&2
-                    exit 1
-                    ;;
-            esac
-        done
-    fi
-    if test "$CLEAN_SUBMODULE" && test -z "$no_git"; then
-        if test -z "$dry_run"; then
-            echo "Cleaning up submodules..."
-            git submodule foreach 'git clean -dfqx && git reset --hard' || {
-                die "Cleaning up submodules failed"
-            }
-        fi
-    fi
-
-    # Update all submodules. If any of the submodules has not been
-    # initialized yet, it will be initialized now; moreover, any submodule
-    # with uncommitted changes will be returned to the expected state
-    echo "Updating submodules..."
-    git submodule update --init || {
-        die "Updating submodules failed"
-    }
-
-    # The expected hash, eg. the one computed after the last
-    # successful bootstrap run, is stored on disk
-    state_file=.git-module-status
-    expected_hash=$(cat "$state_file" 2>/dev/null)
-    actual_hash=$(gnulib_hash "$no_git")
-
-    if test "$actual_hash" = "$expected_hash" && test -f AUTHORS; then
-        # The gnulib hash matches our expectations, and all the files
-        # that can only be generated through bootstrap are present:
-        # we just need to run autoreconf. Unless we're performing a
-        # dry run, of course...
-        if test -z "$dry_run"; then
-            echo "Running autoreconf..."
-            autoreconf -if || {
-                die "autoreconf failed"
-            }
-        fi
-    else
-        # Whenever the gnulib submodule or any of the related bits
-        # has been changed in some way (see gnulib_hash) we need to
-        # run bootstrap again. If we're performing a dry run, we
-        # change the return code instead to signal our caller
-        if test "$dry_run"; then
-            dry_run=2
-        else
-            echo "Running bootstrap..."
-            ./bootstrap$no_git --bootstrap-sync || {
-                die "bootstrap failed"
-            }
-            gnulib_hash >"$state_file"
-        fi
+if test "x$1" = "x--system"; then
+    shift
+    prefix=/usr
+    libdir=$prefix/lib
+    sysconfdir=/etc
+    localstatedir=/var
+    if [ -d /usr/lib64 ]; then
+      libdir=$prefix/lib64
    fi
+    EXTRA_ARGS="--prefix=$prefix --sysconfdir=$sysconfdir --localstatedir=$localstatedir --libdir=$libdir"
 fi

-# When performing a dry run, we can stop here
-test "$dry_run" && exit "$dry_run"
+cd "$olddir"

-# If asked not to run configure, we can stop here
-test "$NOCONFIGURE" && exit 0
+if [ "$NOCONFIGURE" = "" ]; then
+        $srcdir/configure $EXTRA_ARGS "$@" || exit 1

-cd "$starting_point" || {
-    die "Failed to cd into $starting_point"
-}
-
-if test "$OBJ_DIR"; then
-    mkdir -p "$OBJ_DIR" || {
-        die "Failed to create $OBJ_DIR"
-    }
-    cd "$OBJ_DIR" || {
-        die "Failed to cd into $OBJ_DIR"
-    }
-fi
-
-# Make sure we can find GNU make and tell the user
-# the right command to run
-MAKE=
-for cmd in make gmake; do
-    if $cmd -v 2>&1 | grep -q "GNU Make"; then
-        MAKE=$cmd
-        break
-    fi
-done
-test "$MAKE" || {
-    die "GNU make is required to build libvirt"
-}
-
-if test -z "$*" && test -z "$extra_args" && test -f config.status; then
-    echo "Running config.status..."
-    ./config.status --recheck || {
-        die "config.status failed"
-    }
+        if [ "$1" = "--help" ]; then
+                exit 0
+        else
+                echo "Now type 'make' to compile libvirt" || exit 1
+        fi
 else
-    if test -z "$*" && test -z "$extra_args"; then
-        echo "I am going to run configure with no arguments - if you wish"
-        echo "to pass any to it, please specify them on the $0 command line."
-    else
-        echo "Running configure with $extra_args $@"
-    fi
-    "$srcdir/configure" $extra_args "$@" || {
-        die "configure failed"
-    }
+        echo "Skipping configure process."
 fi
-
-echo
-echo "Now type '$MAKE' to compile libvirt."
--- a/1073
+++ b/1073
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -1,162 +0,0 @@
-# Bootstrap configuration.
-
-# Copyright (C) 2010-2014 Red Hat, Inc.
-
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Lesser General Public License for more details.
-
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library.  If not, see
-# <http://www.gnu.org/licenses/>.
-
-# gnulib modules used by this package.
-gnulib_modules='
-accept
-bind
-c-ctype
-c-strcase
-canonicalize-lgpl
-chown
-clock-time
-close
-connect
-configmake
-dirname-lgpl
-environ
-fclose
-fcntl
-fcntl-h
-fdatasync
-fnmatch
-fsync
-getaddrinfo
-getcwd-lgpl
-gethostname
-getpass
-getpeername
-getsockname
-gettimeofday
-intprops
-ioctl
-largefile
-listen
-localeconv
-manywarnings
-mgetgroups
-net_if
-netdb
-nonblocking
-openpty
-passfd
-physmem
-pipe-posix
-pipe2
-poll
-posix-shell
-pthread_sigmask
-recv
-send
-setenv
-setsockopt
-sigaction
-sigpipe
-socket
-stat-time
-strchrnul
-strptime
-strtok_r
-sys_stat
-sys_wait
-termios
-time_r
-timegm
-ttyname_r
-uname
-unsetenv
-verify
-waitpid
-warnings
-wcwidth
-'
-
-SKIP_PO=true
-
-# Enable copy-mode for MSYS/MinGW. MSYS' ln doesn't work well in the way
-# bootstrap uses it with relative paths.
-if test -n "$MSYSTEM"; then
-    copy=true
-fi
-
-
-# Tell gnulib to:
-#   require LGPLv2+
-#   apply any local diffs in gnulib/local/ dir
-#   put *.m4 files in m4/ dir
-#   put *.[ch] files in new gnulib/lib/ dir
-#   import gnulib tests in new gnulib/tests/ dir
-gnulib_name=libgnu
-m4_base=m4
-source_base=gnulib/lib
-tests_base=gnulib/tests
-gnulib_tool_option_extras="\
- --lgpl=2\
- --with-tests\
- --makefile-name=gnulib.mk\
- --avoid=pt_chown\
- --avoid=lock-tests\
-"
-local_gl_dir=gnulib/local
-
-# Build prerequisites
-# Note that some of these programs are only required for 'make dist' to
-# succeed from a fresh git checkout; not all of these programs are
-# required to run 'make dist' on a tarball.
-buildreq="\
-autoconf   2.59
-automake   1.9.6
-git        1.5.5
-gzip       -
-libtool    -
-patch      -
-perl       5.5
-pkg-config -
-rpcgen     -
-tar        -
-xmllint	   -
-xsltproc   -
-"
-
-# Automake requires that AUTHORS exist.
-touch AUTHORS || exit 1
-
-# Override bootstrap's list - we don't use mdate-sh or texinfo.tex.
-gnulib_extra_files="
-        build-aux/install-sh
-        build-aux/depcomp
-        build-aux/config.guess
-        build-aux/config.sub
-        doc/INSTALL
-"
-
-
-bootstrap_post_import_hook()
-{
-  # Change paths in gnulib/tests/gnulib.mk from "../../.." to "../..",
-  # and make tests conditional by changing "TESTS" to "GNULIB_TESTS".
-  m=gnulib/tests/gnulib.mk
-  sed 's,\.\./\.\./\.\.,../..,g; s/^TESTS /GNULIB_TESTS /' $m > $m-t
-  mv -f $m-t $m
-}
-
-bootstrap_epilogue()
-{
-    echo "$0: done.  Now you can run 'mkdir build && cd build && ../configure'."
-    exit 0
-}
--- a/build-aux/syntax-check.mk
+++ b/build-aux/syntax-check.mk
@@ -44,10 +44,6 @@ VC = $(GIT)

 VC_LIST = $(srcdir)/$(_build-aux)/vc-list-files -C $(srcdir)

-# You can override this variable in syntax-check.mk if your gnulib submodule lives
-# in a different location.
-gnulib_dir ?= $(srcdir)/gnulib
-
 # You can override this variable in syntax-check.mk to set your own regexp
 # matching files to ignore.
 VC_LIST_ALWAYS_EXCLUDE_REGEX ?= ^$$
@@ -73,8 +69,6 @@ _sc_excl = \
  $(or $(exclude_file_name_regexp--$@),^$$)
 VC_LIST_EXCEPT = \
  $(VC_LIST) | $(SED) 's|^$(_dot_escaped_srcdir)/||' \
-	| if test -f $(srcdir)/.x-$@; then $(GREP) -vEf $(srcdir)/.x-$@; \
-	  else $(GREP) -Ev -e "$${VC_LIST_EXCEPT_DEFAULT-ChangeLog}"; fi \
 	| $(GREP) -Ev -e '($(VC_LIST_ALWAYS_EXCLUDE_REGEX)|$(_sc_excl))' \
 	$(_prepend_srcdir_prefix)

@@ -132,22 +126,7 @@ local-check :=								\

 syntax-check: $(local-check)

-# We use .gnulib, not gnulib.
-gnulib_dir = $(srcdir)/.gnulib
-
-# We haven't converted all scripts to using gnulib's init.sh yet.
-_test_script_regex = \<\(init\|test-lib\)\.sh\>
-
-# Most developers don't run 'make distcheck'.  We want the official
-# dist to be secure, but don't want to penalize other developers
-# using a distro that has not yet picked up the automake fix.
-# FIXME remove this ifeq (making the syntax check unconditional)
-# once fixed automake (1.11.6 or 1.12.2+) is more common.
-ifeq ($(filter dist%, $(MAKECMDGOALS)), )
-local-checks-to-skip +=	sc_vulnerable_makefile_CVE-2012-3386
-else
-distdir: sc_vulnerable_makefile_CVE-2012-3386.z
-endif
+_test_script_regex = \<test-lib\.sh\>

 # Files that should never cause syntax check failures.
 VC_LIST_ALWAYS_EXCLUDE_REGEX = \
@@ -419,10 +398,10 @@ sc_prohibit_mkdtemp:
 # access with F_OK or R_OK is okay, though.
 sc_prohibit_access_xok:
 	@prohibit='access(at)? *\(.*X_OK' \
+	in_vc_files='\.[ch]$$' \
 	halt='use virFileIsExecutable instead of access(,X_OK)' \
 	  $(_sc_search_regexp)

-# Similar to the gnulib syntax-check.mk rule for sc_prohibit_strcmp
 # Use STREQLEN or STRPREFIX rather than comparing strncmp == 0, or != 0.
 snp_ = strncmp *\(.+\)
 sc_prohibit_strncmp:
@@ -475,8 +454,6 @@ sc_prohibit_risky_id_promotion:
 	halt='cast -1 to ([ug]id_t) before comparing against id' \
 	  $(_sc_search_regexp)

-# Use g_snprintf rather than s'printf, even if buffer is provably large enough,
-# since gnulib has more guarantees for snprintf portability
 sc_prohibit_sprintf:
 	@prohibit='\<[s]printf\>' \
 	in_vc_files='\.[ch]$$' \
@@ -533,7 +510,7 @@ sc_prohibit_select:
 # Prohibit the inclusion of <ctype.h>.
 sc_prohibit_ctype_h:
 	@prohibit='^# *include  *<ctype\.h>' \
-	halt='use c-ctype.h instead of ctype.h' \
+	halt='use Glib g_ascii_* function instead of ctype.h' \
 	  $(_sc_search_regexp)

 # We have our own wrapper for mocking purposes
@@ -569,9 +546,8 @@ sc_size_of_brackets:
 	  $(_sc_search_regexp)

 # Ensure that no C source file, docs, or rng schema uses TABs for
-# indentation.  Also match *.h.in files, to get libvirt.h.in.  Exclude
-# files in gnulib, since they're imported.
-space_indent_files=(\.(aug(\.in)?|rng|s?[ch](\.in)?|html.in|py|pl|syms)|(daemon|tools)/.*\.in)
+# indentation.  Also match *.h.in files, to get libvirt.h.in.
+space_indent_files=(\.(aug(\.in)?|rng|s?[ch](\.in)?|html.in|py|pl|syms)|tools/.*\.in)
 sc_TAB_in_indentation:
 	@prohibit='^ *	' \
 	in_vc_files='$(space_indent_files)$$' \
@@ -584,12 +560,12 @@ ctype_re = isalnum|isalpha|isascii|isblank|iscntrl|isdigit|isgraph|islower\
 sc_avoid_ctype_macros:
 	@prohibit='\b($(ctype_re)) *\(' \
 	in_vc_files='\.[ch]$$' \
-	halt='use c-ctype.h instead of ctype macros' \
+	halt='use Glib g_ascii_ macros instead of ctype macros' \
 	  $(_sc_search_regexp)

 sc_avoid_strcase:
 	@prohibit='\bstrn?case(cmp|str) *\(' \
-	halt='use c-strcase.h instead of raw strcase functions' \
+	halt='use GLib strcase functions instead of raw strcase functions' \
 	  $(_sc_search_regexp)

 sc_prohibit_virBufferAdd_with_string_literal:
@@ -610,7 +586,7 @@ sc_forbid_manual_xml_indent:
 # dirname and basename from <libgen.h> are not required to be thread-safe
 sc_prohibit_libgen:
 	@prohibit='( (base|dir)name *\(|include .libgen\.h)' \
-	halt='use functions from gnulib "dirname.h", not <libgen.h>' \
+	halt='use functions from GLib, not <libgen.h>' \
 	  $(_sc_search_regexp)

 # raw xmlGetProp requires some nasty casts
@@ -711,8 +687,7 @@ msg_gen_function += virLastErrorPrefixMessage
 # msg_gen_function += vshPrint
 # msg_gen_function += vshError

-space =
-space +=
+space = $(null) $(null)
 func_re= ($(subst $(space),|,$(msg_gen_function)))

 # Look for diagnostics that aren't marked for translation.
@@ -880,9 +855,9 @@ sc_prohibit_cross_inclusion:
 	    access/ | conf/) safe="($$dir|conf|util)";; \
 	    cpu/| network/| node_device/| rpc/| security/| storage/) \
 	      safe="($$dir|util|conf|storage)";; \
-	    *) safe="($$dir|$(mid_dirs)|util)";; \
+	    *) safe="($$dir|$(mid_dirs)|hypervisor|util)";; \
 	  esac; \
-	  in_vc_files="^src/$$dir" \
+	  in_vc_files="src/$$dir" \
 	  prohibit='^# *include .$(cross_dirs_re)' \
 	  exclude="# *include .$$safe" \
 	  halt='unsafe cross-directory include' \
@@ -1120,7 +1095,7 @@ sc_gettext_init:
 	  $(_sc_search_regexp)

 sc_prohibit_obj_free_apis_in_virsh:
-	@prohibit='\bvir(Domain|DomainSnapshot)Free\b' \
+	@prohibit='\bvir(Domain|DomainSnapshot|Secret)Free\b' \
 	in_vc_files='virsh.*\.[ch]$$' \
 	exclude='sc_prohibit_obj_free_apis_in_virsh' \
 	halt='avoid using virDomain(Snapshot)Free in virsh, use virsh-prefixed wrappers instead' \
@@ -1553,13 +1528,6 @@ sc_prohibit_openat_without_use:
 	re='\<(openat_(permissive|needs_fchdir|(save|restore)_fail)|l?(stat|ch(own|mod))at|(euid)?accessat|(FCHMOD|FCHOWN|STAT)AT_INLINE)\>' \
 	  $(_sc_header_without_use)

-# Prohibit the inclusion of c-ctype.h without an actual use.
-ctype_re = isalnum|isalpha|isascii|isblank|iscntrl|isdigit|isgraph|islower\
-|isprint|ispunct|isspace|isupper|isxdigit|tolower|toupper
-sc_prohibit_c_ctype_without_use:
-	@h='c-ctype.h' re='\<c_($(ctype_re)) *\(' \
-	  $(_sc_header_without_use)
-
 # The following list was generated by running:
 # man signal.h|col -b|perl -ne '/bsd_signal.*;/.../sigwaitinfo.*;/ and print' \
 #   | perl -lne '/^\s+(?:int|void).*?(\w+).*/ and print $1' | fmt
@@ -1612,20 +1580,6 @@ sc_prohibit_strings_without_use:
 	re='\<(strn?casecmp|ffs(ll)?)\>'				\
 	  $(_sc_header_without_use)

-# Extract the raw list of symbol names with this:
-gl_extract_define_simple = \
-  /^\# *define ([A-Z]\w+)\(/ and print $$1
-# Filter out duplicates and convert to a space-separated list:
-_intprops_names = \
-  $(shell f=$(gnulib_dir)/lib/intprops.h;				\
-    perl -lne '$(gl_extract_define_simple)' $$f | sort -u | tr '\n' ' ')
-# Remove trailing space and convert to a regular expression:
-_intprops_syms_re = $(subst $(_sp),|,$(strip $(_intprops_names)))
-# Prohibit the inclusion of intprops.h without an actual use.
-sc_prohibit_intprops_without_use:
-	@h='intprops.h'							\
-	re='\<($(_intprops_syms_re)) *\('				\
-	  $(_sc_header_without_use)

 _stddef_syms_re = NULL|offsetof|ptrdiff_t|size_t|wchar_t
 # Prohibit the inclusion of stddef.h without an actual use.
@@ -1644,23 +1598,10 @@ sc_prohibit_dirent_without_use:
 	re='\<($(_dirent_syms_re))\>'					\
 	  $(_sc_header_without_use)

-# Prohibit the inclusion of verify.h without an actual use.
-sc_prohibit_verify_without_use:
-	@h='verify.h'							\
-	re='\<(verify(true|expr)?|assume|static_assert) *\('		\
-	  $(_sc_header_without_use)
-
 # Don't include xfreopen.h unless you use one of its functions.
 sc_prohibit_xfreopen_without_use:
 	@h='xfreopen.h' re='\<xfreopen *\(' $(_sc_header_without_use)

-# Each nonempty ChangeLog line must start with a year number, or a TAB.
-sc_changelog:
-	@prohibit='^[^12	]'					\
-	in_vc_files='^ChangeLog$$'					\
-	halt='found unexpected prefix in a ChangeLog'			\
-	  $(_sc_search_regexp)
-
 # Ensure that each .c file containing a "main" function also
 # calls bindtextdomain.
 sc_bindtextdomain:
@@ -1689,29 +1630,6 @@ sc_unmarked_diagnostics:
 	halt='found unmarked diagnostic(s)'				\
 	  $(_sc_search_regexp)

-# List headers for which HAVE_HEADER_H is always true, assuming you are
-# using the appropriate gnulib module.  CAUTION: for each "unnecessary"
-# #if HAVE_HEADER_H that you remove, be sure that your project explicitly
-# requires the gnulib module that guarantees the usability of that header.
-gl_assured_headers_ = \
-  cd $(gnulib_dir)/lib && echo *.in.h|$(SED) 's/\.in\.h//g'
-
-# Convert the list of names to upper case, and replace each space with "|".
-az_ = abcdefghijklmnopqrstuvwxyz
-AZ_ = ABCDEFGHIJKLMNOPQRSTUVWXYZ
-gl_header_upper_case_or_ =						\
-  $$($(gl_assured_headers_)						\
-    | tr $(az_)/.- $(AZ_)___						\
-    | tr -s ' ' '|'							\
-    )
-sc_prohibit_always_true_header_tests:
-	@or=$(gl_header_upper_case_or_);				\
-	re="HAVE_($$or)_H";						\
-	prohibit='\<'"$$re"'\>'						\
-	halt=$$(printf '%s\n'						\
-	'do not test the above HAVE_<header>_H symbol(s);'		\
-	'  with the corresponding gnulib module, they are always true')	\
-	  $(_sc_search_regexp)

 sc_prohibit_defined_have_decl_tests:
 	@prohibit='(#[	 ]*ifn?def|\<defined)\>[	 (]+HAVE_DECL_'	\
@@ -1719,51 +1637,6 @@ sc_prohibit_defined_have_decl_tests:
 	  $(_sc_search_regexp)

 # ==================================================================
-gl_other_headers_ ?= \
-  intprops.h	\
-  openat.h	\
-  stat-macros.h
-
-# Perl -lne code to extract "significant" cpp-defined symbols from a
-# gnulib header file, eliminating a few common false-positives.
-# The exempted names below are defined only conditionally in gnulib,
-# and hence sometimes must/may be defined in application code.
-gl_extract_significant_defines_ = \
-  /^\# *define ([^_ (][^ (]*)(\s*\(|\s+\w+)/\
-    && $$2 !~ /(?:rpl_|_used_without_)/\
-    && $$1 !~ /^(?:NSIG|ENODATA)$$/\
-    && $$1 !~ /^(?:SA_RESETHAND|SA_RESTART)$$/\
-    and print $$1
-
-# Create a list of regular expressions matching the names
-# of macros that are guaranteed to be defined by parts of gnulib.
-define def_sym_regex
-	gen_h=$(gl_generated_headers_);					\
-	(cd $(gnulib_dir)/lib;						\
-	  for f in *.in.h $(gl_other_headers_); do			\
-	    test -f $$f							\
-	      && perl -lne '$(gl_extract_significant_defines_)' $$f;	\
-	  done;								\
-	) | sort -u							\
-	  | $(SED) 's/^/^ *# *(define|undef)  */;s/$$/\\>/'
-endef
-
-# Don't define macros that we already get from gnulib header files.
-sc_prohibit_always-defined_macros:
-	@if test -d $(gnulib_dir); then					\
-	  case $$(echo all: | $(GREP) -l -f - $(abs_top_builddir)/Makefile) in $(abs_top_builddir)/Makefile);; *) \
-	    echo '$(ME): skipping $@: you lack GNU grep' 1>&2; exit 0;;	\
-	  esac;								\
-	  regex=$$($(def_sym_regex)); export regex;			\
-	  $(VC_LIST_EXCEPT)						\
-	    | xargs sh -c 'echo $$regex | $(GREP) -E -f - "$$@"'	\
-		dummy /dev/null						\
-	    && { printf '$(ME): define the above'			\
-			' via some gnulib .h file\n' 1>&2;		\
-	         exit 1; }						\
-	    || :;							\
-	fi
-# ==================================================================

 # Prohibit checked in backup files.
 sc_prohibit_backup_files:
@@ -1779,14 +1652,6 @@ sc_GFDL_version:
 	halt='GFDL vN, N!=3'						\
 	  $(_sc_search_regexp)

-cvs_keywords = \
-  Author|Date|Header|Id|Name|Locker|Log|RCSfile|Revision|Source|State
-
-sc_prohibit_cvs_keyword:
-	@prohibit='\$$($(cvs_keywords))\$$'				\
-	halt='do not use CVS keyword expansion'				\
-	  $(_sc_search_regexp)
-
 # This Perl code is slightly obfuscated.  Not only is each "$" doubled
 # because it's in a Makefile, but the $$c's are comments;  we cannot
 # use "#" due to the way the script ends up concatenated onto one line.
@@ -1927,20 +1792,6 @@ sc_const_long_option:
 	halt='add "const" to the above declarations'			\
 	  $(_sc_search_regexp)

-NEWS_hash =								\
-  $$($(SED) -n '/^\*.* $(PREV_VERSION_REGEXP) ([0-9-]*)/,$$p'		\
-       $(srcdir)/NEWS							\
-     | perl -0777 -pe							\
-	's/^Copyright.+?Free\sSoftware\sFoundation,\sInc\.\n//ms'	\
-     | md5sum -								\
-     | $(SED) 's/ .*//')
-
-# Update the hash stored above.  Do this after each release and
-# for any corrections to old entries.
-update-NEWS-hash: NEWS
-	perl -pi -e 's/^(old_NEWS_hash[ \t]+:?=[ \t]+).*/$${1}'"$(NEWS_hash)/" \
-	  $(srcdir)/syntax-check.mk
-
 # Ensure that we use only the standard $(VAR) notation,
 # not @...@ in Makefile.am, now that we can rely on automake
 # to emit a definition for each substituted variable.
@@ -2002,11 +1853,10 @@ perl_translatable_files_list_ =						\
 po_file ?= $(srcdir)/po/POTFILES.in

 # List of additional files that we want to pick up in our POTFILES.in
-# This is all gnulib files, as well as generated files for RPC code.
+# This is all generated files for RPC code.
 generated_files = \
  $(builddir)/src/*.[ch] \
-  $(builddir)/src/*/*.[ch] \
-  $(srcdir)/gnulib/lib/*.[ch]
+  $(builddir)/src/*/*.[ch]

 _gl_translatable_string_re ?= \b(N?_|gettext *)\([^)"]*("|$$)

@@ -2042,25 +1892,6 @@ writable-files:
 	else :;								\
 	fi

-v_etc_file = $(gnulib_dir)/lib/version-etc.c
-sample-test = tests/sample-test
-texi = doc/$(PACKAGE).texi
-# Make sure that the copyright date in $(v_etc_file) is up to date.
-# Do the same for the $(sample-test) and the main doc/.texi file.
-sc_copyright_check:
-	@require='enum { COPYRIGHT_YEAR = '$$(date +%Y)' };'		\
-	in_files=$(v_etc_file)						\
-	halt='out of date copyright in $(v_etc_file); update it'	\
-	  $(_sc_search_regexp)
-	@require='# Copyright \(C\) '$$(date +%Y)' Free'		\
-	in_vc_files=$(sample-test)					\
-	halt='out of date copyright in $(sample-test); update it'	\
-	  $(_sc_search_regexp)
-	@require='Copyright @copyright\{\} .*'$$(date +%Y)		\
-	in_vc_files=$(texi)						\
-	halt='out of date copyright in $(texi); update it'		\
-	  $(_sc_search_regexp)
-

 # BRE regex of file contents to identify a test script.
 _test_script_regex ?= \<init\.sh\>
@@ -2090,70 +1921,6 @@ sc_prohibit_path_max_allocation:
 	halt='Avoid stack allocations of size PATH_MAX'			\
 	  $(_sc_search_regexp)

-sc_vulnerable_makefile_CVE-2009-4029:
-	@prohibit='perm -777 -exec chmod a\+rwx|chmod 777 \$$\(distdir\)' \
-	in_files='(^|/)Makefile\.in$$'					\
-	halt=$$(printf '%s\n'						\
-	  'the above files are vulnerable; beware of running'		\
-	  '  "make dist*" rules, and upgrade to fixed automake'		\
-	  '  see https://bugzilla.redhat.com/show_bug.cgi?id=542609 for details') \
-	  $(_sc_search_regexp)
-
-sc_vulnerable_makefile_CVE-2012-3386:
-	@prohibit='chmod a\+w \$$\(distdir\)'				\
-	in_files='(^|/)Makefile\.in$$'					\
-	halt=$$(printf '%s\n'						\
-	  'the above files are vulnerable; beware of running'		\
-	  '  "make distcheck", and upgrade to fixed automake'		\
-	  '  see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3386 for details') \
-	  $(_sc_search_regexp)
-
-# We don't use this feature of syntax-check.mk.
-prev_version_file = /dev/null
-
-ifneq ($(_gl-Makefile),)
-ifeq (0,$(MAKELEVEL))
-  _dry_run_result := $(shell \
-      cd '$(srcdir)'; \
-      test -d .git || test -f .git || { echo 0; exit; }; \
-      $(srcdir)/autogen.sh --dry-run >/dev/null 2>&1; \
-      echo $$?; \
-  )
-  _clean_requested = $(filter %clean,$(MAKECMDGOALS))
-
-  # A return value of 0 means no action is required
-
-  # A return value of 1 means a genuine error has occurred while
-  # performing the dry run, and it should be reported so it can
-  # be investigated
-  ifeq (1,$(_dry_run_result))
-    $(info INFO: autogen.sh error, running again to show details)
-syntax-check.mk Makefile: _autogen_error
-  endif
-
-  # A return value of 2 means that autogen.sh needs to be executed
-  # in earnest before building, probably because of gnulib updates.
-  # We don't run autogen.sh if the clean target has been invoked,
-  # though, as it would be quite pointless
-  ifeq (2,$(_dry_run_result)$(_clean_requested))
-    $(info INFO: running autogen.sh is required, running it now...)
-    $(shell touch $(srcdir)/AUTHORS)
-syntax-check.mk Makefile: _autogen
-  endif
-endif
-endif
-
-# It is necessary to call autogen any time gnulib changes.  Autogen
-# reruns configure, then we regenerate all Makefiles at once.
-.PHONY: _autogen
-_autogen:
-	$(srcdir)/autogen.sh
-	./config.status
-
-.PHONY: _autogen_error
-_autogen_error:
-	$(srcdir)/autogen.sh --dry-run
-
 ifneq ($(_gl-Makefile),)
 syntax-check: spacing-check test-wrap-argv \
 	prohibit-duplicate-header mock-noinline group-qemu-caps \
@@ -2189,23 +1956,24 @@ header-ifdef:
 	$(PYTHON) $(top_srcdir)/scripts/header-ifdef.py

 test-wrap-argv:
-	$(AM_V_GEN)$(VC_LIST) | $(GREP) -E '\.(ldargs|args)' | xargs \
-	$(PERL) $(top_srcdir)/tests/test-wrap-argv.pl --check
+	$(AM_V_GEN)$(VC_LIST) | $(GREP) -E '\.(ldargs|args)' | $(RUNUTF8) xargs \
+	$(PYTHON) $(top_srcdir)/scripts/test-wrap-argv.py --check

 group-qemu-caps:
-	$(AM_V_GEN)$(PERL) $(top_srcdir)/tests/group-qemu-caps.pl --check $(top_srcdir)/
+	$(AM_V_GEN)$(RUNUTF8) $(PYTHON) $(top_srcdir)/scripts/group-qemu-caps.py \
+		--check --prefix $(top_srcdir)/

 # List all syntax-check exemptions:
 exclude_file_name_regexp--sc_avoid_strcase = ^tools/vsh\.h$$

-_src1=libvirt-stream|qemu/qemu_monitor|util/vir(command|file|fdstream)|xen/xend_internal|rpc/virnetsocket|lxc/lxc_controller|locking/lock_daemon|logging/log_daemon
+_src1=libvirt-stream|qemu/qemu_monitor|util/vir(command|file|fdstream)|rpc/virnetsocket|lxc/lxc_controller|locking/lock_daemon|logging/log_daemon
 _test1=shunloadtest|virnettlscontexttest|virnettlssessiontest|vircgroupmock|commandhelper
 exclude_file_name_regexp--sc_avoid_write = \
  ^(src/($(_src1))|tools/virsh-console|tests/($(_test1)))\.c$$

 exclude_file_name_regexp--sc_bindtextdomain = .*

-exclude_file_name_regexp--sc_gettext_init = ^((tests|examples)/|tools/virt-login-shell.c)
+exclude_file_name_regexp--sc_gettext_init = ^((tests|examples)/|tools/virt-login-shell.c|src/util/vireventglib\.c)

 exclude_file_name_regexp--sc_copyright_format = \
 	^build-aux/syntax-check\.mk$$
@@ -2219,7 +1987,7 @@ exclude_file_name_regexp--sc_flags_usage = \
 exclude_file_name_regexp--sc_libvirt_unmarked_diagnostics = \
  ^(src/rpc/gendispatch\.pl$$|tests/)

-exclude_file_name_regexp--sc_po_check = ^(docs/|src/rpc/gendispatch\.pl$$)
+exclude_file_name_regexp--sc_po_check = ^(docs/|src/rpc/gendispatch\.pl$$|tests/commandtest.c$$)

 exclude_file_name_regexp--sc_prohibit_VIR_ERR_NO_MEMORY = \
  ^(build-aux/syntax-check\.mk|include/libvirt/virterror\.h|src/remote/remote_daemon_dispatch\.c|src/util/virerror\.c|docs/internals/oomtesting\.html\.in)$$
@@ -2234,23 +2002,22 @@ exclude_file_name_regexp--sc_prohibit_PATH_MAX = \
 	^build-aux/syntax-check\.mk$$

 exclude_file_name_regexp--sc_prohibit_access_xok = \
-	^(build-aux/syntax-check\.mk|src/util/virutil\.c)$$
+	^(src/util/virutil\.c)$$

 exclude_file_name_regexp--sc_prohibit_asprintf = \
-  ^(build-aux/syntax-check\.mk|bootstrap.conf$$|examples/|src/util/virstring\.[ch]$$|tests/vircgroupmock\.c|tools/virt-login-shell\.c|tools/nss/libvirt_nss\.c$$)
+  ^(build-aux/syntax-check\.mk|examples/|tests/vircgroupmock\.c|tools/virt-login-shell\.c|tools/nss/libvirt_nss\.c$$)

 exclude_file_name_regexp--sc_prohibit_strdup = \
-  ^(docs/|examples/|src/util/virstring\.c|tests/vir(netserverclient|cgroup)mock.c|tests/commandhelper\.c|tools/nss/libvirt_nss_(leases|macs)\.c$$)
+  ^(docs/|examples/|tests/virnetserverclientmock.c|tests/commandhelper.c|tools/nss/libvirt_nss_(leases|macs)\.c$$)

 exclude_file_name_regexp--sc_prohibit_close = \
-  (\.p[yl]$$|\.spec\.in$$|^docs/|^(src/util/virfile\.c|src/libvirt-stream\.c|tests/(vir.+mock\.c|commandhelper\.c|qemusecuritymock\.c)|tools/nss/libvirt_nss_(leases|macs)\.c)$$)
+  (\.p[yl]$$|\.spec\.in$$|^docs/|^(src/util/vir(file|event)\.c|src/libvirt-stream\.c|tests/(vir.+mock\.c|commandhelper\.c|qemusecuritymock\.c)|tools/nss/libvirt_nss_(leases|macs)\.c)$$)

 exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF = \
  (^tests/(virhostcpu|virpcitest)data/|docs/js/.*\.js|docs/fonts/.*\.woff|\.diff|tests/virconfdata/no-newline\.conf$$)

-_src2=src/(util/vircommand|libvirt|lxc/lxc_controller|locking/lock_daemon|logging/log_daemon|remote/remote_daemon)
 exclude_file_name_regexp--sc_prohibit_fork_wrappers = \
-  (^($(_src2)|tests/testutils)\.c$$)
+  (^(src/(util/(vircommand|virdaemon)|lxc/lxc_controller)|tests/testutils)\.c$$)

 exclude_file_name_regexp--sc_prohibit_gethostname = ^src/util/vir(util|log)\.c$$

@@ -2283,8 +2050,6 @@ exclude_file_name_regexp--sc_prohibit_setuid = ^src/util/virutil\.c|tools/virt-l
 exclude_file_name_regexp--sc_prohibit_snprintf = \
  ^(build-aux/syntax-check\.mk|docs/hacking\.html\.in|tools/virt-login-shell\.c)$$

-exclude_file_name_regexp--sc_prohibit_strncpy = ^src/util/virstring\.c$$
-
 exclude_file_name_regexp--sc_prohibit_strtol = ^examples/.*$$

 exclude_file_name_regexp--sc_prohibit_xmlGetProp = ^src/util/virxml\.c$$
@@ -2300,10 +2065,10 @@ exclude_file_name_regexp--sc_require_config_h_first = \
 	^(examples/|tools/virsh-edit\.c$$|tests/virmockstathelpers.c)

 exclude_file_name_regexp--sc_trailing_blank = \
-  /sysinfodata/.*\.data|/virhostcpudata/.*\.cpuinfo|^gnulib/local/.*/.*diff$$
+  /sysinfodata/.*\.data|/virhostcpudata/.*\.cpuinfo$$

 exclude_file_name_regexp--sc_unmarked_diagnostics = \
-  ^(docs/apibuild.py|tests/virt-aa-helper-test|docs/js/.*\.js)$$
+  ^(scripts/apibuild.py|tests/virt-aa-helper-test|docs/js/.*\.js)$$

 exclude_file_name_regexp--sc_size_of_brackets = build-aux/syntax-check\.mk

@@ -2331,7 +2096,7 @@ exclude_file_name_regexp--sc_prohibit_mixed_case_abbreviations = \
  ^src/(vbox/vbox_CAPI.*.h|esx/esx_vi.(c|h)|esx/esx_storage_backend_iscsi.c)$$

 exclude_file_name_regexp--sc_prohibit_empty_first_line = \
-  ^(README|src/esx/README|tests/(vmwarever|virhostcpu)data/.*)$$
+  ^(src/esx/README|tests/(vmwarever|virhostcpu)data/.*)$$

 exclude_file_name_regexp--sc_prohibit_useless_translation = \
  ^tests/virpolkittest.c
@@ -2340,23 +2105,17 @@ exclude_file_name_regexp--sc_prohibit_devname = \
  ^(tools/virsh.pod|build-aux/syntax-check\.mk|docs/.*)$$

 exclude_file_name_regexp--sc_prohibit_virXXXFree = \
-  ^(docs/|tests/|examples/|tools/|build-aux/syntax-check\.mk|src/test/test_driver.c|src/libvirt_public.syms|include/libvirt/libvirt-(domain|network|nodedev|storage|stream|secret|nwfilter|interface|domain-snapshot).h|src/libvirt-(domain|qemu|network|nodedev|storage|stream|secret|nwfilter|interface|domain-snapshot).c$$)
+  ^(docs/|tests/|examples/|tools/|build-aux/syntax-check\.mk|src/test/test_driver.c|src/libvirt_public.syms|include/libvirt/libvirt-(domain|network|nodedev|storage|stream|secret|nwfilter|interface|domain-snapshot).h|src/libvirt-(domain|qemu|network|nodedev|storage|stream|secret|nwfilter|interface|domain-snapshot).c|src/qemu/qemu_shim.c$$)

 exclude_file_name_regexp--sc_prohibit_sysconf_pagesize = \
-  ^(build-aux/syntax-check\.mk|src/util/virutil\.c)$$
+  ^(build-aux/syntax-check\.mk|src/util/vir(hostmem|util)\.c)$$

 exclude_file_name_regexp--sc_prohibit_pthread_create = \
  ^(build-aux/syntax-check\.mk|src/util/virthread\.c|tests/.*)$$

-exclude_file_name_regexp--sc_prohibit_always-defined_macros = \
-  ^tests/virtestmock.c$$
-
 exclude_file_name_regexp--sc_prohibit_readdir = \
  ^(tests/(.*mock|virfilewrapper)\.c|tools/nss/libvirt_nss\.c)$$

-exclude_file_name_regexp--sc_prohibit_cross_inclusion = \
-  ^(src/util/virclosecallbacks\.h|src/util/virhostdev\.h)$$
-
 exclude_file_name_regexp--sc_prohibit_dirent_d_type = \
  ^(src/util/vircgroup.c)$

@@ -2365,3 +2124,6 @@ exclude_file_name_regexp--sc_prohibit_strcmp = \

 exclude_file_name_regexp--sc_prohibit_backslash_alignment = \
  ^build-aux/syntax-check\.mk$$
+
+exclude_file_name_regexp--sc_prohibit_select = \
+  ^build-aux/syntax-check\.mk|src/util/vireventglibwatch\.c$$
--- a/ci/Makefile
+++ b/ci/Makefile
@@ -220,6 +220,7 @@ ci-run-command@%: ci-prepare-tree
 		  --login \
 		  --user="#$(CI_UID)" \
 		  --group="#$(CI_GID)" \
+		  CONFIGURE_OPTS="$$CONFIGURE_OPTS" \
 		  CI_CONT_SRCDIR="$(CI_CONT_SRCDIR)" \
 		  CI_CONT_BUILDDIR="$(CI_CONT_BUILDDIR)" \
 		  CI_SMP="$(CI_SMP)" \
@@ -238,6 +239,17 @@ ci-build@%:
 ci-check@%:
 	$(MAKE) -C $(CI_ROOTDIR) ci-build@$* CI_MAKE_ARGS="check"

+ci-list-images:
+	@echo
+	@echo "Available x86 container images:"
+	@echo
+	@sh list-images.sh "$(CI_ENGINE)" "$(CI_IMAGE_PREFIX)" | grep -v cross
+	@echo
+	@echo "Available cross-compiler container images:"
+	@echo
+	@sh list-images.sh "$(CI_ENGINE)" "$(CI_IMAGE_PREFIX)" | grep cross
+	@echo
+
 ci-help:
 	@echo "Build libvirt inside containers used for CI"
 	@echo
@@ -246,30 +258,8 @@ ci-help:
 	@echo "    ci-build@\$$IMAGE - run a default 'make'"
 	@echo "    ci-check@\$$IMAGE - run a 'make check'"
 	@echo "    ci-shell@\$$IMAGE - run an interactive shell"
-	@echo
-	@echo "Available x86 container images:"
-	@echo
-	@echo "    centos-7"
-	@echo "    debian-9"
-	@echo "    debian-10"
-	@echo "    debian-sid"
-	@echo "    fedora-29"
-	@echo "    fedora-30"
-	@echo "    fedora-rawhide"
-	@echo "    ubuntu-16"
-	@echo "    ubuntu-18"
-	@echo
-	@echo "Available cross-compiler container images:"
-	@echo
-	@echo "    debian-{9,10,sid}-cross-aarch64"
-	@echo "    debian-{9,10,sid}-cross-armv6l"
-	@echo "    debian-{9,10,sid}-cross-armv7l"
-	@echo "    debian-{10,sid}-cross-i686"
-	@echo "    debian-{9,10,sid}-cross-mips64el"
-	@echo "    debian-{9,10,sid}-cross-mips"
-	@echo "    debian-{9,10,sid}-cross-mipsel"
-	@echo "    debian-{9,10,sid}-cross-ppc64le"
-	@echo "    debian-{9,10,sid}-cross-s390x"
+	@echo "    ci-list-images  - list available images"
+	@echo "    ci-help         - show this help message"
 	@echo
 	@echo "Available make variables:"
 	@echo
--- a/ci/build.sh
+++ b/ci/build.sh
@@ -25,9 +25,7 @@ if test $? != 0; then
 fi
 find -name test-suite.log -delete

-# gl_public_submodule_commit= to disable gnulib's submodule check
-# which breaks due to way we clone the submodules
-make -j"$CI_SMP" gl_public_submodule_commit= $CI_MAKE_ARGS
+make -j"$CI_SMP" $CI_MAKE_ARGS

 if test $? != 0; then \
    LOGS=$(find -name test-suite.log)
--- a/ci/list-images.sh
+++ b/ci/list-images.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+engine="$1"
+prefix="$2"
+
+do_podman() {
+    # Podman freaks out if the search term ends with a dash, which ours
+    # by default does, so let's strip it. The repository name is the
+    # second field in the output, and it already starts with the registry
+    podman search --limit 100 "${prefix%-}" | while read _ repo _; do
+        echo "$repo"
+    done
+}
+
+do_docker() {
+    # Docker doesn't include the registry name in the output, so we have
+    # to add it. The repository name is the first field in the output
+    registry="${prefix%%/*}"
+    docker search --limit 100 "$prefix" | while read repo _; do
+        echo "$registry/$repo"
+    done
+}
+
+"do_$engine" | grep "^$prefix" | sed "s,^$prefix,,g" | while read repo; do
+    echo "    $repo"
+done | sort -u
--- a/config-post.h
+++ b/config-post.h
@@ -22,16 +22,37 @@

 /*
 * Define __GNUC_PREREQ to a sane default if it isn't yet defined.
- * This is done here so that it's included as early as possible; gnulib relies
- * on this to be defined in features.h, which should be included from ctype.h.
- * This doesn't happen on many non-glibc systems.
- * When __GNUC_PREREQ is not defined, gnulib defines it to 0, which breaks things.
+ * This is done here so that it's included as early as possible;
 */
 #ifndef __GNUC_PREREQ
 # define __GNUC_PREREQ(maj, min) \
    ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
 #endif

-#if !(__GNUC_PREREQ(4, 8) || defined(__clang__))
-# error "Libvirt requires GCC >= 4.8, or CLang"
+#if defined(__clang_major__) && defined(__clang_minor__)
+# ifdef __apple_build_version__
+#  if __clang_major__ < 5 || (__clang_major__ == 5 && __clang_minor__ < 1)
+#   error You need at least XCode Clang v5.1 to compile QEMU
+#  endif
+# else
+#  if __clang_major__ < 3 || (__clang_major__ == 3 && __clang_minor__ < 4)
+#   error You need at least Clang v3.4 to compile QEMU
+#  endif
+# endif
+#elif defined(__GNUC__) && defined(__GNUC_MINOR__)
+# if __GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 8)
+#  error You need at least GCC v4.8 to compile QEMU
+# endif
+#else
+# error You either need at least GCC 4.8 or Clang 3.4 or XCode Clang 5.1 to compile libvirt
 #endif
+
+/* Ask for warnings for anything that was marked deprecated in
+ * the defined version, or before. It is a candidate for rewrite.
+ */
+#define GLIB_VERSION_MIN_REQUIRED GLIB_VERSION_2_48
+
+/* Ask for warnings if code tries to use function that did not
+ * exist in the defined version. These risk breaking builds
+ */
+#define GLIB_VERSION_MAX_ALLOWED GLIB_VERSION_2_48
--- a/configure.ac
+++ b/configure.ac
@@ -16,7 +16,7 @@ dnl You should have received a copy of the GNU Lesser General Public
 dnl License along with this library.  If not, see
 dnl <http://www.gnu.org/licenses/>.

-AC_INIT([libvirt], [5.10.0], [libvir-list@redhat.com], [], [https://libvirt.org])
+AC_INIT([libvirt], [6.2.0], [libvir-list@redhat.com], [], [https://libvirt.org])

 if test $srcdir = "."
 then
@@ -42,11 +42,6 @@ dnl we don't really need the 'u' even in older toolchains.  Then there is
 dnl older libtool, which spelled it AR_FLAGS
 m4_divert_text([DEFAULTS], [: "${ARFLAGS=cr} ${AR_FLAGS=cr}"])

-# Maintainer note - comment this line out if you plan to rerun
-# GNULIB_POSIXCHECK testing to see if libvirt should be using more modules.
-# Leave it uncommented for normal releases, for faster ./configure.
-gl_ASSERT_NO_GNULIB_POSIXCHECK
-
 # Default to using the silent-rules feature when possible.  Formatting
 # chosen to bypass 'grep' checks that cause older automake to warn.
 # Users (include rpm) can still change the default at configure time.
@@ -55,6 +50,8 @@ m4_ifndef([AM_SILENT_RULES],

 AC_CANONICAL_HOST

+AC_USE_SYSTEM_EXTENSIONS
+
 # First extract pieces from the version number string
 LIBVIRT_MAJOR_VERSION=`echo $VERSION | awk -F. '{print $1}'`
 LIBVIRT_MINOR_VERSION=`echo $VERSION | awk -F. '{print $2}'`
@@ -132,14 +129,12 @@ AC_PROG_CPP
 dnl autoconf 2.70 adds a --runstatedir option so that downstreams
 dnl can point to /run instead of the historic /var/run, but
 dnl autoconf hasn't had a release since 2012.
-dnl
-dnl gnulib sets configmake.h to include runstatedir, but sets
-dnl it to $localstatedir/run if $runstatedir env var is not set
-dnl which is useless for apps that need to use /run without
-dnl waiting for autoconf 2.70
-dnl
+if test "x$runstatedir" = x; then
+  AC_SUBST([runstatedir], ['${localstatedir}/run'])
+fi
+
 dnl we introduce --with-runstatedir and then overwrite the
-dnl value of $runstatedir so gnulib's configmake.h becomes useful
+dnl value of $runstatedir so configmake.h is more useful
 AC_ARG_WITH(
    [runstatedir],
    [AS_HELP_STRING(
@@ -152,8 +147,8 @@ then
 fi


-gl_EARLY
-gl_INIT
+dnl get 64-int interfaces on 32-bit platforms
+AC_SYS_LARGEFILE

 AC_TYPE_UID_T

@@ -183,8 +178,6 @@ case "$host" in
    # mingw's ld has the --version-script parameter, but it requires a .def file
    # instead to work properly, therefore clear --version-script here and use
    # -Wl, to pass the .def file to the linker
-    # cygwin's ld has the --version-script parameter too, but for some reason
-    # it's working there as expected
    VERSION_SCRIPT_FLAGS="-Wl,"
    ;;
  * )
@@ -206,13 +199,12 @@ dnl are also linux specific.  The "network" and storage_fs drivers are known
 dnl to not work on macOS presently, so we also make a note if compiling
 dnl for that

-with_linux=no with_macos=no with_freebsd=no with_win=no with_cygwin=no
+with_linux=no with_macos=no with_freebsd=no with_win=no
 case $host in
  *-*-linux*) with_linux=yes ;;
  *-*-darwin*) with_macos=yes ;;
  *-*-freebsd*) with_freebsd=yes ;;
  *-*-mingw* | *-*-msvc* ) with_win=yes ;;
-  *-*-cygwin*) with_cygwin=yes ;;
 esac

 if test $with_linux = no; then
@@ -229,17 +221,18 @@ if test $with_freebsd = yes; then
    with_firewalld=no
 fi

-if test $with_cygwin = yes; then
-    with_vbox=no
-fi

 AM_CONDITIONAL([WITH_LINUX], [test "$with_linux" = "yes"])
 AM_CONDITIONAL([WITH_FREEBSD], [test "$with_freebsd" = "yes"])
 AM_CONDITIONAL([WITH_MACOS], [test "$with_macos" = "yes"])

-# We don't support the daemon yet
 if test "$with_win" = "yes" ; then
+  # We don't support the daemon yet
  with_libvirtd=no
+
+  # For AI_ADDRCONFIG
+  AC_DEFINE([_WIN32_WINNT], [0x0600], [Win Vista / Server 2008])
+  AC_DEFINE([WINVER], [0x0600], [Win Vista / Server 2008])
 fi

 # The daemon requires remote support.  Likewise, if we are not using
@@ -304,7 +297,6 @@ LIBVIRT_ARG_YAJL

 LIBVIRT_CHECK_ACL
 LIBVIRT_CHECK_APPARMOR
-LIBVIRT_CHECK_ATOMIC
 LIBVIRT_CHECK_ATTR
 LIBVIRT_CHECK_AUDIT
 LIBVIRT_CHECK_BASH_COMPLETION
@@ -353,8 +345,8 @@ AC_CHECK_SIZEOF([long])
 dnl Availability of various common functions (non-fatal if missing),
 dnl and various less common threadsafe functions
 AC_CHECK_FUNCS_ONCE([\
-  cfmakeraw \
  fallocate \
+  getegid \
  geteuid \
  getgid \
  getifaddrs \
@@ -368,6 +360,7 @@ AC_CHECK_FUNCS_ONCE([\
  newlocale \
  posix_fallocate \
  posix_memalign \
+  pipe2 \
  prlimit \
  sched_getaffinity \
  sched_setscheduler \
@@ -383,18 +376,22 @@ dnl Availability of various common headers (non-fatal if missing).
 AC_CHECK_HEADERS([\
  ifaddrs.h \
  libtasn1.h \
+  util.h \
+  libutil.h \
  linux/magic.h \
  mntent.h \
  net/ethernet.h \
-  netinet/tcp.h \
+  net/if.h \
+  pty.h \
  pwd.h \
  stdarg.h \
  syslog.h \
+  sys/ioctl.h \
  sys/mount.h \
  sys/syscall.h \
  sys/sysctl.h \
  sys/ucred.h \
-  sys/un.h \
+  xlocale.h \
  ])
 dnl Check whether endian provides handy macros.
 AC_CHECK_DECLS([htole64], [], [], [[#include <endian.h>]])
@@ -430,6 +427,7 @@ dnl header could be found.
 AM_CONDITIONAL([HAVE_LIBTASN1], [test "x$ac_cv_header_libtasn1_h" = "xyes"])

 AC_CHECK_LIB([intl],[gettext],[])
+AC_CHECK_LIB([util],[openpty],[])


 dnl
@@ -456,7 +454,6 @@ dnl
 LIBVIRT_DRIVER_ARG_QEMU
 LIBVIRT_DRIVER_ARG_OPENVZ
 LIBVIRT_DRIVER_ARG_VMWARE
-LIBVIRT_DRIVER_ARG_PHYP
 LIBVIRT_DRIVER_ARG_LIBXL
 LIBVIRT_DRIVER_ARG_VBOX
 LIBVIRT_DRIVER_ARG_LXC
@@ -473,7 +470,6 @@ LIBVIRT_DRIVER_ARG_INTERFACE
 LIBVIRT_DRIVER_CHECK_QEMU
 LIBVIRT_DRIVER_CHECK_OPENVZ
 LIBVIRT_DRIVER_CHECK_VMWARE
-LIBVIRT_DRIVER_CHECK_PHYP
 LIBVIRT_DRIVER_CHECK_LIBXL
 LIBVIRT_DRIVER_CHECK_VBOX
 LIBVIRT_DRIVER_CHECK_LXC
@@ -701,10 +697,11 @@ if test "$with_linux" = "yes"; then
 fi

 dnl Allow perl/python overrides
-AC_PATH_PROGS([PYTHON], [python3 python2 python])
+AC_PATH_PROGS([PYTHON], [python3])
 if test -z "$PYTHON"; then
-    AC_MSG_ERROR(['python3', 'python2' or 'python' binary is required to build libvirt])
+    AC_MSG_ERROR(['python3' binary is required to build libvirt])
 fi
+AC_DEFINE_UNQUOTED([PYTHON], "$PYTHON", [path to python binary])
 AC_PATH_PROG([FLAKE8], [flake8])
 if test -z "$FLAKE8"; then
    AC_MSG_WARN(['flake8' binary is required to check python code style])
@@ -741,7 +738,7 @@ AM_CONDITIONAL([WITH_TESTS], [test "$with_test_suite" = "yes"])

 LIBVIRT_ARG_ENABLE([EXPENSIVE_TESTS],
                   [set the default for enabling expensive tests ]
-                     [(gnulib and long timeouts), use VIR_TEST_EXPENSIVE to ]
+                     [(long timeouts), use VIR_TEST_EXPENSIVE to ]
                     [override during make],
                   [check])
 case "$enable_expensive_tests" in
@@ -777,9 +774,8 @@ if test "$enable_test_coverage" = yes; then
  WARN_CFLAGS=$save_WARN_CFLAGS
 fi

-dnl Cygwin, MinGW and MSVC checks
+dnl MinGW checks
 LIBVIRT_WIN_CHECK_COMMON
-LIBVIRT_WIN_CHECK_CYGWIN
 LIBVIRT_WIN_CHECK_MINGW
 LIBVIRT_WIN_CHECK_SYMBOLS
 LIBVIRT_WIN_CHECK_WINDRES
@@ -921,8 +917,6 @@ AC_CONFIG_FILES([run],
                [chmod +x,-w run])
 AC_CONFIG_FILES([\
        Makefile src/Makefile include/libvirt/Makefile docs/Makefile \
-        gnulib/lib/Makefile \
-        gnulib/tests/Makefile \
        .color_coded \
        .ycm_extra_conf.py \
        libvirt.pc \
@@ -952,7 +946,6 @@ LIBVIRT_DRIVER_RESULT_VMWARE
 LIBVIRT_DRIVER_RESULT_VBOX
 LIBVIRT_DRIVER_RESULT_LIBXL
 LIBVIRT_DRIVER_RESULT_LXC
-LIBVIRT_DRIVER_RESULT_PHYP
 LIBVIRT_DRIVER_RESULT_ESX
 LIBVIRT_DRIVER_RESULT_HYPERV
 LIBVIRT_DRIVER_RESULT_VZ
--- a/docs/Makefile.am
+++ b/docs/Makefile.am
@@ -173,27 +173,157 @@ gif = \

 internals_html_in = \
  $(patsubst $(srcdir)/%,%,$(wildcard $(srcdir)/internals/*.html.in))
-internals_html = $(internals_html_in:%.html.in=%.html)
+internals_rst = \
+  $(patsubst $(srcdir)/%,%,$(wildcard $(srcdir)/internals/*.rst))
+internals_rst_html_in = \
+  $(internals_rst:%.rst=%.html.in)
+internals_html = \
+  $(internals_html_in:%.html.in=%.html) \
+  $(internals_rst_html_in:%.html.in=%.html)

 internalsdir = $(HTML_DIR)/internals
 internals_DATA = $(internals_html)

 kbase_html_in = \
  $(patsubst $(srcdir)/%,%,$(wildcard $(srcdir)/kbase/*.html.in))
-kbase_html = $(kbase_html_in:%.html.in=%.html)
+kbase_rst = \
+  $(patsubst $(srcdir)/%,%,$(wildcard $(srcdir)/kbase/*.rst))
+kbase_rst_html_in = \
+  $(kbase_rst:%.rst=%.html.in)
+kbase_html = \
+  $(kbase_html_in:%.html.in=%.html) \
+  $(kbase_rst_html_in:%.html.in=%.html)

 kbasedir = $(HTML_DIR)/kbase
 kbase_DATA = $(kbase_html)

+# Sync with src/util/
+KEYCODES = linux osx atset1 atset2 atset3 xtkbd usb win32 qnum
+KEYNAMES = linux osx win32
+
+manpages_rst = \
+  manpages/index.rst \
+  $(NULL)
+manpages1_rst = \
+  manpages/virt-pki-validate.rst \
+  manpages/virt-xml-validate.rst \
+  manpages/virt-admin.rst \
+  manpages/virsh.rst \
+  $(NULL)
+manpages7_rst = \
+  $(KEYCODES:%=manpages/virkeycode-%.rst) \
+  $(KEYNAMES:%=manpages/virkeyname-%.rst) \
+  $(NULL)
+manpages8_rst = $(NULL)
+manpages_rst += \
+  $(manpages1_rst) \
+  $(manpages7_rst) \
+  $(manpages8_rst) \
+  $(NULL)
+if WITH_LIBVIRTD
+manpages8_rst += \
+  manpages/libvirtd.rst \
+  manpages/virtlockd.rst \
+  manpages/virtlogd.rst \
+  $(NULL)
+else ! WITH_LIBVIRTD
+manpages_rst += \
+  manpages/libvirtd.rst \
+  manpages/virtlockd.rst \
+  manpages/virtlogd.rst \
+  $(NULL)
+endif ! WITH_LIBVIRTD
+if WITH_HOST_VALIDATE
+  manpages1_rst += manpages/virt-host-validate.rst
+else ! WITH_HOST_VALIDATE
+  manpages_rst += manpages/virt-host-validate.rst
+endif ! WITH_HOST_VALIDATE
+if WITH_LOGIN_SHELL
+  manpages1_rst += manpages/virt-login-shell.rst
+else ! WITH_LOGIN_SHELL
+  manpages_rst += manpages/virt-login-shell.rst
+endif ! WITH_LOGIN_SHELL
+if WITH_SANLOCK
+  manpages8_rst += manpages/virt-sanlock-cleanup.rst
+else ! WITH_SANLOCK
+  manpages_rst += manpages/virt-sanlock-cleanup.rst
+endif ! WITH_SANLOCK
+if WITH_QEMU
+  manpages1_rst += manpages/virt-qemu-run.rst
+else ! WITH_QEMU
+  manpages_rst += manpages/virt-qemu-run.rst
+endif ! WITH_QEMU
+manpages_rst_html_in = \
+  $(manpages_rst:%.rst=%.html.in)
+manpages_html = \
+  $(manpages_rst_html_in:%.html.in=%.html)
+
+man1_MANS = $(manpages1_rst:%.rst=%.1)
+man7_MANS = $(manpages7_rst:%.rst=%.7)
+man8_MANS = $(manpages8_rst:%.rst=%.8)
+
+%.1: %.rst
+	$(AM_V_GEN)$(MKDIR_P) `dirname $@` && \
+	   grep -v '^\.\. contents::' < $< | \
+	   sed -e 's|SYSCONFDIR|$(sysconfdir)|g' \
+	       -e 's|RUNSTATEDIR|$(runstatedir)|g' | \
+	   $(RST2MAN) --strict > $@ || { rm $@ && exit 1; }
+
+%.7: %.rst
+	$(AM_V_GEN)$(MKDIR_P) `dirname $@` && \
+	   grep -v '^\.\. contents::' < $< | \
+	   sed -e 's|SYSCONFDIR|$(sysconfdir)|g' \
+	       -e 's|RUNSTATEDIR|$(runstatedir)|g' | \
+	   $(RST2MAN) --strict > $@ || { rm $@ && exit 1; }
+
+%.8: %.rst
+	$(AM_V_GEN)$(MKDIR_P) `dirname $@` && \
+	   grep -v '^\.\. contents::' < $< | \
+	   sed -e 's|SYSCONFDIR|$(sysconfdir)|g' \
+	       -e 's|RUNSTATEDIR|$(runstatedir)|g' | \
+	   $(RST2MAN) --strict > $@ || { rm $@ && exit 1; }
+
+manpages/virkeycode-%.rst: $(top_srcdir)/src/keycodemapdb/data/keymaps.csv \
+		$(top_srcdir)/src/keycodemapdb/tools/keymap-gen Makefile.am
+	$(AM_V_GEN)export NAME=`echo $@ | \
+		sed -e 's,manpages/virkeycode-,,' -e 's,\.rst,,'` && \
+		$(MKDIR_P) manpages/ && \
+		$(RUNUTF8) $(PYTHON) $(top_srcdir)/src/keycodemapdb/tools/keymap-gen \
+		code-docs \
+		--lang rst \
+		--title "virkeycode-$$NAME" \
+		--subtitle "Key code values for $$NAME" \
+		$(top_srcdir)/src/keycodemapdb/data/keymaps.csv $$NAME > $@
+
+manpages/virkeyname-%.rst: $(top_srcdir)/src/keycodemapdb/data/keymaps.csv \
+		$(top_srcdir)/src/keycodemapdb/tools/keymap-gen Makefile.am
+	$(AM_V_GEN)export NAME=`echo $@ | \
+		sed -e 's,manpages/virkeyname-,,' -e 's,\.rst,,'` && \
+		$(MKDIR_P) manpages/ && \
+		$(RUNUTF8) $(PYTHON) $(top_srcdir)/src/keycodemapdb/tools/keymap-gen \
+		name-docs \
+		--lang rst \
+		--title "virkeyname-$$NAME" \
+		--subtitle "Key name values for $$NAME" \
+		$(top_srcdir)/src/keycodemapdb/data/keymaps.csv $$NAME > $@
+
+manpagesdir = $(HTML_DIR)/manpages
+manpages_DATA = $(manpages_html)
+
 # Generate hvsupport.html and news.html first, since they take one extra step.
 dot_html_generated_in = \
  hvsupport.html.in \
  news.html.in
 dot_html_in = \
  $(notdir $(wildcard $(srcdir)/*.html.in))
+dot_rst = \
+  $(notdir $(wildcard $(srcdir)/*.rst))
+dot_rst_html_in = \
+  $(dot_rst:%.rst=%.html)
 dot_html = \
  $(dot_html_generated_in:%.html.in=%.html) \
-  $(dot_html_in:%.html.in=%.html)
+  $(dot_html_in:%.html.in=%.html) \
+  $(dot_rst_html_in:%.html.in=%.html)

 htmldir = $(HTML_DIR)
 html_DATA = $(css) $(png) $(gif) $(dot_html)
@@ -219,23 +349,22 @@ schemadir = $(pkgdatadir)/schemas
 schema_DATA = $(wildcard $(srcdir)/schemas/*.rng)

 EXTRA_DIST= \
-  apibuild.py genaclperms.pl \
  site.xsl subsite.xsl newapi.xsl page.xsl \
  wrapstring.xsl \
-  $(dot_html_in) $(gif) $(apipng) \
+  $(dot_html_in) $(dot_rst) $(gif) $(apipng) \
  $(fig) $(png) $(css) \
  $(javascript) $(logofiles) \
-  $(internals_html_in) $(fonts) \
-  $(kbase_html_in) \
+  $(internals_html_in) $(internals_rst) $(fonts) \
+  $(kbase_html_in) $(kbase_rst) \
+  $(manpages_rst) \
  aclperms.htmlinc \
-  hvsupport.pl \
  $(schema_DATA)

 acl_generated = aclperms.htmlinc

 aclperms.htmlinc: $(top_srcdir)/src/access/viraccessperm.h \
-        $(srcdir)/genaclperms.pl Makefile.am
-	$(AM_V_GEN)$(PERL) $(srcdir)/genaclperms.pl $< > $@
+        $(top_srcdir)/scripts/genaclperms.py Makefile.am
+	$(AM_V_GEN)$(RUNUTF8) $(PYTHON) $(top_srcdir)/scripts/genaclperms.py $< > $@

 CLEANFILES = \
  $(dot_html) \
@@ -245,6 +374,11 @@ CLEANFILES = \
  $(apilxchtml) \
  $(internals_html) \
  $(kbase_html) \
+  $(manpages_html) \
+  $(man1_MANS) \
+  $(man7_MANS) \
+  $(manpages7_rst) \
+  $(man8_MANS) \
  $(api_DATA) \
  $(dot_html_generated_in) \
  aclperms.htmlinc
@@ -258,12 +392,12 @@ timestamp="$(shell if test -n "$$SOURCE_DATE_EPOCH"; \

 hvsupport.html: hvsupport.html.in

-hvsupport.html.in: $(srcdir)/hvsupport.pl $(api_DATA) \
+hvsupport.html.in: $(top_srcdir)/scripts/hvsupport.py $(api_DATA) \
 		$(top_srcdir)/src/libvirt_public.syms \
 	$(top_srcdir)/src/libvirt_qemu.syms $(top_srcdir)/src/libvirt_lxc.syms \
 	$(top_srcdir)/src/driver.h
-	$(AM_V_GEN)$(PERL) $(srcdir)/hvsupport.pl $(top_srcdir) $(top_builddir) > $@ \
-		|| { rm $@ && exit 1; }
+	$(AM_V_GEN)$(RUNUTF8) $(PYTHON) $(top_srcdir)/scripts/hvsupport.py \
+		$(top_srcdir) $(top_builddir) > $@ || { rm $@ && exit 1; }

 news.html.in: \
 	  $(srcdir)/news.xml \
@@ -281,6 +415,17 @@ EXTRA_DIST += \
 %.png: %.fig
 	convert -rotate 90 $< $@

+manpages/%.html.in: manpages/%.rst
+	$(AM_V_GEN)$(MKDIR_P) `dirname $@` && \
+	 grep -v '^:Manual ' < $< | \
+	  sed -e 's|SYSCONFDIR|$(sysconfdir)|g' \
+	     -e 's|RUNSTATEDIR|$(runstatedir)|g' | \
+	  $(RST2HTML) --strict > $@ || { rm $@ && exit 1; }
+
+%.html.in: %.rst
+	$(AM_V_GEN)$(MKDIR_P) `dirname $@` && \
+	  $(RST2HTML) --strict $< > $@ || { rm $@ && exit 1; }
+
 %.html.tmp: %.html.in site.xsl subsite.xsl page.xsl \
 		$(acl_generated)
 	$(AM_V_GEN)name=`echo $@ | sed -e 's/.tmp//'`; \
@@ -311,16 +456,19 @@ html/index.html: libvirt-api.xml newapi.xsl page.xsl $(APIBUILD_STAMP)
 	$(AM_V_GEN)$(XSLTPROC) --nonet -o ./ \
 	  --stringparam builddir '$(abs_top_builddir)' \
 	  --stringparam timestamp $(timestamp) \
-	  $(srcdir)/newapi.xsl libvirt-api.xml && \
-	  $(XMLLINT) --nonet --noout html/*.html
+	  $(srcdir)/newapi.xsl libvirt-api.xml

 html/index-%.html: libvirt-%-api.xml newapi.xsl page.xsl $(APIBUILD_STAMP)
 	$(AM_V_GEN)$(XSLTPROC) --nonet -o ./ \
 	  --stringparam builddir '$(abs_top_builddir)' \
 	  --stringparam timestamp $(timestamp) \
 	  --stringparam indexfile $(@:html/%=%) \
-	  $(srcdir)/newapi.xsl $< && \
-	  $(XMLLINT) --nonet --noout html/*.html
+	  $(srcdir)/newapi.xsl $<
+
+check-html:
+	$(XMLLINT) --nonet --noout html/*.html
+
+check-local: check-html

 python_generated_files = \
 		html/libvirt-libvirt-lxc.html \
@@ -330,13 +478,13 @@ python_generated_files = \
 		$(api_DATA) \
 		$(NULL)

-APIBUILD=$(srcdir)/apibuild.py
+APIBUILD=$(top_srcdir)/scripts/apibuild.py
 APIBUILD_STAMP=apibuild.py.stamp
 CLEANFILES += $(APIBUILD_STAMP)

 $(python_generated_files): $(APIBUILD_STAMP)

-$(APIBUILD_STAMP): $(srcdir)/apibuild.py \
+$(APIBUILD_STAMP): $(top_srcdir)/scripts/apibuild.py \
 		$(top_srcdir)/include/libvirt/libvirt.h \
 		$(top_srcdir)/include/libvirt/libvirt-common.h.in \
 		$(top_srcdir)/include/libvirt/libvirt-domain-checkpoint.h \
--- a/docs/aclpolkit.html.in
+++ b/docs/aclpolkit.html.in
@@ -64,7 +64,7 @@
    </p>

    <h3><a id="object_connect">virConnectPtr</a></h3>
-    <table class="acl">
+    <table>
      <thead>
        <tr>
          <th>Attribute</th>
@@ -80,7 +80,7 @@
    </table>

    <h3><a id="object_domain">virDomainPtr</a></h3>
-    <table class="acl">
+    <table>
      <thead>
        <tr>
          <th>Attribute</th>
@@ -104,7 +104,7 @@
    </table>

    <h3><a id="object_interface">virInterfacePtr</a></h3>
-    <table class="acl">
+    <table>
      <thead>
        <tr>
          <th>Attribute</th>
@@ -128,7 +128,7 @@
    </table>

    <h3><a id="object_network">virNetworkPtr</a></h3>
-    <table class="acl">
+    <table>
      <thead>
        <tr>
          <th>Attribute</th>
@@ -152,7 +152,7 @@
    </table>

    <h3><a id="object_node_device">virNodeDevicePtr</a></h3>
-    <table class="acl">
+    <table>
      <thead>
        <tr>
          <th>Attribute</th>
@@ -172,7 +172,7 @@
    </table>

    <h3><a id="object_nwfilter">virNWFilterPtr</a></h3>
-    <table class="acl">
+    <table>
      <thead>
        <tr>
          <th>Attribute</th>
@@ -196,7 +196,7 @@
    </table>

    <h3><a id="object_secret">virSecretPtr</a></h3>
-    <table class="acl">
+    <table>
      <thead>
        <tr>
          <th>Attribute</th>
@@ -232,7 +232,7 @@
    </table>

    <h3><a id="object_storage_pool">virStoragePoolPtr</a></h3>
-    <table class="acl">
+    <table>
      <thead>
        <tr>
          <th>Attribute</th>
@@ -256,7 +256,7 @@
    </table>

    <h3><a id="object_storage_vol">virStorageVolPtr</a></h3>
-    <table class="acl">
+    <table>
      <thead>
        <tr>
          <th>Attribute</th>
@@ -317,7 +317,7 @@
    </p>

    <h3><a id="object_connect_driver">Connection Driver Name</a></h3>
-    <table class="acl">
+    <table>
      <thead>
        <tr>
          <th>Connection Driver</th>
@@ -365,10 +365,6 @@
          <td>openvz</td>
          <td>OPENVZ</td>
        </tr>
-        <tr>
-          <td>phyp</td>
-          <td>PHYP</td>
-        </tr>
        <tr>
          <td>qemu</td>
          <td>QEMU</td>
--- a/docs/api.html.in
+++ b/docs/api.html.in
@@ -330,7 +330,7 @@
    daemon through the <a href="remote.html">remote</a> driver via an
    <a href="internals/rpc.html">RPC</a>. Some hypervisors do support
    client-side connections and responses, such as Test, OpenVZ, VMware,
-    Power VM (phyp), VirtualBox (vbox), ESX, Hyper-V, Xen, and Virtuozzo.
+    VirtualBox (vbox), ESX, Hyper-V, Xen, and Virtuozzo.
    The libvirtd daemon service is started on the host at system boot
    time and can also be restarted at any time by a properly privileged
    user, such as root. The libvirtd daemon uses the same libvirt API
--- a/docs/apps.html.in
+++ b/docs/apps.html.in
@@ -224,7 +224,7 @@
      <dd>
        Eucalyptus is an on-premise Infrastructure as a Service cloud
        software platform that is open source and
-        AWS-compatible. Eucalyptus uses libivrt virtualization API to
+        AWS-compatible. Eucalyptus uses libvirt virtualization API to
        directly interact with Xen and KVM hypervisors.
      </dd>

--- a/docs/auditlog.html.in
+++ b/docs/auditlog.html.in
@@ -42,7 +42,7 @@
      In addition to have formal messages sent to the audit subsystem it is
      possible to tell libvirt to inject messages into its own logging
      layer. This will result in messages ending up in the systemd journal
-      or <code>/var/log/libvirt/libivrtd.log</code> on non-systemd hosts.
+      or <code>/var/log/libvirt/libvirtd.log</code> on non-systemd hosts.
      This is disabled by default, but can be requested by setting the
      <code>audit_logging=1</code> configuration parameter in the same file
      mentioned above.
--- a/docs/auth.html.in
+++ b/docs/auth.html.in
@@ -129,7 +129,7 @@ credentials=defgrp</pre>
      <li><code>libvirt</code> - used for connections to a libvirtd
        server, which is configured with SASL auth</li>
      <li><code>ssh</code> - used for connections to a Phyp server
-        over SSH</li>
+        over SSH, but the Phyp driver has been removed</li>
      <li><code>esx</code> - used for connections to an ESX or
        VirtualCenter server</li>
    </ol>
@@ -274,7 +274,7 @@ to turn on SASL auth in these listeners.
    </p>
    <p>
 Since the libvirt SASL config file defaults to using GSSAPI (Kerberos), a
-config change is rquired to enable plain password auth. This is done by
+config change is required to enable plain password auth. This is done by
 editting <code>/etc/sasl2/libvirt.conf</code> to set the <code>mech_list</code>
 parameter to <code>scram-sha-1</code>.
    </p>
@@ -317,7 +317,7 @@ in these scenarios - only the plain TCP listener needs encryption
 Some operating systems do not install the SASL kerberos plugin by default. It
 may be necessary to install a sub-package such as <code>cyrus-sasl-gssapi</code>.
 To check whether the Kerberos plugin is installed run the <code>pluginviewer</code>
-program and verify that <code>gssapi</code> is listed,eg:
+program and verify that <code>gssapi</code> is listed, e.g.:
 </p>
    <pre>
 # pluginviewer
@@ -359,7 +359,7 @@ kadmin.local: quit
    <p>
 Any client application wishing to connect to a Kerberos enabled libvirt server
 merely needs to run <code>kinit</code> to gain a user principal. This may well
-be done automatically when a user logs into a desktop session, if PAM is setup
+be done automatically when a user logs into a desktop session, if PAM is set up
 to authenticate against Kerberos.
 </p>
  </body>
--- a/docs/compiling.html.in
+++ b/docs/compiling.html.in
@@ -70,31 +70,6 @@ $ <b>sudo</b> <i>make install</i></pre>
      will turn on -Werror for builds. This can be disabled with
      --disable-werror, but this is not recommended.
    </p>
-    <p>
-      Libvirt takes advantage of
-      the <a href="http://www.gnu.org/software/gnulib/">gnulib</a>
-      project to provide portability to a number of platforms.  This
-      is normally done dynamically via a git submodule in
-      the <code>.gnulib</code> subdirectory, which is auto-updated as
-      needed when you do incremental builds.  Setting the environment
-      variable <code>GNULIB_SRCDIR</code> to a local directory
-      containing a git checkout of gnulib will let you reduce local
-      disk space requirements and network download time, regardless of
-      which actual commit you have in that reference directory.
-    </p>
-    <p>
-      However, if you are developing on a platform where git is not
-      available, or are behind a firewall that does not allow for git
-      to easily obtain the gnulib submodule, it is possible to instead
-      use a static mode of operation where you are then responsible
-      for updating the git submodule yourself.  In this mode, you must
-      track the exact gnulib commit needed by libvirt (usually not the
-      latest gnulib.git) via alternative means, such as a shared NFS
-      drive or manual download, and run this any time libvirt.git
-      updates the commit stored in the .gnulib submodule:</p>
-    <pre>
-$ GNULIB_SRCDIR=/path/to/gnulib ./autogen.sh --no-git
-    </pre>

    <p>To build &amp; install libvirt to your home
      directory the following commands can be run:
--- a/docs/daemons.rst
+++ b/docs/daemons.rst
@@ -0,0 +1,692 @@
+===============
+Libvirt Daemons
+===============
+
+.. contents::
+
+A libvirt deployment for accessing one of the stateful drivers will require
+one or more daemons to be deployed on the virtualization host. There are a
+number of ways the daemons can be configured which will be outlined in this
+page.
+
+Architectural options
+=====================
+
+Monolithic vs modular daemons
+-----------------------------
+
+Traditionally libvirt provided a single monolithic daemon called ``libvirtd``
+which exposed support for all the stateful drivers, both primary hypervisor
+drivers and secondary supporting drivers. It also enables secure remote access
+from clients running off host.
+
+Work is underway for the monolithic daemon to be replaced by a new set of
+modular daemons ``virt${DRIVER}d``, each one servicing a single stateful
+driver. A further ``virtproxyd`` daemon will provide secure remote access, as
+well as backcompatibility for clients using the UNIX socket path of the
+monolithic daemon.
+
+The change to modular daemons should not affect API functionality used by
+management applications. It will, however, have an impact on host provisioning
+tools since there are new systemd services and configuration files to be
+managed.
+
+Currently both monolithic and modular daemons are built by default, but the RPC
+client still prefers connecting to the monolithic daemon. It is intended to
+switch the RPC client to prefer the modular daemons in the near future. At
+least 1 year after this switch (but not more than 2 years), the monolithic
+daemon will be deleted entirely.
+
+Operating modes
+---------------
+
+The libvirt daemons, whether monolithic or modular, can often operate in two
+modes
+
+* *System mode* - the daemon is running as the root user account, enabling
+  access to its full range of functionality. A read-write connection to
+  daemons in system mode **typically implies privileges equivalent to having
+  a root shell**. Suitable `authentication mechanisms <auth.html>`__ **must
+  be enabled** to secure it against untrustworthy clients/users.
+
+* *Session mode* - the daemon is running as any non-root user account,
+  providing access to a more restricted range of functionality. Only client
+  apps/users running under **the same UID are permitted to connect**, thus a
+  connection does not imply any elevation of privileges.
+
+  Not all drivers support session mode and as such the corresponding
+  modular daemon may not support running in this mode
+
+
+Monolithic driver daemon
+========================
+
+The monolithic daemon is known as ``libvirtd`` and has historically been the
+default in libvirt. It is configured via the file ``/etc/libvirt/libvirtd.conf``
+
+
+Monolithic sockets
+------------------
+
+When running in system mode, ``libvirtd`` exposes three UNIX domain sockets, and
+optionally, one or two TCP sockets:
+
+* ``/var/run/libvirt/libvirt-sock`` - the primary socket for accessing libvirt
+  APIs, with full read-write privileges. A connection to this socket gives the
+  client privileges that are equivalent to having a root shell. This is the
+  socket that most management applications connect to by default.
+
+* ``/var/run/libvirt/libvirt-sock-ro`` - the secondary socket for accessing
+  libvirt APIs, with limited read-only privileges. A connection to this socket
+  gives the ability to query the existence of objects and monitor some aspects
+  of their operation. This is the socket that most management applications
+  connect to when requesting read only mode. Typically this is what a
+  monitoring app would use.
+
+* ``/var/run/libvirt/libvirt-admin-sock`` - the administrative socket for
+  controlling operation of the daemon itself (as opposed to drivers it is
+  running). This can be used to dynamically reconfigure some aspects of the
+  daemon and monitor/control connected clients.
+
+* ``TCP 16509`` - the non-TLS socket for remotely accessing the libvirt APIs,
+  with full read-write privileges. A connection to this socket gives the
+  client privileges that are equivalent to having a root shell. Since it does
+  not use TLS, an `authentication mechanism <auth.html>`__ that provides
+  encryption must be used. Only the GSSAPI/Kerberos mechanism is capable of
+  satisfying this requirement. In general applications should not use this
+  socket except for debugging in a development/test environment.
+
+* ``TCP 16514`` - the TLS socket for remotely accessing the libvirt APIs,
+  with full read-write privileges. A connection to this socket gives the
+  client privileges that are equivalent to having a root shell. Access control
+  can be enforced either through validation of `x509 certificates
+  <tlscerts.html>`__, and/or by enabling an `authentication mechanism
+  <auth.html>`__.
+
+NB, some distros will use ``/run`` instead of ``/var/run``.
+
+When running in session mode, ``libvirtd`` exposes two UNIX domain sockets:
+
+* ``$XDG_RUNTIME_DIR/libvirt/libvirt-sock`` - the primary socket for accessing
+  libvirt APIs, with full read-write privileges. A connection to this socket
+  does not alter the privileges that the client already has. This is the
+  socket that most management applications connect to by default.
+
+* ``$XDG_RUNTIME_DIR/libvirt/libvirt-admin-sock`` - the administrative socket
+  for controlling operation of the daemon itself (as opposed to drivers it is
+  running). This can be used to dynamically reconfigure some aspects of the
+  daemon and monitor/control connected clients.
+
+Notice that the session mode does not have a separate read-only socket. Since
+the clients must be running as the same user as the daemon itself, there is
+not any security benefit from attempting to enforce a read-only mode.
+
+``$XDG_RUNTIME_DIR`` commonly points to a per-user private location on tmpfs,
+such as ``/run/user/$UID``.
+
+
+Monolithic Systemd Integration
+------------------------------
+
+When the ``libvirtd`` daemon is managed by ``systemd`` a number of desirable
+features are available, most notably socket activation.
+
+Libvirt ships a number of unit files for controlling ``libvirtd``:
+
+* ``libvirtd.service`` - the main unit file for launching the ``libvirtd``
+  daemon in system mode. The command line arguments passed can be configured by
+  editing ``/etc/sysconfig/libvirtd``. This is typically only needed to control
+  the use of the auto shutdown timeout value. It is recommended that this
+  service unit be configured to start on boot. This is because various
+  libvirt drivers support autostart of their objects. If it is known that
+  autostart is not required, this unit can be left to start on demand.
+
+* ``libvirtd.socket`` - the unit file corresponding to the main read-write
+  UNIX socket ``/var/run/libvirt/libvirt-sock``. This socket is recommended to
+  be started on boot by default.
+
+* ``libvirtd-ro.socket`` - the unit file corresponding to the main read-write
+  UNIX socket ``/var/run/libvirt/libvirt-sock-ro``. This socket is recommended
+  to be started on boot by default.
+
+* ``libvirtd-admin.socket`` - the unit file corresponding to the administrative
+  UNIX socket ``/var/run/libvirt/libvirt-admin-sock``. This socket is
+  recommended to be started on boot by default.
+
+* ``libvirtd-tcp.socket`` - the unit file corresponding to the TCP 16509 port
+  for non-TLS remote access. This socket should not be configured to start on
+  boot until the administrator has configured a suitable authentication
+  mechanism.
+
+* ``libvirtd-tls.socket`` - the unit file corresponding to the TCP 16509 port
+  for TLS remote access. This socket should not be configured to start on boot
+  until the administrator has deployed x509 certificates and optionally
+  configured a suitable authentication mechanism.
+
+NB, some distros will use ``/etc/default`` instead of ``/etc/sysconfig``.
+
+The socket unit files are newly introduced in 5.6.0. On newly installed hosts
+the UNIX socket units should be enabled by default. When upgrading an existing
+host from a previous version of libvirt, the socket unit files will be masked
+if ``libvirtd`` is currently configured to use the ``--listen`` argument, since
+the ``--listen`` argument is mutually exclusive with use of socket activation.
+
+When systemd socket activation is used a number of configuration settings in
+``libvirtd.conf`` are no longer honoured. Instead these settings must be
+controlled via the system unit files
+
+* ``listen_tcp`` - TCP socket usage is enabled by starting the
+  ``libvirtd-tcp.socket`` unit file.
+
+* ``listen_tls`` - TLS socket usage is enabled by starting the
+  ``libvirtd-tls.socket`` unit file.
+
+* ``tcp_port`` - Port for the non-TLS TCP socket, controlled via the
+  ``ListenStream`` parameter in the ``libvirtd-tcp.socket`` unit file.
+
+* ``tls_port`` - Port for the TLS TCP socket, controlled via the
+  ``ListenStream`` parameter in the ``libvirtd-tls.socket`` unit file.
+
+* ``listen_addr`` - IP address to listen on, independently controlled via the
+  ``ListenStream`` parameter in the ``libvirtd-tcp.socket``  or
+  ``libvirtd-tls.socket`` unit files.
+
+* ``unix_sock_group`` - UNIX socket group owner, controlled via the
+  ``SocketGroup`` parameter in the ``libvirtd.socket`` and
+  ``libvirtd-ro.socket`` unit files
+
+* ``unix_sock_ro_perms`` - read-only UNIX socket permissions, controlled via the
+  ``SocketMode`` parameter in the ``libvirtd-ro.socket`` unit file
+
+* ``unix_sock_rw_perms`` - read-write UNIX socket permissions, controlled via
+  the ``SocketMode`` parameter in the ``libvirtd.socket`` unit file
+
+* ``unix_sock_admin_perms`` - admin UNIX socket permissions, controlled via the
+  ``SocketMode`` parameter in the ``libvirtd-admin.socket`` unit file
+
+* ``unix_sock_dir`` - directory in which all UNIX sockets are created
+  independently controlled via the ``ListenStream`` parameter in any of the
+  ``libvirtd.socket``, ``libvirtd-ro.socket`` and ``libvirtd-admin.socket`` unit
+  files.
+
+Systemd releases prior to version 227 lacked support for passing the activation
+socket unit names into the service. When using these old versions, the
+``tcp_port``, ``tls_port`` and ``unix_sock_dir`` settings in ``libvirtd.conf``
+must be changed in lock-step with the equivalent settings in the unit files to
+ensure that ``libvirtd`` can identify the sockets.
+
+
+Modular driver daemons
+======================
+
+The modular daemons are named after the driver which they are running, with
+the pattern ``virt${DRIVER}d`` and will become the default in future libvirt.
+They are configured via the files ``/etc/libvirt/virt${DRIVER}d.conf``
+
+The following modular daemons currently exist for hypervisor drivers
+
+* ``virtqemud`` - the QEMU management daemon, for running virtual machines
+  on UNIX platforms, optionally with KVM acceleration, in either system or
+  session mode
+* ``virtxend`` - the Xen management daemon, for running virtual machines
+  on the Xen hypervisor, in system mode only
+* ``virtlxcd`` - the Linux Container management daemon, for running LXC guests
+  in system mode only
+* ``virtbhyved`` - the BHyve management daemon, for running virtual machines
+  on FreeBSD with the BHyve hypervisor, in system mode.
+* ``virtvboxd`` - the VirtualBox management daemon, for running virtual machines
+  on UNIX platforms.
+
+The additional modular daemons service secondary drivers
+
+* ``virtinterfaced`` - the host NIC management daemon, in system mode only
+* ``virtnetworkd`` - the virtual network management daemon, in system mode only
+* ``virtnodedevd`` - the host physical device management daemon, in system mode
+  only
+* ``virtnwfilterd`` - the host firewall management daemon, in system mode only
+* ``virtsecretd`` - the host secret management daemon, in system or session mode
+* ``virtstoraged`` - the host storage management daemon, in system or session
+  mode
+
+
+Modular Sockets
+---------------
+
+When running in system mode, ``virt${DRIVER}d`` exposes three UNIX domain
+sockets:
+
+* ``/var/run/libvirt/virt${DRIVER}d-sock`` - the primary socket for accessing
+  libvirt APIs, with full read-write privileges. For many of the daemons, a
+  connection to this socket gives the client privileges that are equivalent to
+  having a root shell. This is the socket that most management applications
+  connect to by default.
+
+* ``/var/run/libvirt/virt${DRIVER}d-sock-ro`` - the secondary socket for
+  accessing libvirt APIs, with limited read-only privileges. A connection to
+  this socket gives the ability to query the existence of objects and monitor
+  some aspects of their operation. This is the socket that most management
+  applications connect to when requesting read only mode. Typically this is
+  what a monitoring app would use.
+
+* ``/var/run/libvirt/virt${DRIVER}d-admin-sock`` - the administrative socket for
+  controlling operation of the daemon itself (as opposed to drivers it is
+  running). This can be used to dynamically reconfigure some aspects of the
+  daemon and monitor/control connected clients.
+
+NB, some distros will use ``/run`` instead of ``/var/run``.
+
+When running in session mode, ``virt${DRIVER}d`` exposes two UNIX domain sockets:
+
+* ``$XDG_RUNTIME_DIR/libvirt/virt${DRIVER}d-sock`` - the primary socket for
+  accessing libvirt APIs, with full read-write privileges. A connection to this
+  socket does not alter the privileges that the client already has. This is the
+  socket that most management applications connect to by default.
+
+* ``$XDG_RUNTIME_DIR/libvirt/virt${DRIVER}d-admin-sock`` - the administrative
+  socket for controlling operation of the daemon itself (as opposed to drivers
+  it is running). This can be used to dynamically reconfigure some aspects of
+  the daemon and monitor/control connected clients.
+
+Notice that the session mode does not have a separate read-only socket. Since
+the clients must be running as the same user as the daemon itself, there is
+not any security benefit from attempting to enforce a read-only mode.
+
+``$XDG_RUNTIME_DIR`` commonly points to a per-user private location on tmpfs,
+such as ``/run/user/$UID``.
+
+Modular Systemd Integration
+---------------------------
+
+When the ``virt${DRIVER}d`` daemon is managed by ``systemd`` a number of
+desirable features are available, most notably socket activation.
+
+Libvirt ships a number of unit files for controlling ``virt${DRIVER}d``:
+
+* ``virt${DRIVER}d.service`` - the main unit file for launching the
+  ``virt${DRIVER}d`` daemon in system mode. The command line arguments passed
+  can be configured by editing ``/etc/sysconfig/virt${DRIVER}d``. This is
+  typically only needed to control the use of the auto shutdown timeout value.
+  It is recommended that this service unit be configured to start on boot.
+  This is because various libvirt drivers support autostart of their objects.
+  If it is known that autostart is not required, this unit can be left to start
+  on demand.
+
+* ``virt${DRIVER}d.socket`` - the unit file corresponding to the main read-write
+  UNIX socket ``/var/run/libvirt/virt${DRIVER}d-sock``. This socket is
+  recommended to be started on boot by default.
+
+* ``virt${DRIVER}d-ro.socket`` - the unit file corresponding to the main
+  read-write UNIX socket ``/var/run/libvirt/virt${DRIVER}d-sock-ro``. This
+  socket is recommended to be started on boot by default.
+
+* ``virt${DRIVER}d-admin.socket`` - the unit file corresponding to the
+  administrative UNIX socket ``/var/run/libvirt/virt${DRIVER}d-admin-sock``.
+  This socket is recommended to be started on boot by default.
+
+NB, some distros will use ``/etc/default`` instead of ``/etc/sysconfig``.
+
+The socket unit files are newly introduced in 5.6.0. On newly installed hosts
+the UNIX socket units should be enabled by default. When upgrading an existing
+host from a previous version of libvirt, the socket unit files will be masked
+if ``virt${DRIVER}d`` is currently configured to use the ``--listen`` argument,
+since the ``--listen`` argument is mutually exclusive with use of socket
+activation.
+
+When systemd socket activation is used a number of configuration settings in
+``virt${DRIVER}d.conf`` are no longer honoured. Instead these settings must be
+controlled via the system unit files:
+
+* ``unix_sock_group`` - UNIX socket group owner, controlled via the
+  ``SocketGroup`` parameter in the ``virt${DRIVER}d.socket`` and
+  ``virt${DRIVER}d-ro.socket`` unit files
+
+* ``unix_sock_ro_perms`` - read-only UNIX socket permissions, controlled via the
+  ``SocketMode`` parameter in the ``virt${DRIVER}d-ro.socket`` unit file
+
+* ``unix_sock_rw_perms`` - read-write UNIX socket permissions, controlled via
+  the ``SocketMode`` parameter in the ``virt${DRIVER}d.socket`` unit file
+
+* ``unix_sock_admin_perms`` - admin UNIX socket permissions, controlled via the
+  ``SocketMode`` parameter in the ``virt${DRIVER}d-admin.socket`` unit file
+
+* ``unix_sock_dir`` - directory in which all UNIX sockets are created
+  independently controlled via the ``ListenStream`` parameter in any of the
+  ``virt${DRIVER}d.socket``, ``virt${DRIVER}d-ro.socket`` and
+  ``virt${DRIVER}d-admin.socket`` unit files.
+
+Systemd releases prior to version 227 lacked support for passing the activation
+socket unit names into the service. When using these old versions, the
+``unix_sock_dir`` setting in ``virt${DRIVER}d.conf`` must be changed in
+lock-step with the equivalent setting in the unit files to ensure that
+``virt${DRIVER}d`` can identify the sockets.
+
+
+Switching to modular daemons
+----------------------------
+
+If a host is currently set to use the monolithic ``libvirtd`` daemon and needs
+to be migrated to the monolithic daemons a number of services need to be
+changed. The steps below outline the process on hosts using the systemd init
+service.
+
+While it is technically possible to do this while virtual machines are running,
+it is recommended that virtual machines be stopped or live migrated to a new
+host first.
+
+#. Stop the current monolithic daemon and its socket units
+
+   ::
+
+      $ systemctl stop libvirtd.service
+      $ systemctl stop libvirtd{,-ro,-admin,-tcp,-tls}.socket
+
+#. Disable future start of the monolithic daemon
+
+   ::
+
+      $ systemctl disable libvirtd.service
+      $ systemctl disable libvirtd{,-ro,-admin,-tcp,-tls}.socket
+
+   For stronger protection it is valid to use ``mask`` instead of ``disable``
+   too.
+
+#. Enable the new daemons for the particular virtualizationd driver desired,
+   and any of the secondary drivers to accompany it. The following example
+   enables the QEMU driver and all the secondary drivers:
+
+   ::
+
+      $ for drv in qemu interface network nodedev nwfilter secret storage
+        do
+          systemctl unmask virt${drv}d.service
+          systemctl unmask virt${drv}d{,-ro,-admin}.socket
+          systemctl enable virt${drv}d.service
+          systemctl enable virt${drv}d{,-ro,-admin}.socket
+	done
+
+#. Start the sockets for the same set of daemons. There is no need to start the
+   services as they will get started when the first socket connection is
+   established
+
+   ::
+
+      $ for drv in qemu network nodedev nwfilter secret storage
+        do
+          systemctl start virt${drv}d{,-ro,-admin}.socket
+	done
+
+#. If connections from remote hosts need to be supported the proxy daemon
+   must be enabled and started
+
+   ::
+
+      $ systemctl unmask virtproxyd.service
+      $ systemctl unmask virtproxyd{,-ro,-admin}.socket
+      $ systemctl enable virtproxyd.service
+      $ systemctl enable virtproxyd{,-ro,-admin}.socket
+      $ systemctl start virtproxyd{,-ro,-admin}.socket
+
+   The UNIX sockets allow for remote access using SSH tunneling. If ``libvirtd``
+   had TCP or TLS sockets configured, those should be started too
+
+   ::
+
+      $ systemctl unmask virtproxyd-tls.socket
+      $ systemctl enable virtproxyd-tls.socket
+      $ systemctl start virtproxyd-tls.socket
+
+
+Proxy daemon
+============
+
+The monolithic daemon is known as ``libvirtd`` and has historically been the
+default in libvirt. It is configured via the file ``/etc/libvirt/libvirtd.conf``
+
+
+Proxy sockets
+-------------
+
+When running in system mode, ``virtproxyd`` exposes three UNIX domain sockets,
+and optionally, one or two TCP sockets. These sockets are identical to those
+provided by the traditional ``libvirtd`` so refer to earlier documentation in
+this page.
+
+When running in session mode, ``virtproxyd`` exposes two UNIX domain sockets,
+which are again identical to those provided by ``libvirtd``.
+
+Proxy Systemd Integration
+-------------------------
+
+When the ``virtproxyd`` daemon is managed by ``systemd`` a number of desirable
+features are available, most notably socket activation.
+
+Libvirt ships a number of unit files for controlling ``virtproxyd``:
+
+* ``virtproxyd.service`` - the main unit file for launching the ``virtproxyd``
+  daemon in system mode. The command line arguments passed can be configured by
+  editing ``/etc/sysconfig/virtproxyd``. This is typically only needed to
+  control the use of the auto shutdown timeout value.
+
+* ``virtproxyd.socket`` - the unit file corresponding to the main read-write
+  UNIX socket ``/var/run/libvirt/libvirt-sock``. This socket is recommended to
+  be started on boot by default.
+
+* ``virtproxyd-ro.socket`` - the unit file corresponding to the main read-write
+  UNIX socket ``/var/run/libvirt/libvirt-sock-ro``. This socket is recommended
+  to be started on boot by default.
+
+* ``virtproxyd-admin.socket`` - the unit file corresponding to the
+  administrative UNIX socket ``/var/run/libvirt/libvirt-admin-sock``. This
+  socket is recommended to be started on boot by default.
+
+* ``virtproxyd-tcp.socket`` - the unit file corresponding to the TCP 16509 port
+  for non-TLS remote access. This socket should not be configured to start on
+  boot until the administrator has configured a suitable authentication
+  mechanism.
+
+* ``virtproxyd-tls.socket`` - the unit file corresponding to the TCP 16509 port
+  for TLS remote access. This socket should not be configured to start on boot
+  until the administrator has deployed x509 certificates and optionally
+  configured a suitable authentication mechanism.
+
+NB, some distros will use ``/etc/default`` instead of ``/etc/sysconfig``.
+
+The socket unit files are newly introduced in 5.6.0. On newly installed hosts
+the UNIX socket units should be enabled by default. When upgrading an existing
+host from a previous version of libvirt, the socket unit files will be masked
+if ``virtproxyd`` is currently configured to use the ``--listen`` argument, since
+the ``--listen`` argument is mutually exclusive with use of socket activation.
+
+When systemd socket activation is used a number of configuration settings in
+``virtproxyd.conf`` are no longer honoured. Instead these settings must be
+controlled via the system unit files. Refer to the earlier documentation on
+the ``libvirtd`` service socket configuration for further information.
+
+
+Logging daemon
+==============
+
+The ``virtlogd`` daemon provides a service for managing log files associated
+with QEMU virtual machines. The QEMU process is given one or more pipes, the
+other end of which are owned by the ``virtlogd`` daemon. It will then write
+data on those pipes to log files, while enforcing a maximum file size and
+performing log rollover at the size limit.
+
+Since the daemon holds open anoymous pipe file descriptors, it must never be
+stopped while any QEMU virtual machines are running. To enable software updates
+to be applied, the daemon is capable of re-executing itself while keeping all
+file descriptors open. This can be triggered by sending the daemon ``SIGUSR1``
+
+Logging Sockets
+---------------
+
+When running in system mode, ``virtlogd`` exposes two UNIX domain sockets:
+
+* ``/var/run/libvirt/virtlogd-sock`` - the primary socket for accessing
+  libvirt APIs, with full read-write privileges. Access to the socket is
+  restricted to the root user.
+
+* ``/var/run/libvirt/virtlogd-admin-sock`` - the administrative socket for
+  controlling operation of the daemon itself (as opposed to drivers it is
+  running). This can be used to dynamically reconfigure some aspects of the
+  daemon and monitor/control connected clients.
+
+NB, some distros will use ``/run`` instead of ``/var/run``.
+
+When running in session mode, ``virtlogd`` exposes two UNIX domain sockets:
+
+* ``$XDG_RUNTIME_DIR/libvirt/virtlogd-sock`` - the primary socket for
+  accessing libvirt APIs, with full read-write privileges. Access to the
+  socket is restricted to the unprivileged user running the daemon.
+
+* ``$XDG_RUNTIME_DIR/libvirt/virtlogd-admin-sock`` - the administrative
+  socket for controlling operation of the daemon itself (as opposed to drivers
+  it is running). This can be used to dynamically reconfigure some aspects of
+  the daemon and monitor/control connected clients.
+
+``$XDG_RUNTIME_DIR`` commonly points to a per-user private location on tmpfs,
+such as ``/run/user/$UID``.
+
+Logging Systemd Integration
+---------------------------
+
+When the ``virtlogd`` daemon is managed by ``systemd`` a number of desirable
+features are available, most notably socket activation.
+
+Libvirt ships a number of unit files for controlling ``virtlogd``:
+
+* ``virtlogd.service`` - the main unit file for launching the
+  ``virtlogd`` daemon in system mode. The command line arguments passed
+  can be configured by editing ``/etc/sysconfig/virtlogd``. This is
+  typically only needed to control the use of the auto shutdown timeout value.
+
+* ``virtlogd.socket`` - the unit file corresponding to the main read-write
+  UNIX socket ``/var/run/libvirt/virtlogd-sock``. This socket is recommended
+  to be started on boot by default.
+
+* ``virtlogd-admin.socket`` - the unit file corresponding to the administrative
+  UNIX socket ``/var/run/libvirt/virtlogd-admin-sock``. This socket is
+  recommended to be started on boot by default.
+
+NB, some distros will use ``/etc/default`` instead of ``/etc/sysconfig``.
+
+When systemd socket activation is used a number of configuration settings in
+``virtlogd.conf`` are no longer honoured. Instead these settings must be
+controlled via the system unit files:
+
+* ``unix_sock_group`` - UNIX socket group owner, controlled via the
+  ``SocketGroup`` parameter in the ``virtlogd.socket`` and
+  ``virtlogd-ro.socket`` unit files
+
+* ``unix_sock_ro_perms`` - read-only UNIX socket permissions, controlled via the
+  ``SocketMode`` parameter in the ``virtlogd-ro.socket`` unit file
+
+* ``unix_sock_rw_perms`` - read-write UNIX socket permissions, controlled via
+  the ``SocketMode`` parameter in the ``virtlogd.socket`` unit file
+
+* ``unix_sock_admin_perms`` - admin UNIX socket permissions, controlled via the
+  ``SocketMode`` parameter in the ``virtlogd-admin.socket`` unit file
+
+* ``unix_sock_dir`` - directory in which all UNIX sockets are created
+  independently controlled via the ``ListenStream`` parameter in any of the
+  ``virtlogd.socket`` and ``virtlogd-admin.socket`` unit files.
+
+Systemd releases prior to version 227 lacked support for passing the activation
+socket unit names into the service. When using these old versions, the
+``unix_sock_dir`` setting in ``virtlogd.conf`` must be changed in
+lock-step with the equivalent setting in the unit files to ensure that
+``virtlogd`` can identify the sockets.
+
+Locking daemon
+==============
+
+The ``virtlockd`` daemon provides a service for holding locks against file
+images and devices serving as backing storage for virtual disks. The locks
+will be held for as long as there is a QEMU process running with the disk
+open.
+
+To ensure continuity of locking, the daemon holds open anoymous file
+descriptors, it must never be stopped while any QEMU virtual machines are
+running. To enable software updates to be applied, the daemon is capable of
+re-executing itself while keeping all file descriptors open. This can be
+triggered by sending the daemon ``SIGUSR1``
+
+Locking Sockets
+---------------
+
+When running in system mode, ``virtlockd`` exposes two UNIX domain sockets:
+
+* ``/var/run/libvirt/virtlockd-sock`` - the primary socket for accessing
+  libvirt APIs, with full read-write privileges. Access to the socket is
+  restricted to the root user.
+
+* ``/var/run/libvirt/virtlockd-admin-sock`` - the administrative socket for
+  controlling operation of the daemon itself (as opposed to drivers it is
+  running). This can be used to dynamically reconfigure some aspects of the
+  daemon and monitor/control connected clients.
+
+NB, some distros will use ``/run`` instead of ``/var/run``.
+
+When running in session mode, ``virtlockd`` exposes two UNIX domain sockets:
+
+* ``$XDG_RUNTIME_DIR/libvirt/virtlockd-sock`` - the primary socket for
+  accessing libvirt APIs, with full read-write privileges. Access to the
+  socket is restricted to the unprivileged user running the daemon.
+
+* ``$XDG_RUNTIME_DIR/libvirt/virtlockd-admin-sock`` - the administrative
+  socket for controlling operation of the daemon itself (as opposed to drivers
+  it is running). This can be used to dynamically reconfigure some aspects of
+  the daemon and monitor/control connected clients.
+
+``$XDG_RUNTIME_DIR`` commonly points to a per-user private location on tmpfs,
+such as ``/run/user/$UID``.
+
+Locking Systemd Integration
+---------------------------
+
+When the ``virtlockd`` daemon is managed by ``systemd`` a number of desirable
+features are available, most notably socket activation.
+
+Libvirt ships a number of unit files for controlling ``virtlockd``:
+
+* ``virtlockd.service`` - the main unit file for launching the
+  ``virtlockd`` daemon in system mode. The command line arguments passed
+  can be configured by editing ``/etc/sysconfig/virtlockd``. This is
+  typically only needed to control the use of the auto shutdown timeout value.
+
+* ``virtlockd.socket`` - the unit file corresponding to the main read-write
+  UNIX socket ``/var/run/libvirt/virtlockd-sock``. This socket is recommended
+  to be started on boot by default.
+
+* ``virtlockd-admin.socket`` - the unit file corresponding to the administrative
+  UNIX socket ``/var/run/libvirt/virtlockd-admin-sock``. This socket is
+  recommended to be started on boot by default.
+
+NB, some distros will use ``/etc/default`` instead of ``/etc/sysconfig``.
+
+When systemd socket activation is used a number of configuration settings in
+``virtlockd.conf`` are no longer honoured. Instead these settings must be
+controlled via the system unit files:
+
+* ``unix_sock_group`` - UNIX socket group owner, controlled via the
+  ``SocketGroup`` parameter in the ``virtlockd.socket`` and
+  ``virtlockd-ro.socket`` unit files
+
+* ``unix_sock_ro_perms`` - read-only UNIX socket permissions, controlled via the
+  ``SocketMode`` parameter in the ``virtlockd-ro.socket`` unit file
+
+* ``unix_sock_rw_perms`` - read-write UNIX socket permissions, controlled via
+  the ``SocketMode`` parameter in the ``virtlockd.socket`` unit file
+
+* ``unix_sock_admin_perms`` - admin UNIX socket permissions, controlled via the
+  ``SocketMode`` parameter in the ``virtlockd-admin.socket`` unit file
+
+* ``unix_sock_dir`` - directory in which all UNIX sockets are created
+  independently controlled via the ``ListenStream`` parameter in any of the
+  ``virtlockd.socket`` and ``virtlockd-admin.socket`` unit files.
+
+Systemd releases prior to version 227 lacked support for passing the activation
+socket unit names into the service. When using these old versions, the
+``unix_sock_dir`` setting in ``virtlockd.conf`` must be changed in
+lock-step with the equivalent setting in the unit files to ensure that
+``virtlockd`` can identify the sockets.
--- a/docs/docs.html.in
+++ b/docs/docs.html.in
@@ -9,15 +9,24 @@
        <dt><a href="apps.html">Applications</a></dt>
        <dd>Applications known to use libvirt</dd>

+        <dt><a href="manpages/index.html">Manual pages</a></dt>
+        <dd>Manual pages for libvirt tools / daemons</dd>
+
        <dt><a href="windows.html">Windows</a></dt>
        <dd>Downloads for Windows</dd>

        <dt><a href="migration.html">Migration</a></dt>
        <dd>Migrating guests between machines</dd>

+        <dt><a href="daemons.html">Daemons</a></dt>
+        <dd>Overview of the daemons provided by libvirt</dd>
+
        <dt><a href="remote.html">Remote access</a></dt>
        <dd>Enable remote access over TCP</dd>

+        <dt><a href="tlscerts.html">TLS certs</a></dt>
+        <dd>Generate and deploy x509 certificates for TLS</dd>
+
        <dt><a href="auth.html">Authentication</a></dt>
        <dd>Configure authentication for the libvirt daemon</dd>

@@ -48,11 +57,27 @@
    <div class="panel">
      <h2>Application development</h2>
      <dl>
-        <dt><a href="devguide.html">Development Guide</a></dt>
-        <dd>A guide and reference for developing with libvirt</dd>
-
-        <dt><a href="virshcmdref.html">Virsh Commands</a></dt>
-        <dd>Command reference for virsh</dd>
+        <dt><a href="html/index.html">API reference</a></dt>
+        <dd>Reference manual for the C public API, split in
+          <a href="html/libvirt-libvirt-common.html">common</a>,
+          <a href="html/libvirt-libvirt-domain.html">domain</a>,
+          <a href="html/libvirt-libvirt-domain-checkpoint.html">domain checkpoint</a>,
+          <a href="html/libvirt-libvirt-domain-snapshot.html">domain snapshot</a>,
+          <a href="html/libvirt-virterror.html">error</a>,
+          <a href="html/libvirt-libvirt-event.html">event</a>,
+          <a href="html/libvirt-libvirt-host.html">host</a>,
+          <a href="html/libvirt-libvirt-interface.html">interface</a>,
+          <a href="html/libvirt-libvirt-network.html">network</a>,
+          <a href="html/libvirt-libvirt-nodedev.html">node device</a>,
+          <a href="html/libvirt-libvirt-nwfilter.html">network filter</a>,
+          <a href="html/libvirt-libvirt-secret.html">secret</a>,
+          <a href="html/libvirt-libvirt-storage.html">storage</a>,
+          <a href="html/libvirt-libvirt-stream.html">stream</a>
+          and
+          <a href="html/index-admin.html">admin</a>,
+          <a href="html/index-qemu.html">QEMU</a>,
+          <a href="html/index-lxc.html">LXC</a> libs
+        </dd>

        <dt><a href="bindings.html">Language bindings and API modules</a></dt>
        <dd>Bindings of the libvirt API for
@@ -82,7 +107,8 @@
          <a href="formatnode.html">node devices</a>,
          <a href="formatsecret.html">secrets</a>,
          <a href="formatsnapshot.html">snapshots</a>,
-          <a href="formatcheckpoint.html">checkpoints</a></dd>
+          <a href="formatcheckpoint.html">checkpoints</a>,
+          <a href="formatbackup.html">backup jobs</a></dd>

        <dt><a href="uri.html">URI format</a></dt>
        <dd>The URI formats used for connecting to libvirt</dd>
@@ -90,28 +116,6 @@
        <dt><a href="cgroups.html">CGroups</a></dt>
        <dd>Control groups integration</dd>

-        <dt><a href="html/index.html">API reference</a></dt>
-        <dd>Reference manual for the C public API, split in
-          <a href="html/libvirt-libvirt-common.html">common</a>,
-          <a href="html/libvirt-libvirt-domain.html">domain</a>,
-          <a href="html/libvirt-libvirt-domain-checkpoint.html">domain checkpoint</a>,
-          <a href="html/libvirt-libvirt-domain-snapshot.html">domain snapshot</a>,
-          <a href="html/libvirt-virterror.html">error</a>,
-          <a href="html/libvirt-libvirt-event.html">event</a>,
-          <a href="html/libvirt-libvirt-host.html">host</a>,
-          <a href="html/libvirt-libvirt-interface.html">interface</a>,
-          <a href="html/libvirt-libvirt-network.html">network</a>,
-          <a href="html/libvirt-libvirt-nodedev.html">node device</a>,
-          <a href="html/libvirt-libvirt-nwfilter.html">network filter</a>,
-          <a href="html/libvirt-libvirt-secret.html">secret</a>,
-          <a href="html/libvirt-libvirt-storage.html">storage</a>,
-          <a href="html/libvirt-libvirt-stream.html">stream</a>
-          and
-          <a href="html/index-admin.html">admin</a>,
-          <a href="html/index-qemu.html">QEMU</a>,
-          <a href="html/index-lxc.html">LXC</a> libs
-        </dd>
-
        <dt><a href="drivers.html">Drivers</a></dt>
        <dd>Hypervisor specific driver information</dd>

@@ -132,6 +136,9 @@
        <dt><a href="hacking.html">Contributor guidelines</a></dt>
        <dd>General hacking guidelines for contributors</dd>

+        <dt><a href="styleguide.html">Docs style guide</a></dt>
+        <dd>Style guidelines for reStructuredText docs</dd>
+
        <dt><a href="strategy.html">Project strategy</a></dt>
        <dd>Sets a vision for future direction &amp; technical choices</dd>

--- a/docs/downloads.html.in
+++ b/docs/downloads.html.in
@@ -61,7 +61,7 @@
        <tr>
          <td>Go</td>
          <td>
-            <a href="https://libvirt.org/sources/go/">libvirt</a>
+            <a href="https://libvirt.org/libvirt-go">libvirt</a>
          </td>
          <td>
            <a href="https://libvirt.org/git/?p=libvirt-go.git;a=summary">libvirt</a>
@@ -71,7 +71,7 @@
            <a href="https://github.com/libvirt/libvirt-go">github</a>
          </td>
          <td>
-            <a href="https://godoc.org/github.com/libvirt/libvirt-go">api ref</a>
+            <a href="https://godoc.org/libvirt.org/libvirt-go">api ref</a>
          </td>
        </tr>
        <tr>
@@ -165,7 +165,7 @@
        <tr>
          <td>Rust</td>
          <td>
-            <a href="https://libvirt.org/sources/rust/">libvirt</a>
+            <a href="https://crates.io/crates/virt">crates.io</a>
          </td>
          <td>
            <a href="https://libvirt.org/git/?p=libvirt-rust.git;a=summary">libvirt</a>
@@ -174,7 +174,9 @@
            <a href="https://gitlab.com/libvirt/libvirt-rust">gitlab</a>
            <a href="https://github.com/libvirt/libvirt-rust">github</a>
          </td>
-          <td></td>
+          <td>
+            <a href="https://docs.rs/virt">api ref</a>
+          </td>
        </tr>
        <tr>
          <th colspan="7">Integration modules</th>
@@ -196,7 +198,7 @@
        <tr>
          <td>Go XML</td>
          <td>
-            <a href="https://libvirt.org/sources/go/">libvirt</a>
+            <a href="https://libvirt.org/libvirt-go-xml">libvirt</a>
          </td>
          <td>
            <a href="https://libvirt.org/git/?p=libvirt-go-xml.git;a=summary">libvirt</a>
@@ -206,7 +208,7 @@
            <a href="https://github.com/libvirt/libvirt-go-xml">github</a>
          </td>
          <td>
-            <a href="https://godoc.org/github.com/libvirt/libvirt-go-xml">api ref</a>
+            <a href="https://godoc.org/libvirt.org/libvirt-go-xml">api ref</a>
          </td>
        </tr>
        <tr>
--- a/docs/drivers.html.in
+++ b/docs/drivers.html.in
@@ -8,6 +8,7 @@
      <li><a href="#hypervisor">Hypervisor drivers</a></li>
      <li><a href="storage.html">Storage drivers</a></li>
      <li><a href="drvnodedev.html">Node device driver</a></li>
+      <li><a href="drvsecret.html">Secret driver</a></li>
    </ul>

    <p>
@@ -34,7 +35,6 @@
      <li><strong><a href="drvvmware.html">VMware Workstation/Player</a></strong></li>
      <li><strong><a href="drvxen.html">Xen</a></strong></li>
      <li><strong><a href="drvhyperv.html">Microsoft Hyper-V</a></strong></li>
-      <li><strong><a href="drvphyp.html">IBM PowerVM (phyp)</a></strong></li>
      <li><strong><a href="drvvirtuozzo.html">Virtuozzo</a></strong></li>
      <li><strong><a href="drvbhyve.html">Bhyve</a></strong> - The BSD Hypervisor</li>
    </ul>
--- a/docs/drvphyp.html.in
+++ b/docs/drvphyp.html.in
@@ -1,50 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>IBM PowerVM hypervisor driver (phyp)</h1>
-    <ul id="toc"></ul>
-    <p>
-        The IBM PowerVM driver can manage both HMC and IVM PowerVM
-        guests.  VIOS connections are tunneled through HMC.
-    </p>
-
-
-    <h2><a id="project">Project Links</a></h2>
-    <ul>
-      <li>
-        The <a href="http://www-03.ibm.com/systems/power/software/virtualization/index.html">IBM
-        PowerVM</a> hypervisor
-      </li>
-    </ul>
-
-
-    <h2><a id="uri">Connections to the PowerVM driver</a></h2>
-    <p>
-        Some example remote connection URIs for the driver are:
-    </p>
-<pre>
-phyp://user@hmc/system (HMC connection)
-phyp://user@ivm/system (IVM connection)
-</pre>
-    <p>
-        <strong>Note</strong>: In contrast to other drivers, the
-        PowerVM (or phyp) driver is a client-side-only driver,
-        internally using ssh to connect to the specified hmc or ivm
-        server. Therefore, the <a href="remote.html">remote transport
-        mechanism</a> provided by the remote driver and libvirtd will
-        not work, and you cannot use URIs like
-        <code>phyp+ssh://example.com</code>.
-    </p>
-
-
-    <h3><a id="uriformat">URI Format</a></h3>
-    <p>
-        URIs have this general form (<code>[...]</code> marks an
-        optional part, <code>{...|...}</code> marks a mandatory choice).
-    </p>
-<pre>
-phyp://[username@]{hmc|ivm}/managed_system
-</pre>
-
-</body></html>
--- a/docs/drvqemu.html.in
+++ b/docs/drvqemu.html.in
@@ -63,6 +63,105 @@ qemu+tcp://example.com/system        (remote access, SASl/Kerberos)
 qemu+ssh://root@example.com/system   (remote access, SSH tunnelled)
 </pre>

+    <h3><a id="uriembedded">Embedded driver</a></h3>
+
+    <p>
+      Since 6.1.0 the QEMU driver has experimental support for operating
+      in an embedded mode. In this scenario, rather than connecting to
+      the libvirtd daemon, the QEMU driver runs in the client application
+      process directly. To use this the client application must have
+      registered &amp; be running an instance of the event loop. To open
+      the driver in embedded mode the app use the new URI path and specify
+      a virtual root directory under which the driver will create content.
+    </p>
+
+    <pre>
+      qemu:///embed?root=/some/dir
+    </pre>
+
+    <p>
+      Broadly speaking the range of functionality is intended to be
+      on a par with that seen when using the traditional system or
+      session libvirt connections to QEMU. The features will of course
+      differ depending on whether the application using the embedded
+      driver is running privileged or unprivileged. For example PCI
+      device assignment or TAP based networking are only available
+      when running privileged. While the embedded mode is still classed
+      as experimental some features may change their default settings
+      between releases.
+    </p>
+
+    <p>
+      By default if the application uses any APIs associated with
+      secondary drivers, these will result in a connection being
+      opened to the corresponding driver in libvirtd. For example,
+      this allows a virtual machine from the embedded QEMU to connect
+      its NIC to a virtual network or connect its disk to a storage
+      volume. Some of the secondary drivers will also be able to support
+      running in embedded mode. Currently this is supported by the
+      secrets driver, to allow for use of VMs with encrypted disks
+    </p>
+
+    <h4><a id="embedTree">Directory tree</a></h4>
+
+    <p>
+      Under the specified root directory the following locations will
+      be used
+    </p>
+
+    <pre>
+/some/dir
+  |
+  +- log
+  |   |
+  |   +- qemu
+  |   +- swtpm
+  |
+  +- etc
+  |   |
+  |   +- qemu
+  |   +- pki
+  |       |
+  |       +- qemu
+  |
+  +- run
+  |   |
+  |   +- qemu
+  |   +- swtpm
+  |
+  +- cache
+  |   |
+  |   +- qemu
+  |
+  +- lib
+      |
+      +- qemu
+      +- swtpm
+    </pre>
+
+    <p>
+      Note that UNIX domain sockets used for QEMU virtual machines had
+      a maximum filename length of 108 characters. Bear this in mind
+      when picking a root directory to avoid risk of exhausting the
+      filename space. The application is responsible for recursively
+      purging the contents of this directory tree once they no longer
+      require a connection, though it can also be left intact for reuse
+      when opening a future connection.
+    </p>
+
+    <h4><a id="embedAPI">API usage with event loop</a></h4>
+
+    <p>
+      To use the QEMU driver in embedded mode the application must
+      register an event loop with libvirt. Many of the QEMU driver
+      API calls will rely on the event loop processing data. With this
+      in mind, applications must <strong>NEVER</strong> invoke API
+      calls from the event loop thread itself, only other threads.
+      Not following this rule will lead to deadlocks in the API.
+      This restriction is intended to be lifted in a future release
+      of libvirt, once QMP processing moves to a dedicated thread.
+    </p>
+
    <h2><a id="security">Driver security architecture</a></h2>

    <p>
@@ -187,41 +286,29 @@ chmod o+x /path/to/directory
      </li>
    </ul>

+    <p>
+      The libvirt maintainers <strong>strongly recommend against</strong>
+      running QEMU as the root user/group. This should not be required
+      in most supported usage scenarios, as libvirt will generally do the
+      right thing to grant QEMU access to files it is permitted to
+      use when it is running non-root.
+    </p>
+
    <h3><a id="securitycap">Linux process capabilities</a></h3>

    <p>
-      The libvirt QEMU driver has a build time option allowing it to use
-      the <a href="http://people.redhat.com/sgrubb/libcap-ng/index.html">libcap-ng</a>
-      library to manage process capabilities. If this build option is
-      enabled, then the QEMU driver will use this to ensure that all
-      process capabilities are dropped before executing a QEMU virtual
-      machine. Process capabilities are what gives the 'root' account
-      its high power, in particular the CAP_DAC_OVERRIDE capability
-      is what allows a process running as 'root' to access files owned
-      by any user.
+      In versions of libvirt prior to 6.0.0, even if QEMU was configured
+      to run as the root user / group, libvirt would strip all process
+      capabilities. This meant that QEMU could only read/write files
+      owned by root, or with open permissions. In reality, stripping
+      capabilities did not have any security benefit, as it was trivial
+      to get commands to run in another context with full capabilities,
+      for example, by creating a cronjob.
    </p>
-
    <p>
-      If the QEMU driver is configured to run virtual machines as non-root,
-      then they will already lose all their process capabilities at time
-      of startup. The Linux capability feature is thus aimed primarily at
-      the scenario where the QEMU processes are running as root. In this
-      case, before launching a QEMU virtual machine, libvirtd will use
-      libcap-ng APIs to drop all process capabilities. It is important
-      for administrators to note that this implies the QEMU process will
-      <strong>only</strong> be able to access files owned by root, and
-      not files owned by any other user.
-    </p>
-
-    <p>
-      Thus, if a vendor / distributor has configured their libvirt package
-      to run as 'qemu' by default, a number of changes will be required
-      before an administrator can change a host to run guests as root.
-      In particular it will be necessary to change ownership on the
-      directories <code>/var/run/libvirt/qemu/</code>,
-      <code>/var/lib/libvirt/qemu/</code> and
-      <code>/var/cache/libvirt/qemu/</code> back to root, in addition
-      to changing the <code>/etc/libvirt/qemu.conf</code> settings.
+      Thus since 6.0.0, if QEMU is running as root, it will keep all
+      process capabilities. Behaviour when QEMU is running non-root
+      is unchanged, it still has no capabilities.
    </p>

    <h3><a id="securityselinux">SELinux basic confinement</a></h3>
@@ -352,7 +439,8 @@ chmod o+x /path/to/directory
    <p>
      While users can define their own AppArmor profile scheme, a typical
      configuration will include a profile for <code>/usr/sbin/libvirtd</code>,
-      <code>/usr/lib/libvirt/virt-aa-helper</code> (a helper program which the
+      <code>/usr/lib/libvirt/virt-aa-helper</code> or
+      <code>/usr/libexec/virt-aa-helper</code>(a helper program which the
      libvirtd daemon uses instead of manipulating AppArmor directly), and
      an abstraction to be included by <code>/etc/apparmor.d/libvirt/TEMPLATE</code>
      (typically <code>/etc/apparmor.d/abstractions/libvirt-qemu</code>).
--- a/docs/drvsecret.html.in
+++ b/docs/drvsecret.html.in
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+    <h1>Secret information management</h1>
+
+    <p>
+      The secrets driver in libvirt provides a simple interface for
+      storing and retrieving secret information.
+    </p>
+
+        <h2><a id="uris">Connections to SECRET driver</a></h2>
+
+    <p>
+    The libvirt SECRET driver is a multi-instance driver, providing a single
+    system wide privileged driver (the "system" instance), and per-user
+    unprivileged drivers (the "session" instance). A connection to the secret
+    driver is automatically available when opening a connection to one of the
+    stateful primary hypervisor drivers. It is none the less also possible to
+    explicitly open just the secret driver, using the URI protocol "secret"
+    Some example connection URIs for the driver are:
+    </p>
+
+<pre>
+secret:///session                      (local access to per-user instance)
+secret+unix:///session                 (local access to per-user instance)
+
+secret:///system                       (local access to system instance)
+secret+unix:///system                  (local access to system instance)
+secret://example.com/system            (remote access, TLS/x509)
+secret+tcp://example.com/system        (remote access, SASl/Kerberos)
+secret+ssh://root@example.com/system   (remote access, SSH tunnelled)
+</pre>
+
+    <h3><a id="uriembedded">Embedded driver</a></h3>
+
+    <p>
+      Since 6.1.0 the secret driver has experimental support for operating
+      in an embedded mode. In this scenario, rather than connecting to
+      the libvirtd daemon, the secret driver runs in the client application
+      process directly. To open the driver in embedded mode the app use the
+      new URI path and specify a virtual root directory under which the
+      driver will create content.
+    </p>
+
+    <pre>
+      secret:///embed?root=/some/dir
+    </pre>
+
+    <p>
+      Under the specified root directory the following locations will
+      be used
+    </p>
+
+    <pre>
+/some/dir
+  |
+  +- etc
+  |   |
+  |   +- secrets
+  |
+  +- run
+      |
+      +- secrets
+    </pre>
+
+    <p>
+      The application is responsible for recursively purging the contents
+      of this directory tree once they no longer require a connection,
+      though it can also be left intact for reuse when opening a future
+      connection.
+    </p>
+
+    <p>
+      The range of functionality is intended to be on a par with that
+      seen when using the traditional system or session libvirt connections
+      to QEMU. Normal practice would be to open the secret driver in embedded
+      mode any time one of the other drivers is opened in embedded mode so
+      that the two drivers can interact in-process.
+    </p>
+  </body>
+</html>
--- a/docs/format.html.in
+++ b/docs/format.html.in
@@ -27,6 +27,7 @@
      <li><a href="formatsecret.html">Secrets</a></li>
      <li><a href="formatsnapshot.html">Snapshots</a></li>
      <li><a href="formatcheckpoint.html">Checkpoints</a></li>
+      <li><a href="formatbackup.html">Backup jobs</a></li>
    </ul>

    <h2>Command line validation</h2>
--- a/docs/formatbackup.html.in
+++ b/docs/formatbackup.html.in
@@ -0,0 +1,184 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+    <h1>Backup XML format</h1>
+
+    <ul id="toc"></ul>
+
+    <h2><a id="BackupAttributes">Backup XML</a></h2>
+
+    <p>
+      Creating a backup, whether full or incremental, is done
+      via <code>virDomainBackupBegin()</code>, which takes an XML
+      description of the actions to perform, as well as an optional
+      second XML document <a href="formatcheckpoint.html">describing a
+      checkpoint</a> to create at the same point in time. See
+      also <a href="kbase/domainstatecapture.html">a comparison</a> between
+      the various state capture APIs.
+    </p>
+    <p>
+      There are two general modes for backups: a push mode (where the
+      hypervisor writes out the data to the destination file, which
+      may be local or remote), and a pull mode (where the hypervisor
+      creates an NBD server that a third-party client can then read as
+      needed, and which requires the use of temporary storage,
+      typically local, until the backup is complete).
+    </p>
+    <p>
+      The instructions for beginning a backup job are provided as
+      attributes and elements of the
+      top-level <code>domainbackup</code> element. This element
+      includes an optional attribute <code>mode</code> which can be
+      either "push" or "pull" (default
+      push). <code>virDomainBackupGetXMLDesc()</code> can be used to
+      see the actual values selected for elements omitted during
+      creation (for example, learning which port the NBD server is
+      using in the pull model or what file names libvirt generated
+      when none were supplied). The following child elements and attributes
+      are supported:
+    </p>
+    <dl>
+      <dt><code>incremental</code></dt>
+      <dd>An optional element giving the name of an existing
+        checkpoint of the domain, which will be used to make this
+        backup an incremental one. In the push model, only changes
+        since the named checkpoint are written to the destination. In
+        the pull model, the NBD server uses the
+        NBD_OPT_SET_META_CONTEXT extension to advertise to the client
+        which portions of the export contain changes since the named
+        checkpoint. If omitted, a full backup is performed.
+      </dd>
+      <dt><code>server</code></dt>
+      <dd>Present only for a pull mode backup. Contains the same
+        attributes as
+        the <a href="formatdomain.html#elementsDisks"><code>protocol</code>
+        element of a disk</a> attached via NBD in the domain (such as
+        transport, socket, name, port, or tls), necessary to set up an
+        NBD server that exposes the content of each disk at the time
+        the backup is started.
+      </dd>
+      <dt><code>disks</code></dt>
+      <dd>An optional listing of instructions for disks participating
+        in the backup (if omitted, all disks participate and libvirt
+        attempts to generate filenames by appending the current
+        timestamp as a suffix). If the entire element was omitted on
+        input, then all disks participate in the backup, otherwise,
+        only the disks explicitly listed which do not also
+        use <code>backup='no'</code> will participate. On output, this
+        is the state of each of the domain's disk in relation to the
+        backup operation.
+        <dl>
+          <dt><code>disk</code></dt>
+          <dd>This sub-element describes the backup properties of a
+            specific disk, with the following attributes and child
+            elements:
+            <dl>
+              <dt><code>name</code></dt>
+              <dd>A mandatory attribute which must match
+                the <code>&lt;target dev='name'/&gt;</code>
+                of one of
+                the <a href="formatdomain.html#elementsDisks">disk
+                devices</a> specified for the domain at the time of
+                the checkpoint.</dd>
+              <dt><code>backup</code></dt>
+              <dd>Setting this attribute to <code>yes</code>(default) specifies
+                that the disk should take part in the backup and using
+                <code>no</code> excludes the disk from the backup.</dd>
+              <dt><code>exportname</code></dt>
+              <dd>Allows modification of the NBD export name for the given disk.
+                By default equal to disk target.
+                Valid only for pull mode backups.</dd>
+              <dt><code>exportbitmap</code></dt>
+              <dd>Allows modification of the name of the bitmap describing dirty
+                blocks for an incremental backup exported via NBD export name
+                for the given disk.
+                Valid only for pull mode backups.</dd>
+              <dt><code>type</code></dt>
+              <dd>A mandatory attribute to describe the type of the
+                disk, except when <code>backup='no'</code> is
+                used. Valid values include <code>file</code>,
+                <code>block</code>, or <code>network</code>.
+                Similar to a disk declaration for a domain, the choice of type
+                controls what additional sub-elements are needed to describe
+                the destination (such as <code>protocol</code> for a
+                network destination).</dd>
+              <dt><code>target</code></dt>
+              <dd>Valid only for push mode backups, this is the
+                primary sub-element that describes the file name of
+                the backup destination, similar to
+                the <code>source</code> sub-element of a domain
+                disk. An optional sub-element <code>driver</code> can
+                also be used, with an attribute <code>type</code> to
+                specify a destination format different from
+                qcow2. </dd>
+              <dt><code>scratch</code></dt>
+              <dd>Valid only for pull mode backups, this is the
+                primary sub-element that describes the file name of
+                the local scratch file to be used in facilitating the
+                backup, and is similar to the <code>source</code>
+                sub-element of a domain disk. Currently only <code>file</code>
+                and <code>block</code> scratch storage is supported. The
+                <code>file</code> scratch file is created and deleted by
+                libvirt in the given location. A <code>block</code> scratch
+                device must exist prior to starting the backup and is formatted.
+                The block device must have enough space for the corresponding
+                disk data including format overhead.
+
+                If <code>VIR_DOMAIN_BACKUP_BEGIN_REUSE_EXTERNAL</code> flag is
+                used the file for a scratch of <code>file</code> type must
+                exist with the correct format and size to hold the copy and is
+                used without modification. The file is not deleted after the
+                backup but the contents of the file don't make sense outside
+                of the backup. The same applies for the block device which
+                must be formatted appropriately.</dd>
+            </dl>
+          </dd>
+        </dl>
+      </dd>
+    </dl>
+
+    <h2><a id="example">Examples</a></h2>
+
+    <p>Use <code>virDomainBackupBegin()</code> to perform a full
+      backup using push mode. The example lets libvirt pick the
+      destination and format for 'vda', fully specifies that we want a
+      raw backup of 'vdb', and omits 'vdc' from the operation.
+    </p>
+    <pre>
+&lt;domainbackup&gt;
+  &lt;disks&gt;
+    &lt;disk name='vda' backup='yes'/&gt;
+    &lt;disk name='vdb' type='file'&gt;
+      &lt;target file='/path/to/vdb.backup'/&gt;
+      &lt;driver type='raw'/&gt;
+    &lt;/disk&gt;
+    &lt;disk name='vdc' backup='no'/&gt;
+  &lt;/disks&gt;
+&lt;/domainbackup&gt;
+    </pre>
+
+    <p>If the previous full backup also passed a parameter describing
+      <a href="formatcheckpoint.html">checkpoint XML</a> that resulted
+      in a checkpoint named <code>1525889631</code>, we can make
+      another call to <code>virDomainBackupBegin()</code> to perform
+      an incremental backup of just the data changed since that
+      checkpoint, this time using the following XML to start a pull
+      model export of the 'vda' and 'vdb' disks, where a third-party
+      NBD client connecting to '/path/to/server' completes the backup
+      (omitting 'vdc' from the explicit list has the same effect as
+      the backup='no' from the previous example):
+    </p>
+    <pre>
+&lt;domainbackup mode="pull"&gt;
+  &lt;incremental&gt;1525889631&lt;/incremental&gt;
+  &lt;server transport="unix" socket="/path/to/server"/&gt;
+  &lt;disks&gt;
+    &lt;disk name='vda' backup='yes' type='file'&gt;
+      &lt;scratch file='/path/to/file1.scratch'/&gt;
+    &lt;/disk&gt;
+  &lt;/disks&gt;
+&lt;/domainbackup&gt;
+    </pre>
+  </body>
+</html>
--- a/docs/formatcaps.html.in
+++ b/docs/formatcaps.html.in
@@ -173,7 +173,7 @@
      &lt;/features&gt;
      &lt;model&gt;core2duo&lt;/model&gt;
      &lt;vendor&gt;Intel&lt;/vendor&gt;
-      &lt;topology sockets="1" cores="2" threads="1"/&gt;
+      &lt;topology sockets="1" dies="1" cores="2" threads="1"/&gt;
      &lt;feature name="lahf_lm"/&gt;
      &lt;feature name='xtpr'/&gt;
      ...
--- a/docs/formatcheckpoint.html.in
+++ b/docs/formatcheckpoint.html.in
@@ -28,12 +28,12 @@
      first checkpoint and the second backup operation), it is
      possible to do an offline reconstruction of the state of the
      disk at the time of the second backup without having to copy as
-      much data as a second full backup would require.  Future API
-      additions will make it possible to create checkpoints in
-      conjunction with a backup
-      via <code>virDomainBackupBegin()</code> or with an external
-      snapshot via <code>virDomainSnapshotCreateXML2</code>; but for
-      now, libvirt exposes enough support to create disk checkpoints
+      much data as a second full backup would require. Most disk
+      checkpoints are created in conjunction with a backup
+      via <code>virDomainBackupBegin()</code>, although a future API
+      addition of <code>virDomainSnapshotCreateXML2()</code> will also
+      make this possible when creating external snapshots; however,
+      libvirt also exposes enough support to create disk checkpoints
      independently from a backup operation
      via <code>virDomainCheckpointCreateXML()</code> <span class="since">since
      5.6.0</span>.  Likewise, the creation of checkpoints when
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -175,7 +175,11 @@
        and <a id="attributeOSTypeMachine"><code>machine</code></a> referring
        to the machine type. The <a href="formatcaps.html">Capabilities XML</a>
        provides details on allowed values for
-        these. <span class="since">Since 0.0.1</span></dd>
+        these. If <code>arch</code> is omitted then for most hypervisor
+        drivers, the host native arch will be chosen. For the <code>test</code>,
+        <code>ESX</code> and <code>VMWare</code> hypervisor drivers, however,
+        the <code>i686</code> arch will always be chosen even on an
+        <code>x86_64</code> host. <span class="since">Since 0.0.1</span></dd>
      <dt><a id="elementLoader"><code>loader</code></a></dt>
      <dd>The optional <code>loader</code> tag refers to a firmware blob,
        which is specified by absolute path,
@@ -1466,7 +1470,7 @@
 &lt;cpu match='exact'&gt;
  &lt;model fallback='allow'&gt;core2duo&lt;/model&gt;
  &lt;vendor&gt;Intel&lt;/vendor&gt;
-  &lt;topology sockets='1' cores='2' threads='1'/&gt;
+  &lt;topology sockets='1' dies='1' cores='2' threads='1'/&gt;
  &lt;cache level='3' mode='emulate'/&gt;
  &lt;feature policy='disable' name='lahf_lm'/&gt;
 &lt;/cpu&gt;
@@ -1475,7 +1479,7 @@
 <pre>
 &lt;cpu mode='host-model'&gt;
  &lt;model fallback='forbid'/&gt;
-  &lt;topology sockets='1' cores='2' threads='1'/&gt;
+  &lt;topology sockets='1' dies='1' cores='2' threads='1'/&gt;
 &lt;/cpu&gt;
 ...</pre>

@@ -1494,7 +1498,7 @@
 <pre>
 ...
 &lt;cpu&gt;
-  &lt;topology sockets='1' cores='2' threads='1'/&gt;
+  &lt;topology sockets='1' dies='1' cores='2' threads='1'/&gt;
 &lt;/cpu&gt;
 ...</pre>

@@ -1669,13 +1673,15 @@

      <dt><code>topology</code></dt>
      <dd>The <code>topology</code> element specifies requested topology of
-        virtual CPU provided to the guest. Three non-zero values have to be
-        given for <code>sockets</code>, <code>cores</code>, and
-        <code>threads</code>: total number of CPU sockets, number of cores per
-        socket, and number of threads per core, respectively. Hypervisors may
-        require that the maximum number of vCPUs specified by the
-        <code>cpus</code> element equals to the number of vcpus resulting
-        from the topology.</dd>
+        virtual CPU provided to the guest. Four attributes, <code>sockets</code>,
+        <code>dies</code>, <code>cores</code>, and <code>threads</code>,
+        accept non-zero positive integer values. They refer to the total number
+        of CPU sockets, number of dies per socket, number of cores per die, and
+        number of threads per core, respectively. The <code>dies</code>
+        attribute is optional and will default to 1 if omitted, while the other
+        attributes are all mandatory. Hypervisors may require that the maximum
+        number of vCPUs specified by the <code>cpus</code> element equals to
+        the number of vcpus resulting from the topology.</dd>

      <dt><code>feature</code></dt>
      <dd>The <code>cpu</code> element can contain zero or more
@@ -2226,7 +2232,7 @@
          <td>hint-dedicated</td>
          <td>Allows a guest to enable optimizations when running on dedicated vCPUs</td>
          <td>on, off</td>
-          <td><span class="since">5.7.0 (QEMU 2.12.1)</span></td>
+          <td><span class="since">5.7.0 (QEMU 2.12.0)</span></td>
        </tr>
      </table>
      </dd>
@@ -2458,11 +2464,11 @@
            The <code>name</code> attribute selects which timer is
            being modified, and can be one of
            "platform" (currently unsupported),
-            "hpet" (libxl, xen, qemu), "kvmclock" (qemu),
-            "pit" (qemu), "rtc" (qemu), "tsc" (libxl, qemu -
-            <span class="since">since 3.2.0</span>)
-            or "hypervclock"
-            (qemu - <span class="since">since 1.2.2</span>).
+            "hpet" (libxl, xen, qemu, lxc), "kvmclock" (qemu),
+            "pit" (qemu), "rtc" (qemu, lxc), "tsc" (libxl, qemu -
+            <span class="since">since 3.2.0</span>), "hypervclock"
+            (qemu - <span class="since">since 1.2.2</span>) or
+            "armvtimer" (qemu - <span class="since">since 6.1.0</span>).

            The <code>hypervclock</code> timer adds support for the
            reference time counter and the reference page for iTSC
@@ -2481,26 +2487,36 @@
            <p>
            The <code>tickpolicy</code> attribute determines what
            happens when QEMU misses a deadline for injecting a
-            tick to the guest:
+            tick to the guest. This can happen, for example, because the
+            guest was paused.
            </p>
            <dl>
              <dt><code>delay</code></dt>
-              <dd>Continue to deliver ticks at the normal rate.
-                The guest time will be delayed due to the late
-                tick</dd>
+              <dd>Continue to deliver ticks at the normal rate. The guest OS
+                will not notice anything is amiss, as from its point of view
+                time will have continued to flow normally. The time in the
+                guest should now be behind the time in the host by exactly
+                the amount of time during which ticks have been missed.</dd>
              <dt><code>catchup</code></dt>
-              <dd>Deliver ticks at a higher rate to catch up
-                with the missed tick. The guest time should
-                not be delayed once catchup is complete.</dd>
+              <dd>Deliver ticks at a higher rate to catch up with the missed
+                ticks. The guest OS will not notice anything is amiss, as
+                from its point of view time will have continued to flow
+                normally. Once the timer has managed to catch up with all
+                the missing ticks, the time in the guest and in the host
+                should match.</dd>
              <dt><code>merge</code></dt>
              <dd>Merge the missed tick(s) into one tick and
                inject. The guest time may be delayed, depending
                on how the OS reacts to the merging of ticks</dd>
              <dt><code>discard</code></dt>
-              <dd>Throw away the missed tick(s) and continue
-                with future injection normally. The guest time
-                may be delayed, unless the OS has explicit
-                handling of lost ticks</dd>
+              <dd>Throw away the missed ticks and continue with future
+                injection normally. The guest OS will see the timer jump
+                ahead by a potentially quite significant amount all at once,
+                as if the intervening chunk of time had simply not existed;
+                needless to say, such a sudden jump can easily confuse a
+                guest OS which is not specifically prepared to deal with it.
+                Assuming the guest OS can deal correctly with the time jump,
+                the time in the guest and in the host should now match.</dd>
            </dl>
            <p>If the policy is "catchup", there can be further details in
            the <code>catchup</code> sub-element.</p>
@@ -2833,6 +2849,11 @@
    &lt;driver name='qemu' type='raw'/&gt;
    &lt;source protocol="http" name="url_path"&gt;
      &lt;host name="hostname" port="80"/&gt;
+      &lt;cookies&gt;
+        &lt;cookie name="test"&gt;somevalue&lt;/cookie&gt;
+      &lt;/cookies&gt;
+      &lt;readahead size='65536'/&gt;
+      &lt;timeout seconds='6'/&gt;
    &lt;/source&gt;
    &lt;target dev='hde' bus='ide' tray='open'/&gt;
    &lt;readonly/&gt;
@@ -2841,6 +2862,7 @@
    &lt;driver name='qemu' type='raw'/&gt;
    &lt;source protocol="https" name="url_path"&gt;
      &lt;host name="hostname" port="443"/&gt;
+      &lt;ssl verify="no"/&gt;
    &lt;/source&gt;
    &lt;target dev='hdf' bus='ide' tray='open'/&gt;
    &lt;readonly/&gt;
@@ -2872,9 +2894,13 @@
  &lt;disk type='block' device='lun'&gt;
    &lt;driver name='qemu' type='raw'/&gt;
    &lt;source dev='/dev/sda'&gt;
+      &lt;slices&gt;
+        &lt;slice type='storage' offset='12345' size='123'/&gt;
+      &lt;/slices&gt;
      &lt;reservations managed='no'&gt;
        &lt;source type='unix' path='/path/to/qemu-pr-helper' mode='client'/&gt;
      &lt;/reservations&gt;
+    &lt;/source&gt;
    &lt;target dev='sda' bus='scsi'/&gt;
    &lt;address type='drive' controller='0' bus='0' target='3' unit='0'/&gt;
  &lt;/disk&gt;
@@ -2944,6 +2970,13 @@
    &lt;/backingStore&gt;
    &lt;target dev='vdd' bus='virtio'/&gt;
  &lt;/disk&gt;
+  &lt;disk type='nvme' device='disk'&gt;
+    &lt;driver name='qemu' type='raw'/&gt;
+    &lt;source type='pci' managed='yes' namespace='1'&gt;
+      &lt;address domain='0x0000' bus='0x01' slot='0x00' function='0x0'/&gt;
+    &lt;/source&gt;
+    &lt;target dev='vde' bus='virtio'/&gt;
+  &lt;/disk&gt;
 &lt;/devices&gt;
 ...</pre>

@@ -2957,7 +2990,8 @@
            Valid values are "file", "block",
            "dir" (<span class="since">since 0.7.5</span>),
            "network" (<span class="since">since 0.8.7</span>), or
-            "volume" (<span class="since">since 1.0.5</span>)
+            "volume" (<span class="since">since 1.0.5</span>), or
+            "nvme" (<span class="since">since 6.0.0</span>)
            and refer to the underlying source for the disk.
            <span class="since">Since 0.0.3</span>
            </dd>
@@ -3140,6 +3174,43 @@
              <span class="since">Since 1.0.5</span>
              </p>
              </dd>
+            <dt><code>nvme</code></dt>
+              <dd>
+              To specify disk source for NVMe disk the <code>source</code>
+              element has the following attributes:
+              <dl>
+                <dt><code>type</code></dt>
+                <dd>The type of address specified in <code>address</code>
+                sub-element. Currently, only <code>pci</code> value is
+                accepted.
+                </dd>
+
+                <dt><code>managed</code></dt>
+                <dd>This attribute instructs libvirt to detach NVMe
+                controller automatically on domain startup (<code>yes</code>)
+                or expect the controller to be detached by system
+                administrator (<code>no</code>).
+                </dd>
+
+                <dt><code>namespace</code></dt>
+                <dd>The namespace ID which should be assigned to the domain.
+                According to NVMe standard, namespace numbers start from 1,
+                including.
+                </dd>
+              </dl>
+
+              The difference between <code>&lt;disk type='nvme'&gt;</code>
+              and <code>&lt;hostdev/&gt;</code> is that the latter is plain
+              host device assignment with all its limitations (e.g. no live
+              migration), while the former makes hypervisor to run the NVMe
+              disk through hypervisor's block layer thus enabling all
+              features provided by the layer (e.g. snapshots, domain
+              migration, etc.). Moreover, since the NVMe disk is unbinded
+              from its PCI driver, the host kernel storage stack is not
+              involved (compared to passing say <code>/dev/nvme0n1</code> via
+              <code>&lt;disk type='block'&gt;</code> and therefore lower
+              latencies can be achieved.
+              </dd>
          </dl>
        With "file", "block", and "volume", one or more optional
        sub-elements <code>seclabel</code>, <a href="#seclabel">described
@@ -3302,6 +3373,51 @@
            initiator IQN needed to access the source via mandatory
            attribute <code>name</code>.
          </dd>
+          <dt><code>address</code></dt>
+          <dd>For disk of type <code>nvme</code> this element
+            specifies the PCI address of the host NVMe
+            controller.
+            <span class="since">Since 6.0.0</span>
+          </dd>
+          <dt><code>slices</code></dt>
+          <dd>The <code>slices</code> element using its <code>slice</code>
+            sub-elements allows configuring offset and size of either the
+            location of the image format (<code>slice type='storage'</code>)
+            inside the storage source or the guest data inside the image format
+            container (future expansion).
+
+            The <code>offset</code> and <code>size</code> values are in bytes.
+            <span class="since">Since 6.1.0</span>
+          </dd>
+          <dt><code>ssl</code></dt>
+          <dd>
+            For <code>https</code> and <code>ftps</code> accessed storage it's
+            possible to tweak the SSL transport parameters with this element.
+            The <code>verify</code> attribute allows to turn on or off SSL
+            certificate validation. Supported values are <code>yes</code> and
+            <code>no</code>. <span class="since">Since 6.2.0</span>
+          </dd>
+          <dt><code>cookies</code></dt>
+          <dd>
+            For <code>http</code> and <code>https</code> accessed storage it's
+            possible to pass one or more cookies. The cookie name and value
+            must conform to the HTTP specification.
+            <span class="since">Since 6.2.0</span>
+          </dd>
+          <dt><code>readahead</code></dt>
+          <dd>
+            Specifies the size of the readahead buffer for protocols
+            which support it. (all 'curl' based drivers in qemu). The size
+            is in bytes. Note that '0' is considered as if the value is not
+            provided.
+            <span class="since">Since 6.2.0</span>
+          </dd>
+          <dt><code>timeout</code></dt>
+          <dd>
+            Specifies the connection timeout for protocols which support it.
+            Note that '0' is considered as if the value is not provided.
+            <span class="since">Since 6.2.0</span>
+          </dd>
        </dl>

        <p>
@@ -3864,6 +3980,15 @@
    &lt;target dir='/import/from/host'/&gt;
    &lt;readonly/&gt;
  &lt;/filesystem&gt;
+  &lt;filesystem type='mount' accessmode='passthrough'&gt;
+      &lt;driver type='virtiofs' queue='1024'/&gt;
+      &lt;binary path='/usr/libexec/virtiofsd' xattr='on'&gt;
+         &lt;cache mode='always'/&gt;
+         &lt;lock posix='on' flock='on'/&gt;
+      &lt;/binary&gt;
+      &lt;source dir='/path'/&gt;
+      &lt;target dir='mount_tag'/&gt;
+  &lt;/filesystem&gt;
  ...
 &lt;/devices&gt;
 ...</pre>
@@ -3892,6 +4017,9 @@
        while the value <code>immediate</code> means that a host writeback
        is immediately triggered for all pages touched during a guest file
        write operation <span class="since">(since 0.9.10)</span>.
+        <span class="since">Since 6.2.0</span>, <code>type='virtiofs'</code>
+        is also supported. Using virtiofs requires setting up shared memory,
+        see the guide: <a href="kbase/virtiofs.html">Virtio-FS</a>
        </dd>
        <dt><code>template</code></dt>
        <dd>
@@ -3924,10 +4052,12 @@
          <span class="since"> (since 0.9.13)</span></dd>
        </dl>

-      The filesystem block has an optional attribute <code>accessmode</code>
+      The filesystem element has an optional attribute <code>accessmode</code>
      which specifies the security mode for accessing the source
      <span class="since">(since 0.8.5)</span>. Currently this only works
-      with <code>type='mount'</code> for the QEMU/KVM driver. The possible
+      with <code>type='mount'</code> for the QEMU/KVM driver.
+      For driver type <code>virtiofs</code>, only <code>passthrough</code> is
+      supported. For other driver types, the possible
      values are:

        <dl>
@@ -3954,13 +4084,20 @@
        </dd>
        </dl>

+      <p>
      <span class="since">Since 5.2.0</span>, the filesystem element
      has an optional attribute <code>model</code> with supported values
      "virtio-transitional", "virtio-non-transitional", or "virtio".
      See <a href="#elementsVirtioTransitional">Virtio transitional devices</a>
      for more details.
+      </p>
+
      </dd>

+      <p>
+      The <code>filesystem</code> element may contain the following subelements:
+      </p>
+
      <dt><code>driver</code></dt>
      <dd>
        The optional driver element allows specifying further details
@@ -3982,9 +4119,28 @@
          <a href="#elementsVirtio">Virtio-specific options</a> can also be
          set. (<span class="since">Since 3.5.0</span>)
          </li>
+          <li>
+            For <code>virtiofs</code>, the <code>queue</code> attribute can be used
+            to specify the queue size (i.e. how many requests can the queue fit).
+            (<span class="since">Since 6.2.0</span>)
+          </li>
        </ul>
      </dd>

+      <dt><code>binary</code></dt>
+      <dd>
+        The optional <code>binary</code> element can tune the options for virtiofsd.
+        All of the following attributes and elements are optional.
+        The attribute <code>path</code> can be used to override the path to the daemon.
+        Attribute <code>xattr</code> enables the use of filesystem extended attributes.
+        Caching can be tuned via the <code>cache</code> element, possible <code>mode</code>
+        values being <code>none</code> and <code>always</code>.
+        Locking can be controlled via the <code>lock</code>
+        element - attributes <code>posix</code> and <code>flock</code> both accepting
+        values <code>on</code> or <code>off</code>.
+        (<span class="since">Since 6.2.0</span>)
+      </dd>
+
      <dt><code>source</code></dt>
      <dd>
        The resource on the host that is being accessed in the guest. The
@@ -4148,6 +4304,16 @@
        attributes: <code>iobase</code> and <code>irq</code>.
        <span class="since">Since 1.2.1</span>
      </dd>
+      <dt><code>unassigned</code></dt>
+      <dd>For PCI hostdevs, <code>&lt;address type='unassigned'/&gt;</code>
+        allows the admin to include a PCI hostdev in the domain XML definition,
+        without making it available for the guest. This allows for configurations
+        in which Libvirt manages the device as a regular PCI hostdev,
+        regardless of whether the guest will have access to it.
+        <code>&lt;address type='unassigned'/&gt;</code> is an invalid address
+        type for all other device types.
+        <span class="since">Since 6.0.0</span>
+      </dd>
    </dl>

    <h4><a id="elementsVirtio">Virtio-related options</a></h4>
@@ -5806,6 +5972,107 @@
 &lt;/devices&gt;
 ...</pre>

+    <h5><a id="elementsTeaming">Teaming a virtio/hostdev NIC pair</a></h5>
+
+    <p>
+      <span class="since">Since 6.1.0 (QEMU and KVM only, requires
+        QEMU 4.2.0 or newer and a guest virtio-net driver supporting
+        the "failover" feature, such as the one included in Linux
+        kernel 4.18 and newer)
+      </span>
+      The <code>&lt;teaming&gt;</code> element of two interfaces can
+      be used to connect them as a team/bond device in the guest
+      (assuming proper support in the hypervisor and the guest
+      network driver).
+    </p>
+
+<pre>
+...
+&lt;devices&gt;
+  &lt;interface type='network'&gt;
+    &lt;source network='mybridge'/&gt;
+    &lt;mac address='00:11:22:33:44:55'/&gt;
+    &lt;model type='virtio'/&gt;
+    &lt;teaming type='persistent'/&gt;
+    &lt;alias name='ua-backup0'/&gt;
+  &lt;/interface&gt;
+  &lt;interface type='network'&gt;
+    &lt;source network='hostdev-pool'/&gt;
+    &lt;mac address='00:11:22:33:44:55'/&gt;
+    &lt;model type='virtio'/&gt;
+    &lt;teaming type='transient' persistent='ua-backup0'/&gt;
+  &lt;/interface&gt;
+&lt;/devices&gt;
+...</pre>
+
+    <p>
+      The <code>&lt;teaming&gt;</code> element required
+      attribute <code>type</code> will be set to
+      either <code>"persistent"</code> to indicate a device that
+      should always be present in the domain,
+      or <code>"transient"</code> to indicate a device that may
+      periodically be removed, then later re-added to the domain. When
+      type="transient", there should be a second attribute
+      to <code>&lt;teaming&gt;</code> called <code>"persistent"</code>
+      - this attribute should be set to the alias name of the other
+      device in the pair (the one that has <code>&lt;teaming
+      type="persistent'/&gt;</code>).
+    </p>
+    <p>
+      In the particular case of QEMU,
+      libvirt's <code>&lt;teaming&gt;</code> element is used to setup
+      a virtio-net "failover" device pair. For this setup, the
+      persistent device must be an interface with <code>&lt;model
+      type="virtio"/&gt;</code>, and the transient device must
+      be <code>&lt;interface type='hostdev'/&gt;</code>
+      (or <code>&lt;interface type='network'/&gt;</code> where the
+      referenced network defines a pool of SRIOV VFs). The guest will
+      then have a simple network team/bond device made of the virtio
+      NIC + hostdev NIC pair. In this configuration, the
+      higher-performing hostdev NIC will normally be preferred for all
+      network traffic, but when the domain is migrated, QEMU will
+      automatically unplug the VF from the guest, and then hotplug a
+      similar device once migration is completed; while migration is
+      taking place, network traffic will use the virtio NIC. (Of
+      course the emulated virtio NIC and the hostdev NIC must be
+      connected to the same subnet for bonding to work properly).
+    </p>
+    <p>
+      NB1: Since you must know the alias name of the virtio NIC when
+      configuring the hostdev NIC, it will need to be manually set in
+      the virtio NIC's configuration (as with all other manually set
+      alias names, this means it must start with "ua-").
+    </p>
+    <p>
+      NB2: Currently the only implementation of the guest OS
+      virtio-net driver supporting virtio-net failover requires that
+      the MAC addresses of the virtio and hostdev NIC must
+      match. Since that may not always be a requirement in the future,
+      libvirt doesn't enforce this limitation - it is up to the
+      person/management application that is creating the configuration
+      to assure the MAC addresses of the two devices match.
+    </p>
+    <p>
+      NB3: Since the PCI addresses of the SRIOV VFs on the hosts that
+      are the source and destination of the migration will almost
+      certainly be different, either higher level management software
+      will need to modify the <code>&lt;source&gt;</code> of the
+      hostdev NIC (<code>&lt;interface type='hostdev'&gt;</code>) at
+      the start of migration, or (a simpler solution) the
+      configuration will need to use a libvirt "hostdev" virtual
+      network that maintains a pool of such devices, as is implied in
+      the example's use of the libvirt network named "hostdev-pool" -
+      as long as the hostdev network pools on both hosts have the same
+      name, libvirt itself will take care of allocating an appropriate
+      device on both ends of the migration. Similarly the XML for the
+      virtio interface must also either work correctly unmodified on
+      both the source and destination of the migration (e.g. by
+      connecting to the same bridge device on both hosts, or by using
+      the same virtual network), or the management software must
+      properly modify the interface XML during migration so that the
+      virtio device remains connected to the same network segment
+      before and after migration.
+    </p>

    <h5><a id="elementsNICSMulticast">Multicast tunnel</a></h5>

@@ -6347,6 +6614,37 @@ qemu-kvm -net nic,model=? /dev/null
      traffic for that VLAN will be tagged.
    </p>

+    <h5><a id="elementPort">Isolating guests's network traffic from each other</a></h5>
+
+<pre>
+...
+&lt;devices&gt;
+  &lt;interface type='network'&gt;
+    &lt;source network='default'/&gt;
+    <b>&lt;port isolated='yes'/&gt;</b>
+  &lt;/interface&gt;
+&lt;/devices&gt;
+...</pre>
+
+    <p>
+      <span class="since">Since 6.1.0.</span> The <code>port</code>
+      element property <code>isolated</code>, when set
+      to <code>yes</code> (default setting is <code>no</code>) is used
+      to isolate this interface's network traffic from that of other
+      guest interfaces connected to the same network that also
+      have <code>&lt;port isolated='yes'/&gt;</code>.  This setting is
+      only supported for emulated interface devices that use a
+      standard tap device to connect to the network via a Linux host
+      bridge. This property can be inherited from a libvirt network,
+      so if all guests that will be connected to the network should be
+      isolated, it is better to put the setting in the network
+      configuration. (NB: this only prevents guests that
+      have <code>isolated='yes'</code> from communicating with each
+      other; if there is a guest on the same bridge that doesn't
+      have <code>isolated='yes'</code>, even the isolated guests will
+      be able to communicate with it.)
+    </p>
+
    <h5><a id="elementLink">Modifying virtual link state</a></h5>
 <pre>
 ...
@@ -7342,7 +7640,10 @@ qemu-kvm -net nic,model=? /dev/null
      <span class="since">since 4.7.0</span>, <code>16550a</code> (usable
      with the <code>system-serial</code> target type);
      <code>sclpconsole</code> and <code>sclplmconsole</code> (usable with
-      the <code>sclp-serial</code> target type).
+      the <code>sclp-serial</code> target type). Providing a target model is
+      usually unnecessary: libvirt will automatically pick one that's suitable
+      for the chosen target type, and overriding that value is generally not
+      recommended.
    </p>

    <p>
@@ -7488,7 +7789,8 @@ qemu-kvm -net nic,model=? /dev/null
      for early boot logging / interactive / recovery use, and one
      paravirtualized serial console to be used eg. as a side channel. Most
      people will be fine with having just the first <code>console</code>
-      element in their configuration.
+      element in their configuration, but if a specific configuration is
+      desired then both elements should be specified.
    </p>

    <p>
@@ -8192,6 +8494,8 @@ qemu-kvm -net nic,model=? /dev/null
      &lt;source mode='bind' service='1234'/&gt;
      &lt;source mode='connect' host='1.2.3.4' service='1234'/&gt;
    &lt;/backend&gt;
+    &lt;!-- OR --&gt;
+    &lt;backend model='builtin'/&gt;
  &lt;/rng&gt;
 &lt;/devices&gt;
 ...
@@ -8256,6 +8560,14 @@ qemu-kvm -net nic,model=? /dev/null
              for more information.
            </p>
          </dd>
+          <dt><code>builtin</code></dt>
+          <dd>
+            <p>
+              This backend uses qemu builtin random generator, which uses
+              <code>getrandom()</code> syscall as the source of entropy.
+              (<span class="since">Since 6.1.0 and QEMU 4.2</span>)
+            </p>
+          </dd>
        </dl>
      </dd>
      <dt><code>driver</code></dt>
@@ -8330,10 +8642,13 @@ qemu-kvm -net nic,model=? /dev/null
        <p>
          The <code>model</code> attribute specifies what device
          model QEMU provides to the guest. If no model name is provided,
-          <code>tpm-tis</code> will automatically be chosen.
+          <code>tpm-tis</code> will automatically be chosen for non-PPC64
+          architectures.
          <span class="since">Since 4.4.0</span>, another available choice
          is the <code>tpm-crb</code>, which should only be used when the
-          backend device is a TPM 2.0.
+          backend device is a TPM 2.0. <span class="since">Since 6.1.0</span>,
+          pSeries guests on PPC64 are supported and the default is
+          <code>tpm-spapr</code>.
        </p>
      </dd>
      <dt><code>backend</code></dt>
@@ -8584,6 +8899,7 @@ qemu-kvm -net nic,model=? /dev/null
    &lt;/target&gt;
  &lt;/memory&gt;
  &lt;memory model='nvdimm'&gt;
+    &lt;uuid&gt;
    &lt;source&gt;
      &lt;path&gt;/tmp/nvdimm&lt;/path&gt;
    &lt;/source&gt;
@@ -8597,6 +8913,7 @@ qemu-kvm -net nic,model=? /dev/null
    &lt;/target&gt;
  &lt;/memory&gt;
  &lt;memory model='nvdimm' access='shared'&gt;
+    &lt;uuid&gt;
    &lt;source&gt;
      &lt;path&gt;/dev/dax0.0&lt;/path&gt;
      &lt;alignsize unit='KiB'&gt;2048&lt;/alignsize&gt;
@@ -8652,6 +8969,17 @@ qemu-kvm -net nic,model=? /dev/null
        </p>
      </dd>

+      <dt><code>uuid</code></dt>
+      <dd>
+        <p>
+          For pSeries guests, an uuid can be set to identify the
+          nvdimm module. If absent, libvirt will generate an uuid.
+          automatically. This attribute is allowed only for
+          <code>model='nvdimm'</code> for pSeries guests.
+          <span class="since">Since 6.2.0</span>
+        </p>
+      </dd>
+
      <dt><code>source</code></dt>
      <dd>
        <p>
@@ -8740,12 +9068,13 @@ qemu-kvm -net nic,model=? /dev/null
          <dt><code>label</code></dt>
          <dd>
            <p>
-              For NVDIMM type devices one can optionally use
-              <code>label</code> and its subelement <code>size</code>
-              to configure the size of namespaces label storage
-              within the NVDIMM module. The <code>size</code> element
-              has usual meaning described
+              For NVDIMM type devices one can use <code>label</code> and its
+              subelement <code>size</code> to configure the size of
+              namespaces label storage within the NVDIMM module. The
+              <code>size</code> element has usual meaning described
              <a href="#elementsMemoryAllocation">here</a>.
+              <code>label</code> is mandatory for pSeries guests and optional
+              for all other architectures.
              For QEMU domains the following restrictions apply:
            </p>
            <ol>
@@ -8946,7 +9275,8 @@ qemu-kvm -net nic,model=? /dev/null
      </dd>
      <dt><code>model</code></dt>
      <dd>A valid security model name, matching the currently
-        activated security model
+      activated security model. Model <code>dac</code> is not available
+      when guest is run by unprivileged user.
      </dd>
      <dt><code>relabel</code></dt>
      <dd>Either <code>yes</code> or <code>no</code>. This must always
--- a/docs/formatdomaincaps.html.in
+++ b/docs/formatdomaincaps.html.in
@@ -481,6 +481,7 @@
      &lt;enum name='backendModel'&gt;
        &lt;value&gt;random&lt;/value&gt;
        &lt;value&gt;egd&lt;/value&gt;
+        &lt;value&gt;builtin&lt;/value&gt;
      &lt;/enum&gt;
    &lt;/rng&gt;
    ...
@@ -517,6 +518,7 @@
    &lt;vmcoreinfo supported='yes'/&gt;
    &lt;genid supported='yes'/&gt;
    &lt;backingStoreInput supported='yes'/&gt;
+    &lt;backup supported='yes'/&gt;
    &lt;sev&gt;
      &lt;cbitpos&gt;47&lt;/cbitpos&gt;
      &lt;reduced-phys-bits&gt;1&lt;/reduced-phys-bits&gt;
@@ -560,6 +562,16 @@
    the disk to a running guest, or similar.
    </p>

+    <h4><a id="featureBackup">backup</a></h4>
+
+    <p>Reports whether the hypervisor supports the backup, checkpoint, and
+    related features. (<code>virDomainBackupBegin</code>,
+    <code>virDomainCheckpointCreateXML</code> etc). The presence of the
+    <code>backup</code> element even if <code>supported='no'</code> implies that
+    the <code>VIR_DOMAIN_UNDEFINE_CHECKPOINTS_METADATA</code> flag for
+    <code>virDomainUndefine</code> is supported.
+    </p>
+
    <h4><a id="elementsSEV">SEV capabilities</a></h4>

    <p>AMD Secure Encrypted Virtualization (SEV) capabilities are exposed under
--- a/docs/formatnetwork.html.in
+++ b/docs/formatnetwork.html.in
@@ -548,10 +548,10 @@
        (<span class="since">since 0.9.4</span>). Setting
        <code>bandwidth</code> for a network is supported only
        for networks with a <code>&lt;forward&gt;</code> mode
-        of <code>route</code>, <code>nat</code>, or no mode at all
-        (i.e. an "isolated" network). Setting <code>bandwidth</code>
-        is <b>not</b> supported for forward modes
-        of <code>bridge</code>, <code>passthrough</code>, <code>private</code>,
+        of <code>route</code>, <code>nat</code>, <code>bridge</code>,
+        or no mode at all (i.e. an "isolated" network). Setting
+        <code>bandwidth</code> is <b>not</b> supported for forward modes
+        <code>passthrough</code>, <code>private</code>,
        or <code>hostdev</code>. Attempts to do this will lead to
        a failure to define the network or to create a transient network.
      </p>
@@ -631,7 +631,7 @@
          goes through one point where QoS decisions can take place, hence
          why this attribute works only for virtual networks for now
          (that is <code>&lt;interface type='network'/&gt;</code> with a
-          forward type of route, nat, or no forward at all). Moreover, the
+          forward type of route, nat, open or no forward at all). Moreover, the
          virtual network the interface is connected to is required to have
          at least inbound QoS set (<code>average</code> at least). If
          using the <code>floor</code> attribute users don't need to specify
@@ -729,6 +729,31 @@
      or <code>&lt;interface&gt;</code>.
    </p>

+    <h5><a id="elementPort">Isolating ports from one another</a></h5>
+
+<pre>
+&lt;network&gt;
+  &lt;name&gt;isolated-ports&lt;/name&gt;
+  &lt;forward mode='bridge'/&gt;
+  &lt;bridge name='br0'/&gt;
+  &lt;port isolated='yes'/&gt;
+&lt;/network&gt;
+</pre>
+
+    <p>
+      <span class="since">Since 6.1.0.</span> The <code>port</code>
+      element property <code>isolated</code>, when set
+      to <code>yes</code> (default setting is <code>no</code>) is used
+      to isolate the network traffic of each guest on the network from
+      all other guests connected to the network; it does not have an
+      effect on communication between the guests and the host, or
+      between the guests and destinations beyond this network. This
+      setting is only supported for networks that use a Linux host
+      bridge to connect guest interfaces via a standard tap device
+      (i.e. those with a forward mode of nat, route, open, bridge, or
+      no forward mode).
+    </p>
+
    <h5><a id="elementsPortgroup">Portgroups</a></h5>

 <pre>
--- a/docs/formatnetworkport.html.in
+++ b/docs/formatnetworkport.html.in
@@ -84,6 +84,7 @@
    &lt;outbound average='128' peak='256' burst='256'/&gt;
  &lt;/bandwidth&gt;
  &lt;rxfilters trustGuest='yes'/&gt;
+  &lt;port isolated='yes'/&gt;
  &lt;virtualport type='802.1Qbg'&gt;
    &lt;parameters managerid='11' typeid='1193047' typeidversion='2'/&gt;
  &lt;/virtualport&gt;
@@ -110,6 +111,16 @@
        only supported for the virtio device model and for macvtap
        connections on the host.
      </dd>
+      <dt><code>port</code></dt>
+      <dd> <span class="since">Since 6.1.0.</span>
+        The <code>port</code> element property
+        <code>isolated</code>, when set to <code>yes</code> (default
+        setting is <code>no</code>) is used to isolate this port's
+        network traffic from other ports on the same network that also
+        have <code>&lt;port isolated='yes'/&gt;</code>. This setting
+        is only supported for emulated network devices connected to a
+        Linux host bridge via a standard tap device.
+      </dd>
      <dt><code>virtualport</code></dt>
      <dd>The <code>virtualport</code> element describes metadata that
        needs to be provided to the underlying network subsystem. It
--- a/docs/formatsecret.html.in
+++ b/docs/formatsecret.html.in
@@ -76,13 +76,13 @@
    <pre>
 # virsh secret-define volume-secret.xml
 Secret 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f created
-#
-# MYSECRET=`printf %s "open sesame" | base64`
-# virsh secret-set-value 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f $MYSECRET
-Secret value set
-#
    </pre>

+    <p>
+      See <a href="#settingSecrets">virsh secret-set-value</a> on how
+      to set the value of the secret.
+    </p>
+
    <p>
      The volume type secret can be supplied either in volume XML during
      creation of a <a href="formatstorage.html#StorageVol">storage volume</a>
@@ -103,12 +103,11 @@ Secret value set

 # virsh secret-define luks-secret.xml
 Secret f52a81b2-424e-490c-823d-6bd4235bc57 created
-#
-# MYSECRET=`printf %s "letmein" | base64`
-# virsh secret-set-value f52a81b2-424e-490c-823d-6bd4235bc57 $MYSECRET
-Secret value set
-#
    </pre>
+    <p>
+      See <a href="#settingSecrets">virsh secret-set-value</a> on how
+      to set the value of the secret.
+    </p>

    <p>
      The volume type secret can be supplied in domain XML for a luks storage
@@ -156,13 +155,11 @@ Secret 1b40a534-8301-45d5-b1aa-11894ebb1735 created
 UUID                                 Usage
 -----------------------------------------------------------
 1b40a534-8301-45d5-b1aa-11894ebb1735 cephx ceph_example
-#
-# CEPHPHRASE=`printf %s "pass phrase" | base64`
-# virsh secret-set-value 1b40a534-8301-45d5-b1aa-11894ebb1735 $CEPHPHRASE
-Secret value set
-
-#
    </pre>
+    <p>
+      See <a href="#settingSecrets">virsh secret-set-value</a> on how
+      to set the value of the secret.
+    </p>

    <p>
      The ceph secret can then be used by UUID or by the
@@ -229,7 +226,9 @@ incominguser myname mysecret

    <p>
      Next, use <code>virsh secret-define iscsi-secret.xml</code> to define
-      the secret and <code>virsh secret-set-value</code> using the generated
+      the secret and
+      <code><a href="#settingSecrets">virsh secret-set-value</a></code>
+      using the generated
      UUID value and a base64 generated secret value in order to define the
      chosen secret pass phrase.  The pass phrase must match the password
      used in the iSCSI authentication configuration file.
@@ -243,12 +242,13 @@ Secret c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 created
 -----------------------------------------------------------
 c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 iscsi libvirtiscsi

-# MYSECRET=`printf %s "mysecret" | base64`
-# virsh secret-set-value c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 $MYSECRET
-Secret value set
-#
    </pre>

+    <p>
+      See <a href="#settingSecrets">virsh secret-set-value</a> on how
+      to set the value of the secret.
+    </p>
+
    <p>
      The iSCSI secret can then be used by UUID or by the
      usage name via the <code>&lt;auth&gt;</code> element in a domain's
@@ -313,19 +313,13 @@ Secret 718c71bd-67b5-4a2b-87ec-a24e8ca200dc created
      Once the secret is defined, a secret value will need to be set. The
      secret would be the passphrase used to access the TLS credentials.
      The following is a simple example of using
-      <code>virsh secret-set-value</code> to set the secret value. The
+      <code><a href="#settingSecrets">virsh secret-set-value</a></code> to set
+      the secret value. The
      <a href="html/libvirt-libvirt-secret.html#virSecretSetValue">
      <code>virSecretSetValue</code></a> API may also be used to set
      a more secure secret without using printable/readable characters.
    </p>

-    <pre>
-# MYSECRET=`printf %s "letmein" | base64`
-# virsh secret-set-value 718c71bd-67b5-4a2b-87ec-a24e8ca200dc $MYSECRET
-Secret value set
-
-    </pre>
-
    <h3><a id="vTPMUsageType">Usage type "vtpm"</a></h3>

    <p>
@@ -334,8 +328,8 @@ Secret value set
      of the vTPM.
      The <code>&lt;usage type='vtpm'&gt;</code> element must contain
      a single <code>name</code> element that specifies a usage name
-      for the secret.  The vTPM secret can then be used by UUID or by
-      this usage name via the <code>&lt;encryption&gt;</code> element of
+      for the secret.  The vTPM secret can then be used by UUID
+      via the <code>&lt;encryption&gt;</code> element of
      a <a href="formatdomain.html#elementsTpm">tpm</a> when using an
      emulator.
      <span class="since">Since 5.6.0</span>. The following is an example
@@ -370,17 +364,50 @@ Secret 6dd3e4a5-1d76-44ce-961f-f119f5aad935 created
      Once the secret is defined, a secret value will need to be set. The
      secret would be the passphrase used to decrypt the vTPM state.
      The following is a simple example of using
-      <code>virsh secret-set-value</code> to set the secret value. The
+      <code><a href="#settingSecrets">virsh secret-set-value</a></code>
+      to set the secret value. The
      <a href="html/libvirt-libvirt-secret.html#virSecretSetValue">
      <code>virSecretSetValue</code></a> API may also be used to set
      a more secure secret without using printable/readable characters.
    </p>

+    <h2><a id="settingSecrets">Setting secret values in virsh</a></h2>
+
+    <p>
+      To set the value of the secret you can use the following virsh commands.
+      If the secret is a password-like string (printable characters, no newline)
+      you can use:
+    </p>
+    <pre>
+# virsh secret-set-value --interactive 6dd3e4a5-1d76-44ce-961f-f119f5aad935
+Enter new value for secret:
+Secret value set
+    </pre>
+
+    <p>
+      Another secure option is to read the secret from a file. This way the
+      secret can contain any bytes (even NUL and non-printable characters). The
+      length of the secret is the length of the input file. Alternatively the
+      <code>--plain</code> option can be omitted if the file contents are
+      base64-encoded.
+    </p>
+
+    <pre>
+# virsh secret-set-value 6dd3e4a5-1d76-44ce-961f-f119f5aad935 --file --plain secretinfile
+Secret value set
+    </pre>
+
+    <p>
+      <b>WARNING</b> The following approach is <b>insecure</b> and deprecated.
+      The secret can also be set via an argument. Note that other users may see
+      the actual secret in the process listing!
+      The secret must be base64 encoded.
+    </p>
+
    <pre>
 # MYSECRET=`printf %s "open sesame" | base64`
 # virsh secret-set-value 6dd3e4a5-1d76-44ce-961f-f119f5aad935 $MYSECRET
 Secret value set
-
    </pre>

  </body>
--- a/docs/genaclperms.pl
+++ b/docs/genaclperms.pl
@@ -1,125 +0,0 @@
-#!/usr/bin/env perl
-#
-# Copyright (C) 2013 Red Hat, Inc.
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library.  If not, see
-# <http://www.gnu.org/licenses/>.
-#
-
-use strict;
-use warnings;
-
-my @objects = (
-    "CONNECT", "DOMAIN", "INTERFACE",
-    "NETWORK_PORT", "NETWORK", "NODE_DEVICE",
-    "NWFILTER_BINDING", "NWFILTER",
-     "SECRET", "STORAGE_POOL", "STORAGE_VOL",
-    );
-
-my %class;
-
-foreach my $object (@objects) {
-    my $class = lc $object;
-
-    $class =~ s/(^\w|_\w)/uc $1/eg;
-    $class =~ s/_//g;
-    $class =~ s/Nwfilter/NWFilter/;
-    $class = "vir" . $class . "Ptr";
-
-    $class{$object} = $class;
-}
-
-my $objects = join ("|", @objects);
-
-my %opts;
-my $in_opts = 0;
-
-my %perms;
-
-while (<>) {
-    if ($in_opts) {
-        if (m,\*/,) {
-            $in_opts = 0;
-        } elsif (/\*\s*\@(\w+):\s*(.*?)\s*$/) {
-            $opts{$1} = $2;
-        }
-    } elsif (m,/\*\*,) {
-        $in_opts = 1;
-    } elsif (/VIR_ACCESS_PERM_($objects)_((?:\w|_)+),/) {
-        my $object = $1;
-        my $perm = lc $2;
-        next if $perm eq "last";
-
-        $perm =~ s/_/-/g;
-
-        $perms{$object} = {} unless exists $perms{$object};
-        $perms{$object}->{$perm} = {
-            desc => $opts{desc},
-            message => $opts{message},
-            anonymous => $opts{anonymous}
-        };
-        %opts = ();
-    }
-}
-
-print <<EOF;
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-EOF
-
-foreach my $object (sort { $a cmp $b } keys %perms) {
-    my $class = $class{$object};
-    my $olink = lc "object_" . $object;
-    print <<EOF;
-<h3><a id="$olink">$class</a></h3>
-<table class="acl">
-  <thead>
-    <tr>
-      <th>Permission</th>
-      <th>Description</th>
-    </tr>
-  </thead>
-  <tbody>
-EOF
-
-    foreach my $perm (sort { $a cmp $b } keys %{$perms{$object}}) {
-        my $description = $perms{$object}->{$perm}->{desc};
-
-        die "missing description for $object.$perm" unless
-            defined $description;
-
-        my $plink = lc "perm_" . $object . "_" . $perm;
-        $plink =~ s/-/_/g;
-
-        print <<EOF;
-    <tr>
-      <td><a id="$plink">$perm</a></td>
-      <td>$description</td>
-    </tr>
-EOF
-
-    }
-
-    print <<EOF;
-  </tbody>
-</table>
-EOF
-}
-
-print <<EOF;
-  </body>
-</html>
-EOF
--- a/docs/generic.css
+++ b/docs/generic.css
@@ -72,11 +72,11 @@ h6 {
  font-size: 0.8em;
 }

-code, pre {
+code, pre, tt {
  font-family: LibvirtOverpassMono;
 }

-dd code, p code {
+dd code, p code, tt {
  background-color: #eeeeee;
 }

--- a/docs/gitdm/aliases
+++ b/docs/gitdm/aliases
@@ -2,6 +2,7 @@

 "jdenemar redhat com" jdenemar@redhat.com
 "pkrempa@redhat st.com" pkrempa@redhat.com
+berrange@localhost.localdomain berrange@redhat.com
 jyang@redhat jyang@redhat.com
 wangjie88.huawei.com wangjie88@huawei.com

--- a/docs/gitdm/companies/others
+++ b/docs/gitdm/companies/others
@@ -10,9 +10,11 @@ av-test.de AV-TEST
 b1-systems.de B1 Systems
 baidu.com Baidu
 brightbox.co.uk Brightbox
+bytedance.com ByteDance
 cisco.com Cisco
 citrix.com Citrix
 cloudwatt.com Cloudwatt
+cmss.chinamobile.com China Mobile
 codethink.co.uk Codethink
 cumulusnetworks.com Cumulus Networks
 dataductus.se Data Ductus
@@ -37,10 +39,13 @@ hitachi.com Hitachi
 hoster-ok.com hoster-ok.com
 hp.com HP
 huawei.com Huawei
+hupstream.com hupstream
+hygon.cn Hygon
 inktank.com Inktank Storage
 intel.com Intel
 intellilink.co.jp NTT DATA INTELLILINK
 invisiblethingslab.com Invisible Things Lab
+ixsystems.com iXsystems
 jtan.com JTAN
 juniper.net Juniper Networks
 laposte.net La Poste
@@ -60,6 +65,7 @@ nicira.com Nicira
 nimboxx.com NIMBOXX
 novell.com Novell
 ntt.co.jp NTT Group
+nutanix.com Nutanix
 ohmu.fi OHMU
 open-minds.org OpenThink
 oracle.com Oracle
--- a/docs/gitdm/groups/unaffiliated
+++ b/docs/gitdm/groups/unaffiliated
@@ -1,3 +1,8 @@
+# This domain will show up because of a mistake, and for that reason we
+# can't really pin it to a specific company or community, so here it is :)
+
+example.com
+
 # These are all domains you can get a personal email address from, so it's
 # fair to assume people using such addresses are contributing in their spare
 # time rather than on behalf of their respective employers.
@@ -5,6 +10,7 @@
 126.com
 gmail.com
 gmx.com
+gmx.de
 googlemail.com
 hotmail.com
 mail.ru
@@ -24,6 +30,7 @@ adam@pandorasboxen.com
 agx@sigxcpu.org
 alexander.nusov@nfvexpress.com
 andres@lagarcavilla.org
+andrew@interpretmath.pw
 asad.saeed@acidseed.com
 atler@pld-linux.org
 benoar@dolka.fr
@@ -40,6 +47,7 @@ exo@tty.sk
 fritz@fritz-elfert.de
 gene@czarc.net
 gordon@dragonsdawn.net
+gregor@kopka.net
 heathpetersen@kandre.com
 ibaldo@adinet.com.uy
 igor47@moomers.org
--- a/docs/hacking.html.in
+++ b/docs/hacking.html.in
@@ -932,8 +932,7 @@ BAD:
        type is at least four bytes wide).</li>
      <li>If a variable has boolean semantics, give it the <code>bool</code> type
        and use the corresponding <code>true</code> and <code>false</code> macros.
-         It's ok to include &lt;stdbool.h&gt;, since libvirt's use of gnulib ensures
-          that it exists and is usable.</li>
+      </li>
      <li>In the unusual event that you require a specific width, use a
        standard type like <code>int32_t</code>, <code>uint32_t</code>,
        <code>uint64_t</code>, etc.</li>
@@ -1040,9 +1039,6 @@ BAD:
        a single method. Keep the style consistent, converting existing
        code to GLib style in a separate, prior commit.</dd>

-      <dt><code>VIR_STRDUP</code>, <code>VIR_STRNDUP</code></dt>
-      <dd>Prefer the GLib APIs <code>g_strdup</code> and <code>g_strndup</code>.</dd>
-
      <dt><code>virStrerror</code></dt>
      <dd>The GLib <code>g_strerror()</code> function should be used instead,
        which has a simpler calling convention as an added benefit.</dd>
@@ -1071,13 +1067,9 @@ BAD:
    <p>String allocation macros and functions:</p>
    <table class="top_table">
        <tr><th>deprecated version</th><th>GLib version</th><th>Notes</th></tr>
-        <tr><td><code>VIR_STRDUP</code></td><td><code>g_strdup</code></td><td></td></tr>
-        <tr><td><code>VIR_STRNDUP</code></td><td><code>g_strndup</code></td><td></td></tr>
        <tr><td><code>virAsprintf</code></td><td><code>g_strdup_printf</code></td><td></td></tr>
        <tr><td><code>virVasprintf</code></td><td><code>g_strdup_vprint</code></td>
            <td>use <code>g_vasprintf</code> if you really need to know the returned length</td></tr>
-        <tr><td><code>virStrerror</code></td><td><code>g_strerror</code></td>
-            <td>the error strings are cached globally so no need to free it</td></tr>
    </table>
    </dl>

@@ -1108,6 +1100,9 @@ BAD:
      <dd>The GLib macros <code>g_autoptr</code> and <code>G_DEFINE_AUTOPTR_CLEANUP_FUNC</code>
        should be used to manage autoclean of virObject classes.
        This matches usage with GObject classes.</dd>
+
+      <dt><code>VIR_STRDUP</code>, <code>VIR_STRNDUP</code></dt>
+      <dd>Prefer the GLib APIs <code>g_strdup</code> and <code>g_strndup</code>.</dd>
    </dl>
    <table class="top_table">
        <tr><th>deleted version</th><th>GLib version</th><th>Notes</th></tr>
@@ -1128,6 +1123,9 @@ BAD:
        <tr><td><code>ATTRIBUTE_RETURN_CHECK</code></td><td><code>G_GNUC_WARN_UNUSED_RESULT</code></td><td></td></tr>
        <tr><td><code>ATTRIBUTE_SENTINEL</code></td><td><code>G_GNUC_NULL_TERMINATED</code></td><td></td></tr>
        <tr><td><code>ATTRIBUTE_UNUSED</code></td><td><code>G_GNUC_UNUSED</code></td><td></td></tr>
+        <tr><td><code>VIR_STRDUP</code></td><td><code>g_strdup</code></td><td></td></tr>
+        <tr><td><code>VIR_STRNDUP</code></td><td><code>g_strndup</code></td><td></td></tr>
+        <tr><td><code>virStrerror</code></td><td><code>g_strerror</code></td><td></td></tr>
    </table>


@@ -1549,7 +1547,7 @@ int foo()
        in the same way, but still make sure they get reviewed if non-trivial.
      </li>
      <li>(ir)regular pulls from other repositories or automated updates, such
-        as the .gnulib submodule updates, pulling in new translations or updating
+        as the keycodemap submodule updates, pulling in new translations or updating
        the container images for the CI system
      </li>
    </ul>
--- a/docs/hvsupport.pl
+++ b/docs/hvsupport.pl
@@ -1,459 +0,0 @@
-#!/usr/bin/env perl
-
-use strict;
-use warnings;
-
-use File::Find;
-
-die "syntax: $0 SRCDIR BUILDDIR\n" unless int(@ARGV) == 2;
-
-my $srcdir = shift @ARGV;
-my $builddir = shift @ARGV;
-
-my $symslibvirt = "$srcdir/src/libvirt_public.syms";
-my $symsqemu = "$srcdir/src/libvirt_qemu.syms";
-my $symslxc = "$srcdir/src/libvirt_lxc.syms";
-my @drivertable = (
-    "$srcdir/src/driver-hypervisor.h",
-    "$srcdir/src/driver-interface.h",
-    "$srcdir/src/driver-network.h",
-    "$srcdir/src/driver-nodedev.h",
-    "$srcdir/src/driver-nwfilter.h",
-    "$srcdir/src/driver-secret.h",
-    "$srcdir/src/driver-state.h",
-    "$srcdir/src/driver-storage.h",
-    "$srcdir/src/driver-stream.h",
-    );
-
-my %groupheaders = (
-    "virHypervisorDriver" => "Hypervisor APIs",
-    "virNetworkDriver" => "Virtual Network APIs",
-    "virInterfaceDriver" => "Host Interface APIs",
-    "virNodeDeviceDriver" => "Host Device APIs",
-    "virStorageDriver" => "Storage Pool APIs",
-    "virSecretDriver" => "Secret APIs",
-    "virNWFilterDriver" => "Network Filter APIs",
-    );
-
-
-my @srcs;
-find({
-    wanted => sub {
-        if (m!$srcdir/src/.*/\w+_(driver|common|tmpl|monitor|hal|udev)\.c$!) {
-            push @srcs, $_ if $_ !~ /vbox_driver\.c/;
-        }
-    }, no_chdir => 1}, "$srcdir/src");
-
-# Map API functions to the header and documentation files they're in
-# so that we can generate proper hyperlinks to their documentation.
-#
-# The function names are grep'd from the XML output of apibuild.py.
-sub getAPIFilenames {
-    my $filename = shift;
-
-    my %files;
-    my $line;
-
-    open FILE, "<", $filename or die "cannot read $filename: $!";
-
-    while (defined($line = <FILE>)) {
-        if ($line =~ /function name='([^']+)' file='([^']+)'/) {
-            $files{$1} = $2;
-        }
-    }
-
-    close FILE;
-
-    if (keys %files == 0) {
-        die "No functions found in $filename. Has the apibuild.py output changed?";
-    }
-    return \%files;
-}
-
-sub parseSymsFile {
-    my $apisref = shift;
-    my $prefix = shift;
-    my $filename = shift;
-    my $xmlfilename = shift;
-
-    my $line;
-    my $vers;
-    my $prevvers;
-
-    my $filenames = getAPIFilenames($xmlfilename);
-
-    open FILE, "<$filename"
-        or die "cannot read $filename: $!";
-
-    while (defined($line = <FILE>)) {
-        chomp $line;
-        next if $line =~ /^\s*#/;
-        next if $line =~ /^\s*$/;
-        next if $line =~ /^\s*(global|local):/;
-        if ($line =~ /^\s*${prefix}_(\d+\.\d+\.\d+)\s*{\s*$/) {
-            if (defined $vers) {
-                die "malformed syms file";
-            }
-            $vers = $1;
-        } elsif ($line =~ /\s*}\s*;\s*$/) {
-            if (defined $prevvers) {
-                die "malformed syms file";
-            }
-            $prevvers = $vers;
-            $vers = undef;
-        } elsif ($line =~ /\s*}\s*${prefix}_(\d+\.\d+\.\d+)\s*;\s*$/) {
-            if ($1 ne $prevvers) {
-                die "malformed syms file $1 != $vers";
-            }
-            $prevvers = $vers;
-            $vers = undef;
-        } elsif ($line =~ /\s*(\w+)\s*;\s*$/) {
-            $$apisref{$1} = {};
-            $$apisref{$1}->{vers} = $vers;
-            $$apisref{$1}->{file} = $$filenames{$1};
-        } else {
-            die "unexpected data $line\n";
-        }
-    }
-
-    close FILE;
-}
-
-my %apis;
-# Get the list of all public APIs and their corresponding version
-parseSymsFile(\%apis, "LIBVIRT", $symslibvirt, "$builddir/docs/libvirt-api.xml");
-
-# And the same for the QEMU specific APIs
-parseSymsFile(\%apis, "LIBVIRT_QEMU", $symsqemu, "$builddir/docs/libvirt-qemu-api.xml");
-
-# And the same for the LXC specific APIs
-parseSymsFile(\%apis, "LIBVIRT_LXC", $symslxc, "$builddir/docs/libvirt-lxc-api.xml");
-
-
-# Some special things which aren't public APIs,
-# but we want to report
-$apis{virConnectSupportsFeature}->{vers} = "0.3.2";
-$apis{virDomainMigratePrepare}->{vers} = "0.3.2";
-$apis{virDomainMigratePerform}->{vers} = "0.3.2";
-$apis{virDomainMigrateFinish}->{vers} = "0.3.2";
-$apis{virDomainMigratePrepare2}->{vers} = "0.5.0";
-$apis{virDomainMigrateFinish2}->{vers} = "0.5.0";
-$apis{virDomainMigratePrepareTunnel}->{vers} = "0.7.2";
-
-$apis{virDomainMigrateBegin3}->{vers} = "0.9.2";
-$apis{virDomainMigratePrepare3}->{vers} = "0.9.2";
-$apis{virDomainMigratePrepareTunnel3}->{vers} = "0.9.2";
-$apis{virDomainMigratePerform3}->{vers} = "0.9.2";
-$apis{virDomainMigrateFinish3}->{vers} = "0.9.2";
-$apis{virDomainMigrateConfirm3}->{vers} = "0.9.2";
-
-$apis{virDomainMigrateBegin3Params}->{vers} = "1.1.0";
-$apis{virDomainMigratePrepare3Params}->{vers} = "1.1.0";
-$apis{virDomainMigratePrepareTunnel3Params}->{vers} = "1.1.0";
-$apis{virDomainMigratePerform3Params}->{vers} = "1.1.0";
-$apis{virDomainMigrateFinish3Params}->{vers} = "1.1.0";
-$apis{virDomainMigrateConfirm3Params}->{vers} = "1.1.0";
-
-
-
-# Now we want to get the mapping between public APIs
-# and driver struct fields. This lets us later match
-# update the driver impls with the public APis.
-
-my $line;
-
-# Group name -> hash of APIs { fields -> api name }
-my %groups;
-my $ingrp;
-foreach my $drivertable (@drivertable) {
-    open FILE, "<$drivertable"
-        or die "cannot read $drivertable: $!";
-
-    while (defined($line = <FILE>)) {
-        if ($line =~ /struct _(vir\w*Driver)/) {
-            my $grp = $1;
-            if ($grp ne "virStateDriver" &&
-                $grp ne "virStreamDriver") {
-                $ingrp = $grp;
-                $groups{$ingrp} = { apis => {}, drivers => {} };
-            }
-        } elsif ($ingrp) {
-            if ($line =~ /^\s*vir(?:Drv)(\w+)\s+(\w+);\s*$/) {
-                my $field = $2;
-                my $name = $1;
-
-                my $api;
-                if (exists $apis{"vir$name"}) {
-                    $api = "vir$name";
-                } elsif ($name =~ /\w+(Open|Close|URIProbe)/) {
-                    next;
-                } else {
-                    die "driver $name does not have a public API";
-                }
-                $groups{$ingrp}->{apis}->{$field} = $api;
-            } elsif ($line =~ /};/) {
-                $ingrp = undef;
-            }
-        }
-    }
-
-    close FILE;
-}
-
-
-# Finally, we read all the primary driver files and extract
-# the driver API tables from each one.
-
-foreach my $src (@srcs) {
-    open FILE, "<$src" or
-        die "cannot read $src: $!";
-
-    my $groups_regex = join("|", keys %groups);
-    $ingrp = undef;
-    my $impl;
-    while (defined($line = <FILE>)) {
-        if (!$ingrp) {
-            # skip non-matching lines early to save time
-            next if not $line =~ /$groups_regex/;
-
-            if ($line =~ /^\s*(?:static\s+)?($groups_regex)\s+(\w+)\s*=\s*{/ ||
-                $line =~ /^\s*(?:static\s+)?($groups_regex)\s+NAME\(\w+\)\s*=\s*{/) {
-                $ingrp = $1;
-                $impl = $src;
-
-                if ($impl =~ m,.*/node_device_(\w+)\.c,) {
-                    $impl = $1;
-                } else {
-                    $impl =~ s,.*/(\w+?)_((\w+)_)?(\w+)\.c,$1,;
-                }
-
-                if ($groups{$ingrp}->{drivers}->{$impl}) {
-                    die "Group $ingrp already contains $impl";
-                }
-
-                $groups{$ingrp}->{drivers}->{$impl} = {};
-            }
-
-        } else {
-            if ($line =~ m!\s*\.(\w+)\s*=\s*(\w+)\s*,?\s*(?:/\*\s*(\d+\.\d+\.\d+)\s*(?:-\s*(\d+\.\d+\.\d+))?\s*\*/\s*)?$!) {
-                my $api = $1;
-                my $meth = $2;
-                my $vers = $3;
-                my $deleted = $4;
-
-                next if $api eq "no" || $api eq "name";
-
-                if ($meth eq "NULL" && !defined $deleted) {
-                    die "Method impl for $api is NULL, but no deleted version is provided";
-                }
-                if ($meth ne "NULL" && defined $deleted) {
-                    die "Method impl for $api is non-NULL, but deleted version is provided";
-                }
-
-                die "Method $meth in $src is missing version" unless defined $vers || $api eq "connectURIProbe";
-
-                if (!exists($groups{$ingrp}->{apis}->{$api})) {
-                    next if $api =~ /\w(Open|Close|URIProbe)/;
-
-                    die "Found unexpected method $api in $ingrp\n";
-                }
-
-                $groups{$ingrp}->{drivers}->{$impl}->{$api} = {};
-                $groups{$ingrp}->{drivers}->{$impl}->{$api}->{vers} = $vers;
-                $groups{$ingrp}->{drivers}->{$impl}->{$api}->{deleted}  = $deleted;
-                if ($api eq "domainMigratePrepare" ||
-                    $api eq "domainMigratePrepare2" ||
-                    $api eq "domainMigratePrepare3") {
-                    if (!$groups{$ingrp}->{drivers}->{$impl}->{"domainMigrate"}) {
-                        $groups{$ingrp}->{drivers}->{$impl}->{"domainMigrate"} = {};
-                        $groups{$ingrp}->{drivers}->{$impl}->{"domainMigrate"}->{vers} = $vers;
-                    }
-                }
-
-            } elsif ($line =~ /}/) {
-                $ingrp = undef;
-            }
-        }
-    }
-
-    close FILE;
-}
-
-
-# The '.open' driver method is used for 3 public APIs, so we
-# have a bit of manual fixup todo with the per-driver versioning
-# and support matrix
-
-$groups{virHypervisorDriver}->{apis}->{"openAuth"} = "virConnectOpenAuth";
-$groups{virHypervisorDriver}->{apis}->{"openReadOnly"} = "virConnectOpenReadOnly";
-$groups{virHypervisorDriver}->{apis}->{"domainMigrate"} = "virDomainMigrate";
-
-my $openAuthVers = (0 * 1000 * 1000) + (4 * 1000) + 0;
-
-foreach my $drv (keys %{$groups{"virHypervisorDriver"}->{drivers}}) {
-    my $openVersStr = $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpen"}->{vers};
-    my $openVers;
-    if ($openVersStr =~ /(\d+)\.(\d+)\.(\d+)/) {
-        $openVers = ($1 * 1000 * 1000) + ($2 * 1000) + $3;
-    }
-
-    # virConnectOpenReadOnly always matches virConnectOpen version
-    $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpenReadOnly"} =
-        $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpen"};
-
-    $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpenAuth"} = {};
-
-    # virConnectOpenAuth is always 0.4.0 if the driver existed
-    # before this time, otherwise it matches the version of
-    # the driver's virConnectOpen entry
-    if ($openVersStr eq "Y" ||
-        $openVers >= $openAuthVers) {
-        $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpenAuth"}->{vers} = $openVersStr;
-    } else {
-        $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpenAuth"}->{vers} = "0.4.0";
-    }
-}
-
-
-# Another special case for the virDomainCreateLinux which was replaced
-# with virDomainCreateXML
-$groups{virHypervisorDriver}->{apis}->{"domainCreateLinux"} = "virDomainCreateLinux";
-
-my $createAPIVers = (0 * 1000 * 1000) + (0 * 1000) + 3;
-
-foreach my $drv (keys %{$groups{"virHypervisorDriver"}->{drivers}}) {
-    my $createVersStr = $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"domainCreateXML"}->{vers};
-    next unless defined $createVersStr;
-    my $createVers;
-    if ($createVersStr =~ /(\d+)\.(\d+)\.(\d+)/) {
-        $createVers = ($1 * 1000 * 1000) + ($2 * 1000) + $3;
-    }
-
-    $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"domainCreateLinux"} = {};
-
-    # virCreateLinux is always 0.0.3 if the driver existed
-    # before this time, otherwise it matches the version of
-    # the driver's virCreateXML entry
-    if ($createVersStr eq "Y" ||
-        $createVers >= $createAPIVers) {
-        $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"domainCreateLinux"}->{vers} = $createVersStr;
-    } else {
-        $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"domainCreateLinux"}->{vers} = "0.0.3";
-    }
-}
-
-
-# Finally we generate the HTML file with the tables
-
-print <<EOF;
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-<body class="hvsupport">
-<h1>libvirt API support matrix</h1>
-
-<ul id="toc"></ul>
-
-<p>
-This page documents which <a href="html/">libvirt calls</a> work on
-which libvirt drivers / hypervisors, and which version the API appeared
-in. If a hypervisor driver later dropped support for the API, the version
-when it was removed is also mentioned (highlighted in
-<span class="removedhv">dark red</span>).
-</p>
-
-EOF
-
-    foreach my $grp (sort { $a cmp $b } keys %groups) {
-    print "<h2><a id=\"$grp\">", $groupheaders{$grp}, "</a></h2>\n";
-    print <<EOF;
-<table class="top_table">
-<thead>
-<tr>
-<th>API</th>
-<th>Version</th>
-EOF
-
-    foreach my $drv (sort { $a cmp $b } keys %{$groups{$grp}->{drivers}}) {
-        print "  <th>$drv</th>\n";
-    }
-
-    print <<EOF;
-</tr>
-</thead>
-<tbody>
-EOF
-
-    my $row = 0;
-    foreach my $field (sort {
-        $groups{$grp}->{apis}->{$a}
-        cmp
-        $groups{$grp}->{apis}->{$b}
-        } keys %{$groups{$grp}->{apis}}) {
-        my $api = $groups{$grp}->{apis}->{$field};
-        my $vers = $apis{$api}->{vers};
-        my $htmlgrp = $apis{$api}->{file};
-        print <<EOF;
-<tr>
-<td>
-EOF
-
-        if (defined $htmlgrp) {
-            print <<EOF;
-<a href=\"html/libvirt-$htmlgrp.html#$api\">$api</a>
-EOF
-
-        } else {
-            print $api;
-        }
-        print <<EOF;
-</td>
-<td>$vers</td>
-EOF
-
-        foreach my $drv (sort {$a cmp $b } keys %{$groups{$grp}->{drivers}}) {
-            print "<td>";
-            if (exists $groups{$grp}->{drivers}->{$drv}->{$field}) {
-                if ($groups{$grp}->{drivers}->{$drv}->{$field}->{vers}) {
-                    print $groups{$grp}->{drivers}->{$drv}->{$field}->{vers};
-                }
-                if ($groups{$grp}->{drivers}->{$drv}->{$field}->{deleted}) {
-                    print " - <span class=\"removedhv\">", $groups{$grp}->{drivers}->{$drv}->{$field}->{deleted}, "</span>";
-                }
-            }
-            print "</td>\n";
-        }
-
-        print <<EOF;
-</tr>
-EOF
-
-        $row++;
-        if (($row % 15) == 0) {
-            print <<EOF;
-<tr>
-<th>API</th>
-<th>Version</th>
-EOF
-
-            foreach my $drv (sort { $a cmp $b } keys %{$groups{$grp}->{drivers}}) {
-                print "  <th>$drv</th>\n";
-            }
-
-        print <<EOF;
-</tr>
-EOF
-        }
-
-    }
-
-    print <<EOF;
-</tbody>
-</table>
-EOF
-}
-
-print <<EOF;
-</body>
-</html>
-EOF
--- a/docs/index.html.in
+++ b/docs/index.html.in
@@ -59,7 +59,8 @@
          <a href="formatnode.html">node devices</a>,
          <a href="formatsecret.html">secrets</a>,
          <a href="formatsnapshot.html">snapshots</a>,
-          <a href="formatcheckpoint.html">checkpoints</a></dd>
+          <a href="formatcheckpoint.html">checkpoints</a>,
+          <a href="formatbackup.html">backup jobs</a></dd>
        <dt><a href="http://wiki.libvirt.org">Wiki</a></dt>
        <dd>Read further community contributed content</dd>
      </dl>
--- a/docs/internals/command.html.in
+++ b/docs/internals/command.html.in
@@ -226,7 +226,9 @@ virCommandSetPidFile(cmd, "/var/run/dnsmasq.pid");

    <p>
      This PID file is guaranteed to be written before
-      the intermediate process exits.
+      the intermediate process exits. Moreover, the daemonized
+      process will inherit the FD of the opened and locked PID
+      file.
    </p>

    <h3><a id="privs">Reducing command privileges</a></h3>
--- a/docs/kbase.html.in
+++ b/docs/kbase.html.in
@@ -2,7 +2,7 @@
 <!DOCTYPE html>
 <html xmlns="http://www.w3.org/1999/xhtml">
  <body class="docs">
-    <h2>Knowledge base</h2>
+    <h1>Knowledge base</h1>

    <div class="panel">
      <dl>
@@ -21,6 +21,21 @@
            capture</a></dt>
        <dd>Comparison between different methods of capturing domain
          state</dd>
+
+        <dt><a href="kbase/rpm-deployment.html">RPM deployment</a></dt>
+        <dd>Explanation of the different RPM packages and illustration of
+          which to pick for installation</dd>
+
+        <dt><a href="kbase/backing_chains.html">Backing chain management</a></dt>
+        <dd>Explanation of how disk backing chain specification impacts libvirt's
+          behaviour and basic troubleshooting steps of disk problems.</dd>
+
+        <dt><a href="kbase/qemu-passthrough-security.html">Security with QEMU passthrough</a></dt>
+        <dd>Examination of the security protections used for QEMU and how they need
+          configuring to allow use of QEMU passthrough with host files/devices.</dd>
+
+        <dt><a href="kbase/virtiofs.html">Virtio-FS</a></dt>
+        <dd>Share a filesystem between the guest and the host</dd>
      </dl>
    </div>

--- a/docs/kbase/backing_chains.rst
+++ b/docs/kbase/backing_chains.rst
@@ -0,0 +1,212 @@
+=================
+Disk image chains
+=================
+
+Modern disk image formats allow users to create an overlay on top of an
+existing image which will be the target of the new guest writes. This allows us
+to do snapshots of the disk state of a VM efficiently. The following text
+describes how libvirt manages such image chains and some problems which can
+occur. Note that many of the cases mentioned below are currently only relevant
+for the qemu driver.
+
+.. contents::
+
+Domain XML image and chain specification
+========================================
+
+Disk image chains can be partially or fully configured in the domain XML. The
+basic approach is to use the ``<backingStore>`` elements in the configuration.
+
+The ``<backingStore>`` elements present in the live VM xml represent the actual
+topology that libvirt knows of.
+
+Basic disk setup
+----------------
+
+Any default configuration or example usually refers only to the top (active)
+image of the backing chain.
+
+::
+
+  <disk type='file' device='disk'>
+    <driver name='qemu' type='qcow2'/>
+    <source file='/tmp/pull4.qcow2'/>
+    <target dev='vda' bus='virtio'/>
+    <address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/>
+  </disk>
+
+This configuration will prompt libvirt to detect the backing image of the source
+image and recursively do the same thing until the end of the chain.
+
+Importance of properly setup backing chain
+------------------------------------------
+
+The disk image locations are used by libvirt to properly setup the security
+system used on the host so that the hypervisor can access the files and possibly
+also directly to configure the hypervisor to use the appropriate images. Thus
+it's important to properly setup the formats and paths of the backing images.
+
+Any externally created image should always use the -F switch of ``qemu-img``
+to specify the format of the backing file to avoid probing.
+
+Image detection caveats
+-----------------------
+
+Detection of the backing chain requires libvirt to read and understand the
+``backing file`` field recorded in the image metadata and also being able to
+recurse and read the backing file. Due to security implications libvirt
+will refuse to use backing images of any image whose format was not specified
+explicitly in the XML or the overlay image itself.
+
+Libvirt also might lack support for a network disk storage technology and thus
+may be unable to visit and detect backing chains on such storage. This may
+result in the backing chain present in the live XML to look incomplete or some
+operations not being possible. To prevent this it's possible to specify the
+image metadata explicitly in the XML.
+
+Advanced backing chain specifications
+-------------------------------------
+
+To specify the topology of disk images explicitly the following XML
+specification can be used:
+
+::
+
+ <disk type='file' device='disk'>
+   <driver name='qemu' type='qcow2'/>
+   <source file='/tmp/pull4.qcow2'/>
+   <backingStore type='file'>
+     <format type='qcow2'/>
+     <source file='/tmp/pull3.qcow2'/>
+     <backingStore type='file'>
+       <format type='qcow2'/>
+       <source file='/tmp/pull2.qcow2'/>
+       <backingStore type='file'>
+         <format type='qcow2'/>
+         <source file='/tmp/pull1.qcow2'/>
+         <backingStore type='file'>
+           <format type='qcow2'/>
+           <source file='/tmp/pull0.qcow2'/>
+           <backingStore/>
+         </backingStore>
+       </backingStore>
+     </backingStore>
+   </backingStore>
+   <target dev='vda' bus='virtio'/>
+   <address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/>
+ </disk>
+
+This makes libvirt follow the settings as configured in the XML. Note that this
+is supported only when the https://libvirt.org/formatdomaincaps.html#featureBackingStoreInput
+capability is present.
+
+An empty ``<backingStore/>`` element signals the end of the chain. Using this
+will prevent libvirt or qemu from probing the backing chain.
+
+Note that it's also possible to partially specify the chain in the XML but omit
+the terminating element. This will result into probing from the last specified
+``<backingStore>``
+
+Any image specified explicitly will not be probed for backing file or format.
+
+
+Manual image creation
+=====================
+
+When creating disk images manually outside of libvirt it's important to create
+them properly so that they work with libvirt as expected. The created disk
+images must contain the format of the backing image in the metadata. This
+means that the **-F** parameter of ``qemu-img`` must always be used.
+
+::
+
+  qemu-img -f qcow2 -F qcow2 -b /path/to/backing /path/to/overlay
+
+Note that if '/path/to/backing' is relative the path is considered relative to
+the location of '/path/to/overlay'.
+
+Troubleshooting
+===============
+
+A few common problems which occur when managing chains of disk images.
+
+VM refuses to start due to misconfigured backing store format
+-------------------------------------------------------------
+
+This problem happens on VMs where the backing chain was created manually outside
+of libvirt and can have multiple symptoms:
+
+- permission denied error reported on a backing image
+- ``format of backing image '%s' of image '%s' was not specified in the image metadata`` error reported
+- disk image looking corrupt inside the guest
+
+The cause of the above problem is that the image metadata does not record the
+format of the backing image along with the location of the image. When the
+format is not specified libvirt or qemu would have to do image format probing
+which is insecure to do as a malicious guest could rewrite the header of the
+disk leading to access of host files. Libvirt thus does not try to assume
+the format of the backing image. The following command can be used to check if
+the image has a backing image format specified:
+
+::
+
+ $ qemu-img info /tmp/copy4.qcow2
+ image: /tmp/copy4.qcow2
+ file format: qcow2
+ virtual size: 10 MiB (10485760 bytes)
+ disk size: 196 KiB
+ cluster_size: 65536
+ backing file: copy3.qcow2 (actual path: /tmp/copy3.qcow2)
+ backing file format: qcow2
+ Format specific information:
+     compat: 1.1
+     lazy refcounts: false
+     refcount bits: 16
+     corrupt: false
+
+If the ``backing file format:`` field is missing above the format was not
+specified properly. The image can be fixed by the following command:
+
+::
+
+ qemu-img rebase -f $IMAGE_FORMAT -F $BACKING_IMAGE_FORMAT -b $BACKING_IMAGE_PATH $IMAGE_PATH
+
+It is important to fill out ``$BACKING_IMAGE_FORMAT`` and ``$IMAGE_FORMAT``
+properly. ``$BACKING_IMAGE_PATH`` should be specified as a full absolute path.
+If relative referencing of the backing image is desired, the path must be
+relative to the location of image described by ``$IMAGE_PATH``.
+
+**Important:** If the ``$BACKING_IMAGE_FORMAT`` is not known it can be queried
+using ``qemu-img info $BACKING_IMAGE_PATH`` and looking for the ``file format:``
+field, but for security reasons should be used *only* if at least one of the
+following criteria is met:
+
+- ``file format`` is ``raw``
+- ``backing file`` is NOT present
+- ``backing file`` is present AND is correct/trusted
+
+Note that the last criteria may require manual inspection and thus should not
+be scripted unless the trust for the image can be expressed programatically.
+
+Also note that the above steps may need to be repeated recursively for any
+subsequent backing images.
+
+Missing images reported after after moving disk images into a different path
+----------------------------------------------------------------------------
+
+The path to the backing image which is recorded in the image metadata often
+contains a full path to the backing image. This is the default libvirt-created
+image configuration. When such images are moved to a different location the
+top image will no longer point to the correct image.
+
+To fix such issue you can either fully specify the image chain in the domain XML
+as pointed out above or the following ``qemu-img`` command can be used:
+
+::
+
+ qemu-img rebase -u -f $IMAGE_FORMAT -F $BACKING_IMAGE_FORMAT -b $BACKING_IMAGE_PATH $IMAGE_PATH
+
+It is important to fill out ``$BACKING_IMAGE_FORMAT`` and ``$IMAGE_FORMAT``
+properly. ``$BACKING_IMAGE_PATH`` should be specified as a full absolute path.
+If relative referencing of the backing image is desired, the path must be
+relative to the location of image described by ``$IMAGE_PATH``.
--- a/docs/kbase/domainstatecapture.html.in
+++ b/docs/kbase/domainstatecapture.html.in
@@ -1,303 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-
-    <h1>Domain state capture using Libvirt</h1>
-
-    <ul id="toc"></ul>
-
-    <p>
-      In order to aid application developers to choose which
-      operations best suit their needs, this page compares the
-      different means for capturing state related to a domain managed
-      by libvirt.
-    </p>
-
-    <p>
-      The information here is primarily geared towards capturing the
-      state of an active domain. Capturing the state of an inactive
-      domain essentially amounts to copying the contents of guest
-      disks, followed by a fresh boot of the same domain configuration
-      with disks restored back to that saved state.
-    </p>
-
-    <h2><a id="definitions">State capture trade-offs</a></h2>
-
-    <p>One of the features made possible with virtual machines is live
-      migration -- transferring all state related to the guest from
-      one host to another with minimal interruption to the guest's
-      activity. In this case, state includes domain memory (including
-      register and device contents), and domain storage (whether the
-      guest's view of the disks are backed by local storage on the
-      host, or by the hypervisor accessing shared storage over a
-      network).  A clever observer will then note that if all state is
-      available for live migration, then there is nothing stopping a
-      user from saving some or all of that state at a given point of
-      time in order to be able to later rewind guest execution back to
-      the state it previously had. The astute reader will also realize
-      that state capture at any level requires that the data must be
-      stored and managed by some mechanism. This processing might fit
-      in a single file, or more likely require a chain of related
-      files, and may require synchronization with third-party tools
-      built around managing the amount of data resulting from
-      capturing the state of multiple guests that each use multiple
-      disks.
-    </p>
-
-    <p>
-      There are several libvirt APIs associated with capturing the
-      state of a guest, which can later be used to rewind that guest
-      to the conditions it was in earlier.  The following is a list of
-      trade-offs and differences between the various facets that
-      affect capturing domain state for active domains:
-    </p>
-
-    <dl>
-      <dt>Duration</dt>
-      <dd>Capturing state can be a lengthy process, so while the
-        captured state ideally represents an atomic point in time
-        corresponding to something the guest was actually executing,
-        capturing state tends to focus on minimizing guest downtime
-        while performing the rest of the state capture in parallel
-        with guest execution.  Some interfaces require up-front
-        preparation (the state captured is not complete until the API
-        ends, which may be some time after the command was first
-        started), while other interfaces track the state when the
-        command was first issued, regardless of the time spent in
-        capturing the rest of the state.  Also, time spent in state
-        capture may be longer than the time required for live
-        migration, when state must be duplicated rather than shared.
-      </dd>
-
-      <dt>Amount of state</dt>
-      <dd>For an online guest, there is a choice between capturing the
-        guest's memory (all that is needed during live migration when
-        the storage is already shared between source and destination),
-        the guest's disk state (all that is needed if there are no
-        pending guest I/O transactions that would be lost without the
-        corresponding memory state), or both together.  Reverting to
-        partial state may still be viable, but typically, booting from
-        captured disk state without corresponding memory is comparable
-        to rebooting a machine that had power cut before I/O could be
-        flushed. Guests may need to use proper journaling methods to
-        avoid problems when booting from partial state.
-      </dd>
-
-      <dt>Quiescing of data</dt>
-      <dd>Even if a guest has no pending I/O, capturing disk state may
-        catch the guest at a time when the contents of the disk are
-        inconsistent. Cooperating with the guest to perform data
-        quiescing is an optional step to ensure that captured disk
-        state is fully consistent without requiring additional memory
-        state, rather than just crash-consistent.  But guest
-        cooperation may also have time constraints, where the guest
-        can rightfully panic if there is too much downtime while I/O
-        is frozen.
-      </dd>
-
-      <dt>Quantity of files</dt>
-      <dd>When capturing state, some approaches store all state within
-        the same file (internal), while others expand a chain of
-        related files that must be used together (external), for more
-        files that a management application must track.
-      </dd>
-
-      <dt>Impact to guest definition</dt>
-      <dd>Capturing state may require temporary changes to the guest
-        definition, such as associating new files into the domain
-        definition. While state capture should never impact the
-        running guest, a change to the domain's active XML may have
-        impact on other host operations being performed on the domain.
-      </dd>
-
-      <dt>Third-party integration</dt>
-      <dd>When capturing state, there are tradeoffs to how much of the
-        process must be done directly by the hypervisor, and how much
-        can be off-loaded to third-party software.  Since capturing
-        state is not instantaneous, it is essential that any
-        third-party integration see consistent data even if the
-        running guest continues to modify that data after the point in
-        time of the capture.</dd>
-
-      <dt>Full vs. incremental</dt>
-      <dd>When periodically repeating the action of state capture, it
-        is useful to minimize the amount of state that must be
-        captured by exploiting the relation to a previous capture,
-        such as focusing only on the portions of the disk that the
-        guest has modified in the meantime.  Some approaches are able
-        to take advantage of checkpoints to provide an incremental
-        backup, while others are only capable of a full backup even if
-        that means re-capturing unchanged portions of the disk.</dd>
-
-      <dt>Local vs. remote</dt>
-      <dd>Domains that completely use remote storage may only need
-        some mechanism to keep track of guest memory state while using
-        external means to manage storage. Still, hypervisor and guest
-        cooperation to ensure points in time when no I/O is in flight
-        across the network can be important for properly capturing
-        disk state.</dd>
-
-      <dt>Network latency</dt>
-      <dd>Whether it's domain storage or saving domain state into
-        remote storage, network latency has an impact on snapshot
-        data. Having dedicated network capacity, bandwidth, or quality
-        of service levels may play a role, as well as planning for how
-        much of the backup process needs to be local.</dd>
-    </dl>
-
-    <p>
-      An example of the various facets in action is migration of a
-      running guest. In order for the guest to be able to resume on
-      the destination at the same place it left off at the source, the
-      hypervisor has to get to a point where execution on the source
-      is stopped, the last remaining changes occurring since the
-      migration started are then transferred, and the guest is started
-      on the target. The management software thus must keep track of
-      the starting point and any changes since the starting
-      point. These last changes are often referred to as dirty page
-      tracking or dirty disk block bitmaps. At some point in time
-      during the migration, the management software must freeze the
-      source guest, transfer the dirty data, and then start the guest
-      on the target. This period of time must be minimal. To minimize
-      overall migration time, one is advised to use a dedicated
-      network connection with a high quality of service. Alternatively
-      saving the current state of the running guest can just be a
-      point in time type operation which doesn't require updating the
-      "last vestiges" of state prior to writing out the saved state
-      file. The state file is the point in time of whatever is current
-      and may contain incomplete data which if used to restart the
-      guest could cause confusion or problems because some operation
-      wasn't completed depending upon where in time the operation was
-      commenced.
-    </p>
-
-    <h2><a id="apis">State capture APIs</a></h2>
-    <p>With those definitions, the following libvirt APIs related to
-      state capture have these properties:</p>
-    <dl>
-      <dt><a href="html/libvirt-libvirt-domain.html#virDomainManagedSave"><code>virDomainManagedSave</code></a></dt>
-      <dd>This API saves guest memory, with libvirt managing all of
-        the saved state, then stops the guest. While stopped, the
-        disks can be copied by a third party.  However, since any
-        subsequent restart of the guest by libvirt API will restore
-        the memory state (which typically only works if the disk state
-        is unchanged in the meantime), and since it is not possible to
-        get at the memory state that libvirt is managing, this is not
-        viable as a means for rolling back to earlier saved states,
-        but is rather more suited to situations such as suspending a
-        guest prior to rebooting the host in order to resume the guest
-        when the host is back up. This API also has a drawback of
-        potentially long guest downtime, and therefore does not lend
-        itself well to live backups.</dd>
-
-      <dt><a href="html/libvirt-libvirt-domain.html#virDomainSave"><code>virDomainSave</code></a></dt>
-      <dd>This API is similar to virDomainManagedSave(), but moves the
-        burden on managing the stored memory state to the user. As
-        such, the user can now couple saved state with copies of the
-        disks to perform a revert to an arbitrary earlier saved state.
-        However, changing who manages the memory state does not change
-        the drawback of potentially long guest downtime when capturing
-        state.</dd>
-
-      <dt><a href="html/libvirt-libvirt-domain-snapshot.html#virDomainSnapshotCreateXML"><code>virDomainSnapshotCreateXML</code></a></dt>
-      <dd>This API wraps several approaches for capturing guest state,
-        with a general premise of creating a snapshot (where the
-        current guest resources are frozen in time and a new wrapper
-        layer is opened for tracking subsequent guest changes).  It
-        can operate on both offline and running guests, can choose
-        whether to capture the state of memory, disk, or both when
-        used on a running guest, and can choose between internal and
-        external storage for captured state.  However, it is geared
-        towards post-event captures (when capturing both memory and
-        disk state, the disk state is not captured until all memory
-        state has been collected first).  Using QEMU as the
-        hypervisor, internal snapshots currently have lengthy downtime
-        that is incompatible with freezing guest I/O, but external
-        snapshots are quick when memory contents are not also saved.
-        Since creating an external snapshot changes which disk image
-        resource is in use by the guest, this API can be coupled
-        with <a href="html/libvirt-libvirt-domain.html#virDomainBlockCommit"><code>virDomainBlockCommit()</code></a>
-        to restore things back to the guest using its original disk
-        image, where a third-party tool can read the backing file
-        prior to the live commit.  See also
-        the <a href="formatsnapshot.html">XML details</a> used with
-        this command.</dd>
-
-      <dt><a href="html/libvirt-libvirt-domain.html#virDomainFSFreeze"><code>virDomainFSFreeze</code></a>, <a href="html/libvirt-libvirt-domain.html#virDomainFSThaw"><code>virDomainFSThaw</code></a></dt>
-      <dd>This pair of APIs does not directly capture guest state, but
-        can be used to coordinate with a trusted live guest that state
-        capture is about to happen, and therefore guest I/O should be
-        quiesced so that the state capture is fully consistent, rather
-        than merely crash consistent.  Some APIs are able to
-        automatically perform a freeze and thaw via a flags parameter,
-        rather than having to make separate calls to these
-        functions. Also, note that freezing guest I/O is only possible
-        with trusted guests running a guest agent, and that some
-        guests place maximum time limits on how long I/O can be
-        frozen.</dd>
-
-      <dt><a href="html/libvirt-libvirt-domain-checkpoint.html#virDomainCheckpointCreateXML"><code>virDomainCheckpointCreateXML</code></a></dt>
-      <dd>This API does not actually capture guest state, rather it
-        makes it possible to track which portions of guest disks have
-        changed between a checkpoint and the current live execution of
-        the guest.  However, while it is possible use this API to
-        create checkpoints in isolation, it is more typical to create
-        a checkpoint as a side-effect of starting a new incremental
-        backup with <code>virDomainBackupBegin()</code> or at the
-        creation of an external snapshot
-        with <code>virDomainSnapshotCreateXML2()</code>, since a
-        second incremental backup is most useful when using the
-        checkpoint created during the first.  See also
-        the <a href="formatcheckpoint.html">XML details</a> used with
-        this command.</dd>
-
-      <dt><a href="html/libvirt-libvirt-domain.html#virDomainBackupBegin"><code>virDomainBackupBegin</code></a>, <a href="html/libvirt-libvirt-domain.html#virDomainBackupEnd"><code>virDomainBackupEnd</code></a></dt>
-      <dd>This API wraps approaches for capturing the state of disks
-        of a running guest, but does not track accompanying guest
-        memory state.  The capture is consistent to the start of the
-        operation, where the captured state is stored independently
-        from the disk image in use with the guest and where it can be
-        easily integrated with a third-party for capturing the disk
-        state.  Since the backup operation is stored externally from
-        the guest resources, there is no need to commit data back in
-        at the completion of the operation.  When coupled with
-        checkpoints, this can be used to capture incremental backups
-        instead of full.</dd>
-    </dl>
-
-    <h2><a id="examples">Examples</a></h2>
-    <p>The following two sequences both accomplish the task of
-      capturing the disk state of a running guest, then wrapping
-      things up so that the guest is still running with the same file
-      as its disk image as before the sequence of operations began.
-      The difference between the two sequences boils down to the
-      impact of an unexpected interruption made at any point in the
-      middle of the sequence: with such an interruption, the first
-      example leaves the guest tied to a temporary wrapper file rather
-      than the original disk, and requires manual clean up of the
-      domain definition; while the second example has no impact to the
-      domain definition.</p>
-
-    <p>1. Backup via temporary snapshot
-      <pre>
-virDomainFSFreeze()
-virDomainSnapshotCreateXML(VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY)
-virDomainFSThaw()
-third-party copy the backing file to backup storage # most time spent here
-virDomainBlockCommit(VIR_DOMAIN_BLOCK_COMMIT_ACTIVE) per disk
-wait for commit ready event per disk
-virDomainBlockJobAbort() per disk
-      </pre></p>
-
-    <p>2. Direct backup
-      <pre>
-virDomainFSFreeze()
-virDomainBackupBegin()
-virDomainFSThaw()
-wait for push mode event, or pull data over NBD # most time spent here
-virDomainBackupEnd()
-    </pre></p>
-
-  </body>
-</html>
--- a/docs/kbase/domainstatecapture.rst
+++ b/docs/kbase/domainstatecapture.rst
@@ -0,0 +1,255 @@
+==================================
+Domain state capture using Libvirt
+==================================
+
+.. contents::
+
+In order to aid application developers to choose which operations best
+suit their needs, this page compares the different means for capturing
+state related to a domain managed by libvirt.
+
+The information here is primarily geared towards capturing the state of
+an active domain. Capturing the state of an inactive domain essentially
+amounts to copying the contents of guest disks, followed by a fresh boot
+of the same domain configuration with disks restored back to that saved
+state.
+
+State capture trade-offs
+========================
+
+One of the features made possible with virtual machines is live
+migration -- transferring all state related to the guest from one host
+to another with minimal interruption to the guest's activity. In this
+case, state includes domain memory (including register and device
+contents), and domain storage (whether the guest's view of the disks are
+backed by local storage on the host, or by the hypervisor accessing
+shared storage over a network). A clever observer will then note that if
+all state is available for live migration, then there is nothing
+stopping a user from saving some or all of that state at a given point
+of time in order to be able to later rewind guest execution back to the
+state it previously had. The astute reader will also realize that state
+capture at any level requires that the data must be stored and managed
+by some mechanism. This processing might fit in a single file, or more
+likely require a chain of related files, and may require synchronization
+with third-party tools built around managing the amount of data
+resulting from capturing the state of multiple guests that each use
+multiple disks.
+
+There are several libvirt APIs associated with capturing the state of a
+guest, which can later be used to rewind that guest to the conditions it
+was in earlier. The following is a list of trade-offs and differences
+between the various facets that affect capturing domain state for active
+domains:
+
+Duration
+   Capturing state can be a lengthy process, so while the captured state
+   ideally represents an atomic point in time corresponding to something
+   the guest was actually executing, capturing state tends to focus on
+   minimizing guest downtime while performing the rest of the state
+   capture in parallel with guest execution. Some interfaces require
+   up-front preparation (the state captured is not complete until the
+   API ends, which may be some time after the command was first
+   started), while other interfaces track the state when the command was
+   first issued, regardless of the time spent in capturing the rest of
+   the state. Also, time spent in state capture may be longer than the
+   time required for live migration, when state must be duplicated
+   rather than shared.
+Amount of state
+   For an online guest, there is a choice between capturing the guest's
+   memory (all that is needed during live migration when the storage is
+   already shared between source and destination), the guest's disk
+   state (all that is needed if there are no pending guest I/O
+   transactions that would be lost without the corresponding memory
+   state), or both together. Reverting to partial state may still be
+   viable, but typically, booting from captured disk state without
+   corresponding memory is comparable to rebooting a machine that had
+   power cut before I/O could be flushed. Guests may need to use proper
+   journaling methods to avoid problems when booting from partial state.
+Quiescing of data
+   Even if a guest has no pending I/O, capturing disk state may catch
+   the guest at a time when the contents of the disk are inconsistent.
+   Cooperating with the guest to perform data quiescing is an optional
+   step to ensure that captured disk state is fully consistent without
+   requiring additional memory state, rather than just crash-consistent.
+   But guest cooperation may also have time constraints, where the guest
+   can rightfully panic if there is too much downtime while I/O is
+   frozen.
+Quantity of files
+   When capturing state, some approaches store all state within the same
+   file (internal), while others expand a chain of related files that
+   must be used together (external), for more files that a management
+   application must track.
+Impact to guest definition
+   Capturing state may require temporary changes to the guest
+   definition, such as associating new files into the domain definition.
+   While state capture should never impact the running guest, a change
+   to the domain's active XML may have impact on other host operations
+   being performed on the domain.
+Third-party integration
+   When capturing state, there are tradeoffs to how much of the process
+   must be done directly by the hypervisor, and how much can be
+   off-loaded to third-party software. Since capturing state is not
+   instantaneous, it is essential that any third-party integration see
+   consistent data even if the running guest continues to modify that
+   data after the point in time of the capture.
+Full vs. incremental
+   When periodically repeating the action of state capture, it is useful
+   to minimize the amount of state that must be captured by exploiting
+   the relation to a previous capture, such as focusing only on the
+   portions of the disk that the guest has modified in the meantime.
+   Some approaches are able to take advantage of checkpoints to provide
+   an incremental backup, while others are only capable of a full backup
+   even if that means re-capturing unchanged portions of the disk.
+Local vs. remote
+   Domains that completely use remote storage may only need some
+   mechanism to keep track of guest memory state while using external
+   means to manage storage. Still, hypervisor and guest cooperation to
+   ensure points in time when no I/O is in flight across the network can
+   be important for properly capturing disk state.
+Network latency
+   Whether it's domain storage or saving domain state into remote
+   storage, network latency has an impact on snapshot data. Having
+   dedicated network capacity, bandwidth, or quality of service levels
+   may play a role, as well as planning for how much of the backup
+   process needs to be local.
+
+An example of the various facets in action is migration of a running
+guest. In order for the guest to be able to resume on the destination at
+the same place it left off at the source, the hypervisor has to get to a
+point where execution on the source is stopped, the last remaining
+changes occurring since the migration started are then transferred, and
+the guest is started on the target. The management software thus must
+keep track of the starting point and any changes since the starting
+point. These last changes are often referred to as dirty page tracking
+or dirty disk block bitmaps. At some point in time during the migration,
+the management software must freeze the source guest, transfer the dirty
+data, and then start the guest on the target. This period of time must
+be minimal. To minimize overall migration time, one is advised to use a
+dedicated network connection with a high quality of service.
+Alternatively saving the current state of the running guest can just be
+a point in time type operation which doesn't require updating the "last
+vestiges" of state prior to writing out the saved state file. The state
+file is the point in time of whatever is current and may contain
+incomplete data which if used to restart the guest could cause confusion
+or problems because some operation wasn't completed depending upon where
+in time the operation was commenced.
+
+State capture APIs
+==================
+
+With those definitions, the following libvirt APIs related to state
+capture have these properties:
+
+`virDomainManagedSave <../html/libvirt-libvirt-domain.html#virDomainManagedSave>`__
+   This API saves guest memory, with libvirt managing all of the saved
+   state, then stops the guest. While stopped, the disks can be copied
+   by a third party. However, since any subsequent restart of the guest
+   by libvirt API will restore the memory state (which typically only
+   works if the disk state is unchanged in the meantime), and since it
+   is not possible to get at the memory state that libvirt is managing,
+   this is not viable as a means for rolling back to earlier saved
+   states, but is rather more suited to situations such as suspending a
+   guest prior to rebooting the host in order to resume the guest when
+   the host is back up. This API also has a drawback of potentially long
+   guest downtime, and therefore does not lend itself well to live
+   backups.
+`virDomainSave <../html/libvirt-libvirt-domain.html#virDomainSave>`__
+   This API is similar to virDomainManagedSave(), but moves the burden
+   on managing the stored memory state to the user. As such, the user
+   can now couple saved state with copies of the disks to perform a
+   revert to an arbitrary earlier saved state. However, changing who
+   manages the memory state does not change the drawback of potentially
+   long guest downtime when capturing state.
+`virDomainSnapshotCreateXML <../html/libvirt-libvirt-domain-snapshot.html#virDomainSnapshotCreateXML>`__
+   This API wraps several approaches for capturing guest state, with a
+   general premise of creating a snapshot (where the current guest
+   resources are frozen in time and a new wrapper layer is opened for
+   tracking subsequent guest changes). It can operate on both offline
+   and running guests, can choose whether to capture the state of
+   memory, disk, or both when used on a running guest, and can choose
+   between internal and external storage for captured state. However, it
+   is geared towards post-event captures (when capturing both memory and
+   disk state, the disk state is not captured until all memory state has
+   been collected first). Using QEMU as the hypervisor, internal
+   snapshots currently have lengthy downtime that is incompatible with
+   freezing guest I/O, but external snapshots are quick when memory
+   contents are not also saved. Since creating an external snapshot
+   changes which disk image resource is in use by the guest, this API
+   can be coupled with
+   `virDomainBlockCommit() <html/libvirt-libvirt-domain.html#virDomainBlockCommit>`__
+   to restore things back to the guest using its original disk image,
+   where a third-party tool can read the backing file prior to the live
+   commit. See also the `XML details <formatsnapshot.html>`__ used with
+   this command.
+`virDomainFSFreeze <html/libvirt-libvirt-domain.html#virDomainFSFreeze>`__, `virDomainFSThaw <html/libvirt-libvirt-domain.html#virDomainFSThaw>`__
+   This pair of APIs does not directly capture guest state, but can be
+   used to coordinate with a trusted live guest that state capture is
+   about to happen, and therefore guest I/O should be quiesced so that
+   the state capture is fully consistent, rather than merely crash
+   consistent. Some APIs are able to automatically perform a freeze and
+   thaw via a flags parameter, rather than having to make separate calls
+   to these functions. Also, note that freezing guest I/O is only
+   possible with trusted guests running a guest agent, and that some
+   guests place maximum time limits on how long I/O can be frozen.
+`virDomainCheckpointCreateXML <html/libvirt-libvirt-domain-checkpoint.html#virDomainCheckpointCreateXML>`__
+   This API does not actually capture guest state, rather it makes it
+   possible to track which portions of guest disks have changed between
+   a checkpoint and the current live execution of the guest. However,
+   while it is possible use this API to create checkpoints in isolation,
+   it is more typical to create a checkpoint as a side-effect of
+   starting a new incremental backup with ``virDomainBackupBegin()`` or
+   at the creation of an external snapshot with
+   ``virDomainSnapshotCreateXML2()``, since a second incremental backup
+   is most useful when using the checkpoint created during the first.
+   See also the `XML details <formatcheckpoint.html>`__ used with this
+   command.
+`virDomainBackupBegin <html/libvirt-libvirt-domain.html#virDomainBackupBegin>`__, `virDomainBackupEnd <html/libvirt-libvirt-domain.html#virDomainBackupEnd>`__
+   This API wraps approaches for capturing the state of disks of a
+   running guest, but does not track accompanying guest memory state.
+   The capture is consistent to the start of the operation, where the
+   captured state is stored independently from the disk image in use
+   with the guest and where it can be easily integrated with a
+   third-party for capturing the disk state. Since the backup operation
+   is stored externally from the guest resources, there is no need to
+   commit data back in at the completion of the operation. When coupled
+   with checkpoints, this can be used to capture incremental backups
+   instead of full.
+
+Examples
+========
+
+The following two sequences both accomplish the task of capturing the
+disk state of a running guest, then wrapping things up so that the guest
+is still running with the same file as its disk image as before the
+sequence of operations began. The difference between the two sequences
+boils down to the impact of an unexpected interruption made at any point
+in the middle of the sequence: with such an interruption, the first
+example leaves the guest tied to a temporary wrapper file rather than
+the original disk, and requires manual clean up of the domain
+definition; while the second example has no impact to the domain
+definition.
+
+Backup via temporary snapshot
+-----------------------------
+
+::
+
+   virDomainFSFreeze()
+   virDomainSnapshotCreateXML(VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY)
+   virDomainFSThaw()
+   third-party copy the backing file to backup storage # most time spent here
+   virDomainBlockCommit(VIR_DOMAIN_BLOCK_COMMIT_ACTIVE) per disk
+   wait for commit ready event per disk
+   virDomainBlockJobAbort() per disk
+
+
+Direct backup
+-------------
+
+::
+
+   virDomainFSFreeze()
+   virDomainBackupBegin()
+   virDomainFSThaw()
+   wait for push mode event, or pull data over NBD # most time spent here
+   virDomainBackupEnd()
--- a/docs/kbase/launch_security_sev.html.in
+++ b/docs/kbase/launch_security_sev.html.in
@@ -1,533 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Launch security with AMD SEV</h1>
-
-    <ul id="toc"></ul>
-
-    <p>
-        Storage encryption in modern public cloud computing is a common practice.
-        However, from the point of view of a user of these cloud workloads, a
-        significant amount of trust needs to be put in the cloud platform security as
-        well as integrity (was the hypervisor tampered?). For this reason there's ever
-        rising demand for securing data in use, i.e. memory encryption.
-        One of the solutions addressing this matter is AMD SEV.
-    </p>
-
-    <h2>AMD SEV</h2>
-    <p>
-        SEV (Secure Encrypted Virtualization) is a feature extension of AMD's SME (Secure
-        Memory Encryption) intended for KVM virtual machines which is supported
-        primarily on AMD's EPYC CPU line. In contrast to SME, SEV uses a unique memory encryption
-        key for each VM. The whole encryption of memory pages is completely transparent
-        to the hypervisor and happens inside dedicated hardware in the on-die memory controller.
-        Each controller includes a high-performance Advanced Encryption Standard
-        (AES) engine that encrypts data when it is written to DRAM and decrypts it
-        when read.
-
-        For more details about the technology itself, you can visit
-      <a href="https://developer.amd.com/sev/">AMD's developer portal</a>.
-    </p>
-
-    <h2><a id="Host">Enabling SEV on the host</a></h2>
-      <p>
-          Before VMs can make use of the SEV feature you need to make sure your
-          AMD CPU does support SEV. You can check whether SEV is among the CPU
-          flags with:
-      </p>
-
-      <pre>
-$ cat /proc/cpuinfo | grep sev
-...
-sme ssbd sev ibpb</pre>
-
-      <p>
-          Next step is to enable SEV in the kernel, because it is disabled by default.
-          This is done by putting the following onto the kernel command line:
-      </p>
-
-      <pre>
-mem_encrypt=on kvm_amd.sev=1
-      </pre>
-
-      <p>
-          To make the changes persistent, append the above to the variable holding
-          parameters of the kernel command line in
-          <code>/etc/default/grub</code> to preserve SEV settings across reboots
-      </p>
-
-      <pre>
-$ cat /etc/default/grub
-...
-GRUB_CMDLINE_LINUX="... mem_encrypt=on kvm_amd.sev=1"
-$ grub2-mkconfig -o /boot/efi/EFI/&lt;distro&gt;/grub.cfg</pre>
-
-      <p>
-        <code>mem_encrypt=on</code> turns on the SME memory encryption feature on
-        the host which protects against the physical attack on the hypervisor
-        memory. The <code>kvm_amd.sev</code> parameter actually enables SEV in
-        the kvm module. It can be set on the command line alongside
-        <code>mem_encrypt</code> like shown above, or it can be put into a
-        module config under <code>/etc/modprobe.d/</code>
-      </p>
-
-      <pre>
-$ cat /etc/modprobe.d/sev.conf
-options kvm_amd sev=1
-      </pre>
-
-      <p>
-          After rebooting the host, you should see SEV being enabled in the kernel:
-      </p>
-
-      <pre>
-$ cat /sys/module/kvm_amd/parameters/sev
-1
-      </pre>
-
-      <h2><a id="Virt">Checking SEV support in the virt stack</a></h2>
-      <p>
-        <b>Note: All of the commands bellow need to be run with root privileges.</b>
-      </p>
-
-      <p>
-          First make sure you have the following packages in the specified versions:
-      </p>
-
-      <ul>
-        <li>
-            libvirt >= 4.5.0 (>5.1.0 recommended due to additional SEV bugfixes)
-        </li>
-        <li>
-            QEMU >= 2.12.0
-        </li>
-      </ul>
-      <p>
-          To confirm that the virtualization stack supports SEV, run the following:
-      </p>
-
-      <pre>
-# virsh domcapabilities
-&lt;domainCapabilities&gt;
-...
-  &lt;features&gt;
-    ...
-    &lt;sev supported='yes'&gt;
-      &lt;cbitpos&gt;47&lt;/cbitpos&gt;
-      &lt;reducedPhysBits&gt;1&lt;/reducedPhysBits&gt;
-    &lt;/sev&gt;
-    ...
-  &lt;/features&gt;
-&lt;/domainCapabilities&gt;</pre>
-      <p>
-          Note that if libvirt was already installed and libvirtd running before enabling SEV in the kernel followed by the host reboot you need to force libvirtd
-          to re-probe both the host and QEMU capabilities. First stop libvirtd:
-      </p>
-
-      <pre>
-# systemctl stop libvirtd.service
-      </pre>
-
-      <p>
-          Now you need to clean the capabilities cache:
-      </p>
-
-      <pre>
-# rm -f /var/cache/libvirt/qemu/capabilities/*
-      </pre>
-
-      <p>
-          If you now restart libvirtd, it will re-probe the capabilities and if
-          you now run:
-      </p>
-
-      <pre>
-# virsh domcapabilities
-      </pre>
-
-      <p>
-          SEV should be listed as supported. If you still see:
-      </p>
-
-      <pre>
-&lt;sev supported='no'/&gt;
-      </pre>
-
-      <p>
-          it means one of two things:
-        <ol>
-          <li>
-              libvirt does support SEV, but either QEMU or the host does not
-          </li>
-          <li>
-            you have libvirt &lt;=5.1.0 which suffered from getting a
-            <code>'Permission denied'</code> on <code>/dev/sev</code> because
-            of the default permissions on the character device which prevented
-            QEMU from opening it during capabilities probing - you can either
-            manually tweak the permissions so that QEMU has access to it or
-            preferably install libvirt 5.1.0 or higher
-          </li>
-        </ol>
-      </p>
-
-    <h2><a id="Configuration">VM Configuration</a></h2>
-    <p>
-        SEV is enabled in the XML by specifying the
-      <a href="https://libvirt.org/formatdomain.html#launchSecurity">&lt;launchSecurity&gt; </a> element. However, specifying <code>launchSecurity</code> isn't
-        enough to boot an SEV VM. Further configuration requirements are discussed
-          below.
-      </p>
-
-      <h3><a id="Machine">Machine type</a></h3>
-      <p>
-          Even though both Q35 and legacy PC machine types (for PC see also
-          "virtio") can be used with SEV, usage of the legacy PC machine type is
-          strongly discouraged, since depending on how your OVMF package was
-          built (e.g. including features like SecureBoot or SMM) Q35 may even be
-          required.
-      </p>
-
-      <h5>Q35</h5>
-<pre>
-...
-&lt;os&gt;
-  &lt;type arch='x86_64' machine='pc-q35-3.0'&gt;hvm&lt;/type&gt;
-  ...
-&lt;/os&gt;
-...</pre>
-
-      <h5>i440fx (discouraged)</h5>
-      <pre>
-...
-&lt;os&gt;
-  &lt;type arch='x86_64' machine='pc-i440fx-3.0'&gt;hvm&lt;/type&gt;
-  ...
-&lt;/os&gt;
-...
-      </pre>
-
-      <h3><a id="Boot">Boot loader</a></h3>
-      <p>
-          SEV is only going to work with OVMF (UEFI), so you'll need to point libvirt to
-          the correct OVMF binary.
-      </p>
-      <pre>
-...
-&lt;os&gt;
-  &lt;type arch='x86_64' machine='pc-q35-3.0'&gt;hvm&lt;/type&gt;
-  &lt;loader readonly='yes' type='pflash'&gt;/usr/share/edk2/ovmf/OVMF_CODE.fd&lt;/loader&gt;
-&lt;/os&gt;
-...</pre>
-
-      <h3><a id="Memory">Memory</a></h3>
-      <p>
-          Internally, SEV expects that the encrypted memory pages won't be swapped out or move
-          around so the VM memory needs to be pinned in physical RAM which will be
-          handled by QEMU. Apart from that, certain memory regions allocated by QEMU
-          itself (UEFI pflash, device ROMs, video RAM, etc.) have to be encrypted as
-          well. This causes a conflict in how libvirt tries to protect the host.
-          By default, libvirt enforces a memory hard limit on each VM's cgroup in order
-          to protect the host from malicious QEMU to allocate and lock all the available
-          memory. This limit corresponds to the total memory allocation for the VM given
-          by <code>&lt;currentMemory&gt;</code> element. However, trying to account for the additional
-          memory regions QEMU allocates when calculating the limit in an automated manner
-          is non-deterministic. One way to resolve this is to set the hard limit manually.
-
-        <p>
-          Note: Figuring out the right number so that your guest boots and isn't killed is
-          challenging, but 256MiB extra memory over the total guest RAM should suffice for
-          most workloads and may serve as a good starting point.
-
-          For example, a domain with 4GB memory with a 256MiB extra hard limit would look
-          like this:
-        </p>
-      </p>
-
-      <pre>
-# virsh edit &lt;domain&gt;
-&lt;domain&gt;
-  ...
-  &lt;currentMemory unit='KiB'&gt;4194304&lt;/currentMemory&gt;
-  &lt;memtune&gt;
-    &lt;hard_limit unit='KiB'&gt;4456448&lt;/hard_limit&gt;
-  &lt;/memtune&gt;
-  ...
-&lt;/domain&gt;</pre>
-      <p>
-          There's another, preferred method of taking care of the limits by
-          using the<code>&lt;memoryBacking&gt;</code> element along with the
-          <code>&lt;locked/&gt;</code> subelement:
-        </p>
-
-      <pre>
-&lt;domain&gt;
-  ...
-  &lt;memoryBacking&gt;
-    &lt;locked/&gt;
-  &lt;/memoryBacking&gt;
-  ...
-&lt;/domain&gt;</pre>
-
-      <p>
-          What that does is that it tells libvirt not to force any hard limit (well,
-          unlimited) upon the VM cgroup. The obvious advantage is that one doesn't need
-          to determine the hard limit for every single SEV-enabled VM. However, there is
-          a significant security-related drawback to this approach. Since no hard limit
-          is applied, a malicious QEMU could perform a DoS attack by locking all of the
-          host's available memory. The way to avoid this issue and to protect the host is
-          to enforce a bigger hard limit on the master cgroup containing all of the VMs
-          - on systemd this is <code>machine.slice</code>.
-      </p>
-
-      <pre>
-# systemctl set-property machine.slice MemoryHigh=&lt;value&gt;</pre>
-
-      <p>
-          To put even stricter measures in place which would involve the OOM killer, use
-        <pre>
-# systemctl set-property machine.slice MemoryMax=&lt;value&gt;</pre>
-          instead. Alternatively, you can create a systemd config (don't forget
-          to reload systemd configuration in this case):
-        <pre>
-# cat &lt;&lt; EOF &gt; /etc/systemd/system.control/machine.slice.d/90-MemoryMax.conf
-MemoryMax=&lt;value&gt;
-EOF</pre>
-          The trade-off to keep in mind with the second approach is that the VMs
-          can still perform DoS on each other.
-      </p>
-
-      <h3><a id="Virtio">Virtio</a></h3>
-      <p>
-          In order to make virtio devices work, we need to enable emulated IOMMU
-          on the devices so that virtual DMA can work.
-      </p>
-
-      <pre>
-# virsh edit &lt;domain&gt;
-&lt;domain&gt;
-  ...
-  &lt;controller type='virtio-serial' index='0'&gt;
-    &lt;driver iommu='on'/&gt;
-  &lt;/controller&gt;
-  &lt;controller type='scsi' index='0' model='virtio-scsi'&gt;
-    &lt;driver iommu='on'/&gt;
-  &lt;/controller&gt;
-  ...
-  &lt;memballoon model='virtio'&gt;
-    &lt;driver iommu='on'/&gt;
-  &lt;/memballoon&gt;
-  &lt;rng model='virtio'&gt;
-    &lt;backend model='random'&gt;/dev/urandom&lt;/backend&gt;
-    &lt;driver iommu='on'/&gt;
-  &lt;/rng&gt;
-  ...
-&lt;domain&gt;</pre>
-
-    <p>
-        If you for some reason want to use the legacy PC machine type, further changes
-        to the virtio
-        configuration is required, because SEV will not work with Virtio &lt;1.0. In
-        libvirt, this is handled by using the virtio-non-transitional device model
-        (libvirt &gt;= 5.2.0 required).
-
-      <p>
-        Note: some devices like video devices don't
-          support non-transitional model, which means that virtio GPU cannot be used.
-      </p>
-    </p>
-
-    <pre>
-&lt;domain&gt;
-  ...
-  &lt;devices&gt;
-    ...
-    &lt;memballoon model='virtio-non-transitional'&gt;
-      &lt;driver iommu='on'/&gt;
-    &lt;/memballoon&gt;
-  &lt;/devices&gt;
-  ...
-&lt;/domain&gt;</pre>
-
-    <h2><a id="Guest">Checking SEV from within the guest</a></h2>
-    <p>
-        After making the necessary adjustments discussed in
-        <a href="#Configuration">Configuration</a>, the VM should now boot
-        successfully with SEV enabled. You can then verify that the guest has
-        SEV enabled by running:
-    </p>
-
-    <pre>
-# dmesg | grep -i sev
-AMD Secure Encrypted Virtualization (SEV) active</pre>
-
-    <h2><a id="Limitations">Limitations</a></h2>
-    <p>
-        Currently, the boot disk cannot be of type virtio-blk, instead, virtio-scsi
-        needs to be used if virtio is desired. This limitation is expected to be lifted
-        with future releases of kernel (the kernel used at the time of writing the
-        article is 5.0.14).
-        If you still cannot start an SEV VM, it could be because of wrong SELinux label on the <code>/dev/sev</code> device with selinux-policy &lt;3.14.2.40 which prevents QEMU from touching the device. This can be resolved by upgrading the package, tuning the selinux policy rules manually to allow svirt_t to access the device (see <code>audit2allow</code> on how to do that) or putting SELinux into permissive mode (discouraged).
-    </p>
-
-    <h2><a id="Examples">Full domain XML examples</a></h2>
-
-    <h5>Q35 machine</h5>
-    <pre>
-&lt;domain type='kvm'&gt;
-  &lt;name&gt;sev-dummy&lt;/name&gt;
-  &lt;memory unit='KiB'&gt;4194304&lt;/memory&gt;
-  &lt;currentMemory unit='KiB'&gt;4194304&lt;/currentMemory&gt;
-  &lt;memoryBacking&gt;
-    &lt;locked/&gt;
-  &lt;/memoryBacking&gt;
-  &lt;vcpu placement='static'&gt;4&lt;/vcpu&gt;
-  &lt;os&gt;
-    &lt;type arch='x86_64' machine='pc-q35-3.0'&gt;hvm&lt;/type&gt;
-    &lt;loader readonly='yes' type='pflash'&gt;/usr/share/edk2/ovmf/OVMF_CODE.fd&lt;/loader&gt;
-    &lt;nvram&gt;/var/lib/libvirt/qemu/nvram/sev-dummy_VARS.fd&lt;/nvram&gt;
-  &lt;/os&gt;
-  &lt;features&gt;
-    &lt;acpi/&gt;
-    &lt;apic/&gt;
-    &lt;vmport state='off'/&gt;
-  &lt;/features&gt;
-  &lt;cpu mode='host-model' check='partial'&gt;
-    &lt;model fallback='allow'/&gt;
-  &lt;/cpu&gt;
-  &lt;clock offset='utc'&gt;
-    &lt;timer name='rtc' tickpolicy='catchup'/&gt;
-    &lt;timer name='pit' tickpolicy='delay'/&gt;
-    &lt;timer name='hpet' present='no'/&gt;
-  &lt;/clock&gt;
-  &lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;
-  &lt;on_reboot&gt;restart&lt;/on_reboot&gt;
-  &lt;on_crash&gt;destroy&lt;/on_crash&gt;
-  &lt;pm&gt;
-    &lt;suspend-to-mem enabled='no'/&gt;
-    &lt;suspend-to-disk enabled='no'/&gt;
-  &lt;/pm&gt;
-  &lt;devices&gt;
-    &lt;emulator&gt;/usr/bin/qemu-kvm&lt;/emulator&gt;
-    &lt;disk type='file' device='disk'&gt;
-      &lt;driver name='qemu' type='qcow2'/&gt;
-      &lt;source file='/var/lib/libvirt/images/sev-dummy.qcow2'/&gt;
-      &lt;target dev='sda' bus='scsi'/&gt;
-      &lt;boot order='1'/&gt;
-    &lt;/disk&gt;
-    &lt;controller type='virtio-serial' index='0'&gt;
-      &lt;driver iommu='on'/&gt;
-    &lt;/controller&gt;
-    &lt;controller type='scsi' index='0' model='virtio-scsi'&gt;
-      &lt;driver iommu='on'/&gt;
-    &lt;/controller&gt;
-    &lt;interface type='network'&gt;
-      &lt;mac address='52:54:00:cc:56:90'/&gt;
-      &lt;source network='default'/&gt;
-      &lt;model type='virtio'/&gt;
-      &lt;driver iommu='on'/&gt;
-    &lt;/interface&gt;
-    &lt;graphics type='spice' autoport='yes'&gt;
-      &lt;listen type='address'/&gt;
-      &lt;gl enable='no'/&gt;
-    &lt;/graphics&gt;
-    &lt;video&gt;
-      &lt;model type='qxl'/&gt;
-    &lt;/video&gt;
-    &lt;memballoon model='virtio'&gt;
-      &lt;driver iommu='on'/&gt;
-    &lt;/memballoon&gt;
-    &lt;rng model='virtio'&gt;
-      &lt;driver iommu='on'/&gt;
-    &lt;/rng&gt;
-  &lt;/devices&gt;
-  &lt;launchSecurity type='sev'&gt;
-    &lt;cbitpos&gt;47&lt;/cbitpos&gt;
-    &lt;reducedPhysBits&gt;1&lt;/reducedPhysBits&gt;
-    &lt;policy&gt;0x0003&lt;/policy&gt;
-  &lt;/launchSecurity&gt;
-&lt;/domain&gt;</pre>
-
-    <h5>PC-i440fx machine:</h5>
-    <pre>
-&lt;domain type='kvm'&gt;
-  &lt;name&gt;sev-dummy-legacy&lt;/name&gt;
-  &lt;memory unit='KiB'&gt;4194304&lt;/memory&gt;
-  &lt;currentMemory unit='KiB'&gt;4194304&lt;/currentMemory&gt;
-  &lt;memtune&gt;
-    &lt;hard_limit unit='KiB'&gt;5242880&lt;/hard_limit&gt;
-  &lt;/memtune&gt;
-  &lt;vcpu placement='static'&gt;4&lt;/vcpu&gt;
-  &lt;os&gt;
-    &lt;type arch='x86_64' machine='pc-i440fx-3.0'&gt;hvm&lt;/type&gt;
-    &lt;loader readonly='yes' type='pflash'&gt;/usr/share/edk2/ovmf/OVMF_CODE.fd&lt;/loader&gt;
-    &lt;nvram&gt;/var/lib/libvirt/qemu/nvram/sev-dummy_VARS.fd&lt;/nvram&gt;
-    &lt;boot dev='hd'/&gt;
-  &lt;/os&gt;
-  &lt;features&gt;
-  &lt;acpi/&gt;
-  &lt;apic/&gt;
-  &lt;vmport state='off'/&gt;
-  &lt;/features&gt;
-  &lt;cpu mode='host-model' check='partial'&gt;
-    &lt;model fallback='allow'/&gt;
-  &lt;/cpu&gt;
-  &lt;clock offset='utc'&gt;
-    &lt;timer name='rtc' tickpolicy='catchup'/&gt;
-    &lt;timer name='pit' tickpolicy='delay'/&gt;
-    &lt;timer name='hpet' present='no'/&gt;
-  &lt;/clock&gt;
-  &lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;
-  &lt;on_reboot&gt;restart&lt;/on_reboot&gt;
-  &lt;on_crash&gt;destroy&lt;/on_crash&gt;
-  &lt;pm&gt;
-    &lt;suspend-to-mem enabled='no'/&gt;
-    &lt;suspend-to-disk enabled='no'/&gt;
-  &lt;/pm&gt;
-  &lt;devices&gt;
-    &lt;emulator&gt;/usr/bin/qemu-kvm&lt;/emulator&gt;
-    &lt;disk type='file' device='disk'&gt;
-      &lt;driver name='qemu' type='qcow2'/&gt;
-      &lt;source file='/var/lib/libvirt/images/sev-dummy-seabios.qcow2'/&gt;
-      &lt;target dev='sda' bus='sata'/&gt;
-    &lt;/disk&gt;
-    &lt;interface type='network'&gt;
-      &lt;mac address='52:54:00:d8:96:c8'/&gt;
-      &lt;source network='default'/&gt;
-      &lt;model type='virtio-non-transitional'/&gt;
-    &lt;/interface&gt;
-    &lt;serial type='pty'&gt;
-      &lt;target type='isa-serial' port='0'&gt;
-        &lt;model name='isa-serial'/&gt;
-      &lt;/target&gt;
-    &lt;/serial&gt;
-    &lt;console type='pty'&gt;
-      &lt;target type='serial' port='0'/&gt;
-    &lt;/console&gt;
-    &lt;input type='tablet' bus='usb'&gt;
-      &lt;address type='usb' bus='0' port='1'/&gt;
-    &lt;/input&gt;
-    &lt;input type='mouse' bus='ps2'/&gt;
-    &lt;input type='keyboard' bus='ps2'/&gt;
-    &lt;graphics type='spice' autoport='yes'&gt;
-      &lt;listen type='address'/&gt;
-      &lt;gl enable='no'/&gt;
-    &lt;/graphics&gt;
-    &lt;video&gt;
-      &lt;model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/&gt;
-    &lt;/video&gt;
-    &lt;memballoon model='virtio-non-transitional'&gt;
-      &lt;driver iommu='on'/&gt;
-    &lt;/memballoon&gt;
-      &lt;rng model='virtio-non-transitional'&gt;
-    &lt;driver iommu='on'/&gt;
-    &lt;/rng&gt;
-  &lt;/devices&gt;
-  &lt;launchSecurity type='sev'&gt;
-    &lt;cbitpos&gt;47&lt;/cbitpos&gt;
-    &lt;reducedPhysBits&gt;1&lt;/reducedPhysBits&gt;
-    &lt;policy&gt;0x0003&lt;/policy&gt;
-  &lt;/launchSecurity&gt;
-&lt;/domain&gt;</pre>
-  </body>
-</html>
--- a/docs/kbase/launch_security_sev.rst
+++ b/docs/kbase/launch_security_sev.rst
@@ -0,0 +1,529 @@
+============================
+Launch security with AMD SEV
+============================
+
+.. contents::
+
+Storage encryption in modern public cloud computing is a common
+practice. However, from the point of view of a user of these cloud
+workloads, a significant amount of trust needs to be put in the cloud
+platform security as well as integrity (was the hypervisor tampered?).
+For this reason there's ever rising demand for securing data in use,
+i.e. memory encryption. One of the solutions addressing this matter is
+AMD SEV.
+
+AMD Secure Encrypted Virtualization (SEV)
+=========================================
+
+SEV (Secure Encrypted Virtualization) is a feature extension of AMD's
+SME (Secure Memory Encryption) intended for KVM virtual machines which
+is supported primarily on AMD's EPYC CPU line. In contrast to SME, SEV
+uses a unique memory encryption key for each VM. The whole encryption of
+memory pages is completely transparent to the hypervisor and happens
+inside dedicated hardware in the on-die memory controller. Each
+controller includes a high-performance Advanced Encryption Standard
+(AES) engine that encrypts data when it is written to DRAM and decrypts
+it when read. For more details about the technology itself, you can
+visit `AMD's developer portal <https://developer.amd.com/sev/>`__.
+
+Enabling SEV on the host
+========================
+
+Before VMs can make use of the SEV feature you need to make sure your
+AMD CPU does support SEV. You can check whether SEV is among the CPU
+flags with:
+
+::
+
+   $ cat /proc/cpuinfo | grep sev
+   ...
+   sme ssbd sev ibpb
+
+Next step is to enable SEV in the kernel, because it is disabled by
+default. This is done by putting the following onto the kernel command
+line:
+
+::
+
+   mem_encrypt=on kvm_amd.sev=1
+
+To make the changes persistent, append the above to the variable holding
+parameters of the kernel command line in ``/etc/default/grub`` to
+preserve SEV settings across reboots
+
+::
+
+   $ cat /etc/default/grub
+   ...
+   GRUB_CMDLINE_LINUX="... mem_encrypt=on kvm_amd.sev=1"
+   $ grub2-mkconfig -o /boot/efi/EFI/<distro>/grub.cfg
+
+``mem_encrypt=on`` turns on the SME memory encryption feature on the
+host which protects against the physical attack on the hypervisor
+memory. The ``kvm_amd.sev`` parameter actually enables SEV in the kvm
+module. It can be set on the command line alongside ``mem_encrypt`` like
+shown above, or it can be put into a module config under
+``/etc/modprobe.d/``
+
+::
+
+   $ cat /etc/modprobe.d/sev.conf
+   options kvm_amd sev=1
+
+After rebooting the host, you should see SEV being enabled in the
+kernel:
+
+::
+
+   $ cat /sys/module/kvm_amd/parameters/sev
+   1
+
+
+Checking SEV support in the virt stack
+======================================
+
+**Note: All of the commands bellow need to be run with root
+privileges.**
+
+First make sure you have the following packages in the specified
+versions:
+
+-  libvirt >= 4.5.0 (>5.1.0 recommended due to additional SEV bugfixes)
+-  QEMU >= 2.12.0
+
+To confirm that the virtualization stack supports SEV, run the
+following:
+
+::
+
+   # virsh domcapabilities
+   <domainCapabilities>
+   ...
+     <features>
+       ...
+       <sev supported='yes'>
+         <cbitpos>47</cbitpos>
+         <reducedPhysBits>1</reducedPhysBits>
+       </sev>
+       ...
+     </features>
+   </domainCapabilities>
+
+Note that if libvirt was already installed and libvirtd running before
+enabling SEV in the kernel followed by the host reboot you need to force
+libvirtd to re-probe both the host and QEMU capabilities. First stop
+libvirtd:
+
+::
+
+   # systemctl stop libvirtd.service
+
+Now you need to clean the capabilities cache:
+
+::
+
+   # rm -f /var/cache/libvirt/qemu/capabilities/*
+
+If you now restart libvirtd, it will re-probe the capabilities and if
+you now run:
+
+::
+
+   # virsh domcapabilities
+
+SEV should be listed as supported. If you still see:
+
+::
+
+   <sev supported='no'/>
+
+it means one of two things:
+
+#. libvirt does support SEV, but either QEMU or the host does not
+#. you have libvirt <=5.1.0 which suffered from getting a
+   ``'Permission denied'`` on ``/dev/sev`` because of the default
+   permissions on the character device which prevented QEMU from opening
+   it during capabilities probing - you can either manually tweak the
+   permissions so that QEMU has access to it or preferably install
+   libvirt 5.1.0 or higher
+
+VM Configuration
+================
+
+SEV is enabled in the XML by specifying the
+`<launchSecurity> <https://libvirt.org/formatdomain.html#launchSecurity>`__
+element. However, specifying ``launchSecurity`` isn't enough to boot an
+SEV VM. Further configuration requirements are discussed below.
+
+Machine type
+------------
+
+Even though both Q35 and legacy PC machine types (for PC see also
+"virtio") can be used with SEV, usage of the legacy PC machine type is
+strongly discouraged, since depending on how your OVMF package was built
+(e.g. including features like SecureBoot or SMM) Q35 may even be
+required.
+
+Q35
+~~~
+
+::
+
+   ...
+   <os>
+     <type arch='x86_64' machine='pc-q35-3.0'>hvm</type>
+     ...
+   </os>
+   ...
+
+i440fx (discouraged)
+~~~~~~~~~~~~~~~~~~~~
+
+::
+
+   ...
+   <os>
+     <type arch='x86_64' machine='pc-i440fx-3.0'>hvm</type>
+     ...
+   </os>
+   ...
+
+Boot loader
+-----------
+
+SEV is only going to work with OVMF (UEFI), so you'll need to point
+libvirt to the correct OVMF binary.
+
+::
+
+   ...
+   <os>
+     <type arch='x86_64' machine='pc-q35-3.0'>hvm</type>
+     <loader readonly='yes' type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.fd</loader>
+   </os>
+   ...
+
+Memory
+------
+
+Internally, SEV expects that the encrypted memory pages won't be swapped
+out or move around so the VM memory needs to be pinned in physical RAM
+which will be handled by QEMU. Apart from that, certain memory regions
+allocated by QEMU itself (UEFI pflash, device ROMs, video RAM, etc.)
+have to be encrypted as well. This causes a conflict in how libvirt
+tries to protect the host. By default, libvirt enforces a memory hard
+limit on each VM's cgroup in order to protect the host from malicious
+QEMU to allocate and lock all the available memory. This limit
+corresponds to the total memory allocation for the VM given by
+``<currentMemory>`` element. However, trying to account for the
+additional memory regions QEMU allocates when calculating the limit in
+an automated manner is non-deterministic. One way to resolve this is to
+set the hard limit manually.
+
+Note: Figuring out the right number so that your guest boots and isn't
+killed is challenging, but 256MiB extra memory over the total guest RAM
+should suffice for most workloads and may serve as a good starting
+point. For example, a domain with 4GB memory with a 256MiB extra hard
+limit would look like this:
+
+::
+
+   # virsh edit <domain>
+   <domain>
+     ...
+     <currentMemory unit='KiB'>4194304</currentMemory>
+     <memtune>
+       <hard_limit unit='KiB'>4456448</hard_limit>
+     </memtune>
+     ...
+   </domain>
+
+There's another, preferred method of taking care of the limits by using
+the\ ``<memoryBacking>`` element along with the ``<locked/>``
+subelement:
+
+::
+
+   <domain>
+     ...
+     <memoryBacking>
+       <locked/>
+     </memoryBacking>
+     ...
+   </domain>
+
+What that does is that it tells libvirt not to force any hard limit
+(well, unlimited) upon the VM cgroup. The obvious advantage is that one
+doesn't need to determine the hard limit for every single SEV-enabled
+VM. However, there is a significant security-related drawback to this
+approach. Since no hard limit is applied, a malicious QEMU could perform
+a DoS attack by locking all of the host's available memory. The way to
+avoid this issue and to protect the host is to enforce a bigger hard
+limit on the master cgroup containing all of the VMs - on systemd this
+is ``machine.slice``.
+
+::
+
+   # systemctl set-property machine.slice MemoryHigh=<value>
+
+To put even stricter measures in place which would involve the OOM
+killer, use
+
+::
+
+   # systemctl set-property machine.slice MemoryMax=<value>
+
+instead. Alternatively, you can create a systemd config (don't forget to
+reload systemd configuration in this case):
+
+::
+
+   # cat << EOF > /etc/systemd/system.control/machine.slice.d/90-MemoryMax.conf
+   MemoryMax=<value>
+   EOF
+
+The trade-off to keep in mind with the second approach is that the VMs
+can still perform DoS on each other.
+
+Virtio
+------
+
+In order to make virtio devices work, we need to enable emulated IOMMU
+on the devices so that virtual DMA can work.
+
+::
+
+   # virsh edit <domain>
+   <domain>
+     ...
+     <controller type='virtio-serial' index='0'>
+       <driver iommu='on'/>
+     </controller>
+     <controller type='scsi' index='0' model='virtio-scsi'>
+       <driver iommu='on'/>
+     </controller>
+     ...
+     <memballoon model='virtio'>
+       <driver iommu='on'/>
+     </memballoon>
+     <rng model='virtio'>
+       <backend model='random'>/dev/urandom</backend>
+       <driver iommu='on'/>
+     </rng>
+     ...
+   <domain>
+
+If you for some reason want to use the legacy PC machine type, further
+changes to the virtio configuration is required, because SEV will not
+work with Virtio <1.0. In libvirt, this is handled by using the
+virtio-non-transitional device model (libvirt >= 5.2.0 required).
+
+Note: some devices like video devices don't support non-transitional
+model, which means that virtio GPU cannot be used.
+
+::
+
+   <domain>
+     ...
+     <devices>
+       ...
+       <memballoon model='virtio-non-transitional'>
+         <driver iommu='on'/>
+       </memballoon>
+     </devices>
+     ...
+   </domain>
+
+Checking SEV from within the guest
+==================================
+
+After making the necessary adjustments discussed in
+`Configuration <#Configuration>`__, the VM should now boot successfully
+with SEV enabled. You can then verify that the guest has SEV enabled by
+running:
+
+::
+
+   # dmesg | grep -i sev
+   AMD Secure Encrypted Virtualization (SEV) active
+
+Limitations
+===========
+
+Currently, the boot disk cannot be of type virtio-blk, instead,
+virtio-scsi needs to be used if virtio is desired. This limitation is
+expected to be lifted with future releases of kernel (the kernel used at
+the time of writing the article is 5.0.14). If you still cannot start an
+SEV VM, it could be because of wrong SELinux label on the ``/dev/sev``
+device with selinux-policy <3.14.2.40 which prevents QEMU from touching
+the device. This can be resolved by upgrading the package, tuning the
+selinux policy rules manually to allow svirt_t to access the device (see
+``audit2allow`` on how to do that) or putting SELinux into permissive
+mode (discouraged).
+
+Full domain XML examples
+========================
+
+Q35 machine
+-----------
+
+::
+
+   <domain type='kvm'>
+     <name>sev-dummy</name>
+     <memory unit='KiB'>4194304</memory>
+     <currentMemory unit='KiB'>4194304</currentMemory>
+     <memoryBacking>
+       <locked/>
+     </memoryBacking>
+     <vcpu placement='static'>4</vcpu>
+     <os>
+       <type arch='x86_64' machine='pc-q35-3.0'>hvm</type>
+       <loader readonly='yes' type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.fd</loader>
+       <nvram>/var/lib/libvirt/qemu/nvram/sev-dummy_VARS.fd</nvram>
+     </os>
+     <features>
+       <acpi/>
+       <apic/>
+       <vmport state='off'/>
+     </features>
+     <cpu mode='host-model' check='partial'>
+       <model fallback='allow'/>
+     </cpu>
+     <clock offset='utc'>
+       <timer name='rtc' tickpolicy='catchup'/>
+       <timer name='pit' tickpolicy='delay'/>
+       <timer name='hpet' present='no'/>
+     </clock>
+     <on_poweroff>destroy</on_poweroff>
+     <on_reboot>restart</on_reboot>
+     <on_crash>destroy</on_crash>
+     <pm>
+       <suspend-to-mem enabled='no'/>
+       <suspend-to-disk enabled='no'/>
+     </pm>
+     <devices>
+       <emulator>/usr/bin/qemu-kvm</emulator>
+       <disk type='file' device='disk'>
+         <driver name='qemu' type='qcow2'/>
+         <source file='/var/lib/libvirt/images/sev-dummy.qcow2'/>
+         <target dev='sda' bus='scsi'/>
+         <boot order='1'/>
+       </disk>
+       <controller type='virtio-serial' index='0'>
+         <driver iommu='on'/>
+       </controller>
+       <controller type='scsi' index='0' model='virtio-scsi'>
+         <driver iommu='on'/>
+       </controller>
+       <interface type='network'>
+         <mac address='52:54:00:cc:56:90'/>
+         <source network='default'/>
+         <model type='virtio'/>
+         <driver iommu='on'/>
+       </interface>
+       <graphics type='spice' autoport='yes'>
+         <listen type='address'/>
+         <gl enable='no'/>
+       </graphics>
+       <video>
+         <model type='qxl'/>
+       </video>
+       <memballoon model='virtio'>
+         <driver iommu='on'/>
+       </memballoon>
+       <rng model='virtio'>
+         <driver iommu='on'/>
+       </rng>
+     </devices>
+     <launchSecurity type='sev'>
+       <cbitpos>47</cbitpos>
+       <reducedPhysBits>1</reducedPhysBits>
+       <policy>0x0003</policy>
+     </launchSecurity>
+   </domain>
+
+PC-i440fx machine
+-----------------
+
+::
+
+   <domain type='kvm'>
+     <name>sev-dummy-legacy</name>
+     <memory unit='KiB'>4194304</memory>
+     <currentMemory unit='KiB'>4194304</currentMemory>
+     <memtune>
+       <hard_limit unit='KiB'>5242880</hard_limit>
+     </memtune>
+     <vcpu placement='static'>4</vcpu>
+     <os>
+       <type arch='x86_64' machine='pc-i440fx-3.0'>hvm</type>
+       <loader readonly='yes' type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.fd</loader>
+       <nvram>/var/lib/libvirt/qemu/nvram/sev-dummy_VARS.fd</nvram>
+       <boot dev='hd'/>
+     </os>
+     <features>
+     <acpi/>
+     <apic/>
+     <vmport state='off'/>
+     </features>
+     <cpu mode='host-model' check='partial'>
+       <model fallback='allow'/>
+     </cpu>
+     <clock offset='utc'>
+       <timer name='rtc' tickpolicy='catchup'/>
+       <timer name='pit' tickpolicy='delay'/>
+       <timer name='hpet' present='no'/>
+     </clock>
+     <on_poweroff>destroy</on_poweroff>
+     <on_reboot>restart</on_reboot>
+     <on_crash>destroy</on_crash>
+     <pm>
+       <suspend-to-mem enabled='no'/>
+       <suspend-to-disk enabled='no'/>
+     </pm>
+     <devices>
+       <emulator>/usr/bin/qemu-kvm</emulator>
+       <disk type='file' device='disk'>
+         <driver name='qemu' type='qcow2'/>
+         <source file='/var/lib/libvirt/images/sev-dummy-seabios.qcow2'/>
+         <target dev='sda' bus='sata'/>
+       </disk>
+       <interface type='network'>
+         <mac address='52:54:00:d8:96:c8'/>
+         <source network='default'/>
+         <model type='virtio-non-transitional'/>
+       </interface>
+       <serial type='pty'>
+         <target type='isa-serial' port='0'>
+           <model name='isa-serial'/>
+         </target>
+       </serial>
+       <console type='pty'>
+         <target type='serial' port='0'/>
+       </console>
+       <input type='tablet' bus='usb'>
+         <address type='usb' bus='0' port='1'/>
+       </input>
+       <input type='mouse' bus='ps2'/>
+       <input type='keyboard' bus='ps2'/>
+       <graphics type='spice' autoport='yes'>
+         <listen type='address'/>
+         <gl enable='no'/>
+       </graphics>
+       <video>
+         <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
+       </video>
+       <memballoon model='virtio-non-transitional'>
+         <driver iommu='on'/>
+       </memballoon>
+         <rng model='virtio-non-transitional'>
+       <driver iommu='on'/>
+       </rng>
+     </devices>
+     <launchSecurity type='sev'>
+       <cbitpos>47</cbitpos>
+       <reducedPhysBits>1</reducedPhysBits>
+       <policy>0x0003</policy>
+     </launchSecurity>
+   </domain>
--- a/docs/kbase/locking-lockd.html.in
+++ b/docs/kbase/locking-lockd.html.in
@@ -1,160 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Virtual machine lock manager, virtlockd plugin</h1>
-
-    <ul id="toc"></ul>
-
-    <p>
-      This page describes use of the <code>virtlockd</code>
-      service as a <a href="locking.html">lock driver</a>
-      plugin for virtual machine disk mutual exclusion.
-    </p>
-
-    <h2><a id="background">virtlockd background</a></h2>
-
-    <p>
-      The virtlockd daemon is a single purpose binary which
-      focuses exclusively on the task of acquiring and holding
-      locks on behalf of running virtual machines. It is
-      designed to offer a low overhead, portable locking
-      scheme can be used out of the box on virtualization
-      hosts with minimal configuration overheads. It makes
-      use of the POSIX fcntl advisory locking capability
-      to hold locks, which is supported by the majority of
-      commonly used filesystems.
-    </p>
-
-    <h2><a id="sanlock">virtlockd daemon setup</a></h2>
-
-    <p>
-      In most OS, the virtlockd daemon itself will not require
-      any upfront configuration work. It is installed by default
-      when libvirtd is present, and a systemd socket unit is
-      registered such that the daemon will be automatically
-      started when first required. With OS that predate systemd
-      though, it will be necessary to start it at boot time,
-      prior to libvirtd being started. On RHEL/Fedora distros,
-      this can be achieved as follows
-    </p>
-
-    <pre>
-# chkconfig virtlockd on
-# service virtlockd start
-    </pre>
-
-    <p>
-      The above instructions apply to the instance of virtlockd
-      that runs privileged, and is used by the libvirtd daemon
-      that runs privileged. If running libvirtd as an unprivileged
-      user, it will always automatically spawn an instance of
-      the virtlockd daemon unprivileged too. This requires no
-      setup at all.
-    </p>
-
-    <h2><a id="lockdplugin">libvirt lockd plugin configuration</a></h2>
-
-    <p>
-      Once the virtlockd daemon is running, or setup to autostart,
-      the next step is to configure the libvirt lockd plugin.
-      There is a separate configuration file for each libvirt
-      driver that is using virtlockd. For QEMU, we will edit
-      <code>/etc/libvirt/qemu-lockd.conf</code>
-    </p>
-
-    <p>
-      The default behaviour of the lockd plugin is to acquire locks
-      directly on the virtual disk images associated with the guest
-      &lt;disk&gt; elements. This ensures it can run out of the box
-      with no configuration, providing locking for disk images on
-      shared filesystems such as NFS. It does not provide any cross
-      host protection for storage that is backed by block devices,
-      since locks acquired on device nodes in /dev only apply within
-      the host. It may also be the case that the filesystem holding
-      the disk images is not capable of supporting fcntl locks.
-    </p>
-
-    <p>
-      To address these problems it is possible to tell lockd to
-      acquire locks on an indirect file. Essentially lockd will
-      calculate the SHA256 checksum of the fully qualified path,
-      and create a zero length file in a given directory whose
-      filename is the checksum. It will then acquire a lock on
-      that file. Assuming the block devices assigned to the guest
-      are using stable paths (eg /dev/disk/by-path/XXXXXXX) then
-      this will allow for locks to apply across hosts. This
-      feature can be enabled by setting a configuration setting
-      that specifies the directory in which to create the lock
-      files. The directory referred to should of course be
-      placed on a shared filesystem (eg NFS) that is accessible
-      to all hosts which can see the shared block devices.
-    </p>
-
-    <pre>
-$ su - root
-# augtool -s set \
-  /files/etc/libvirt/qemu-lockd.conf/file_lockspace_dir \
-  "/var/lib/libvirt/lockd/files"
-    </pre>
-
-    <p>
-      If the guests are using either LVM and SCSI block devices
-      for their virtual disks, there is a unique identifier
-      associated with each device. It is possible to tell lockd
-      to use this UUID as the basis for acquiring locks, rather
-      than the SHA256 sum of the filename. The benefit of this
-      is that the locking protection will work even if the file
-      paths to the given block device are different on each
-      host.
-    </p>
-
-    <pre>
-$ su - root
-# augtool -s set \
-  /files/etc/libvirt/qemu-lockd.conf/scsi_lockspace_dir \
-  "/var/lib/libvirt/lockd/scsi"
-# augtool -s set \
-  /files/etc/libvirt/qemu-lockd.conf/lvm_lockspace_dir \
-  "/var/lib/libvirt/lockd/lvm"
-    </pre>
-
-    <p>
-      It is important to remember that the changes made to the
-      <code>/etc/libvirt/qemu-lockd.conf</code> file must be
-      propagated to all hosts before any virtual machines are
-      launched on them. This ensures that all hosts are using
-      the same locking mechanism
-    </p>
-
-    <h2><a id="qemuconfig">QEMU/KVM driver configuration</a></h2>
-
-    <p>
-      The QEMU driver is capable of using the virtlockd plugin
-      since the release <span>1.0.2</span>.
-      The out of the box configuration, however, currently
-      uses the <strong>nop</strong> lock manager plugin.
-      To get protection for disks, it is thus necessary
-      to reconfigure QEMU to activate the <strong>lockd</strong>
-      driver. This is achieved by editing the QEMU driver
-      configuration file (<code>/etc/libvirt/qemu.conf</code>)
-      and changing the <code>lock_manager</code> configuration
-      tunable.
-    </p>
-
-    <pre>
-$ su - root
-# augtool -s  set /files/etc/libvirt/qemu.conf/lock_manager lockd
-# service libvirtd restart
-    </pre>
-
-    <p>
-      Every time you start a guest, the virtlockd daemon will acquire
-      locks on the disk files directly, or in one of the configured
-      lookaside directories based on SHA256 sum. To check that locks
-      are being acquired as expected, the <code>lslocks</code> tool
-      can be run.
-    </p>
-
-  </body>
-</html>
--- a/docs/kbase/locking-lockd.rst
+++ b/docs/kbase/locking-lockd.rst
@@ -0,0 +1,121 @@
+==============================================
+Virtual machine lock manager, virtlockd plugin
+==============================================
+
+.. contents::
+
+This page describes use of the ``virtlockd`` service as a `lock
+driver <locking.html>`__ plugin for virtual machine disk mutual
+exclusion.
+
+virtlockd background
+====================
+
+The virtlockd daemon is a single purpose binary which focuses
+exclusively on the task of acquiring and holding locks on behalf of
+running virtual machines. It is designed to offer a low overhead,
+portable locking scheme can be used out of the box on virtualization
+hosts with minimal configuration overheads. It makes use of the POSIX
+fcntl advisory locking capability to hold locks, which is supported by
+the majority of commonly used filesystems.
+
+virtlockd daemon setup
+======================
+
+In most OS, the virtlockd daemon itself will not require any upfront
+configuration work. It is installed by default when libvirtd is present,
+and a systemd socket unit is registered such that the daemon will be
+automatically started when first required. With OS that predate systemd
+though, it will be necessary to start it at boot time, prior to libvirtd
+being started. On RHEL/Fedora distros, this can be achieved as follows
+
+::
+
+   # chkconfig virtlockd on
+   # service virtlockd start
+
+The above instructions apply to the instance of virtlockd that runs
+privileged, and is used by the libvirtd daemon that runs privileged. If
+running libvirtd as an unprivileged user, it will always automatically
+spawn an instance of the virtlockd daemon unprivileged too. This
+requires no setup at all.
+
+libvirt lockd plugin configuration
+==================================
+
+Once the virtlockd daemon is running, or setup to autostart, the next
+step is to configure the libvirt lockd plugin. There is a separate
+configuration file for each libvirt driver that is using virtlockd. For
+QEMU, we will edit ``/etc/libvirt/qemu-lockd.conf``
+
+The default behaviour of the lockd plugin is to acquire locks directly
+on the virtual disk images associated with the guest <disk> elements.
+This ensures it can run out of the box with no configuration, providing
+locking for disk images on shared filesystems such as NFS. It does not
+provide any cross host protection for storage that is backed by block
+devices, since locks acquired on device nodes in /dev only apply within
+the host. It may also be the case that the filesystem holding the disk
+images is not capable of supporting fcntl locks.
+
+To address these problems it is possible to tell lockd to acquire locks
+on an indirect file. Essentially lockd will calculate the SHA256
+checksum of the fully qualified path, and create a zero length file in a
+given directory whose filename is the checksum. It will then acquire a
+lock on that file. Assuming the block devices assigned to the guest are
+using stable paths (eg /dev/disk/by-path/XXXXXXX) then this will allow
+for locks to apply across hosts. This feature can be enabled by setting
+a configuration setting that specifies the directory in which to create
+the lock files. The directory referred to should of course be placed on
+a shared filesystem (eg NFS) that is accessible to all hosts which can
+see the shared block devices.
+
+::
+
+   $ su - root
+   # augtool -s set \
+     /files/etc/libvirt/qemu-lockd.conf/file_lockspace_dir \
+     "/var/lib/libvirt/lockd/files"
+
+If the guests are using either LVM and SCSI block devices for their
+virtual disks, there is a unique identifier associated with each device.
+It is possible to tell lockd to use this UUID as the basis for acquiring
+locks, rather than the SHA256 sum of the filename. The benefit of this
+is that the locking protection will work even if the file paths to the
+given block device are different on each host.
+
+::
+
+   $ su - root
+   # augtool -s set \
+     /files/etc/libvirt/qemu-lockd.conf/scsi_lockspace_dir \
+     "/var/lib/libvirt/lockd/scsi"
+   # augtool -s set \
+     /files/etc/libvirt/qemu-lockd.conf/lvm_lockspace_dir \
+     "/var/lib/libvirt/lockd/lvm"
+
+It is important to remember that the changes made to the
+``/etc/libvirt/qemu-lockd.conf`` file must be propagated to all hosts
+before any virtual machines are launched on them. This ensures that all
+hosts are using the same locking mechanism
+
+QEMU/KVM driver configuration
+=============================
+
+The QEMU driver is capable of using the virtlockd plugin since the
+release 1.0.2. The out of the box configuration, however, currently uses
+the **nop** lock manager plugin. To get protection for disks, it is thus
+necessary to reconfigure QEMU to activate the **lockd** driver. This is
+achieved by editing the QEMU driver configuration file
+(``/etc/libvirt/qemu.conf``) and changing the ``lock_manager``
+configuration tunable.
+
+::
+
+   $ su - root
+   # augtool -s  set /files/etc/libvirt/qemu.conf/lock_manager lockd
+   # service libvirtd restart
+
+Every time you start a guest, the virtlockd daemon will acquire locks on
+the disk files directly, or in one of the configured lookaside
+directories based on SHA256 sum. To check that locks are being acquired
+as expected, the ``lslocks`` tool can be run.
--- a/docs/kbase/locking-sanlock.html.in
+++ b/docs/kbase/locking-sanlock.html.in
@@ -1,247 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Virtual machine lock manager, sanlock plugin</h1>
-
-    <ul id="toc"></ul>
-
-    <p>
-      This page describes use of the
-      <a href="https://fedorahosted.org/sanlock/">sanlock</a>
-      service as a <a href="locking.html">lock driver</a>
-      plugin for virtual machine disk mutual exclusion.
-    </p>
-
-    <h2><a id="sanlock">Sanlock daemon setup</a></h2>
-
-    <p>
-      On many operating systems, the <strong>sanlock</strong> plugin
-      is distributed in a sub-package which needs to be installed
-      separately from the main libvirt RPM. On a Fedora/RHEL host
-      this can be done with the <code>yum</code> command
-    </p>
-
-    <pre>
-$ su - root
-# yum install libvirt-lock-sanlock
-    </pre>
-
-    <p>
-      The next step is to start the sanlock daemon. For maximum
-      safety sanlock prefers to have a connection to a watchdog
-      daemon. This will cause the entire host to be rebooted in
-      the event that sanlock crashes / terminates abnormally.
-      To start the watchdog daemon on a Fedora/RHEL host
-      the following commands can be run:
-    </p>
-
-    <pre>
-$ su - root
-# chkconfig wdmd on
-# service wdmd start
-    </pre>
-
-    <p>
-      Once the watchdog is running, sanlock can be started
-      as follows
-    </p>
-
-    <pre>
-# chkconfig sanlock on
-# service sanlock start
-    </pre>
-
-    <p>
-      <em>Note:</em> if you wish to avoid the use of the
-      watchdog, add the following line to <code>/etc/sysconfig/sanlock</code>
-      before starting it
-    </p>
-
-    <pre>
-SANLOCKOPTS="-w 0"
-    </pre>
-
-    <p>
-      The sanlock daemon must be started on every single host
-      that will be running virtual machines. So repeat these
-      steps as necessary.
-    </p>
-
-    <h2><a id="sanlockplugin">libvirt sanlock plugin configuration</a></h2>
-
-    <p>
-      Once the sanlock daemon is running, the next step is to
-      configure the libvirt sanlock plugin. There is a separate
-      configuration file for each libvirt driver that is using
-      sanlock. For QEMU, we will edit <code>/etc/libvirt/qemu-sanlock.conf</code>
-      There is one mandatory parameter that needs to be set,
-      the <code>host_id</code>. This is an integer between
-      1 and 2000, which must be set to a <strong>unique</strong>
-      value on each host running virtual machines.
-    </p>
-
-    <pre>
-$ su - root
-# augtool -s set /files/etc/libvirt/qemu-sanlock.conf/host_id 1
-    </pre>
-
-    <p>
-      Repeat this on every host, changing <strong>1</strong> to a
-      unique value for the host.
-    </p>
-
-    <h2><a id="sanlockstorage">libvirt sanlock storage configuration</a></h2>
-
-    <p>
-      The sanlock plugin needs to create leases in a directory
-      that is on a filesystem shared between all hosts running
-      virtual machines. Obvious choices for this include NFS
-      or GFS2. The libvirt sanlock plugin expects its lease
-      directory be at <code>/var/lib/libvirt/sanlock</code>
-      so update the host's <code>/etc/fstab</code> to mount
-      a suitable shared/cluster filesystem at that location
-    </p>
-
-    <pre>
-$ su - root
-# echo "some.nfs.server:/export/sanlock /var/lib/libvirt/sanlock nfs hard,nointr 0 0" >> /etc/fstab
-# mount /var/lib/libvirt/sanlock
-    </pre>
-
-    <p>
-      If your sanlock daemon happen to run under non-root
-      privileges, you need to tell this to libvirt so it
-      chowns created files correctly. This can be done by
-      setting <code>user</code> and/or <code>group</code>
-      variables in the configuration file. Accepted values
-      range is specified in description to the same
-      variables in <code>/etc/libvirt/qemu.conf</code>. For
-      example:
-    </p>
-
-    <pre>
-augtool -s set /files/etc/libvirt/qemu-sanlock.conf/user sanlock
-augtool -s set /files/etc/libvirt/qemu-sanlock.conf/group sanlock
-    </pre>
-
-    <p>
-      But remember, that if this is NFS share, you need a
-      no_root_squash-ed one for chown (and chmod possibly)
-      to succeed.
-    </p>
-
-    <p>
-      In terms of storage requirements, if the filesystem
-      uses 512 byte sectors, you need to allow for <code>1MB</code>
-      of storage for each guest disk. So if you have a network
-      with 20 virtualization hosts, each running 50 virtual
-      machines and an average of 2 disks per guest, you will
-      need <code>20*50*2 == 2000 MB</code> of storage for
-      sanlock.
-    </p>
-
-
-    <p>
-      On one of the hosts on the network is it wise to setup
-      a cron job which runs the <code>virt-sanlock-cleanup</code>
-      script periodically. This scripts deletes any lease
-      files which are not currently in use by running virtual
-      machines, freeing up disk space on the shared filesystem.
-      Unless VM disks are very frequently created + deleted
-      it should be sufficient to run the cleanup once a week.
-    </p>
-
-    <h2><a id="qemuconfig">QEMU/KVM driver configuration</a></h2>
-
-    <p>
-      The QEMU/KVM driver is fully integrated with the lock
-      manager framework as of release <span>0.9.3</span>.
-      The out of the box configuration, however, currently
-      uses the <strong>nop</strong> lock manager plugin.
-      To get protection for disks, it is thus necessary
-      to reconfigure QEMU to activate the <strong>sanlock</strong>
-      driver. This is achieved by editing the QEMU driver
-      configuration file (<code>/etc/libvirt/qemu.conf</code>)
-      and changing the <code>lock_manager</code> configuration
-      tunable.
-    </p>
-
-    <pre>
-$ su - root
-# augtool -s  set /files/etc/libvirt/qemu.conf/lock_manager sanlock
-# service libvirtd restart
-    </pre>
-
-    <p>
-      If all went well, libvirtd will have talked to sanlock
-      and created the basic lockspace. This can be checked
-      by looking for existence of the following file
-    </p>
-
-    <pre>
-# ls /var/lib/libvirt/sanlock/
-__LIBVIRT__DISKS__
-    </pre>
-
-    <p>
-      Every time you start a guest, additional lease files will appear
-      in this directory, one for each virtual disk. The lease
-      files are named based on the MD5 checksum of the fully qualified
-      path of the virtual disk backing file. So if the guest is given
-      a disk backed by <code>/var/lib/libvirt/images/demo.img</code>
-      expect to see a lease <code>/var/lib/libvirt/sanlock/bfa0240911bc17753e0b473688822159</code>
-    </p>
-
-    <p>
-      It should be obvious that for locking to work correctly, every
-      host running virtual machines should have storage configured
-      in the same way. The easiest way to do this is to use the libvirt
-      storage pool capability to configure any NFS volumes, iSCSI targets,
-      or SCSI HBAs used for guest storage. Simply replicate the same
-      storage pool XML across every host. It is important that any
-      storage pools exposing block devices are configured to create
-      volume paths under <code>/dev/disks/by-path</code> to ensure
-      stable paths across hosts. An example iSCSI configuration
-      which ensures this is:
-    </p>
-
-    <pre>
-&lt;pool type='iscsi'&gt;
-  &lt;name&gt;myiscsipool&lt;/name&gt;
-  &lt;source&gt;
-    &lt;host name='192.168.254.8'/&gt;
-    &lt;device path='your-iscsi-target-iqn'/&gt;
-  &lt;/source&gt;
-  &lt;target&gt;
-    &lt;path&gt;/dev/disk/by-path&lt;/path&gt;
-  &lt;/target&gt;
-&lt;/pool&gt;
-    </pre>
-
-    <h2><a id="domainconfig">Domain configuration</a></h2>
-
-    <p>
-      In case sanlock loses access to disk locks for some reason, it will
-      kill all domains that lost their locks. This default behavior may
-      be changed using
-      <a href="formatdomain.html#elementsEvents">on_lockfailure
-      element</a> in domain XML. When this element is present, sanlock
-      will call <code>sanlock_helper</code> (provided by libvirt) with
-      the specified action. This helper binary will connect to libvirtd
-      and thus it may need to authenticate if libvirtd was configured to
-      require that on the read-write UNIX socket. To provide the
-      appropriate credentials to sanlock_helper, a
-      <a href="auth.html#Auth_client_config">client authentication
-      file</a> needs to contain something like the following:
-    </p>
-    <pre>
-[auth-libvirt-localhost]
-credentials=sanlock
-
-[credentials-sanlock]
-authname=login
-password=password
-    </pre>
-  </body>
-</html>
--- a/docs/kbase/locking-sanlock.rst
+++ b/docs/kbase/locking-sanlock.rst
@@ -0,0 +1,193 @@
+============================================
+Virtual machine lock manager, sanlock plugin
+============================================
+
+.. contents::
+
+This page describes use of the
+`sanlock <https://fedorahosted.org/sanlock/>`__ service as a `lock
+driver <locking.html>`__ plugin for virtual machine disk mutual
+exclusion.
+
+Sanlock daemon setup
+====================
+
+On many operating systems, the **sanlock** plugin is distributed in a
+sub-package which needs to be installed separately from the main libvirt
+RPM. On a Fedora/RHEL host this can be done with the ``yum`` command
+
+::
+
+   $ su - root
+   # yum install libvirt-lock-sanlock
+
+The next step is to start the sanlock daemon. For maximum safety sanlock
+prefers to have a connection to a watchdog daemon. This will cause the
+entire host to be rebooted in the event that sanlock crashes /
+terminates abnormally. To start the watchdog daemon on a Fedora/RHEL
+host the following commands can be run:
+
+::
+
+   $ su - root
+   # chkconfig wdmd on
+   # service wdmd start
+
+Once the watchdog is running, sanlock can be started as follows
+
+::
+
+   # chkconfig sanlock on
+   # service sanlock start
+
+*Note:* if you wish to avoid the use of the watchdog, add the following
+line to ``/etc/sysconfig/sanlock`` before starting it
+
+::
+
+   SANLOCKOPTS="-w 0"
+
+The sanlock daemon must be started on every single host that will be
+running virtual machines. So repeat these steps as necessary.
+
+libvirt sanlock plugin configuration
+====================================
+
+Once the sanlock daemon is running, the next step is to configure the
+libvirt sanlock plugin. There is a separate configuration file for each
+libvirt driver that is using sanlock. For QEMU, we will edit
+``/etc/libvirt/qemu-sanlock.conf`` There is one mandatory parameter that
+needs to be set, the ``host_id``. This is an integer between 1 and 2000,
+which must be set to a **unique** value on each host running virtual
+machines.
+
+::
+
+   $ su - root
+   # augtool -s set /files/etc/libvirt/qemu-sanlock.conf/host_id 1
+
+Repeat this on every host, changing **1** to a unique value for the
+host.
+
+libvirt sanlock storage configuration
+=====================================
+
+The sanlock plugin needs to create leases in a directory that is on a
+filesystem shared between all hosts running virtual machines. Obvious
+choices for this include NFS or GFS2. The libvirt sanlock plugin expects
+its lease directory be at ``/var/lib/libvirt/sanlock`` so update the
+host's ``/etc/fstab`` to mount a suitable shared/cluster filesystem at
+that location
+
+::
+
+   $ su - root
+   # echo "some.nfs.server:/export/sanlock /var/lib/libvirt/sanlock nfs hard,nointr 0 0" >> /etc/fstab
+   # mount /var/lib/libvirt/sanlock
+
+If your sanlock daemon happen to run under non-root privileges, you need
+to tell this to libvirt so it chowns created files correctly. This can
+be done by setting ``user`` and/or ``group`` variables in the
+configuration file. Accepted values range is specified in description to
+the same variables in ``/etc/libvirt/qemu.conf``. For example:
+
+::
+
+   augtool -s set /files/etc/libvirt/qemu-sanlock.conf/user sanlock
+   augtool -s set /files/etc/libvirt/qemu-sanlock.conf/group sanlock
+
+But remember, that if this is NFS share, you need a no_root_squash-ed
+one for chown (and chmod possibly) to succeed.
+
+In terms of storage requirements, if the filesystem uses 512 byte
+sectors, you need to allow for ``1MB`` of storage for each guest disk.
+So if you have a network with 20 virtualization hosts, each running 50
+virtual machines and an average of 2 disks per guest, you will need
+``20*50*2 == 2000 MB`` of storage for sanlock.
+
+On one of the hosts on the network is it wise to setup a cron job which
+runs the ``virt-sanlock-cleanup`` script periodically. This scripts
+deletes any lease files which are not currently in use by running
+virtual machines, freeing up disk space on the shared filesystem. Unless
+VM disks are very frequently created + deleted it should be sufficient
+to run the cleanup once a week.
+
+QEMU/KVM driver configuration
+=============================
+
+The QEMU/KVM driver is fully integrated with the lock manager framework
+as of release 0.9.3. The out of the box configuration, however,
+currently uses the **nop** lock manager plugin. To get protection for
+disks, it is thus necessary to reconfigure QEMU to activate the
+**sanlock** driver. This is achieved by editing the QEMU driver
+configuration file (``/etc/libvirt/qemu.conf``) and changing the
+``lock_manager`` configuration tunable.
+
+::
+
+   $ su - root
+   # augtool -s  set /files/etc/libvirt/qemu.conf/lock_manager sanlock
+   # service libvirtd restart
+
+If all went well, libvirtd will have talked to sanlock and created the
+basic lockspace. This can be checked by looking for existence of the
+following file
+
+::
+
+   # ls /var/lib/libvirt/sanlock/
+   __LIBVIRT__DISKS__
+
+Every time you start a guest, additional lease files will appear in this
+directory, one for each virtual disk. The lease files are named based on
+the MD5 checksum of the fully qualified path of the virtual disk backing
+file. So if the guest is given a disk backed by
+``/var/lib/libvirt/images/demo.img`` expect to see a lease
+``/var/lib/libvirt/sanlock/bfa0240911bc17753e0b473688822159``
+
+It should be obvious that for locking to work correctly, every host
+running virtual machines should have storage configured in the same way.
+The easiest way to do this is to use the libvirt storage pool capability
+to configure any NFS volumes, iSCSI targets, or SCSI HBAs used for guest
+storage. Simply replicate the same storage pool XML across every host.
+It is important that any storage pools exposing block devices are
+configured to create volume paths under ``/dev/disks/by-path`` to ensure
+stable paths across hosts. An example iSCSI configuration which ensures
+this is:
+
+::
+
+   <pool type='iscsi'>
+     <name>myiscsipool</name>
+     <source>
+       <host name='192.168.254.8'/>
+       <device path='your-iscsi-target-iqn'/>
+     </source>
+     <target>
+       <path>/dev/disk/by-path</path>
+     </target>
+   </pool>
+
+Domain configuration
+====================
+
+In case sanlock loses access to disk locks for some reason, it will kill
+all domains that lost their locks. This default behavior may be changed
+using `on_lockfailure element <formatdomain.html#elementsEvents>`__ in
+domain XML. When this element is present, sanlock will call
+``sanlock_helper`` (provided by libvirt) with the specified action. This
+helper binary will connect to libvirtd and thus it may need to
+authenticate if libvirtd was configured to require that on the
+read-write UNIX socket. To provide the appropriate credentials to
+sanlock_helper, a `client authentication
+file <auth.html#Auth_client_config>`__ needs to contain something like
+the following:
+
+::
+
+   [auth-libvirt-localhost]
+   credentials=sanlock
+
+   [credentials-sanlock]
+   authname=login
+   password=password
--- a/docs/kbase/locking.html.in
+++ b/docs/kbase/locking.html.in
@@ -1,48 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Virtual machine lock manager</h1>
-
-    <ul id="toc"></ul>
-
-    <p>
-      Libvirt includes a framework for ensuring mutual exclusion
-      between virtual machines using host resources. Typically
-      this is used to prevent two VM processes from having concurrent
-      write access to the same disk image, as this would result in
-      data corruption if the guest was not using a cluster
-      aware filesystem.
-    </p>
-
-    <h2><a id="plugins">Lock manager plugins</a></h2>
-
-    <p>
-      The lock manager framework has a pluggable architecture,
-      to allow different locking technologies to be used.
-    </p>
-
-    <dl>
-      <dt><code>nop</code></dt>
-      <dd>This is a "no op" implementation which does absolutely
-        nothing. This can be used if mutual exclusion between
-        virtual machines is not required, or if it is being
-        solved at another level in the management stack.</dd>
-      <dt><code><a href="locking-lockd.html">lockd</a></code></dt>
-      <dd>This is the current preferred implementation shipped
-        with libvirt. It uses the <code>virtlockd</code> daemon
-        to manage locks using the POSIX fcntl() advisory locking
-        capability. As such it requires a shared filesystem of
-        some kind be accessible to all hosts which share the
-        same image storage.</dd>
-      <dt><code><a href="locking-sanlock.html">sanlock</a></code></dt>
-      <dd>This is an alternative implementation preferred by
-        the oVirt project. It uses a disk paxos algorithm for
-        maintaining continuously renewed leases. In the default
-        setup it requires some shared filesystem, but it is
-        possible to use it in a manual mode where the management
-        application creates leases in SAN storage volumes.
-      </dd>
-    </dl>
-  </body>
-</html>
--- a/docs/kbase/locking.rst
+++ b/docs/kbase/locking.rst
@@ -0,0 +1,33 @@
+============================
+Virtual machine lock manager
+============================
+
+Libvirt includes a framework for ensuring mutual exclusion between
+virtual machines using host resources. Typically this is used to prevent
+two VM processes from having concurrent write access to the same disk
+image, as this would result in data corruption if the guest was not
+using a cluster aware filesystem.
+
+Lock manager plugins
+====================
+
+The lock manager framework has a pluggable architecture, to allow
+different locking technologies to be used.
+
+nop
+   This is a "no op" implementation which does absolutely nothing. This
+   can be used if mutual exclusion between virtual machines is not
+   required, or if it is being solved at another level in the management
+   stack.
+`lockd <locking-lockd.html>`__
+   This is the current preferred implementation shipped with libvirt. It
+   uses the ``virtlockd`` daemon to manage locks using the POSIX fcntl()
+   advisory locking capability. As such it requires a shared filesystem
+   of some kind be accessible to all hosts which share the same image
+   storage.
+`sanlock <locking-sanlock.html>`__
+   This is an alternative implementation preferred by the oVirt project.
+   It uses a disk paxos algorithm for maintaining continuously renewed
+   leases. In the default setup it requires some shared filesystem, but
+   it is possible to use it in a manual mode where the management
+   application creates leases in SAN storage volumes.
--- a/docs/kbase/qemu-passthrough-security.rst
+++ b/docs/kbase/qemu-passthrough-security.rst
@@ -0,0 +1,157 @@
+=============================
+QEMU command-line passthrough
+=============================
+
+.. contents::
+
+Libvirt aims to provide explicit modelling of virtualization features in
+the domain XML document schema. QEMU has a very broad range of features
+and not all of these can be mapped to elements in the domain XML. Libvirt
+would like to reduce the gap to QEMU, however, with finite resources there
+will always be cases which aren't covered by the domain XML schema.
+
+
+XML document additions
+======================
+
+To deal with the problem, libvirt introduced support for command-line
+passthrough of QEMU arguments. This is achieved by supporting a custom
+XML namespace, under which some QEMU driver specific elements are defined.
+
+The canonical place to declare the namespace is on the top level ``<domain>``
+element. At the very end of the document, arbitrary command-line arguments
+can now be added, using the namespace prefix ``qemu:``
+
+::
+
+   <domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
+     <name>QEMUGuest1</name>
+     <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+     ...
+     <qemu:commandline>
+       <qemu:arg value='-newarg'/>
+       <qemu:arg value='parameter'/>
+       <qemu:env name='ID' value='wibble'/>
+       <qemu:env name='BAR'/>
+     </qemu:commandline>
+   </domain>
+
+Note that when an argument takes a value eg ``-newarg parameter``, the argument
+and the value must be passed as separate ``<qemu:arg>`` entries.
+
+Instead of declaring the XML namespace on the top level ``<domain>`` it is also
+possible to declare it at time of use, which is more convenient for humans
+writing the XML documents manually. So the following example is functionally
+identical:
+
+::
+
+   <domain type='kvm'>
+     <name>QEMUGuest1</name>
+     <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+     ...
+     <commandline xmlns="http://libvirt.org/schemas/domain/qemu/1.0">
+       <arg value='-newarg'/>
+       <arg value='parameter'/>
+       <env name='ID' value='wibble'/>
+       <env name='BAR'/>
+     </commandline>
+   </domain>
+
+Note that when querying the XML from libvirt, it will have been translated into
+the canonical syntax once more with the namespace on the top level element.
+
+Security confinement / sandboxing
+=================================
+
+When libvirt launches a QEMU process it makes use of a number of security
+technologies to confine QEMU and thus protect the host from malicious VM
+breakouts.
+
+When configuring security protection, however, libvirt generally needs to know
+exactly which host resources the VM is permitted to access. It gets this
+information from the domain XML document. This only works for elements in the
+regular schema, the arguments used with command-line passthrough are completely
+opaque to libvirt.
+
+As a result, if command-line passthrough is used to expose a file on the host
+to QEMU, the security protections will activate and either kill QEMU or deny it
+access.
+
+There are two strategies for dealing with this problem, either figure out what
+steps are needed to grant QEMU access to the device, or disable the security
+protections.  The former is harder, but more secure, while the latter is simple.
+
+Granting access per VM
+----------------------
+
+* SELinux - the file on the host needs an SELinux label that will grant access
+  to QEMU's ``svirt_t`` policy.
+
+  - Read-only access - use the ``virt_content_t`` label
+  - Shared, write access - use the ``svirt_image_t:s0`` label (ie no Multi-
+    Category Security (MCS) value appended)
+  - Exclusive, write access - use the ``svirt_image_t:s0:MCS`` label for the VM.
+    The MCS is auto-generatd at boot time, so this may require re-configuring
+    the VM to have a fixed MCS label
+
+* Discretionary Access Control (DAC) - the file on the host needs to be
+  readable/writable to the ``qemu`` user or ``qemu`` group. This can be done
+  by changing the file ownership to ``qemu``, or relaxing the permissions to
+  allow world read, or adding file ACLs to allow access to ``qemu``.
+
+* Namespaces - a private ``mount`` namespace is used for QEMU by default
+  which populates a new ``/dev`` with only the device nodes needed by QEMU.
+  There is no way to augment the set of device nodes ahead of time.
+
+* Seccomp - libvirt launches QEMU with its built-in seccomp policy enabled with
+  ``obsolete=deny``, ``elevateprivileges=deny``, ``spawn=deny`` and
+  ``resourcecontrol=deny`` settings active. There is no way to change this
+  policy on a per VM basis.
+
+* Cgroups - a custom cgroup is created per VM and this will either use the
+  ``devices`` controller or an ``BPF`` rule to whitelist a set of device nodes.
+  There is no way to change this policy on a per VM basis.
+
+Disabling security protection per VM
+------------------------------------
+
+Some of the security protections can be disabled per-VM:
+
+* SELinux - in the domain XML the ``<seclabel>`` model can be changed to
+  ``none`` instead of ``selinux``, which will make the VM run unconfined.
+
+* DAC - in the domain XML an ``<seclabel>`` element with the ``dac`` model can
+  be added, configured with a user / group account of ``root`` to make QEMU run
+  with full privileges.
+
+* Namespaces - there is no way to disable this per VM.
+
+* Seccomp - there is no way to disable this per VM.
+
+* Cgroups - there is no way to disable this per VM.
+
+Disabling security protection host-wide
+---------------------------------------
+
+As a last resort it is possible to disable security protection host wide which
+will affect all virtual machines. These settings are all made in
+``/etc/libvirt/qemu.conf``
+
+* SELinux - set ``security_default_confied = 0`` to make QEMU run unconfined by
+  default, while still allowing explicit opt-in to SELinux for VMs.
+
+* DAC - set ``user = root`` and ``group = root`` to make QEMU run as the root
+  account.
+
+* SELinux, DAC - set ``security_driver = []`` to entirely disable both the
+  SELinux and DAC security drivers.
+
+* Namespaces - set ``namespaces = []`` to disable use of the ``mount``
+  namespaces, causing QEMU to see the normal fully popualated ``dev``.
+
+* Seccomp - set ``seccomp_sandbox = 0`` to disable use of the Seccomp sandboxing
+  in QEMU.
+
+* Cgroups - set ``cgroup_device_acl`` to include the desired device node, or
+  ``cgroup_controllers = [...]`` to exclude the ``devices`` controller.
--- a/docs/kbase/rpm-deployment.rst
+++ b/docs/kbase/rpm-deployment.rst
@@ -0,0 +1,410 @@
+=======================
+RPM Deployment Guidance
+=======================
+
+.. contents::
+
+A complete libvirt build includes a wide range of features, many of which are
+dynamically loadable at runtime. Applications using libvirt typically only
+need to use a subset of these features, and so do not require a full install
+of all libvirt RPM packages.
+
+This document provides some guidance on the RPM packages available with libvirt
+on Fedora and related distributions, to enable applications and administrators
+to pick the optimal set for their needs.
+
+The RHEL and CentOS distributions use the same RPM packaging split, but many
+of the drivers will be disabled at build time, so not all of the packages
+listed on this page will exist.
+
+
+RPM packages
+============
+
+* libvirt
+
+  This is an empty package that exists solely as a convenient way to install
+  every other libvirt RPM package. Almost every deployment scenario would be
+  better served by picking one of the other RPMs listed below.
+
+* libvirt-admin
+
+  The virt-admin tool, used for administrative operations on any libvirt
+  daemons. Most usefully it allows for logging filters and outputs to be
+  reconfigured on a running daemon without a restart. This is recommended
+  to be installed on any host running a libvirt daemon.
+
+
+* libvirt-bash-completion
+
+  Argument auto-completion support for the Bash shell. This is shared code that
+  is pulled in by either the libvirt-admin or libvirt-clients RPMs, so there is
+  no need to explicitly ask for this package to be installed.
+
+
+* libvirt-client
+
+  The virsh tool, used for interacting with any libvirt driver, both primary
+  virt drivers and secondary drivers for storage, networking, etc. All libvirt
+  installs should have this installed as it provides a useful way to view and
+  debug what is being done by other applications using libvirt.
+
+
+* libvirt-daemon
+
+  The monolithic libvirtd daemon, traditionally used for running all the
+  stateful drivers. This package does not contain any drivers, so further
+  packages need to be installed to provide the desired drivers.
+
+
+* libvirt-daemon-config-network
+
+  The sample configuration file providing the 'default' virtual network that
+  enables outbound NAT based connectivity for virtual machines. This is useful
+  on desktop installations, but is not typically desired on server
+  installations where VMs will use full bridged connectivity.
+
+
+* libvirt-daemon-config-nwfilter
+
+  The sample configuration files providing the network filters for protecting
+  against common malicious guest traffic. This includes protection against ARP,
+  MAC and IP spoofing. This is typically desired on server installations, if
+  the mgmt app is using libvirt's network filtering features.
+
+
+* libvirt-daemon-driver-interface
+
+  The dynamically loadable driver providing an implementation of the host
+  network interface management APIs, as well as the virtinterfaced daemon
+  binary.
+
+
+* libvirt-daemon-driver-libxl
+
+  The dynamically loadable driver providing an implementation of the hypervisor
+  APIs for Xen using the libxl library, as well as the virtxend daemon
+  binary.
+
+  Note that this is a minimal package so does not actually pull in the full
+  Xen hypervisor package set. This be must requested separately.
+
+
+* libvirt-daemon-driver-lxc
+
+  The dynamically loadable driver providing an implementation of the hypervisor
+  APIs for Linux containers, as well as the virtlxcd daemon binary.
+
+
+* libvirt-daemon-driver-network
+
+  The dynamically loadable driver providing an implementation of the virtual
+  network interface management APIs, as well as the virtinterfaced daemon
+  binary. Typically the libvirt-daemon-config-network RPM will also be desired
+  when this is installed.
+
+
+* libvirt-daemon-driver-nodedev
+
+  The dynamically loadable driver providing an implementation of the host
+  device management APIs, as well as the virtnodedevd daemon binary.
+
+
+* libvirt-daemon-driver-nwfilter
+
+  The dynamically loadable driver providing an implementation of the host
+  network firewall management APIs, as well as the virtnwfilterd daemon
+  binary.
+
+
+* libvirt-daemon-driver-qemu
+
+  The dynamically loadable driver providing an implementation of the hypervisor
+  network interface management APIs, as well as the virtqemud daemon
+  binary.
+
+  Note that this is a minimal package so does not actually pull in the full
+  QEMU or KVM package set. This be must requested separately.
+
+
+* libvirt-daemon-driver-secret
+  The dynamically loadable driver providing an implementation of the secret
+  data management APIs, as well as the virtsecretd daemon binary.
+
+
+* libvirt-daemon-driver-storage
+
+  This is an empty package that exists only as a convenient way to request
+  installation of all the storage pool drivers.
+
+  If the application only supports a subset of storage pool types, then
+  a smaller install footprint can be obtained by requesting the individual
+  drivers.
+
+
+* libvirt-daemon-driver-storage-core
+
+  The dynamically loadable driver providing an implementation of the host
+  storage pool/volume management APIs, as well as the virtstoraged daemon
+  binary.
+
+  Note that this is a minimal package so does not actually pull in any pool
+  implementations.
+
+
+* libvirt-daemon-driver-storage-disk
+
+  The dynamically loadable driver providing an implementation of the disk
+  partition storage pool type, for the storage pool management APIs.
+
+
+* libvirt-daemon-driver-storage-gluster
+
+  The dynamically loadable driver providing an implementation of the GlusterFS
+  file storage pool type, for the storage pool management APIs.
+
+
+* libvirt-daemon-driver-storage-iscsi
+
+  The dynamically loadable driver providing an implementation of the ISCSI
+  disk storage pool type, for the storage pool management APIs.
+
+
+* libvirt-daemon-driver-storage-iscsi-direct
+
+  The dynamically loadable driver providing an implementation of the ISCSI
+  network storage pool type, for the storage pool management APIs.
+
+
+* libvirt-daemon-driver-storage-logical
+
+  The dynamically loadable driver providing an implementation of the LVM
+  storage pool type, for the storage pool management APIs.
+
+
+* libvirt-daemon-driver-storage-mpath
+
+  The dynamically loadable driver providing an implementation of the multipath
+  disk storage pool type, for the storage pool management APIs.
+
+
+* libvirt-daemon-driver-storage-rbd
+
+  The dynamically loadable driver providing an implementation of the RBD
+  network storage pool type, for the storage pool management APIs.
+
+
+* libvirt-daemon-driver-storage-scsi
+
+  The dynamically loadable driver providing an implementation of the SCSI
+  disk storage pool type, for the storage pool management APIs.
+
+
+* libvirt-daemon-driver-storage-sheepdog
+
+  The dynamically loadable driver providing an implementation of the SheepDog
+  network storage pool type, for the storage pool management APIs.
+
+
+* libvirt-daemon-driver-storage-zfs
+
+  The dynamically loadable driver providing an implementation of the ZFS
+  file storage pool type, for the storage pool management APIs.
+
+
+* libvirt-daemon-driver-vbox
+
+  The dynamically loadable driver providing an implementation of the host
+  network interface management APIs, as well as the virtinterfaced daemon
+  binary.
+
+
+* libvirt-daemon-kvm
+
+  This is an empty package that exists only as a convenient way to request
+  installation of all the libvirt features that are relevant to the management
+  of KVM guests. This includes the QEMU driver, and the secondary drivers for
+  secrets, storage pools, virtual networks, host interfaces, host devices
+  and network filtering.
+
+  It will also pull in the full set of QEMU features that can be utilized with
+  native architecture KVM guests.
+
+  This is a good default for an installation to use KVM if the specific set of
+  required features is not known. To have finer grained control over the
+  features, the subset of libvirt-daemon-driver-XXX packages should be used
+  instead.
+
+
+* libvirt-daemon-lxc
+
+  This is an empty package that exists only as a convenient way to request
+  installation of all the libvirt features that are relevant to the management
+  of Linux containers. This includes the LXC driver, and the secondary drivers
+  for secrets, storage pools, virtual networks, host interfaces, host devices
+  and network filtering.
+
+  This is a good default for an installation to use LXC if the specific set of
+  required features is not known. To have finer grained control over the
+  features, the subset of libvirt-daemon-driver-XXX packages should be used
+  instead.
+
+
+* libvirt-daemon-qemu
+
+  This is an empty package that exists only as a convenient way to request
+  installation of all the libvirt features that are relevant to the management
+  of QEMU guests. This includes the QEMU driver, and the secondary drivers for
+  secrets, storage pools, virtual networks, host interfaces, host devices
+  and network filtering.
+
+  It will also pull in the full set of QEMU features that can be utilized to
+  emulate any guests architecture supported by QEMU.
+
+  This is a good default for an installation to use QEMU if the specific set of
+  required features is not known. To have finer grained control over the
+  features, the subset of libvirt-daemon-driver-XXX packages should be used
+  instead.
+
+
+* libvirt-daemon-vbox
+
+  This is an empty package that exists only as a convenient way to request
+  installation of all the libvirt features that are relevant to the management
+  of KVM guests. This includes the QEMU driver, and the secondary drivers for
+  secrets, storage pools, virtual networks, host interfaces, host devices
+  and network filtering.
+
+  This is a good default for an installation to use VirtualBox if the specific
+  set of required features is not known. To have finer grained control over the
+  features, the subset of libvirt-daemon-driver-XXX packages should be used
+  instead.
+
+
+* libvirt-daemon-xen
+
+  This is an empty package that exists only as a convenient way to request
+  installation of all the libvirt features that are relevant to the management
+  of KVM guests. This includes the QEMU driver, and the secondary drivers for
+  secrets, storage pools, virtual networks, host interfaces, host devices
+  and network filtering.
+
+  It will also pull in the full set of Xen features that can be utilized with
+  Xen guests.
+
+  This is a good default for an installation to use Xen if the specific set of
+  required features is not known. To have finer grained control over the
+  features, the subset of libvirt-daemon-driver-XXX packages should be used
+  instead.
+
+
+* libvirt-devel
+
+  The header files required to build applications, or language bindings against
+  the libvirt C library. This should never be required on a production host,
+  only development hosts.
+
+* libvirt-docs
+
+  A local copy of the `libvirt website <https://libvirt.org>`_ website content
+  that matches the deployed version of libvirt.
+
+* libvirt-libs
+
+  The ELF libraries providing the main application interface to libvirt. These
+  have stateless drivers (VMWare ESX, HyperV, etc) built-in, and are able to
+  take to the libvirt daemons to utilize stateful drivers (QEMU, Xen, BHyve,
+  LXC, VZ, etc). This is needed on all libvirt hosts, both client and server.
+
+* libvirt-lock-sanlock
+
+  A plugin for locking disks that communicates with the sanlock daemon. It is
+  optional and only relevant to hosts with the QEMU driver and oVirt management
+  application.
+
+* libvirt-login-shell
+
+  A simple login shell that automatically spawns an LXC container for the user
+  logging in and places them in a shell inside that container.
+
+
+* libvirt-nss
+
+  A NSS plugin that provides hostname resolution for guests attached to a
+  libvirt virtual network. It is recommended to be installed on any host with
+  guests using the libvirt virtual network connectivity.
+
+
+* libvirt-wireshark
+
+  A wireshark plugin that allows for dissecting the XDR based RPC protocol used
+  between libvirt and its daemons. Since production deployments should all be
+  using a TLS encrypted, this only useful for development hosts with a libvirt
+  daemon configured without encryption.
+
+
+Deployment choices
+==================
+
+Client only install
+-------------------
+
+If an application is capable of using multiple different virtualization drivers
+it is undesirable to force the installation of a specific set of drivers. In
+this case the application will merely wish to request a client only install
+
+Alternatively if an application is intended to communicate with a hypervisor on
+a remote host there is no need to install drivers locally, only a client is
+needed
+
+The only required package is the `libvirt-libs`, however, it is useful to
+also install `libvirt-client`.
+
+
+Every possible virt driver
+--------------------------
+
+There is rarely a need to install every virt driver at once on a given host.
+In the unlikely event that this is needed, however, the `libvirt` package
+should be installed.
+
+Note that this doesn't actually pull in the hypervisors, only the libvirt
+code to talk to the hypervisors.
+
+
+Full features for one virt driver
+---------------------------------
+
+This is a common default installation profile when there is no need to minimise
+the on-disk footprint.
+
+This is achieved by installing the `libvirt-daemon-XXXX` package for the
+virtualization driver that is desired. This will also pull in the default
+set of hypervisor packages too.
+
+Since this installs every possible libvirt feature for the virtualization
+driver in question, the on-disk footprint is quite large. The in-memory
+footprint of the daemons is also relatively large since alot of code is
+loaded.
+
+
+Minimal features for one virt driver
+------------------------------------
+
+This is the best installation profile when it is desired to minimize the
+on-disk footprint.
+
+This is achieved by installing the individual `libvirt-daemon-driver-XXX`
+packages needed for the features that will be used.  This will not pull in the
+hypervisor packages, allowing a fine grained set of hypervisor features to be
+chosen separately.
+
+Since this allows fine grained installation of individual libvirt drivers,
+this results in the lowest on-disk footprint. The in-memory footprint of
+the daemons is also minimized by reducing the code loaded.
+
+As an example, the smallest possible installation for running KVM guests can
+be achieved by installing `libvirt-daemon-driver-qemu` and `qemu-kvm-core`.
+This will exclude all the secondary libvirt drivers for storage, networking
+and host devices, leaving only the bare minimum functionality for managing
+KVM guests.
--- a/docs/kbase/secureusage.html.in
+++ b/docs/kbase/secureusage.html.in
@@ -1,171 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-
-    <h1>Secure Usage of Libvirt</h1>
-
-    <ul id="toc"></ul>
-
-    <p>
-      This page details information that application developers and
-      administrators of libvirt should be aware of when working with
-      libvirt, that may have a bearing on security of the system.
-    </p>
-
-
-    <h2><a id="diskimage">Disk image handling</a></h2>
-
-    <h3><a id="diskimageformat">Disk image format probing</a></h3>
-
-    <p>
-      Historically there have been multiple flaws in QEMU and most
-      projects using QEMU, related to handling of disk formats.
-      The problems occur when a guest is given a virtual disk backed
-      by raw disk format on the host. If the management application
-      on the host tries to auto-detect / probe the disk format, it
-      is vulnerable to a malicious guest which can write a qcow2
-      file header into its raw disk. If the management application
-      subsequently probes the disk, it will see it as a 'qcow2' disk
-      instead of a 'raw' disk. Since 'qcow2' disks can have a copy
-      on write backing file, such flaw can be leveraged to read
-      arbitrary files on the host. The same type of flaw may occur
-      if the management application allows users to upload pre-created
-      raw images.
-    </p>
-
-    <p>
-      <strong>Recommendation:</strong> never attempt to automatically
-      detect the format of a disk image based on file contents which
-      are accessible to / originate from an untrusted source.
-    </p>
-
-    <h3><a id="diskimagebacking">Disk image backing files</a></h3>
-
-    <p>
-      If a management application allows users to upload pre-created
-      disk images in non-raw formats, it can be tricked into giving
-      the user access to arbitrary host files via the copy-on-write
-      backing file feature. This is because the qcow2 disk format
-      header contains a filename field which can point to any location.
-      It can also point to network protocols such as NBD, HTTP, GlusterFS,
-      RBD and more. This could allow for compromise of almost arbitrary
-      data accessible on the LAN/WAN.
-    </p>
-
-    <p>
-      <strong>Recommendation:</strong> always validate that a disk
-      image originating from an untrusted source has no backing
-      file set. If a backing file is seen, reject the image.
-    </p>
-
-    <h3><a id="diskimagesize">Disk image size validation</a></h3>
-
-    <p>
-      If an application allows users to upload pre-created disk
-      images in non-raw formats, it is essential to validate the
-      logical disk image size, rather than the physical disk
-      image size. Non-raw disk images have a grow-on-demand
-      capability, so a user can provide a qcow2 image that may
-      be only 1 MB in size, but is configured to grow to many
-      TB in size.
-    </p>
-
-    <p>
-      <strong>Recommendation:</strong> if receiving a non-raw disk
-      image from an untrusted source, validate the logical image
-      size stored in the disk image metadata against some finite
-      limit.
-    </p>
-
-    <h3><a id="diskimageaccess">Disk image data access</a></h3>
-
-    <p>
-      If an untrusted disk image is ever mounted on the host OS by
-      a management application or administrator, this opens an
-      avenue of attack with which to potentially compromise the
-      host kernel. Filesystem drivers in OS kernels are often very
-      complex code and thus may have bugs lurking in them. With
-      Linux, there are a large number of filesystem drivers, many
-      of which attract little security analysis attention. Linux
-      will helpfully probe filesystem formats if not told to use an
-      explicit format, allowing an attacker the ability to target
-      specific weak filesystem drivers. Even commonly used and
-      widely audited filesystems such as <code>ext4</code> have had
-      <a href="https://lwn.net/Articles/538898/">bugs lurking in them</a>
-      undetected for years at a time.
-    </p>
-
-    <p>
-      <strong>Recommendation:</strong> if there is a need to access
-      the content of a disk image, use a single-use throwaway virtual
-      machine to access the data. Never mount disk images on the host
-      OS. Ideally make use of the <a href="http://libguestfs.org">libguestfs</a>
-      tools and APIs for accessing disks
-    </p>
-
-    <h2><a id="migration">Guest migration network</a></h2>
-
-    <p>
-      Most hypervisors with support for guest migration between hosts
-      make use of one (or more) network connections. Typically the source
-      host will connect to some port on the target host to initiate the
-      migration. There may be separate connections for co-ordinating the
-      migration, transferring memory state and transferring storage.
-      If the network over which migration takes place is accessible the
-      guest, or client applications, there is potential for data leakage
-      via packet snooping/capture. It is also possible for a malicious
-      guest or client to make attempts to connect to the target host
-      to trigger bogus migration operations, or at least inflict a denial
-      of service attack.
-    </p>
-
-    <p>
-      <strong>Recommendations:</strong> there are several things to consider
-      when performing migration
-    </p>
-
-    <ul>
-      <li>Use a specific address for establishing the migration
-        connection which is accessible only to the virtualization
-        hosts themselves, not libvirt clients or virtual guests.
-        Most hypervisors allow the management application to provide
-        the IP address of the target host as a way to
-        determine which network migration takes place on. This is
-        effectively the connect() socket address for the source host.</li>
-      <li>Use a specific address for listening for incoming migration
-        connections which is accessible only to the virtualization
-        hosts themselves, not libvirt clients or virtual guests.
-        Most hypervisors allow the management application to configure
-        the IP address on which the target host listens. This is
-        the bind() socket address for the target host.</li>
-      <li>Use an encrypted migration protocol. Some hypervisors
-        have support for encrypting the migration memory/storage
-        data. In other cases it can be tunnelled over the libvirtd
-        RPC protocol connections.</li>
-    </ul>
-
-    <h2><a id="storage">Storage encryption</a></h2>
-
-    <p>
-      Virtual disk images will typically contain confidential data
-      belonging to the owner of the virtual machine. It is desirable
-      to protect this against data center administrators as much as
-      possible. For example, a rogue storage administrator may attempt
-      to access disk contents directly from a storage host, or a network
-      administrator/attack may attempt to snoop on data packets relating
-      to storage access. Use of disk encryption on the virtualization
-      host can ensure that only the virtualization host administrator
-      can see the plain text contents of disk images.
-    </p>
-
-    <p>
-      <strong>Recommendation:</strong> make use of storage encryption
-      to protect non-local storage from attack by rogue network /
-      storage administrators or external attackers. This is particularly
-      important if the storage protocol itself does not offer any kind
-      of encryption capabilities.
-    </p>
-
-  </body>
-</html>
--- a/docs/kbase/secureusage.rst
+++ b/docs/kbase/secureusage.rst
@@ -0,0 +1,131 @@
+=======================
+Secure Usage of Libvirt
+=======================
+
+.. contents::
+
+This page details information that application developers and
+administrators of libvirt should be aware of when working with libvirt,
+that may have a bearing on security of the system.
+
+Disk image handling
+===================
+
+Disk image format probing
+-------------------------
+
+Historically there have been multiple flaws in QEMU and most projects
+using QEMU, related to handling of disk formats. The problems occur when
+a guest is given a virtual disk backed by raw disk format on the host.
+If the management application on the host tries to auto-detect / probe
+the disk format, it is vulnerable to a malicious guest which can write a
+qcow2 file header into its raw disk. If the management application
+subsequently probes the disk, it will see it as a 'qcow2' disk instead
+of a 'raw' disk. Since 'qcow2' disks can have a copy on write backing
+file, such flaw can be leveraged to read arbitrary files on the host.
+The same type of flaw may occur if the management application allows
+users to upload pre-created raw images.
+
+**Recommendation:** never attempt to automatically detect the format of
+a disk image based on file contents which are accessible to / originate
+from an untrusted source.
+
+Disk image backing files
+------------------------
+
+If a management application allows users to upload pre-created disk
+images in non-raw formats, it can be tricked into giving the user access
+to arbitrary host files via the copy-on-write backing file feature. This
+is because the qcow2 disk format header contains a filename field which
+can point to any location. It can also point to network protocols such
+as NBD, HTTP, GlusterFS, RBD and more. This could allow for compromise
+of almost arbitrary data accessible on the LAN/WAN.
+
+**Recommendation:** always validate that a disk image originating from
+an untrusted source has no backing file set. If a backing file is seen,
+reject the image.
+
+Disk image size validation
+--------------------------
+
+If an application allows users to upload pre-created disk images in
+non-raw formats, it is essential to validate the logical disk image
+size, rather than the physical disk image size. Non-raw disk images have
+a grow-on-demand capability, so a user can provide a qcow2 image that
+may be only 1 MB in size, but is configured to grow to many TB in size.
+
+**Recommendation:** if receiving a non-raw disk image from an untrusted
+source, validate the logical image size stored in the disk image
+metadata against some finite limit.
+
+Disk image data access
+----------------------
+
+If an untrusted disk image is ever mounted on the host OS by a
+management application or administrator, this opens an avenue of attack
+with which to potentially compromise the host kernel. Filesystem drivers
+in OS kernels are often very complex code and thus may have bugs lurking
+in them. With Linux, there are a large number of filesystem drivers,
+many of which attract little security analysis attention. Linux will
+helpfully probe filesystem formats if not told to use an explicit
+format, allowing an attacker the ability to target specific weak
+filesystem drivers. Even commonly used and widely audited filesystems
+such as ``ext4`` have had `bugs lurking in
+them <https://lwn.net/Articles/538898/>`__ undetected for years at a
+time.
+
+**Recommendation:** if there is a need to access the content of a disk
+image, use a single-use throwaway virtual machine to access the data.
+Never mount disk images on the host OS. Ideally make use of the
+`libguestfs <http://libguestfs.org>`__ tools and APIs for accessing
+disks
+
+Guest migration network
+=======================
+
+Most hypervisors with support for guest migration between hosts make use
+of one (or more) network connections. Typically the source host will
+connect to some port on the target host to initiate the migration. There
+may be separate connections for co-ordinating the migration,
+transferring memory state and transferring storage. If the network over
+which migration takes place is accessible the guest, or client
+applications, there is potential for data leakage via packet
+snooping/capture. It is also possible for a malicious guest or client to
+make attempts to connect to the target host to trigger bogus migration
+operations, or at least inflict a denial of service attack.
+
+**Recommendations:** there are several things to consider when
+performing migration
+
+-  Use a specific address for establishing the migration connection
+   which is accessible only to the virtualization hosts themselves, not
+   libvirt clients or virtual guests. Most hypervisors allow the
+   management application to provide the IP address of the target host
+   as a way to determine which network migration takes place on. This is
+   effectively the connect() socket address for the source host.
+-  Use a specific address for listening for incoming migration
+   connections which is accessible only to the virtualization hosts
+   themselves, not libvirt clients or virtual guests. Most hypervisors
+   allow the management application to configure the IP address on which
+   the target host listens. This is the bind() socket address for the
+   target host.
+-  Use an encrypted migration protocol. Some hypervisors have support
+   for encrypting the migration memory/storage data. In other cases it
+   can be tunnelled over the libvirtd RPC protocol connections.
+
+Storage encryption
+==================
+
+Virtual disk images will typically contain confidential data belonging
+to the owner of the virtual machine. It is desirable to protect this
+against data center administrators as much as possible. For example, a
+rogue storage administrator may attempt to access disk contents directly
+from a storage host, or a network administrator/attack may attempt to
+snoop on data packets relating to storage access. Use of disk encryption
+on the virtualization host can ensure that only the virtualization host
+administrator can see the plain text contents of disk images.
+
+**Recommendation:** make use of storage encryption to protect non-local
+storage from attack by rogue network / storage administrators or
+external attackers. This is particularly important if the storage
+protocol itself does not offer any kind of encryption capabilities.
--- a/docs/kbase/virtiofs.rst
+++ b/docs/kbase/virtiofs.rst
@@ -0,0 +1,147 @@
+============================
+Sharing files with Virtio-FS
+============================
+
+.. contents::
+
+=========
+Virtio-FS
+=========
+
+Virtio-FS is a shared file system that lets virtual machines access
+a directory tree on the host. Unlike existing approaches, it
+is designed to offer local file system semantics and performance.
+
+See https://virtio-fs.gitlab.io/
+
+==========
+Host setup
+==========
+
+The host-side virtiofsd daemon, like other vhost-user backed devices,
+requires shared memory between the host and the guest. As of QEMU 4.2, this
+requires specifying a NUMA topology for the guest and explicitly specifying
+a memory backend. Multiple options are available:
+
+Either of the following:
+
+* Use file-backed memory
+
+  Configure the directory where the files backing the memory will be stored
+  with the ``memory_backing_dir`` option in ``/etc/libvirt/qemu.conf``
+
+  ::
+
+    # This directory is used for memoryBacking source if configured as file.
+    # NOTE: big files will be stored here
+    memory_backing_dir = "/dev/shm/"
+
+* Use hugepage-backed memory
+
+  Make sure there are enough huge pages allocated for the requested guest memory.
+  For example, for one guest with 2 GiB of RAM backed by 2 MiB hugepages:
+
+  ::
+
+      # virsh allocpages 2M 1024
+
+===========
+Guest setup
+===========
+
+#. Specify the NUMA topology
+
+   in the domain XML of the guest.
+   For the simplest one-node topology for a guest with 2GiB of RAM and 8 vCPUs:
+
+   ::
+
+      <domain>
+        ...
+        <cpu ...>
+          <numa>
+            <cell id='0' cpus='0-7' memory='2' unit='GiB' memAccess='shared'/>
+          </numa>
+        </cpu>
+       ...
+      </domain>
+
+   Note that the CPU element might already be specified and only one is allowed.
+
+#. Specify the memory backend
+
+   Either of the following:
+
+   * File-backed memory
+
+     ::
+
+        <domain>
+          ...
+          <memoryBacking>
+            <access mode='shared'/>
+          </memoryBacking>
+          ...
+        </domain>
+
+     This will create a file in the directory specified in ``qemu.conf``
+
+   * Hugepage-backed memory
+
+     ::
+
+        <domain>
+          ...
+          <memoryBacking>
+            <hugepages>
+              <page size='2' unit='M'/>
+            </hugepages>
+            <access mode='shared'/>
+          </memoryBacking>
+          ...
+        </domain>
+
+#. Add the ``vhost-user-fs`` QEMU device via the ``filesystem`` element
+
+   ::
+
+      <domain>
+        ...
+        <devices>
+          ...
+          <filesystem type='mount' accessmode='passthrough'>
+            <driver type='virtiofs'/>
+            <source dir='/path'/>
+            <target dir='mount_tag'/>
+          </filesystem>
+          ...
+        </devices>
+      </domain>
+
+   Note that despite its name, the ``target dir`` is actually a mount tag and does
+   not have to correspond to the desired mount point in the guest.
+
+   So far, ``passthrough`` is the only supported access mode and it requires
+   running the ``virtiofsd`` daemon as root.
+
+#. Boot the guest and mount the filesystem
+
+   ::
+
+      guest# mount -t virtiofs mount_tag /mnt/mount/path
+
+   Note: this requires virtiofs support in the guest kernel (Linux v5.4 or later)
+
+===================
+Optional parameters
+===================
+
+More optional elements can be specified
+
+::
+
+  <driver type='virtiofs' queue='1024'/>
+  <binary path='/usr/libexec/virtiofsd' xattr='on'>
+    <cache mode='always'/>
+    <lock posix_lock='on' flock='on'/>
+  </binary>
--- a/docs/libvirt-go-xml.rst
+++ b/docs/libvirt-go-xml.rst
@@ -0,0 +1,10 @@
+==========================
+Libvirt Go XML parsing API
+==========================
+
+The `Go <https://golang.org/>`__ package ``libvirt.org/libvirt-go-xml`` provides
+annotated Go struct definitions for parsing (and formatting) XML documents used
+with libvirt APIs.
+
+For details of Go specific behaviour consult the
+`Go package documentation <https://godoc.org/libvirt.org/libvirt-go-xml>`__
--- a/docs/libvirt-go.rst
+++ b/docs/libvirt-go.rst
@@ -0,0 +1,13 @@
+=======================
+Libvirt Go Language API
+=======================
+
+The `Go <https://golang.org/>`__ package ``libvirt.org/libvirt-go`` provides
+`CGo <https://golang.org/cmd/cgo/>`__ binding from the OS native Libvirt API.
+
+In general the Go representation is a direct 1-1 mapping from native API
+concepts to Go, so the native API documentation should serve as a reference
+for most behaviour.
+
+For details of Go specific behaviour consult the
+`Go package documentation <https://godoc.org/libvirt.org/libvirt-go>`__
--- a/docs/libvirt.css
+++ b/docs/libvirt.css
@@ -161,37 +161,37 @@ p.image {
    text-align: center;
 }

-.top_table {
+table {
    border-collapse: collapse;
    min-width: 60%;
    margin-left: auto;
    margin-right: auto;
 }

-.top_table th {
+table th {
    background: rgb(0, 95, 97);
    color: rgb(255, 255, 255);
    padding: 0.5em;
 }

-.top_table th a {
+table th a {
    color: inherit;
    text-decoration: inherit;
 }

-.top_table td, .top_table th {
+table td, table th {
    border: 1px solid rgb(60, 133, 124);
 }

-.top_table td {
+table td {
    padding: 4px;
 }

-.top_table tr:hover td, .top_table col:hover td {
+table tr:hover td, table col:hover td {
    background: #eeeeee;
 }

-.top_table tr td:hover {
+table tr td:hover {
    background: #c5dbd8;
 }

@@ -289,42 +289,12 @@ img.diagram {
    margin-right: auto;
 }

-table.data th, table.data td {
-    padding: 0.3em;
-}

-table.data {
-    border-spacing: 0px;
-}
-
-table.data thead th {
-    background: rgb(178,178,178);
-    text-align: center;
-}
-
-table.data {
-    border: 1px solid black;
-    border-collapse: collapse;
-}
-
-table.data thead tr th {
-    border: 1px solid black;
-}
-
-table.data tr.head th {
-    border-left: 1px solid black;
-    border-right: 1px solid black;
-}
-
-table.data tbody td {
-    background: rgb(240,240,240);
-}
-
-table.data tbody td.y {
+table tbody td.y {
    background: rgb(220,255,220);
    text-align: center;
 }
-table.data tbody td.n {
+table tbody td.n {
    background: rgb(255,220,220);
    text-align: center;
 }
@@ -377,6 +347,18 @@ table.data tbody td.n {
    text-decoration: none;
 }

+.api table td,.api table th {
+    border: 0px;
+}
+
+.api table tr:hover td, .api table col:hover td {
+    background: inherit;
+}
+
+.api table tr td:hover {
+    background: inherit;
+}
+
 dl.variablelist > dt {
    display: block;
    float: left;
@@ -392,21 +374,6 @@ dl.variablelist > dt:after {
    content: ": ";
 }

-table.acl {
-    margin: 1em;
-    border-spacing: 0px;
-    border: 1px solid #ccc;
-}
-
-table.acl tr, table.acl td {
-    padding: 0.3em;
-    border: 1px solid #ccc;
-}
-
-table.acl thead {
-    background: #ddd;
-}
-
 div.description pre.code {
    border: 1px dashed grey;
    background-color: inherit;
@@ -419,6 +386,7 @@ a.headerlink {
    visibility: hidden;
 }

+h1:hover > a.headerlink,
 h2:hover > a.headerlink,
 h3:hover > a.headerlink,
 h4:hover > a.headerlink,
@@ -606,3 +574,12 @@ ul.news-section-content li dl dd {
    margin-top: 0.5em;
    margin-bottom: 0.5em;
 }
+
+.literal, code {
+    font-family: monospace;
+    background: #eeeeee;
+}
+
+.contents li p {
+    margin: 2px;
+}
--- a/docs/manpages/index.rst
+++ b/docs/manpages/index.rst
@@ -0,0 +1,38 @@
+====================
+Libvirt Manual Pages
+====================
+
+Daemons
+=======
+
+* `libvirtd(8) <libvirtd.html>`__ - libvirt management daemon
+* `virtlockd(8) <virtlockd.html>`__ - libvirt lock management daemon
+* `virtlogd(8) <virtlogd.html>`__ - libvirt log management daemon
+
+Tools
+=====
+
+* `virt-host-validate(1) <virt-host-validate.html>`__ - validate host virtualization setup
+* `virt-pki-validate(1) <virt-pki-validate.html>`__ - validate libvirt PKI files are configured correctly
+* `virt-xml-validate(1) <virt-xml-validate.html>`__ - validate libvirt XML files against a schema
+* `virt-sanlock-cleanup(8) <virt-sanlock-cleanup.html>`__ - remove stale sanlock resource lease files
+* `virt-login-shell(1) <virt-login-shell.html>`__ - tool to execute a shell within a container
+* `virt-admin(1) <virt-admin.html>`__ - daemon administration interface
+* `virsh(1) <virsh.html>`__ - management user interface
+* `virt-qemu-run(1) <virt-qemu-run.html>`__ - run standalone QEMU instances
+
+Key codes
+=========
+
+* `virkeycode-atset1 <virkeycode-atset1.html>`__ - atset1 keycodes
+* `virkeycode-atset2 <virkeycode-atset2.html>`__ - atset2 keycodes
+* `virkeycode-atset3 <virkeycode-atset3.html>`__ - atset3 keycodes
+* `virkeycode-linux <virkeycode-linux.html>`__ - linux keycodes
+* `virkeycode-qnum <virkeycode-qnum.html>`__ - qnmum keycodes
+* `virkeycode-osx <virkeycode-osx.html>`__ - osx keycodes
+* `virkeycode-usb <virkeycode-usb.html>`__ - usb keycodes
+* `virkeycode-win32 <virkeycode-win32.html>`__ - win32 keycodes
+* `virkeycode-xtkbd <virkeycode-xtkbd.html>`__ - xtkbd keycodes
+* `virkeyname-linux <virkeyname-linux.html>`__ - keycodes
+* `virkeyname-osx <virkeyname-osx.html>`__ - osx keynames
+* `virkeyname-win32 <virkeyname-win32.html>`__ - win32 keynames
--- a/docs/manpages/libvirtd.rst
+++ b/docs/manpages/libvirtd.rst
@@ -0,0 +1,259 @@
+========
+libvirtd
+========
+
+-------------------------
+libvirt management daemon
+-------------------------
+
+:Manual section: 8
+:Manual group: Virtualization Support
+
+.. contents::
+
+SYNOPSIS
+========
+
+``libvirtd`` [*OPTION*]...
+
+
+DESCRIPTION
+===========
+
+The ``libvirtd`` program is the server side daemon component of the libvirt
+virtualization management system.
+
+This daemon runs on host servers and performs required management tasks for
+virtualized guests.  This includes activities such as starting, stopping
+and migrating guests between host servers, configuring and manipulating
+networking, and managing storage for use by guests.
+
+The libvirt client libraries and utilities connect to this daemon to issue
+tasks and collect information about the configuration and resources of the host
+system and guests.
+
+By default, the libvirtd daemon listens for requests on a local Unix domain
+socket.  Using the ``-l`` | ``--listen`` command line option, the libvirtd daemon
+can be instructed to additionally listen on a TCP/IP socket.  The TCP/IP socket
+to use is defined in the libvirtd configuration file.
+
+Restarting libvirtd does not impact running guests.  Guests continue to operate
+and will be picked up automatically if their XML configuration has been
+defined.  Any guests whose XML configuration has not been defined will be lost
+from the configuration.
+
+
+SYSTEM SOCKET ACTIVATION
+========================
+
+The ``libvirtd`` daemon is capable of starting in two modes.
+
+In the traditional mode, it will create and listen on UNIX sockets itself.
+If the ``--listen`` parameter is given, it will also listen on TCP/IP socket(s),
+according to the ``listen_tcp`` and ``listen_tls`` options in
+``/etc/libvirt/libvirtd.conf``
+
+In socket activation mode, it will rely on systemd to create and listen
+on the UNIX, and optionally TCP/IP, sockets and pass them as pre-opened
+file descriptors. In this mode, it is not permitted to pass the ``--listen``
+parameter, and most of the socket related config options in
+``/etc/libvirt/libvirtd.conf`` will no longer have any effect. To enable
+TCP or TLS sockets use either
+
+::
+
+   $ systemctl start libvirtd-tls.socket
+
+Or
+
+::
+
+   $ systemctl start libvirtd-tcp.socket
+
+Socket activation mode is generally the default when running on a host
+OS that uses systemd. To revert to the traditional mode, all the socket
+unit files must be masked:
+
+::
+
+   $ systemctl mask libvirtd.socket libvirtd-ro.socket \
+      libvirtd-admin.socket libvirtd-tls.socket libvirtd-tcp.socket
+
+
+OPTIONS
+=======
+
+``-h``, ``--help``
+
+Display command line help usage then exit.
+
+``-d``, ``--daemon``
+
+Run as a daemon & write PID file.
+
+``-f``, ``--config *FILE*``
+
+Use this configuration file, overriding the default value.
+
+``-l``, ``--listen``
+
+Listen for TCP/IP connections. This should not be set if using systemd
+socket activation. Instead activate the libvirtd-tls.socket or
+libvirtd-tcp.socket unit files.
+
+``-p``, ``--pid-file *FILE*``
+
+Use this name for the PID file, overriding the default value.
+
+``-t``, ``--timeout *SECONDS*``
+
+Exit after timeout period (in seconds), provided there are neither any client
+connections nor any running domains.
+
+``-v``, ``--verbose``
+
+Enable output of verbose messages.
+
+``--version``
+
+Display version information then exit.
+
+
+SIGNALS
+=======
+
+On receipt of ``SIGHUP`` libvirtd will reload its configuration.
+
+
+FILES
+=====
+
+When run as *root*
+------------------
+
+* ``SYSCONFDIR/libvirt/libvirtd.conf``
+
+The default configuration file used by libvirtd, unless overridden on the
+command line using the ``-f`` | ``--config`` option.
+
+* ``RUNSTATEDIR/libvirt/libvirt-sock``
+* ``RUNSTATEDIR/libvirt/libvirt-sock-ro``
+
+The sockets libvirtd will use.
+
+* ``SYSCONFDIR/pki/CA/cacert.pem``
+
+The TLS **Certificate Authority** certificate libvirtd will use.
+
+* ``SYSCONFDIR/pki/libvirt/servercert.pem``
+
+The TLS **Server** certificate libvirtd will use.
+
+* ``SYSCONFDIR/pki/libvirt/private/serverkey.pem``
+
+The TLS **Server** private key libvirtd will use.
+
+* ``RUNSTATEDIR/libvirtd.pid``
+
+The PID file to use, unless overridden by the ``-p`` | ``--pid-file`` option.
+
+
+When run as *non-root*
+----------------------
+
+* ``$XDG_CONFIG_HOME/libvirt/libvirtd.conf``
+
+The default configuration file used by libvirtd, unless overridden on the
+command line using the ``-f``|``--config`` option.
+
+* ``$XDG_RUNTIME_DIR/libvirt/libvirt-sock``
+
+The socket libvirtd will use.
+
+* ``$HOME/.pki/libvirt/cacert.pem``
+
+The TLS **Certificate Authority** certificate libvirtd will use.
+
+* ``$HOME/.pki/libvirt/servercert.pem``
+
+The TLS **Server** certificate libvirtd will use.
+
+* ``$HOME/.pki/libvirt/serverkey.pem``
+
+The TLS **Server** private key libvirtd will use.
+
+* ``$XDG_RUNTIME_DIR/libvirt/libvirtd.pid``
+
+The PID file to use, unless overridden by the ``-p``|``--pid-file`` option.
+
+
+If ``$XDG_CONFIG_HOME`` is not set in your environment, libvirtd will use
+``$HOME/.config``
+
+If ``$XDG_RUNTIME_DIR`` is not set in your environment, libvirtd will use
+``$HOME/.cache``
+
+
+EXAMPLES
+========
+
+To retrieve the version of libvirtd:
+
+.. code-block::
+
+  # libvirtd --version
+  libvirtd (libvirt) 0.8.2
+
+
+To start libvirtd, instructing it to daemonize and create a PID file:
+
+.. code-block::
+
+  # libvirtd -d
+  # ls -la RUNSTATEDIR/libvirtd.pid
+  -rw-r--r-- 1 root root 6 Jul  9 02:40 RUNSTATEDIR/libvirtd.pid
+
+
+BUGS
+====
+
+Please report all bugs you discover.  This should be done via either:
+
+#. the mailing list
+
+   `https://libvirt.org/contact.html <https://libvirt.org/contact.html>`_
+
+#. the bug tracker
+
+   `https://libvirt.org/bugs.html <https://libvirt.org/bugs.html>`_
+
+Alternatively, you may report bugs to your software distributor / vendor.
+
+
+AUTHORS
+=======
+
+Please refer to the AUTHORS file distributed with libvirt.
+
+
+COPYRIGHT
+=========
+
+Copyright (C) 2006-2012 Red Hat, Inc., and the authors listed in the
+libvirt AUTHORS file.
+
+
+LICENSE
+=======
+
+libvirtd is distributed under the terms of the GNU LGPL v2.1+.
+This is free software; see the source for copying conditions. There
+is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
+PURPOSE
+
+
+SEE ALSO
+========
+
+virsh(1), virt-install(1), virt-xml-validate(1), virt-top(1),
+virt-df(1), `https://www.libvirt.org/ <https://www.libvirt.org/>`_
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
--- a/docs/manpages/virt-admin.rst
+++ b/docs/manpages/virt-admin.rst
@@ -0,0 +1,652 @@
+==========
+virt-admin
+==========
+
+-------------------------------
+daemon administration interface
+-------------------------------
+
+:Manual section: 1
+:Manual group: Virtualization Support
+
+.. contents::
+
+SYNOPSIS
+========
+
+``virt-admin`` [*OPTION*]... [*COMMAND_STRING*]
+
+``virt-admin`` [*OPTION*]... *COMMAND* [*ARG*]...
+
+
+DESCRIPTION
+===========
+
+The ``virt-admin`` program is the main administration interface for modifying
+the libvirt daemon configuration at runtime, changing daemon behaviour as well
+as for monitoring and managing all clients connected to the daemon.
+
+The basic structure of most virt-admin usage is:
+
+.. code-block::
+
+   virt-admin [OPTION]... <command> [ARG]...
+
+Where *command* is one of the commands listed below. Any *command*
+starting with ``#`` is treated as a comment and silently ignored, all
+other unrecognized *commands* are diagnosed.
+
+The ``virt-admin`` program can be used either to run one *COMMAND* by giving the
+command and its arguments on the shell command line, or a *COMMAND_STRING*
+which is a single shell argument consisting of multiple *COMMAND* actions
+and their arguments joined with whitespace and separated by semicolons or
+newlines between commands, where unquoted backslash-newline pairs are
+elided.  Within *COMMAND_STRING*, virt-admin understands the
+same single, double, and backslash escapes as the shell, although you must
+add another layer of shell escaping in creating the single shell argument,
+and any word starting with unquoted *#* begins a comment that ends at newline.
+If no command is given in the command line, ``virt-admin`` will then start a minimal
+interpreter waiting for your commands, and the ``quit`` command will then exit
+the program.
+
+The ``virt-admin`` program understands the following *OPTIONS*.
+
+
+``-c``, ``--connect`` *URI*
+
+Connect to the specified *URI*, as if by the ``connect`` command,
+instead of the default connection.
+
+``-d``, ``--debug`` *LEVEL*
+
+Enable debug messages at integer *LEVEL* and above.  *LEVEL* can
+range from 0 to 4 (default).  See the documentation of ``VIRT_ADMIN_DEBUG``
+environment variable below for the description of each *LEVEL*.
+
+``-h``, ``--help``
+
+Ignore all other arguments, and behave as if the ``help`` command were
+given instead.
+
+``-l``, ``--log`` *FILE*
+
+Output logging details to *FILE*.
+
+``-q``, ``--quiet``
+
+Avoid extra informational messages.
+
+``-v``, ``--version[=short]``
+
+Ignore all other arguments, and prints the version of the libvirt library
+virt-admin is coming from
+
+``-V``, ``--version=long``
+
+Ignore all other arguments, and prints the version of the libvirt library
+virt-admin is coming from.
+
+
+NOTES
+=====
+
+Running ``virt-admin`` requires root privileges due to the
+communications channels used to talk to the daemon. Consider changing the
+*unix_sock_group* ownership setting to grant access to specific set of users
+or modifying *unix_sock_rw_perms* permissions. Daemon configuration file
+provides more information about setting permissions.
+
+
+GENERIC COMMANDS
+================
+
+The following commands are generic.
+
+help
+----
+
+**Syntax:**
+
+.. code-block::
+
+   help [command-or-group]
+
+This lists each of the virt-admin commands.  When used without options, all
+commands are listed, one per line, grouped into related categories,
+displaying the keyword for each group.
+
+To display detailed information for a specific command, use its name as the
+option.
+
+
+quit, exit
+----------
+
+**Syntax:**
+
+.. code-block::
+
+   quit
+   exit
+
+quit this interactive terminal
+
+version
+-------
+
+**Syntax:**
+
+.. code-block::
+
+   version
+
+will print out the version info about which libvirt library was this client
+built from. As opposed to *virsh* client, the output already includes
+the version of the daemon.
+
+**Example:**
+
+.. code-block::
+
+   $ virt-admin version
+   Compiled against library: libvirt 1.2.21
+   Using library: libvirt 1.2.21
+   Running against daemon: 1.2.20
+
+
+
+cd
+--
+
+**Syntax:**
+
+.. code-block::
+
+   cd [directory]
+
+Will change current directory to *directory*.  The default directory
+for the ``cd`` command is the home directory or, if there is no *HOME*
+variable in the environment, the root directory.
+
+This command is only available in interactive mode.
+
+pwd
+---
+
+**Syntax:**
+
+.. code-block::
+
+   pwd
+
+Will print the current directory.
+
+
+connect
+-------
+
+**Syntax:**
+
+.. code-block::
+
+   connect [URI]
+
+(Re)-Connect to a daemon's administrating server. The *URI* parameter
+specifies how to connect to the administrating server.
+If *LIBVIRT_ADMIN_DEFAULT_URI* or *uri_default* (see below) were set,
+*connect* is automatically issued every time a command that requires an
+active connection is executed. Note that this only applies if there is no
+connection at all or there is an inactive one.
+
+To find the currently used URI, check the *uri* command documented below.
+
+
+uri
+---
+
+**Syntax:**
+
+.. code-block::
+
+   uri
+
+Prints the administrating server canonical URI, can be useful in shell mode. If
+no *uri* was specified, neither *LIBVIRT_ADMIN_DEFAULT_URI* environment
+variable nor *uri_default* option (libvirt-admin.conf) were set,
+libvirtd:///system is used.
+
+
+
+
+DAEMON COMMANDS
+===============
+
+
+The following commands allow one to monitor the daemon's state as well as
+directly change its internal configuration.
+
+server-list
+-----------
+
+**Syntax:**
+
+.. code-block::
+
+   server-list
+
+Lists all manageable servers contained within the daemon the client is
+currently connected to.
+
+
+daemon-log-filters
+------------------
+
+**Syntax:**
+
+.. code-block::
+
+   daemon-log-filters [--filters string]
+
+When run without arguments, this returns the currently defined set of logging
+filters. Providing an argument will cause the command to define a new set of
+logging filters.
+
+
+- *--filters*
+
+Define a new set of logging filters where multiple filters are delimited by
+space. Each filter must conform to the form described in detail by
+*/etc/libvirt/libvirtd.conf* (section 'Logging filters').
+
+
+**Example:**
+
+To define a filter which suppresses all e.g. 'virObjectUnref' DEBUG
+messages, use the following:
+
+.. code-block::
+
+   $ virt-admin daemon-log-filters "4:util.object"
+
+(Note the '.' symbol which can be used to more fine-grained filters tailored
+to specific modules, in contrast, to affect the whole directory containing
+several modules this would become "4:util"):
+
+daemon-log-outouts
+------------------
+
+**Syntax:**
+
+.. code-block::
+
+   daemon-log-outputs [--outputs string]
+
+When run without arguments, this returns the currently defined set of logging
+outputs. Providing an argument will cause the command to define a new set of
+logging outputs.
+
+
+- *--outputs*
+
+Define a new set of logging outputs where multiple outputs are delimited by
+space. Each output must conform to the form described in detail by
+*/etc/libvirt/libvirtd.conf* (section 'Logging outputs').
+
+
+**Example:**
+
+To replace the current setting for logging outputs with one that writes to
+a file while logging errors only, the following could be used:
+
+.. code-block::
+
+   $ virt-admin daemon-log-outputs "4:file:<absolute_path_to_the_file>"
+
+To define multiple outputs at once they need to be delimited by spaces:
+
+.. code-block::
+
+   $ virt-admin daemon-log-outputs "4:stderr 2:syslog:<msg_ident>"
+
+
+SERVER COMMANDS
+===============
+
+The following commands manipulate daemon's server internal configuration.
+The *server* is specified by its name.
+
+server-threadpool-info
+----------------------
+
+**Syntax:**
+
+.. code-block::
+
+   server-threadpool-info server
+
+Retrieve server's threadpool attributes. These attributes include:
+
+
+- *minWorkers* as the bottom limit to the number of active workers,
+
+- *maxWorkers* as the top limit to the number of active workers,
+
+- *nWorkers* as the current number of workers in the threadpool,
+
+- *freeWorkers* as the current number of workers available for a task,
+
+- *prioWorkers* as the current number of priority workers in the threadpool, and
+
+- *jobQueueDepth* as the current depth of threadpool's job queue.
+
+
+**Background**
+
+Each daemon server utilizes a threadpool to accomplish tasks requested by
+clients connected to it. Every time a client request arrives to the server,
+it checks whether there is a worker available to accomplish the given task or
+it should create a new worker for the job (rather than being destroyed, the
+worker becomes free once the task is finished). Creating new workers, however,
+is only possible when the current number of workers is still below the
+configured upper limit.
+In addition to these 'standard' workers, a threadpool also contains a special
+set of workers called *priority* workers. Their purpose is to perform tasks
+that, unlike tasks carried out by normal workers, are within libvirt's full
+control and libvirt guarantees that such a task cannot hang, thus will always
+finish. An example of such a task this would be destroying a domain:
+
+.. code-block::
+
+   $ virsh destroy <domain>.
+
+
+server-threadpool-set
+---------------------
+
+**Syntax:**
+
+.. code-block::
+
+   server-threadpool-set server [--min-workers count] [--max-workers count] [--priority-workers count]
+
+Change threadpool attributes on a server. Only a fraction of all attributes as
+described in *server-threadpool-info* is supported for the setter.
+
+
+- *--min-workers*
+
+  The bottom limit to number of active workers in a threadpool.
+
+- *--max-workers*
+
+  The upper limit to number of active workers in a threadpool. If used in
+  combination with option *--min-workers*, the value for the upper limit has to
+  be greater than the value for the bottom limit, otherwise the command results
+  in an error.
+
+- *--priority-workers*
+
+  The current number of active priority workers in a threadpool.
+
+
+server-clients-info
+-------------------
+
+**Syntax:**
+
+.. code-block::
+
+   server-clients-info server
+
+Get information about the current setting of limits regarding connections of new
+clients. This information comprises of the limits to the maximum number of
+clients connected to *server*, maximum number of clients waiting for
+authentication, in order to be connected to the server, as well as the current
+runtime values, more specifically, the current number of clients connected to
+*server* and the current number of clients waiting for authentication.
+
+**Example:**
+
+.. code-block::
+
+   # virt-admin server-clients-info libvirtd
+   nclients_max        : 120
+   nclients            : 3
+   nclients_unauth_max : 20
+   nclients_unauth     : 0
+
+
+server-clients-set
+------------------
+
+**Syntax:**
+
+.. code-block::
+
+   server-clients-set server [--max-clients count] [--max-unauth-clients count]
+
+Set new client-related limits on *server*.
+
+
+- *--max-clients*
+
+  Change the upper limit of the maximum overall number of clients connected to
+  *server* to value ``count``. The value for this limit has to be always greater
+  than the value of *--max-unauth-clients*.
+
+- *--max-unauth-clients*
+
+  Change the upper limit of the maximum number of clients waiting for
+  authentication, in order to be connected to *server*, to value ``count``.
+  The value for this limit has to be always lower than the value of
+  *--max-clients*.
+
+
+server-update-tls
+-----------------
+
+**Syntax:**
+
+.. code-block::
+
+   server-update-tls server
+
+Update tls context on *server*.
+
+- *server*
+
+  Available servers on a daemon. Currently only supports 'libvirtd'.
+
+
+CLIENT COMMANDS
+===============
+
+
+The following commands provide management and monitoring of clients connected to
+one of daemon's available servers. Clients are specified by their numeric ID
+which is obtained by listing all clients connected to a specified server
+(see command ``client-list``).
+
+
+client-list
+-----------
+
+**Syntax:**
+
+.. code-block::
+
+   client-list server
+
+Print a table showing the list of clients connected to <server>, also providing
+information about transport type used on client's connection (supported
+transports include ``unix``, ``tcp``, and ``tls``), as well as providing
+information about client's connection time (system local time is used).
+
+client-info
+-----------
+
+**Syntax:**
+
+.. code-block::
+
+   client-info server client
+
+Retrieve identity information about *client* from *server*. The attributes
+returned may vary depending on the connection transport used.
+Transport-dependent attributes include local client process's pid, uid,
+user name, and group name, as well as socket address of the remote peer, see
+``Examples`` below.
+
+On the other hand, transport-independent attributes include client's SELinux
+context (if enabled on the host) and SASL username (if SASL authentication is
+enabled within daemon).
+
+**Examples:**
+
+.. code-block::
+
+   # virt-admin client-info libvirtd 1
+   id             : 1
+   connection_time: 2016-05-03 13:27:04+0200
+   transport      : unix
+   readonly       : yes
+   unix_user_id   : 0
+   unix_user_name : root
+   unix_group_id  : 0
+   unix_group_name: root
+   unix_process_id: 10201
+
+   # virt-admin client-info libvirtd 2
+   id             : 2
+   connection_time: 2016-05-03 13:30:33+0200
+   transport      : tcp
+   readonly       : no
+   sock_addr      : 127.0.0.1:57060
+
+
+client-disconnect
+-----------------
+
+**Syntax:**
+
+.. code-block::
+
+   client-disconnect server client
+
+Close a connection originating from *client*. The *server* argument
+specifies the name of the server *client* is currently connected to.
+
+
+ENVIRONMENT
+===========
+
+The following environment variables can be set to alter the behaviour
+of ``virt-admin``
+
+- VIRT_ADMIN_DEBUG=<0 to 4>
+
+  Turn on verbose debugging of virt-admin commands. Valid levels are
+
+  * VIRT_ADMIN_DEBUG=0
+
+    DEBUG - Messages at ALL levels get logged
+
+  * VIRT_ADMIN_DEBUG=1
+
+    INFO - Logs messages at levels INFO, NOTICE, WARNING and ERROR
+
+  * VIRT_ADMIN_DEBUG=2
+
+    NOTICE - Logs messages at levels NOTICE, WARNING and ERROR
+
+  * VIRT_ADMIN_DEBUG=3
+
+    WARNING - Logs messages at levels WARNING and ERROR
+
+  * VIRT_ADMIN_DEBUG=4
+
+    ERROR - Messages at only ERROR level gets logged.
+
+
+- VIRT_ADMIN_LOG_FILE=``LOGFILE``
+
+  The file to log virt-admin debug messages.
+
+- LIBVIRT_ADMIN_DEFAULT_URI
+
+  The daemon whose admin server to connect to by default. Set this to a URI, in
+  the same format as accepted by the ``connect`` option. This overrides the
+  default URI set in any client config file.
+
+- VIRT_ADMIN_HISTSIZE
+
+  The number of commands to remember in the command  history.  The
+  default value is 500.
+
+- LIBVIRT_DEBUG=LEVEL
+
+  Turn on verbose debugging of all libvirt API calls. Valid levels are
+
+  * LIBVIRT_DEBUG=1
+
+    Messages at level DEBUG or above
+
+  * LIBVIRT_DEBUG=2
+
+    Messages at level INFO or above
+
+  * LIBVIRT_DEBUG=3
+
+    Messages at level WARNING or above
+
+  * LIBVIRT_DEBUG=4
+
+    Messages at level ERROR or above
+
+For further information about debugging options consult
+`https://libvirt.org/logging.html <https://libvirt.org/logging.html>`_
+
+
+AUTHORS
+=======
+
+Please refer to the AUTHORS file distributed with libvirt.
+
+
+BUGS
+====
+
+Please report all bugs you discover.  This should be done via either:
+
+#. the mailing list
+
+   `https://libvirt.org/contact.html <https://libvirt.org/contact.html>`_
+
+#. the bug tracker
+
+   `https://libvirt.org/bugs.html <https://libvirt.org/bugs.html>`_
+
+Alternatively, you may report bugs to your software distributor / vendor.
+
+
+COPYRIGHT
+=========
+
+Copyright (C) 2015 Red Hat, Inc., and the authors listed in the
+libvirt AUTHORS file.
+
+
+LICENSE
+=======
+
+``virt-admin`` is distributed under the terms of the GNU LGPL v2+.
+This is free software; see the source for copying conditions. There
+is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
+PURPOSE
+
+
+SEE ALSO
+========
+
+virsh(1), virt-xml-validate(1), virt-host-validate(1),
+`https://libvirt.org/ <https://libvirt.org/>`_
--- a/docs/manpages/virt-host-validate.rst
+++ b/docs/manpages/virt-host-validate.rst
@@ -0,0 +1,95 @@
+==================
+virt-host-validate
+==================
+
+----------------------------------
+validate host virtualization setup
+----------------------------------
+
+:Manual section: 1
+:Manual group: Virtualization Support
+
+.. contents::
+
+SYNOPSIS
+========
+
+``virt-host-validate`` [*OPTIONS*...] [*HV-TYPE*]
+
+
+DESCRIPTION
+===========
+
+This tool validates that the host is configured in a suitable
+way to run libvirt hypervisor drivers. If invoked without any
+arguments it will check support for all hypervisor drivers it
+is aware of. Optionally it can be given a particular hypervisor
+type (``qemu``, ``lxc`` or ``bhyve``) to restrict the checks
+to those relevant for that virtualization technology
+
+
+OPTIONS
+=======
+
+``-v``, ``--version``
+
+Display the command version
+
+``-h``, ``--help``
+
+Display the command line help
+
+``-q``, ``--quiet``
+
+Don't display details of individual checks being performed.
+Only display output if a check does not pass.
+
+
+EXIT STATUS
+===========
+
+Upon successful validation, an exit status of 0 will be set. Upon
+failure a non-zero status will be set.
+
+AUTHOR
+======
+
+Daniel P. Berrangé
+
+
+BUGS
+====
+
+Please report all bugs you discover.  This should be done via either:
+
+#. the mailing list
+
+   `https://libvirt.org/contact.html <https://libvirt.org/contact.html>`_
+
+#. the bug tracker
+
+   `https://libvirt.org/bugs.html <https://libvirt.org/bugs.html>`_
+
+Alternatively, you may report bugs to your software distributor / vendor.
+
+
+COPYRIGHT
+=========
+
+Copyright (C) 2012 by Red Hat, Inc.
+
+
+LICENSE
+=======
+
+``virt-host-validate`` is distributed under the terms of the GNU GPL v2+.
+This is free software; see the source for copying conditions. There
+is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
+PURPOSE
+
+
+SEE ALSO
+========
+
+virsh(1), virt-pki-validate(1), virt-xml-validate(1),
+`https://libvirt.org/ <https://libvirt.org/>`_
--- a/docs/manpages/virt-login-shell.rst
+++ b/docs/manpages/virt-login-shell.rst
@@ -0,0 +1,144 @@
+================
+virt-login-shell
+================
+
+------------------------------------------
+tool to execute a shell within a container
+------------------------------------------
+
+:Manual section: 1
+:Manual group: Virtualization Support
+
+.. contents::
+
+SYNOPSIS
+========
+
+``virt-login-shell`` [*OPTION*]
+
+
+DESCRIPTION
+===========
+
+The ``virt-login-shell`` program is a setuid shell that is used to join
+an LXC container that matches the user's name.  If the container is not
+running, ``virt-login-shell`` will attempt to start the container.
+``virt-login-shell`` is not allowed to be run by root.  Normal users will get
+added to a container that matches their username, if it exists, and they are
+configured in ``/etc/libvirt/virt-login-shell.conf``.
+
+The basic structure of most ``virt-login-shell`` usage is:
+
+.. code-block::
+
+   virt-login-shell
+
+
+OPTIONS
+=======
+
+``-c CMD``
+
+Instruct the shell to run CMD instead of presenting an
+interactive shell prompt.
+
+``-h``, ``--help``
+
+Display command line help usage then exit.
+
+``-V``, ``--version``
+
+Display version information then exit.
+
+
+CONFIG
+======
+
+By default, ``virt-login-shell`` will execute the ``/bin/sh`` program for
+the user. You can modify this behaviour by defining the shell variable in
+``/etc/libvirt/virt-login-shell.conf``. e.g.
+
+.. code-block::
+
+   shell = [ "/bin/bash" ]
+
+
+If the ``auto_shell`` config option is set then it will attempt to automatically
+detect the shell from ``/etc/password`` inside the container. This should only
+be done if the container has a separate ``/etc`` directory from the host,
+otherwise it will end up recursively invoking ``virt-login-shell``. e.g.
+
+.. code-block::
+
+   auto_shell = 1
+
+
+By default no users are allowed to use virt-login-shell, if you want to allow
+certain users to use virt-login-shell, you need to modify the allowed_users
+variable in /etc/libvirt/virt-login-shell.conf. e.g.
+
+.. code-block::
+
+   allowed_users = [ "tom", "dick", "harry" ]
+
+
+EXIT STATUS
+===========
+
+``virt-login-shell`` normally returns the exit status of the command it
+executed. If the command was killed by a signal, but that signal is not
+fatal to virt-login-shell, then it returns the signal number plus 128.
+
+Exit status generated by ``virt-login-shell`` itself:
+
+* ``0`` An option was used to learn more about this binary.
+
+* ``125`` Generic error before attempting execution of the configured shell; for example, if libvirtd is not running.
+
+* ``126`` The configured shell exists but could not be executed.
+
+* ``127`` The configured shell could not be found.
+
+
+BUGS
+====
+
+Please report all bugs you discover.  This should be done via either:
+
+#. the mailing list
+
+   `https://libvirt.org/contact.html <https://libvirt.org/contact.html>`_
+
+#. the bug tracker
+
+   `https://libvirt.org/bugs.html <https://libvirt.org/bugs.html>`_
+
+Alternatively, you may report bugs to your software distributor / vendor.
+
+
+AUTHOR
+======
+
+Daniel Walsh
+
+
+COPYRIGHT
+=========
+
+Copyright (C) 2013-2014 Red Hat, Inc., and the authors listed in the
+libvirt AUTHORS file.
+
+
+LICENSE
+=======
+
+``virt-login-shell`` is distributed under the terms of the GNU LGPL v2+.
+This is free software; see the source for copying conditions. There
+is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
+PURPOSE
+
+
+SEE ALSO
+========
+
+virsh(1), `https://libvirt.org/ <https://libvirt.org/>`_
--- a/docs/manpages/virt-pki-validate.rst
+++ b/docs/manpages/virt-pki-validate.rst
@@ -0,0 +1,89 @@
+=================
+virt-pki-validate
+=================
+
+---------------------------------------------------
+validate libvirt PKI files are configured correctly
+---------------------------------------------------
+
+:Manual section: 1
+:Manual group: Virtualization Support
+
+.. contents::
+
+SYNOPSIS
+========
+
+
+``virt-pki-validate`` [*OPTION*]
+
+
+DESCRIPTION
+===========
+
+This tool validates that the necessary PKI files are configured for
+a secure libvirt server or client using the TLS encryption protocol.
+It will report any missing certificate or key files on the host. It
+should be run as root to ensure it can read all the necessary files
+
+
+OPTIONS
+=======
+
+``-h``, ``--help``
+
+Display command line help usage then exit.
+
+``-V``, ``--version``
+
+Display version information then exit.
+
+EXIT STATUS
+===========
+
+Upon successful validation, an exit status of 0 will be set. Upon
+failure a non-zero status will be set.
+
+
+AUTHOR
+======
+
+Richard Jones
+
+
+BUGS
+====
+
+Please report all bugs you discover.  This should be done via either:
+
+#. the mailing list
+
+   `https://libvirt.org/contact.html <https://libvirt.org/contact.html>`_
+
+#. the bug tracker
+
+   `https://libvirt.org/bugs.html <https://libvirt.org/bugs.html>`_
+
+Alternatively, you may report bugs to your software distributor / vendor.
+
+
+COPYRIGHT
+=========
+
+Copyright (C) 2006-2012 by Red Hat, Inc.
+
+
+LICENSE
+=======
+
+``virt-pki-validate`` is distributed under the terms of the GNU GPL v2+.
+This is free software; see the source for copying conditions. There
+is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
+PURPOSE
+
+
+SEE ALSO
+========
+
+virsh(1), `online PKI setup instructions <https://libvirt.org/remote.html>`_,
+`https://www.libvirt.org/ <https://www.libvirt.org/>`_
--- a/docs/manpages/virt-qemu-run.rst
+++ b/docs/manpages/virt-qemu-run.rst
@@ -0,0 +1,119 @@
+=============
+virt-qemu-run
+=============
+
+---------------------------
+Run a standalone QEMU guest
+---------------------------
+
+:Manual section: 1
+:Manual group: Virtualization Support
+
+.. contents::
+
+SYNOPSIS
+========
+
+``virt-qemu-run [OPTIONS...] [GUEST-XML]``
+
+DESCRIPTION
+===========
+
+This tool provides a way to run a standalone QEMU guest such that it
+is completely independent of libvirtd. It makes use of the embedded
+QEMU driver support to run the VM placing files under an isolated
+directory tree. When the guest is run with this tool it is invisible
+to libvirtd and thus also invisible to other libvirt tools such as
+virsh.
+
+The virt-qemu-run program will run the QEMU virtual machine, and then
+block until the guest OS shuts down, at which point it will exit.
+
+If the virt-qemu-run program is interrupted (eg Ctrl-C) it will
+immediately terminate the virtual machine without giving the guest
+OS any opportunity to gracefully shutdown.
+
+**NOTE: this tool is currently considered experimental.** Its
+usage and behaviour is still subject to change in future libvirt
+releases. For further information on its usage consult the
+`QEMU driver documentation <https://libvirt.org/drvqemu.html#uriembedded>`_.
+
+OPTIONS
+=======
+
+``GUEST-XML``
+
+The full path to the XML file describing the guest virtual machine
+to be booted.
+
+``-h``, ``--help``
+
+Display the command line help
+
+``-v``, ``--verbose``
+
+Display verbose information about startup
+
+``-r DIR``, ``--root=DIR``
+
+Specify the root directory to use for storing state associated with
+the virtual machine. The caller is responsible for deleting this
+directory when it is no longer required.
+
+If this parameter is omitted, then a random temporary directory
+will be created, and its contents be automaticlaly deleted at
+VM shutdown.
+
+``-s XML-FILE,VALUE-FILE``, ``--secret=XML-FILE,VALUE-FILE``
+
+Specify a secret to be loaded into the secret driver. The ``XML-FILE``
+is a path to the XML description of the secret, whose UUID should
+match a secret referenced in the guest domain XML. The ``VALUE-FILE``
+is a path containing the raw value of the secret.
+
+EXIT STATUS
+===========
+
+Upon successful shutdown, an exit status of 0 will be set. Upon
+failure a non-zero status will be set.
+
+AUTHOR
+======
+
+Daniel P. Berrangé
+
+
+BUGS
+====
+
+Please report all bugs you discover.  This should be done via either:
+
+#. the mailing list
+
+   `https://libvirt.org/contact.html <https://libvirt.org/contact.html>`_
+
+#. the bug tracker
+
+   `https://libvirt.org/bugs.html <https://libvirt.org/bugs.html>`_
+
+Alternatively, you may report bugs to your software distributor / vendor.
+
+
+COPYRIGHT
+=========
+
+Copyright (C) 2019 by Red Hat, Inc.
+
+
+LICENSE
+=======
+
+``virt-run-qemu`` is distributed under the terms of the GNU LGPL v2+.
+This is free software; see the source for copying conditions. There
+is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
+PURPOSE
+
+SEE ALSO
+========
+
+virsh(1), `https://libvirt.org/ <https://libvirt.org/>`_
--- a/docs/manpages/virt-sanlock-cleanup.rst
+++ b/docs/manpages/virt-sanlock-cleanup.rst
@@ -0,0 +1,79 @@
+====================
+virt-sanlock-cleanup
+====================
+
+-----------------------------------------
+remove stale sanlock resource lease files
+-----------------------------------------
+
+:Manual section: 8
+:Manual group: Virtualization Support
+
+.. contents::
+
+SYNOPSIS
+========
+
+``virt-sanlock-cleanup``
+
+
+DESCRIPTION
+===========
+
+This tool removes any resource lease files created by the sanlock
+lock manager plugin. The resource lease files only need to exist
+on disks when a guest using the resource is active. This script
+reclaims the disk space used by resources which are not currently
+active.
+
+
+EXIT STATUS
+===========
+
+Upon successful processing of leases cleanup, an exit status
+of 0 will be set. Upon fatal error a non-zero status will
+be set.
+
+
+AUTHOR
+======
+
+Daniel P. Berrangé
+
+
+BUGS
+====
+
+Please report all bugs you discover.  This should be done via either:
+
+#. the mailing list
+
+   `https://libvirt.org/contact.html <https://libvirt.org/contact.html>`_
+
+#. the bug tracker
+
+   `https://libvirt.org/bugs.html <https://libvirt.org/bugs.html>`_
+
+Alternatively, you may report bugs to your software distributor / vendor.
+
+
+COPYRIGHT
+=========
+
+Copyright (C) 2011, 2013 Red Hat, Inc.
+
+
+LICENSE
+=======
+
+``virt-sanlock-cleanup`` is distributed under the terms of the GNU GPL v2+.
+This is free software; see the source for copying conditions. There
+is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
+PURPOSE
+
+
+SEE ALSO
+========
+
+virsh(1), `online instructions <https://libvirt.org/locking.html>`_,
+`https://libvirt.org/ <https://libvirt.org/>`_
--- a/docs/manpages/virt-xml-validate.rst
+++ b/docs/manpages/virt-xml-validate.rst
@@ -1,14 +1,27 @@
-=head1 NAME
+=================
+virt-xml-validate
+=================

-virt-xml-validate - validate libvirt XML files against a schema
+-------------------------------------------
+validate libvirt XML files against a schema
+-------------------------------------------

-=head1 SYNOPSIS
+:Manual section: 1
+:Manual group: Virtualization Support

-B<virt-xml-validate> I<XML-FILE> [I<SCHEMA-NAME>]
+.. contents::

-B<virt-xml-validate> I<OPTION>
+SYNOPSIS
+========

-=head1 DESCRIPTION
+
+``virt-xml-validate`` *XML-FILE* [*SCHEMA-NAME*]
+
+``virt-xml-validate`` *OPTION*
+
+
+DESCRIPTION
+===========

 Validates a libvirt XML for compliance with the published schema.
 The first compulsory argument is the path to the XML file to be
@@ -18,98 +31,110 @@ from the name of the root element in the XML document.

 Valid schema names currently include

-=over 4
-
-=item C<domainsnapshot>
+- ``domainsnapshot``

 The schema for the XML format used by domain snapshot configuration

-=item C<domain>
+- ``domain``

 The schema for the XML format used by guest domains configuration

-=item C<network>
+- ``network``

 The schema for the XML format used by virtual network configuration

-=item C<storagepool>
+- ``storagepool``

 The schema for the XML format used by storage pool configuration

-=item C<storagevol>
+- ``storagevol``

 The schema for the XML format used by storage volume descriptions

-=item C<nodedev>
+- ``nodedev``

 The schema for the XML format used by node device descriptions

-=item C<capability>
+- ``capability``

 The schema for the XML format used to declare driver capabilities

-=item C<nwfilter>
+- ``nwfilter``

 The schema for the XML format used by network traffic filters

-=item C<nwfilterbinding>
+- ``nwfilterbinding``

 The schema for XML format used by network filter bindings.

-=item C<secret>
+- ``secret``

 The schema for the XML format used by secrets descriptions

-=item C<interface>
+- ``interface``

 The schema for the XML format used by physical host interfaces

-=back

-=head1 OPTIONS
+OPTIONS
+=======

-=over
-
-=item B<-h, --help>
+``-h``, ``--help``

 Display command line help usage then exit.

-=item B<-V, --version>
+``-V``, ``--version``

 Display version information then exit.

-=back

-=head1 EXIT STATUS
+EXIT STATUS
+===========

 Upon successful validation, an exit status of 0 will be set. Upon
 failure a non-zero status will be set.

-=head1 AUTHOR

-Daniel P.Berrange
+AUTHOR
+======

-=head1 BUGS
+Daniel P. Berrangé

-Report any bugs discovered to the libvirt community via the
-mailing list L<https://libvirt.org/contact.html> or bug tracker
-L<https://libvirt.org/bugs.html>.
-Alternatively report bugs to your software distributor / vendor.

-=head1 COPYRIGHT
+BUGS
+====
+
+Please report all bugs you discover.  This should be done via either:
+
+#. the mailing list
+
+   `https://libvirt.org/contact.html <https://libvirt.org/contact.html>`_
+
+#. the bug tracker
+
+   `https://libvirt.org/bugs.html <https://libvirt.org/bugs.html>`_
+
+Alternatively, you may report bugs to your software distributor / vendor.
+
+
+COPYRIGHT
+=========

 Copyright (C) 2009-2013 by Red Hat, Inc.
-Copyright (C) 2009 by Daniel P. Berrange
+Copyright (C) 2009 by Daniel P. Berrangé

-=head1 LICENSE

-virt-xml-validate is distributed under the terms of the GNU GPL v2+.
+LICENSE
+=======
+
+``virt-xml-validate`` is distributed under the terms of the GNU GPL v2+.
 This is free software; see the source for copying conditions. There
 is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
 PURPOSE

-=head1 SEE ALSO

-L<virsh(1)>, online XML format descriptions L<https://libvirt.org/format.html>
+SEE ALSO
+========

-=cut
+virsh(1), `online XML format descriptions <https://libvirt.org/format.html>`_,
+`https://libvirt.org/ <https://libvirt.org/>`_
--- a/docs/manpages/virtlockd.rst
+++ b/docs/manpages/virtlockd.rst
@@ -0,0 +1,177 @@
+=========
+virtlockd
+=========
+
+------------------------------
+libvirt lock management daemon
+------------------------------
+
+:Manual section: 8
+:Manual group: Virtualization Support
+
+.. contents::
+
+SYNOPSIS
+========
+
+``virtlockd``  [*OPTION*]...
+
+
+DESCRIPTION
+===========
+
+The ``virtlockd`` program is a server side daemon component of the libvirt
+virtualization management system that is used to manage locks held against
+virtual machine resources, such as their disks.
+
+This daemon is not used directly by libvirt client applications, rather it
+is called on their behalf by ``libvirtd``. By maintaining the locks in a
+standalone daemon, the main libvirtd daemon can be restarted without risk
+of losing locks.  The ``virtlockd`` daemon has the ability to re-exec()
+itself upon receiving SIGUSR1, to allow live upgrades without downtime.
+
+The ``virtlockd`` daemon listens for requests on a local Unix domain socket.
+
+
+OPTIONS
+=======
+
+``-h``, ``--help``
+
+Display command line help usage then exit.
+
+``-d``, ``--daemon``
+
+Run as a daemon and write PID file.
+
+``-f``, ``--config`` *FILE*
+
+Use this configuration file, overriding the default value.
+
+``-t``, ``--timeout`` *SECONDS*
+
+Automatically shutdown after *SECONDS* have elapsed with
+no active client or lock.
+
+``-p``, ``--pid-file`` *FILE*
+
+Use this name for the PID file, overriding the default value.
+
+``-v``, ``--verbose``
+
+Enable output of verbose messages.
+
+``-V``, ``--version``
+
+Display version information then exit.
+
+SIGNALS
+=======
+
+On receipt of ``SIGUSR1``, ``virtlockd`` will re-exec() its binary, while
+maintaining all current locks and clients. This allows for live
+upgrades of the ``virtlockd`` service.
+
+
+FILES
+=====
+
+When run as *root*
+------------------
+
+* ``SYSCONFDIR/libvirt/virtlockd.conf``
+
+The default configuration file used by ``virtlockd``, unless overridden on the
+command line using the ``-f`` | ``--config`` option.
+
+* ``RUNSTATEDIR/libvirt/virtlockd-sock``
+
+The sockets ``virtlockd`` will use.
+
+* ``RUNSTATEDIR/virtlockd.pid``
+
+The PID file to use, unless overridden by the ``-p`` | ``--pid-file`` option.
+
+
+When run as *non-root*
+----------------------
+
+* ``$XDG_CONFIG_HOME/libvirt/virtlockd.conf``
+
+The default configuration file used by ``virtlockd``, unless overridden on the
+command line using the ``-f`` | ``--config`` option.
+
+* ``$XDG_RUNTIME_DIR/libvirt/virtlockd-sock``
+
+The socket ``virtlockd`` will use.
+
+* ``$XDG_RUNTIME_DIR/libvirt/virtlockd.pid``
+
+The PID file to use, unless overridden by the ``-p`` | ``--pid-file`` option.
+
+If ``$XDG_CONFIG_HOME`` is not set in your environment, ``virtlockd`` will use
+``$HOME/.config``
+
+If ``$XDG_RUNTIME_DIR`` is not set in your environment, ``virtlockd`` will use
+``$HOME/.cache``
+
+EXAMPLES
+========
+
+To retrieve the version of ``virtlockd``:
+
+.. code-block::
+
+  # virtlockd --version
+  virtlockd (libvirt) 1.1.1
+
+To start ``virtlockd``, instructing it to daemonize and create a PID file:
+
+.. code-block::
+
+  # virtlockd -d
+  # ls -la RUNSTATEDIR/virtlockd.pid
+  -rw-r--r-- 1 root root 6 Jul  9 02:40 RUNSTATEDIR/virtlockd.pid
+
+BUGS
+====
+
+Please report all bugs you discover.  This should be done via either:
+
+#. the mailing list
+
+   `https://libvirt.org/contact.html <https://libvirt.org/contact.html>`_
+
+#. the bug tracker
+
+   `https://libvirt.org/bugs.html <https://libvirt.org/bugs.html>`_
+
+Alternatively, you may report bugs to your software distributor / vendor.
+
+
+AUTHORS
+=======
+
+Please refer to the AUTHORS file distributed with libvirt.
+
+
+COPYRIGHT
+=========
+
+Copyright (C) 2006-2013 Red Hat, Inc., and the authors listed in the
+libvirt AUTHORS file.
+
+
+LICENSE
+=======
+
+``virtlockd`` is distributed under the terms of the GNU LGPL v2.1+.
+This is free software; see the source for copying conditions. There
+is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
+PURPOSE
+
+
+SEE ALSO
+========
+
+libvirtd(8),  `https://libvirt.org/ <https://libvirt.org/>`_
--- a/docs/manpages/virtlogd.rst
+++ b/docs/manpages/virtlogd.rst
@@ -0,0 +1,179 @@
+========
+virtlogd
+========
+
+-----------------------------
+libvirt log management daemon
+-----------------------------
+
+:Manual section: 8
+:Manual group: Virtualization Support
+
+.. contents::
+
+SYNOPSIS
+========
+
+``virtlogd`` [*OPTION*]...
+
+
+DESCRIPTION
+===========
+
+The ``virtlogd`` program is a server side daemon component of the libvirt
+virtualization management system that is used to manage logs from virtual
+machine consoles.
+
+This daemon is not used directly by libvirt client applications, rather it
+is called on their behalf by ``libvirtd``. By maintaining the logs in a
+standalone daemon, the main libvirtd daemon can be restarted without risk
+of losing logs. The ``virtlogd`` daemon has the ability to re-exec()
+itself upon receiving SIGUSR1, to allow live upgrades without downtime.
+
+The ``virtlogd`` daemon listens for requests on a local Unix domain socket.
+
+
+OPTIONS
+=======
+
+``-h``, ``--help``
+
+Display command line help usage then exit.
+
+``-d``, ``--daemon``
+
+Run as a daemon and write PID file.
+
+``-f``, ``--config`` *FILE*
+
+Use this configuration file, overriding the default value.
+
+``-t``, ``--timeout`` *SECONDS*
+
+Automatically shutdown after *SECONDS* have elapsed with
+no active console log.
+
+``-p``, ``--pid-file`` *FILE*
+
+Use this name for the PID file, overriding the default value.
+
+``-v``, ``--verbose``
+
+Enable output of verbose messages.
+
+``-V``, ``--version``
+
+Display version information then exit.
+
+
+SIGNALS
+=======
+
+On receipt of ``SIGUSR1``, ``virtlogd`` will re-exec() its binary, while
+maintaining all current logs and clients. This allows for live
+upgrades of the ``virtlogd`` service.
+
+
+FILES
+=====
+
+When run as *root*
+------------------
+
+* ``SYSCONFDIR/libvirt/virtlogd.conf``
+
+The default configuration file used by ``virtlogd``, unless overridden on the
+command line using the ``-f``  | ``--config`` option.
+
+* ``RUNSTATEDIR/libvirt/virtlogd-sock``
+
+The sockets ``virtlogd`` will use.
+
+* ``RUNSTATEDIR/virtlogd.pid``
+
+The PID file to use, unless overridden by the ``-p`` | ``--pid-file`` option.
+
+When run as *non-root*
+----------------------
+
+* ``$XDG_CONFIG_HOME/libvirt/virtlogd.conf``
+
+The default configuration file used by ``virtlogd``, unless overridden on the
+command line using the ``-f`` | ``--config`` option.
+
+* ``$XDG_RUNTIME_DIR/libvirt/virtlogd-sock``
+
+The socket ``virtlogd`` will use.
+
+* ``$XDG_RUNTIME_DIR/libvirt/virtlogd.pid``
+
+The PID file to use, unless overridden by the ``-p`` | ``--pid-file`` option.
+
+If ``$XDG_CONFIG_HOME`` is not set in your environment, ``virtlogd`` will use
+``$HOME/.config``
+
+If ``$XDG_RUNTIME_DIR`` is not set in your environment, ``virtlogd`` will use
+``$HOME/.cache``
+
+
+EXAMPLES
+========
+
+To retrieve the version of ``virtlogd``:
+
+.. code-block::
+
+  # virtlogd --version
+  virtlogd (libvirt) 1.1.1
+
+To start ``virtlogd``, instructing it to daemonize and create a PID file:
+
+.. code-block::
+
+  # virtlogd -d
+  # ls -la RUNSTATEDIR/virtlogd.pid
+  -rw-r--r-- 1 root root 6 Jul  9 02:40 RUNSTATEDIR/virtlogd.pid
+
+
+BUGS
+====
+
+Please report all bugs you discover.  This should be done via either:
+
+#. the mailing list
+
+   `https://libvirt.org/contact.html <https://libvirt.org/contact.html>`_
+
+#. the bug tracker
+
+   `https://libvirt.org/bugs.html <https://libvirt.org/bugs.html>`_
+
+Alternatively, you may report bugs to your software distributor / vendor.
+
+
+AUTHORS
+=======
+
+Please refer to the AUTHORS file distributed with libvirt.
+
+
+COPYRIGHT
+=========
+
+Copyright (C) 2006-2015 Red Hat, Inc., and the authors listed in the
+libvirt AUTHORS file.
+
+
+LICENSE
+=======
+
+``virtlogd`` is distributed under the terms of the GNU LGPL v2.1+.
+This is free software; see the source for copying conditions. There
+is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
+PURPOSE
+
+
+SEE ALSO
+========
+
+libvirtd(8),  `https://libvirt.org/ <https://libvirt.org/>`_
--- a/docs/migration.html.in
+++ b/docs/migration.html.in
@@ -257,7 +257,7 @@
      combinations.
    </p>

-    <table class="data">
+    <table>
      <thead>
        <tr class="head">
          <th colspan="3">Before migration</th>
--- a/docs/newapi.xsl
+++ b/docs/newapi.xsl
@@ -43,7 +43,7 @@

    <xsl:if test="count(exsl:node-set($acls)/api[@name=$api]/check) > 0">
      <h5>Access control parameter checks</h5>
-      <table class="acl">
+      <table>
        <thead>
          <tr>
            <th>Object</th>
@@ -56,7 +56,7 @@
    </xsl:if>
    <xsl:if test="count(exsl:node-set($acls)/api[@name=$api]/filter) > 0">
      <h5>Access control return value filters</h5>
-      <table class="acl">
+      <table>
        <thead>
          <tr>
            <th>Object</th>
--- a/docs/news.xml
+++ b/docs/news.xml
@@ -42,7 +42,385 @@
     -->

 <libvirt>
-  <release version="v5.10.0" date="unreleased">
+  <release version="v6.2.0" date="unreleased">
+    <section title="New features">
+      <change>
+        <summary>
+          qemu: NVDIMM support for pSeries guests
+        </summary>
+        <description>
+          QEMU 5.0 implements NVDIMM memory support for pSeries guests. This
+          is done by adding an 'uuid' element in the memory XML, which can
+          either be provided in the XML or, if omitted, generated
+          automatically.
+        </description>
+      </change>
+    </section>
+    <section title="Removed features">
+      <change>
+        <summary>
+          Removed support for INI style of comments
+        </summary>
+        <description>
+          With switching of our internal code to GLib, parsing of client
+          authentication config files is handed over to GLib which does not
+          support <code>INI</code> style of comments starting with a semicolon
+          (<code>;</code>). Use number sign (<code>#</code>) instead.
+        </description>
+      </change>
+    </section>
+    <section title="Improvements">
+    </section>
+    <section title="Bug fixes">
+      <change>
+        <summary>
+          qemu: Open backing chain late for shallow block copy reusing external images
+        </summary>
+        <description>
+          With introduction of -blockdev for QEMU storage configuration
+          in libvirt-5.10 we've started opening the backing chain of the
+          destination/mirror of a virDomainBlockcopy started with
+          VIR_DOMAIN_BLOCK_COPY_REUSE_EXT | VIR_DOMAIN_BLOCK_COPY_SHALLOW flags
+          when starting the job rather than when virDomainBlockJobAbort with
+          VIR_DOMAIN_BLOCK_JOB_ABORT_PIVOT is issued. For users depending on
+          this undocumented quirky pre-blockdev behaviour this caused a
+          regression as the backing chain could not be modified while the copy
+          of the top image was progressing due to QEMU image locking. Note that
+          this fix also requires qemu-5.0 while -blockdev is used starting from
+          QEMU-4.2.
+        </description>
+      </change>
+    </section>
+  </release>
+  <release version="v6.1.0" date="2020-03-03">
+    <section title="New features">
+      <change>
+        <summary>
+          qemu: new rng backend type: builtin
+        </summary>
+        <description>
+          It implements qemu builtin rng backend. That uses getrandom syscall
+          to generate random, no external rng source needed. Available since
+          QEMU 4.2.
+        </description>
+      </change>
+      <change>
+        <summary>
+          support for virtio+hostdev NIC &lt;teaming&gt;
+        </summary>
+        <description>
+          QEMU 4.2.0 and later, combined with a sufficiently recent
+          guest virtio-net driver (e.g. the driver included in Linux
+          kernel 4.18 and later), supports setting up a simple network
+          bond device comprised of one virtio emulated NIC and one
+          hostdev NIC (which must be an SRIOV VF). (in QEMU, this is
+          known as the "virtio failover" feature). The allure of this
+          setup is that the bond will always favor the hostdev device,
+          providing better performance, until the guest is migrated -
+          at that time QEMU will automatically unplug the hostdev NIC
+          and the bond will send all traffic via the virtio NIC until
+          migration is completed, then QEMU on the destination side
+          will hotplug a new hostdev NIC and the bond will switch back
+          to using the hostdev for network traffic. The result is that
+          guests desiring the extra performance of a hostdev NIC are
+          now migratable without network downtime (performance is just
+          degraded during migration) and without requiring a
+          complicated bonding configuration in the guest OS network
+          config and complicated unplug/replug logic in the management
+          application on the host - it can instead all be accomplished
+          in libvirt with the interface &lt;teaming&gt; subelement
+          "type" and "persistent" attributes.
+        </description>
+      </change>
+      <change>
+        <summary>
+          support BR_ISOLATED flag for guest interfaces attached to a Linux host bridge
+        </summary>
+        <description>
+          Since Linux kernel 4.18, the Linux host bridge has had a
+          flag BR_ISOLATED that can be applied to individual
+          ports. When this flag is set for a port, traffic is blocked
+          between that port and any other port that also has the
+          BR_ISOLATED flag set. libvirt domain interface config now
+          supports setting this flag via the &lt;port
+          isolated='yes'/&gt; setting. It can also be set for all
+          connections to a particular libvirt network by setting the
+          same option in the network config - since the port for the
+          host itself does not have BR_ISOLATED set, the guests can
+          communicate with the host and the outside world, but guests
+          on that network can't communicate with each other. This
+          feature works for QEMU and LXC guests with interfaces
+          attached to a Linux host bridge.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Introduce the 'armvtimer' timer type
+        </summary>
+        <description>
+          QEMU 5.0 introduces the ability to control the behavior of the
+          virtual timer for KVM ARM/virt guests, and this new timer type
+          exposes the same capability to libvirt users.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Storage configuration improvements
+        </summary>
+        <description>
+          Libvirt now accepts <code>&lt;backingStore type='volume'&gt;</code>
+          and allows specifying the offset and size of the image format
+          container inside the storage source via the <code>&lt;slices&gt;</code>
+          subelement.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Introduce the 'tpm-spapr' TPM model
+        </summary>
+        <description>
+          This device, available starting from QEMU 5.0, is limited to
+          pSeries guests.
+        </description>
+      </change>
+    </section>
+    <section title="Improvements">
+      <change>
+        <summary>
+          qemu: Image format probing is allowed in certain cases
+        </summary>
+        <description>
+          To resolve regressions when users didn't specify the backing image
+          format in the overlay, libvirt now probes the format in certain
+          secure scenarios which fixes a few common existing cases. Additionally
+          the knowledge base was extended to provide more information on how
+          to rectify the problem.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Support "dies" in CPU topology
+        </summary>
+        <description>
+          This CPU topology concept, new in QEMU 4.1.0, sits between the
+          existing "socket" and "core".
+        </description>
+      </change>
+      <change>
+        <summary>
+          libxl: Add support for Credit2 scheduler parameters
+        </summary>
+      </change>
+      <change>
+        <summary>
+          lxc: Add support LXC 3 network configuration format
+        </summary>
+      </change>
+    </section>
+    <section title="Bug fixes">
+      <change>
+        <summary>
+          conf: Do not generate machine names ending with a dash
+        </summary>
+        <description>
+          Recent systemd versions do not allow them.
+        </description>
+      </change>
+    </section>
+    <section title="Packaging changes">
+      <change>
+        <summary>
+          use of gnulib has been completely eliminated
+        </summary>
+        <description>
+          Historically libvirt has embedded gnulib to provide fixes for
+          various platform portability problems. This usage has now been
+          eliminated and alternative approaches for platform portability
+          problems adopted where required. This has been validated on the
+          set of platforms covered by automated CI build testing. Other
+          modern Linux distros using glibc are expected to work. Linux
+          distros using non-glibc packages, and other non-Linux platforms
+          may encounter regressions when building this release. Please
+          report any build problems encountered back to the project
+          maintainers for evaluation.
+        </description>
+      </change>
+    </section>
+  </release>
+  <release version="v6.0.0" date="2020-01-15">
+    <section title="Packaging changes">
+      <change>
+        <summary>
+          support for python2 is removed
+        </summary>
+        <description>
+          Libvirt is no longer able to be built using the
+          Python 2 binary. Python 3 must be used instead.
+        </description>
+      </change>
+      <change>
+        <summary>
+          docs: the python docutils toolset is now required
+        </summary>
+        <description>
+          The use of rst2html has been introduced for the
+          website build process since docs are now being
+          written in the RST as an alternative to HTML.
+        </description>
+      </change>
+    </section>
+    <section title="New features">
+      <change>
+        <summary>
+          new PCI hostdev address type: unassigned
+        </summary>
+        <description>
+          A new PCI hostdev address type 'unassigned' is introduced. An
+          unassigned PCI hostdev behaves like any regular PCI hostdev
+          inside Libvirt, but it is not usable by the guest. This gives
+          the user a new option to manage the binding of PCI devices
+          via Libvirt, declaring PCI hostdevs in the domain XML
+          but allowing just a subset of them to be assigned to the
+          guest.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Provide init scripts for sub-deaemons
+        </summary>
+        <description>
+          So far libvirt shipped systemd unit files for sub-daemons. With this
+          release, init scripts are available too. Package maintainers can
+          choose which one to install via <code>--with-init-script</code>
+          configure option.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Support cold-unplug of sound devices
+        </summary>
+      </change>
+      <change>
+        <summary>
+          qemu: Implement VIR_MIGRATE_PARAM_TLS_DESTINATION
+        </summary>
+        <description>
+          This flag, which can be enabled using <code>virsh</code>'s
+          <code>--tls-destination</code> option, allows migration to succeed
+          in situations where there is a mismatch between the destination's
+          hostname and the information stored in its TLS certificate.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Support reporting memory bandwidth usage stats
+        </summary>
+        <description>
+          Implement Intel RDT-MBM in libvirt. The stats can be obtained via
+          <code>virsh domstats --memory</code>.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Allow accessing NVMe disks directly
+        </summary>
+        <description>
+          Before this release there were two ways to configure a NVMe disk for
+          a domain. The first was using &lt;disk/&gt; with the &lt;source/&gt;
+          pointing to the <code>/dev/nvmeXXXX</code>. The other was using PCI
+          assignment via &lt;hostdev/&gt; element. Both have their
+          disadvantages: the former adds latency of file system and block
+          layers of the host kernel, the latter prohibits domain migration. In
+          this release the third way of configuring NVMe disk is added which
+          combines the advantages and drops disadvantages of the previous two
+          ways. It's accessible via &lt;disk type='nvme'/&gt;.
+        </description>
+      </change>
+    </section>
+    <section title="Removed features">
+      <change>
+        <summary>
+          'phyp' Power Hypervisor driver removed
+        </summary>
+        <description>
+          The 'phyp' Power Hypervisor driver has not seen active development
+          since 2011 and does not seem to have any real world usage. It
+          has now been removed.
+        </description>
+      </change>
+    </section>
+    <section title="Improvements">
+      <change>
+        <summary>
+          qemu: xz save image compression is faster
+        </summary>
+        <description>
+          When using the xz format to compressed virtual
+          machine saved state images, the "-3" compression
+          level preset is now used. This results in slightly
+          larger files, but with a massively reduced time
+          to compress. The xz format offers the best compression
+          level for saved state images, albeit still with the
+          slowest running time. For the fastest possible
+          running time, at cost of the larest compressed size,
+          lzop should be used.
+        </description>
+      </change>
+      <change>
+        <summary>
+          domain: Improve job stat handling
+        </summary>
+        <description>
+          It is now possible to retrieve stats for completed and failed jobs.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Don't hold monitor and agent job at the same time
+        </summary>
+        <description>
+          Before this change, a malicious (or buggy)
+          <code>qemu-guest-agent</code> running in the guest could make other
+          libvirt APIs unavailable for an unbounded amount of time.
+        </description>
+      </change>
+    </section>
+    <section title="Bug fixes">
+      <change>
+        <summary>
+          qemu: Report error if backing image format is not specified explicitly
+        </summary>
+        <description>
+          For a long time libvirt was assuming that a backing file is RAW when
+          the format was not specified. This didn't pose a problem until blockdev
+          support was enabled in last release. Libvirt now requires that
+          the format is specified in the image metadata or domain XML and the
+          VM will refuse to start otherwise. Additionally the error message
+          now links to the knowledge base which summarizes how to fix the images.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Fix non-shared storage migration over NBD
+        </summary>
+      </change>
+      <change>
+        <summary>
+          qemu: Generate a single MAC address for hotplugged network devices
+        </summary>
+        <description>
+          Since libvirt 4.6.0, when hotplugging a network device that didn't
+          have a MAC address already assigned by the user, two separate
+          addresses would be generated: one for the live configuration, which
+          would show up immediately, and one for the inactive configuration,
+          which would show up after the first reboot. This situation was
+          clearly undesirable, so a single MAC address is now generated and
+          used both for the live configuration and the inactive one.
+        </description>
+      </change>
+    </section>
+  </release>
+  <release version="v5.10.0" date="2019-12-02">
    <section title="New features">
      <change>
        <summary>
@@ -81,8 +459,134 @@
      </change>
    </section>
    <section title="Improvements">
+      <change>
+        <summary>
+          Devices CGroup v2 support
+        </summary>
+        <description>
+          Libvirt supported all controllers of CGroup v2 but the devices
+          controller which is implemented in this release.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Cold plug of sound device
+        </summary>
+        <description>
+          The QEMU driver now can handle cold plug of
+          <code>&lt;sound/&gt;</code> devices.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Probe for default CPU types
+        </summary>
+        <description>
+          With QEMU 4.2.0 we can probe for the default CPU model used by QEMU
+          for a particular machine type and store it in the domain XML. This
+          way the chosen CPU model is more visible to users and libvirt will
+          make sure the guest will see the exact same CPU after migration.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Adaptation to qemu's blockdev
+        </summary>
+        <description>
+          QEMU introduced a new way of specifying disks on the command line
+          which enables fine-grained control over the block stack. Libvirt has
+          adapted to this.
+        </description>
+      </change>
+    </section>
+    <section title="Refactors">
+      <change>
+        <summary>
+          More GLib integration
+        </summary>
+        <description>
+          More patches were merged that replace our internal functions with
+          GLib ones. Also some effort was invested in replacing gnulib modules
+          with GLib functions.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Rewrite of Perl scripts into Python
+        </summary>
+        <description>
+          Libvirt used Perl scripts to check for coding style, generate some
+          code and things like that. To bring the number of languages used
+          down, these scripts were rewritten into Python.
+        </description>
+      </change>
    </section>
    <section title="Bug fixes">
+      <change>
+        <summary>
+          Warn verbosely if using old loader:nvram pairs
+        </summary>
+        <description>
+          Some distributions still use <code>--with-loader-nvram</code> or
+          <code>nvram</code> variable in qemu.conf. This is now discouraged in
+          favour of FW descriptors. However, instead of silently ignoring user's
+          config, libvirt warns if outdated config is detected.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Drop pconfig from Icelake-Server CPU model
+        </summary>
+        <description>
+          The pconfig feature was enabled in QEMU by accident in 3.1.0. All
+          other newer versions do not support it and it was removed from the
+          Icelake-Server CPU model in QEMU.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Wait longer for device removal confirmation on PPC64
+        </summary>
+        <description>
+          After sending device hot unplug request to QEMU, libvirt waits up to
+          5 seconds for qemu to confirm the device removal. On some
+          architectures (like PPC64) this can take longer time and libvirt now
+          reflects that.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Forcibly create nodes in domain's namespace
+        </summary>
+        <description>
+          The QEMU driver starts a domain in a namepsace with private
+          <code>/dev</code> and creates only those nodes there which the domain
+          is configured to have. However, it may have happened that if a node
+          changed its minor number this change wasn't propagated to the
+          namespace.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Various AppArmor bugfixes
+        </summary>
+        <description>
+          The AppArmor driver now knows how to handle
+          <code>&lt;shmem/&gt;</code> devices and also snapshotting more disks
+          at once.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Improved video model autoselection
+        </summary>
+        <description>
+          If a graphics device was added to XML that had no video device,
+          libvirt automatically added a video device which was always of type
+          'cirrus' on x86_64, even if the underlying qemu didn't support
+          cirrus. Libvirt now bases the decision on qemu's capabilities.
+        </description>
+      </change>
    </section>
  </release>
  <release version="v5.9.0" date="2019-11-05">
@@ -246,6 +750,38 @@
          type='ethernet'&gt;</code>.
        </description>
      </change>
+      <change>
+        <summary>
+          qemu: Support vhost-user-gpu
+        </summary>
+        <description>
+          Support for running virtio GPUs in separate processes with vhost-user
+          backend. It requires QEMU newer than 4.1.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Introduce virConnectSetIdentity API
+        </summary>
+        <description>
+          When split daemons are in use, this API is used to forward uid,
+          gid and SELinux info from <code>virproxyd</code> to other driver
+          daemons such as <code>virtqemud</code>.
+        </description>
+      </change>
+    </section>
+    <section title="Improvements">
+      <change>
+        <summary>
+          qemu: Support running SLIRP networking in a separate process
+        </summary>
+        <description>
+          User can configure the slirp-helper path in <code>qemu.conf</code>.
+          It will start a slirp-helper process to provide SLIRP networking
+          when the VM is started with network interface "user". That will allow
+          stricter security policies for QEMU SLIRP network.
+        </description>
+      </change>
    </section>
    <section title="Removed features">
      <change>
@@ -295,6 +831,18 @@
          traditional libvirtd by default.
        </description>
      </change>
+      <change>
+        <summary>
+          qemu: Support kvm-hint-dedicated performance hint
+        </summary>
+        <description>
+          With <code>&lt;hint-dedicated state='on'/&gt;</code> and
+          <code>&lt;cpu mode='host-passthrough'/&gt;</code>, it
+          allows a guest to enable optimizations when running on dedicated
+          vCPUs. QEMU newer than 2.12.0 and kernel newer than 4.17
+          are required.
+        </description>
+      </change>
    </section>
    <section title="Removed features">
      <change>
--- a/docs/page.xsl
+++ b/docs/page.xsl
@@ -97,9 +97,15 @@
        <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png"/>
        <link rel="manifest" href="/manifest.json"/>
        <meta name="theme-color" content="#ffffff"/>
-        <title>libvirt: <xsl:value-of select="html:html/html:body/html:h1"/></title>
+        <title>libvirt: <xsl:value-of select="html:html/html:body//html:h1"/></title>
        <meta name="description" content="libvirt, virtualization, virtualization API"/>
-        <xsl:apply-templates select="/html:html/html:head/*" mode="content"/>
+        <xsl:if test="$pagename = 'libvirt-go.html'">
+          <meta name="go-import" content="libvirt.org/libvirt-go git https://libvirt.org/git/libvirt-go.git"/>
+        </xsl:if>
+        <xsl:if test="$pagename = 'libvirt-go-xml.html'">
+          <meta name="go-import" content="libvirt.org/libvirt-go-xml git https://libvirt.org/git/libvirt-go-xml.git"/>
+        </xsl:if>
+        <xsl:apply-templates select="/html:html/html:head/html:script" mode="content"/>

        <script type="text/javascript" src="{$href_base}js/main.js">
          <xsl:comment>// forces non-empty element</xsl:comment>
@@ -176,12 +182,15 @@
    <xsl:apply-templates select="exsl:node-set($inchtml)/html:html/html:body/*" mode="content"/>
  </xsl:template>

-  <xsl:template match="html:h2 | html:h3 | html:h4 | html:h5 | html:h6" mode="content">
+  <xsl:template match="html:h1 | html:h2 | html:h3 | html:h4 | html:h5 | html:h6" mode="content">
    <xsl:element name="{name()}">
      <xsl:apply-templates mode="copy" />
      <xsl:if test="./html:a/@id">
        <a class="headerlink" href="#{html:a/@id}" title="Permalink to this headline">&#xb6;</a>
      </xsl:if>
+      <xsl:if test="./html:a[@class='toc-backref']">
+        <a class="headerlink" href="#{../@id}" title="Permalink to this headline">&#xb6;</a>
+      </xsl:if>
    </xsl:element>
  </xsl:template>

--- a/docs/platforms.html.in
+++ b/docs/platforms.html.in
@@ -74,8 +74,17 @@
    <h3>macOS</h3>

    <p>
-      The project supports building with the current version of macOS,
-      with the current homebrew package set available.
+      The project aims to support the most recent major version
+      at all times. Support for the previous major version will
+      be dropped 2 years after the new major version is released.
+    </p>
+
+    <p>
+      Note that to compile libvirt will require extra packages
+      to be made available on the macOS host. It is recommended
+      to use <a href="https://brew.sh/">HomeBrew</a> since this
+      is what libvirt CI tests with, however, <a herf="https://www.macports.org/">MacPorts</a>
+      is an alternative option that is likely to work.
    </p>

    <h3>FreeBSD</h3>
--- a/docs/remote.html.in
+++ b/docs/remote.html.in
@@ -34,7 +34,7 @@ the system-wide QEMU daemon on a remote machine called
 <code>qemu://compute1.libvirt.org/system</code>.
 </p>
    <p>
-The <a href="#Remote_URI_reference">section on remote URIs</a>
+The <a href="uri.html#URI_remote">section on remote URIs</a>
 describes in more detail these remote URIs.
 </p>
    <p>
@@ -61,7 +61,7 @@ Remote libvirt supports a range of transports:
      <dd><a href="http://en.wikipedia.org/wiki/Transport_Layer_Security" title="Transport Layer Security">TLS</a>
 1.0 (SSL 3.1) authenticated and encrypted TCP/IP socket, usually
 listening on a public port number.  To use this you will need to
- <a href="#Remote_certificates" title="Generating TLS certificates">generate client and
+ <a href="tlscerts.html" title="Generating TLS certificates">generate client and
 server certificates</a>.
 The standard port is 16514.
 </dd>
@@ -109,685 +109,9 @@ even with graphical management applications. As with the classic ssh transport
 netcat is required on the remote side.</dd>
    </dl>
    <p>
-The default transport, if no other is specified, is <code>tls</code>.
-</p>
-    <h2>
-      <a id="Remote_URI_reference">Remote URIs</a>
-    </h2>
-    <p>
-See also: <a href="uri.html">documentation on ordinary ("local") URIs</a>.
-</p>
-    <p>
-Remote URIs have the general form ("[...]" meaning an optional part):
-</p>
-    <p><code>driver</code>[<code>+transport</code>]<code>://</code>[<code>username@</code>][<code>hostname</code>][<code>:port</code>]<code>/</code>[<code>path</code>][<code>?extraparameters</code>]
-</p>
-    <p>
-Either the transport or the hostname must be given in order
-to distinguish this from a local URI.
-</p>
-    <p>
-Some examples:
-</p>
-    <ul>
-      <li><code>xen+ssh://rjones@towada/system</code><br/> &#x2014; Connect to a
-remote Xen hypervisor on host <code>towada</code> using ssh transport and ssh
-username <code>rjones</code>.
-</li>
-      <li><code>xen://towada/system</code><br/> &#x2014; Connect to a
-remote Xen hypervisor on host <code>towada</code> using TLS.
-</li>
-      <li><code>xen://towada/system?no_verify=1</code><br/> &#x2014; Connect to a
-remote Xen hypervisor on host <code>towada</code> using TLS.  Do not verify
-the server's certificate.
-</li>
-      <li><code>qemu+unix:///system?socket=/opt/libvirt/run/libvirt/libvirt-sock</code><br/> &#x2014;
-Connect to the local qemu instances over a non-standard
-Unix socket (the full path to the Unix socket is
-supplied explicitly in this case).
-</li>
-      <li><code>test+tcp://localhost:5000/default</code><br/> &#x2014;
-Connect to a libvirtd daemon offering unencrypted TCP/IP connections
-on localhost port 5000 and use the test driver with default
-settings.
-</li>
-<li><code>qemu+libssh2://user@host/system?known_hosts=/home/user/.ssh/known_hosts</code><br/> &#x2014;
-Connect to a remote host using a ssh connection with the libssh2 driver
-and use a different known_hosts file.</li>
-<li><code>qemu+libssh://user@host/system?known_hosts=/home/user/.ssh/known_hosts</code><br/> &#x2014;
-Connect to a remote host using a ssh connection with the libssh driver
-and use a different known_hosts file.</li>
-    </ul>
-    <h3>
-      <a id="Remote_URI_parameters">Extra parameters</a>
-    </h3>
-    <p>
-Extra parameters can be added to remote URIs as part
-of the query string (the part following <q><code>?</code></q>).
-Remote URIs understand the extra parameters shown below.
-Any others are passed unmodified through to the back end.
-Note that parameter values must be
-<a href="http://xmlsoft.org/html/libxml-uri.html#xmlURIEscapeStr">URI-escaped</a>.
-</p>
-    <table class="top_table">
-      <tr>
-        <th> Name </th>
-        <th> Transports </th>
-        <th> Meaning </th>
-      </tr>
-      <tr>
-        <td>
-          <code>name</code>
-        </td>
-        <td>
-          <i>any transport</i>
-        </td>
-        <td>
-  The name passed to the remote virConnectOpen function.  The
-  name is normally formed by removing transport, hostname, port
-  number, username and extra parameters from the remote URI, but in certain
-  very complex cases it may be better to supply the name explicitly.
-</td>
-      </tr>
-      <tr>
-        <td colspan="2"/>
-        <td> Example: <code>name=qemu:///system</code> </td>
-      </tr>
-      <tr>
-        <td>
-          <code>tls_priority</code>
-        </td>
-        <td> tls </td>
-        <td>
-  A vaid GNUTLS priority string
-</td>
-      </tr>
-      <tr>
-        <td colspan="2"/>
-        <td> Example: <code>tls_priority=NORMAL:-VERS-SSL3.0</code> </td>
-      </tr>
-      <tr>
-        <td>
-          <code>mode</code>
-        </td>
-        <td> unix, ssh, libssh, libssh2 </td>
-        <td>
-          <dl>
-            <dt><code>auto</code></dt><dd>automatically determine the daemon</dd>
-            <dt><code>direct</code></dt><dd>connect to per-driver daemons</dd>
-            <dt><code>legacy</code></dt><dd>connect to libvirtd</dd>
-          </dl>
-          Can also be set in <code>libvirt.conf</code> as <code>remote_mode</code>
-        </td>
-      </tr>
-      <tr>
-        <td colspan="2"/>
-        <td> Example: <code>mode=direct</code> </td>
-      </tr>
-      <tr>
-        <td>
-          <code>command</code>
-        </td>
-        <td> ssh, ext </td>
-        <td>
-  The external command.  For ext transport this is required.
-  For ssh the default is <code>ssh</code>.
-  The PATH is searched for the command.
-</td>
-      </tr>
-      <tr>
-        <td colspan="2"/>
-        <td> Example: <code>command=/opt/openssh/bin/ssh</code> </td>
-      </tr>
-      <tr>
-        <td>
-          <code>socket</code>
-        </td>
-        <td> unix, ssh, libssh2, libssh </td>
-        <td>
-  The path to the Unix domain socket, which overrides the
-  compiled-in default.  For ssh transport, this is passed to
-  the remote netcat command (see next).
-</td>
-      </tr>
-      <tr>
-        <td colspan="2"/>
-        <td> Example: <code>socket=/opt/libvirt/run/libvirt/libvirt-sock</code> </td>
-      </tr>
-      <tr>
-        <td>
-          <code>netcat</code>
-        </td>
-        <td> ssh, libssh2, libssh </td>
-        <td>
-  The name of the netcat command on the remote machine.
-  The default is <code>nc</code>.  For ssh transport, libvirt
-  constructs an ssh command which looks like:
-
-<pre><i>command</i> -p <i>port</i> [-l <i>username</i>] <i>hostname</i> <i>netcat</i> -U <i>socket</i>
-</pre>
-
-  where <i>port</i>, <i>username</i>, <i>hostname</i> can be
-  specified as part of the remote URI, and <i>command</i>, <i>netcat</i>
-  and <i>socket</i> come from extra parameters (or
-  sensible defaults).
-
-</td>
-      </tr>
-      <tr>
-        <td colspan="2"/>
-        <td> Example: <code>netcat=/opt/netcat/bin/nc</code> </td>
-      </tr>
-
-      <tr>
-        <td>
-          <code>keyfile</code>
-        </td>
-        <td> ssh, libssh2, libssh </td>
-        <td>
-  The name of the private key file to use to authentication to the remote
-  machine.  If this option is not used the default keys are used.
-        </td>
-      </tr>
-      <tr>
-        <td colspan="2"/>
-        <td> Example: <code>keyfile=/root/.ssh/example_key</code> </td>
-      </tr>
-
-      <tr>
-        <td>
-          <code>no_verify</code>
-        </td>
-        <td> ssh, tls </td>
-        <td>
-  SSH: If set to a non-zero value, this disables client's strict host key
-  checking making it auto-accept new host keys.  Existing host keys will
-  still be validated.
-  <br/>
-  <br/>
-  TLS: If set to a non-zero value, this disables client checks of the
-  server's certificate.  Note that to disable server checks of
-  the client's certificate or IP address you must
-  <a href="#Remote_libvirtd_configuration">change the libvirtd
-  configuration</a>.
-</td>
-      </tr>
-      <tr>
-        <td colspan="2"/>
-        <td> Example: <code>no_verify=1</code> </td>
-      </tr>
-      <tr>
-        <td>
-          <code>no_tty</code>
-        </td>
-        <td> ssh </td>
-        <td>
-  If set to a non-zero value, this stops ssh from asking for
-  a password if it cannot log in to the remote machine automatically
-  (eg. using ssh-agent etc.).  Use this when you don't have access
-  to a terminal - for example in graphical programs which use libvirt.
-</td>
-      </tr>
-      <tr>
-        <td colspan="2"/>
-        <td> Example: <code>no_tty=1</code> </td>
-      </tr>
-      <tr>
-        <td>
-          <code>pkipath</code>
-        </td>
-        <td> tls</td>
-        <td>
-          Specifies x509 certificates path for the client. If any of
-          the CA certificate, client certificate, or client key is
-          missing, the connection will fail with a fatal error.
-        </td>
-      </tr>
-      <tr>
-        <td colspan="2"/>
-        <td> Example: <code>pkipath=/tmp/pki/client</code> </td>
-      </tr>
-      <tr>
-        <td>
-          <code>known_hosts</code>
-        </td>
-        <td> libssh2, libssh </td>
-        <td>
-  Path to the known_hosts file to verify the host key against. LibSSH2 and
-  libssh support OpenSSH-style known_hosts files, although LibSSH2 does not
-  support all key types, so using files created by the OpenSSH binary may
-  result into truncating the known_hosts file. Thus, with LibSSH2 it's
-  recommended to use the default known_hosts file is located in libvirt's
-  client local configuration directory e.g.: ~/.config/libvirt/known_hosts.
-  Note: Use absolute paths.
-</td>
-      </tr>
-      <tr>
-        <td colspan="2"/>
-        <td> Example: <code>known_hosts=/root/.ssh/known_hosts</code> </td>
-      </tr>
-      <tr>
-        <td>
-          <code>sshauth</code>
-        </td>
-        <td> libssh2, libssh </td>
-        <td>
-  A comma separated list of authentication methods to use. Default (is
-  "agent,privkey,password,keyboard-interactive". The order of the methods
-  is preserved. Some methods may require additional parameters.
-</td>
-      </tr>
-      <tr>
-        <td colspan="2"/>
-        <td> Example: <code>sshauth=privkey,agent</code> </td>
-      </tr>
-    </table>
-    <h2>
-      <a id="Remote_certificates">Generating TLS certificates</a>
-    </h2>
-    <h3>
-      <a id="Remote_PKI">Public Key Infrastructure set up</a>
-    </h3>
-    <p>
-If you are unsure how to create TLS certificates, skip to the
-next section.
-</p>
-    <table class="top_table">
-      <tr>
-        <th> Location </th>
-        <th> Machine </th>
-        <th> Description </th>
-        <th> Required fields </th>
-      </tr>
-      <tr>
-        <td>
-          <code>/etc/pki/CA/cacert.pem</code>
-        </td>
-        <td> Installed on the client and server </td>
-        <td> CA's certificate (<a href="#Remote_TLS_CA">more info</a>)</td>
-        <td> n/a </td>
-      </tr>
-      <tr>
-        <td>
-          <code>$HOME/.pki/cacert.pem</code>
-        </td>
-        <td> Installed on the client </td>
-        <td> CA's certificate (<a href="#Remote_TLS_CA">more info</a>)</td>
-        <td> n/a </td>
-      </tr>
-      <tr>
-        <td>
-          <code>/etc/pki/libvirt/private/serverkey.pem</code>
-        </td>
-        <td> Installed on the server </td>
-        <td> Server's private key (<a href="#Remote_TLS_server_certificates">more info</a>)</td>
-        <td> n/a </td>
-      </tr>
-      <tr>
-        <td>
-          <code>/etc/pki/libvirt/servercert.pem</code>
-        </td>
-        <td> Installed on the server </td>
-        <td> Server's certificate signed by the CA.
- (<a href="#Remote_TLS_server_certificates">more info</a>) </td>
-        <td> CommonName (CN) must be the hostname of the server as it
-          is seen by clients. All hostname and IP address variants that might
-          be used to reach the server should be listed in Subject Alt Name
-          fields.</td>
-      </tr>
-      <tr>
-        <td>
-          <code>/etc/pki/libvirt/private/clientkey.pem</code>
-        </td>
-        <td> Installed on the client </td>
-        <td> Client's private key. (<a href="#Remote_TLS_client_certificates">more info</a>) </td>
-        <td> n/a </td>
-      </tr>
-      <tr>
-        <td>
-          <code>/etc/pki/libvirt/clientcert.pem</code>
-        </td>
-        <td> Installed on the client </td>
-        <td> Client's certificate signed by the CA
-  (<a href="#Remote_TLS_client_certificates">more info</a>) </td>
-        <td> Distinguished Name (DN) can be checked against an access
-  control list (<code>tls_allowed_dn_list</code>).
-  </td>
-      </tr>
-      <tr>
-        <td>
-          <code>$HOME/.pki/libvirt/clientkey.pem</code>
-        </td>
-        <td> Installed on the client </td>
-        <td> Client's private key. (<a href="#Remote_TLS_client_certificates">more info</a>) </td>
-        <td> n/a </td>
-      </tr>
-      <tr>
-        <td>
-          <code>$HOME/.pki/libvirt/clientcert.pem</code>
-        </td>
-        <td> Installed on the client </td>
-        <td> Client's certificate signed by the CA
-  (<a href="#Remote_TLS_client_certificates">more info</a>) </td>
-        <td> Distinguished Name (DN) can be checked against an access
-  control list (<code>tls_allowed_dn_list</code>).
-  </td>
-      </tr>
-    </table>
-    <p>
-      If 'pkipath' is specified in URI, then all the client
-      certificates must be found in the path specified, otherwise the
-      connection will fail with a fatal error. If 'pkipath' is not
-      specified:
+      The choice of transport is determined by the <a href="uri.html#URI_remote">URI scheme</a>,
+      with <code>tls</code> as the default if no explicit transport is requested.
    </p>
-    <ul>
-      <li> For a non-root user, libvirt tries to find the certificates
-        in $HOME/.pki/libvirt first. If the required CA certificate cannot
-        be found, then the global default location
-        (/etc/pki/CA/cacert.pem) will be used.
-        Likewise, if either the client certificate
-        or the client key cannot be found, then the global default
-        locations (/etc/pki/libvirt/clientcert.pem,
-        /etc/pki/libvirt/private/clientkey.pem) will be used.
-      </li>
-      <li> For the root user, the global default locations will always be used.</li>
-    </ul>
-    <h3>
-      <a id="Remote_TLS_background">Background to TLS certificates</a>
-    </h3>
-    <p>
-Libvirt supports TLS certificates for verifying the identity
-of the server and clients.  There are two distinct checks involved:
-</p>
-    <ul>
-      <li> The client should know that it is connecting to the right
-server.  Checking done by client by matching the certificate that
-the server sends to the server's hostname.  May be disabled by adding
-<code>?no_verify=1</code> to the
-<a href="#Remote_URI_parameters">remote URI</a>.
-</li>
-      <li> The server should know that only permitted clients are
-connecting.  This can be done based on client's IP address, or on
-client's IP address and client's certificate.  Checking done by the
-server.  May be enabled and disabled in the <a href="#Remote_libvirtd_configuration">libvirtd.conf file</a>.
-</li>
-    </ul>
-    <p>
-For full certificate checking you will need to have certificates
-issued by a recognised <a href="http://en.wikipedia.org/wiki/Certificate_authority">Certificate
-Authority (CA)</a> for your server(s) and all clients.  To avoid the
-expense of getting certificates from a commercial CA, you can set up
-your own CA and tell your server(s) and clients to trust certificates
-issues by your own CA.  Follow the instructions in the next section.
-</p>
-    <p>
-Be aware that the <a href="#Remote_libvirtd_configuration">default
-configuration for libvirtd</a> allows any client to connect provided
-they have a valid certificate issued by the CA for their own IP
-address.  You may want to change this to make it less (or more)
-permissive, depending on your needs.
-</p>
-    <h3>
-      <a id="Remote_TLS_CA">Setting up a Certificate Authority (CA)</a>
-    </h3>
-    <p>
-You will need the <a href="http://www.gnu.org/software/gnutls/manual/html_node/Invoking-certtool.html">GnuTLS
-certtool program documented here</a>.  In Fedora, it is in the
-<code>gnutls-utils</code> package.
-</p>
-    <p>
-Create a private key for your CA:
-</p>
-    <pre>
-certtool --generate-privkey &gt; cakey.pem
-</pre>
-    <p>
-and self-sign it by creating a file with the
-signature details called
-<code>ca.info</code> containing:
-</p>
-    <pre>
-cn = <i>Name of your organization</i>
-ca
-cert_signing_key
-</pre>
-    <pre>
-certtool --generate-self-signed --load-privkey cakey.pem \
-  --template ca.info --outfile cacert.pem
-</pre>
-    <p>
-(You can delete <code>ca.info</code> file now if you
-want).
-</p>
-    <p>
-Now you have two files which matter:
-</p>
-    <ul>
-      <li><code>cakey.pem</code> - Your CA's private key (keep this very secret!)
-</li>
-      <li><code>cacert.pem</code> - Your CA's certificate (this is public).
-</li>
-    </ul>
-    <p><code>cacert.pem</code> has to be installed on clients and
-server(s) to let them know that they can trust certificates issued by
-your CA.
-</p>
-    <p>
-The normal installation directory for <code>cacert.pem</code>
-is <code>/etc/pki/CA/cacert.pem</code> on all clients and servers.
-</p>
-    <p>
-To see the contents of this file, do:
-</p>
-    <pre><b>certtool -i --infile cacert.pem</b>
-
-X.509 certificate info:
-
-Version: 3
-Serial Number (hex): 00
-Subject: CN=Libvirt Project
-Issuer: CN=Libvirt Project
-Signature Algorithm: RSA-SHA
-Validity:
-        Not Before: Mon Jun 18 16:22:18 2007
-        Not After: Tue Jun 17 16:22:18 2008
-<i>[etc]</i>
-</pre>
-    <p>
-This is all that is required to set up your CA.  Keep the CA's private
-key carefully as you will need it when you come to issue certificates
-for your clients and servers.
-</p>
-    <h3>
-      <a id="Remote_TLS_server_certificates">Issuing server certificates</a>
-    </h3>
-    <p>
-For each server (libvirtd) you need to issue a certificate
-containing one or more hostnames and/or IP addresses.
-Historically the CommonName (CN) field would contain the
-hostname of the server and would match the hostname used
-in the URI that clients pass to libvirt. In most TLS implementations
-the CN field is considered legacy data. The preferential mechanism
-is to use Subject Alt Name (SAN) extension fields to validate
-against. In the future use of the CN field for validation may be
-discontinued entirely, so it is strongly recommended to
-include the SAN fields.
-</p>
-    <p>
-In the example below, clients will be connecting to the
-server using a <a href="#Remote_URI_reference">URI</a> of
-<code>qemu://compute1.libvirt.org/system</code>, so the CN
-must be "<code>compute1.libvirt.org</code>".
-</p>
-    <p>
-Make a private key for the server:
-</p>
-    <pre>
-certtool --generate-privkey &gt; serverkey.pem
-</pre>
-    <p>
-and sign that key with the CA's private key by first
-creating a template file called <code>server.info</code>.
-The template file will contain a number of fields to define
-the server as follows:
-</p>
-    <pre>
-organization = <i>Name of your organization</i>
-cn = compute1.libvirt.org
-dns_name = compute1
-dns_name = compute1.libvirt.org
-ip_address = 10.0.0.74
-ip_address = 192.168.1.24
-ip_address = 2001:cafe::74
-ip_address = fe20::24
-tls_www_server
-encryption_key
-signing_key
-</pre>
-<p>
-The 'cn' field should refer to the fully qualified public
-hostname of the server. For the SAN extension data, there
-must also be one or more 'dns_name' fields that contain all
-possible hostnames that can be reasonably used by clients
-to reach the server, both with and without domain name
-qualifiers. If clients are likely to connect to the server
-by IP address, then one or more 'ip_address' fields should
-also be added.
-</p>
-    <p>
-Use the template file as input to a <code>certtool</code>
-command to sign the server certificate:
-</p>
-    <pre>
-certtool --generate-certificate --load-privkey serverkey.pem \
-  --load-ca-certificate cacert.pem --load-ca-privkey cakey.pem \
-  --template server.info --outfile servercert.pem
-</pre>
-    <p>
-This gives two files:
-</p>
-    <ul>
-      <li><code>serverkey.pem</code> - The server's private key.
-</li>
-      <li><code>servercert.pem</code> - The server's public key.
-</li>
-    </ul>
-    <p>
-We can examine this certificate and its signature:
-</p>
-    <pre><b>certtool -i --infile servercert.pem</b>
-X.509 certificate info:
-
-Version: 3
-Serial Number (hex): 00
-Subject: O=Libvirt Project,CN=compute1.libvirt.org
-Issuer: CN=Libvirt Project
-Signature Algorithm: RSA-SHA
-Validity:
-        Not Before: Wed Oct 04 09:09:44 UTC 2017
-        Not After: Thu Oct 04 09:09:44 UTC 2018
-Extensions:
-        Basic Constraints (critical):
-                Certificate Authority (CA): FALSE
-        Subject Alternative Name (not critical):
-                DNSname: compute1
-                DNSname: compute1.libvirt.org
-                IPAddress: 10.0.0.74
-                IPAddress: 192.168.1.24
-                IPAddress: 2001:cafe::74
-                IPAddress: fe20::24
-</pre>
-    <p>
-Note the "Issuer" CN is "Libvirt Project" (the CA) and
-the "Subject" CN is "compute1.libvirt.org" (the server).
-Notice that the hostname listed in the CN must also
-be duplicated as a DNSname entry
-</p>
-    <p>
-Finally we have two files to install:
-</p>
-    <ul>
-      <li><code>serverkey.pem</code> is
-the server's private key which should be copied to the
-server <i>only</i> as
-<code>/etc/pki/libvirt/private/serverkey.pem</code>.
-</li>
-      <li><code>servercert.pem</code> is the server's certificate
-which can be installed on the server as
-<code>/etc/pki/libvirt/servercert.pem</code>.
-</li>
-    </ul>
-    <h3>
-      <a id="Remote_TLS_client_certificates">Issuing client certificates</a>
-    </h3>
-    <p>
-For each client (ie. any program linked with libvirt, such as
-<a href="http://virt-manager.org/">virt-manager</a>)
-you need to issue a certificate with the X.509 Distinguished Name (DN)
-set to a suitable name.  You can decide this on a company / organisation
-policy.  For example:
-</p>
-    <pre>
-C=GB,ST=London,L=London,O=Libvirt Project,CN=<i>name_of_client</i>
-</pre>
-    <p>
-The process is the same as for
-<a href="#Remote_TLS_server_certificates">setting up the
-server certificate</a> so here we just briefly cover the
-steps.
-</p>
-    <ol>
-      <li>
-Make a private key:
-<pre>
-certtool --generate-privkey &gt; clientkey.pem
-</pre>
-</li>
-      <li>
-Act as CA and sign the certificate.  Create client.info containing:
-<pre>
-country = GB
-state = London
-locality = London
-organization = Libvirt Project
-cn = client1
-tls_www_client
-encryption_key
-signing_key
-</pre>
-and sign by doing:
-<pre>
-certtool --generate-certificate --load-privkey clientkey.pem \
-  --load-ca-certificate cacert.pem --load-ca-privkey cakey.pem \
-  --template client.info --outfile clientcert.pem
-</pre>
-</li>
-      <li>
-Install the certificates on the client machine:
-<pre>
-cp clientkey.pem /etc/pki/libvirt/private/clientkey.pem
-cp clientcert.pem /etc/pki/libvirt/clientcert.pem
-</pre>
-</li>
-    </ol>
-    <h3>
-      <a id="Remote_TLS_troubleshooting">Troubleshooting TLS certificate problems</a>
-    </h3>
-    <dl>
-      <dt> failed to verify client's certificate </dt>
-      <dd>
-        <p>
-On the server side, run the libvirtd server with
-the '--listen' and '--verbose' options while the
-client is connecting.  The verbose log messages should
-tell you enough to diagnose the problem.
-</p>
-      </dd>
-    </dl>
-    <p> You can use the virt-pki-validate shell script
-to analyze the setup on the client or server machines, preferably as root.
-It will try to point out the possible problems and provide solutions to
-fix the set up up to a point where you have secure remote access.</p>
    <h2>
      <a id="Remote_libvirtd_configuration">libvirtd configuration file</a>
    </h2>
--- a/docs/schemas/capability.rng
+++ b/docs/schemas/capability.rng
@@ -265,6 +265,9 @@
        <attribute name='socket_id'>
          <ref name='unsignedInt'/>
        </attribute>
+        <attribute name='die_id'>
+          <ref name='unsignedInt'/>
+        </attribute>
        <attribute name='core_id'>
          <ref name='unsignedInt'/>
        </attribute>
@@ -408,8 +411,7 @@
    <element name='os_type'>
      <choice>
        <value>xen</value> <!-- Xen 3.0 pv -->
-        <value>linux</value> <!-- same as 'xen' - meant to be legacy,
-                                  but is also used by phyp driver -->
+        <value>linux</value> <!-- same as 'xen' - meant to be legacy -->
        <value>hvm</value> <!-- unmodified OS -->
        <value>exe</value> <!-- For container based virt -->
        <value>uml</value> <!-- user mode linux; NOT USED ANYMORE -->
--- a/docs/schemas/cputypes.rng
+++ b/docs/schemas/cputypes.rng
@@ -86,6 +86,11 @@
      <attribute name="sockets">
        <ref name="positiveInteger"/>
      </attribute>
+      <optional>
+        <attribute name="dies">
+          <ref name="positiveInteger"/>
+        </attribute>
+      </optional>
      <attribute name="cores">
        <ref name="positiveInteger"/>
      </attribute>
--- a/docs/schemas/domainbackup.rng
+++ b/docs/schemas/domainbackup.rng
@@ -0,0 +1,227 @@
+<?xml version="1.0"?>
+<!-- A Relax NG schema for the libvirt domain backup properties XML format -->
+<grammar xmlns="http://relaxng.org/ns/structure/1.0">
+  <start>
+    <ref name='domainbackup'/>
+  </start>
+
+  <include href='domaincommon.rng'/>
+
+  <define name='domainbackup'>
+    <element name='domainbackup'>
+      <interleave>
+        <optional>
+          <element name='incremental'>
+            <text/>
+          </element>
+        </optional>
+        <choice>
+          <group>
+            <optional>
+              <attribute name='mode'>
+                <value>push</value>
+              </attribute>
+            </optional>
+            <ref name='backupDisksPush'/>
+          </group>
+          <group>
+            <attribute name='mode'>
+              <value>pull</value>
+            </attribute>
+            <interleave>
+              <element name='server'>
+                <choice>
+                  <group>
+                    <optional>
+                      <attribute name='transport'>
+                        <value>tcp</value>
+                      </attribute>
+                    </optional>
+                    <attribute name='name'>
+                      <choice>
+                        <ref name='dnsName'/>
+                        <ref name='ipAddr'/>
+                      </choice>
+                    </attribute>
+                    <optional>
+                      <attribute name='port'>
+                        <ref name='unsignedInt'/>
+                      </attribute>
+                    </optional>
+                    <!-- add tls? -->
+                  </group>
+                  <group>
+                    <attribute name='transport'>
+                      <value>unix</value>
+                    </attribute>
+                    <attribute name='socket'>
+                      <ref name='absFilePath'/>
+                    </attribute>
+                  </group>
+                </choice>
+              </element>
+              <ref name='backupDisksPull'/>
+            </interleave>
+          </group>
+        </choice>
+      </interleave>
+    </element>
+  </define>
+
+  <define name='backupPushDriver'>
+    <optional>
+      <element name='driver'>
+        <attribute name='type'>
+          <ref name='storageFormat'/>
+        </attribute>
+      </element>
+    </optional>
+  </define>
+
+  <define name='backupPullDriver'>
+    <optional>
+      <element name='driver'>
+        <attribute name='type'>
+          <value>qcow2</value>
+        </attribute>
+      </element>
+    </optional>
+  </define>
+
+  <define name='backupAttr'>
+    <optional>
+      <attribute name='backup'>
+        <choice>
+          <value>yes</value>
+        </choice>
+      </attribute>
+    </optional>
+  </define>
+
+  <define name='backupDisksPush'>
+    <optional>
+      <element name='disks'>
+        <oneOrMore>
+          <element name='disk'>
+            <attribute name='name'>
+              <ref name='diskTarget'/>
+            </attribute>
+            <choice>
+              <group>
+                <attribute name='backup'>
+                  <value>no</value>
+                </attribute>
+              </group>
+              <group>
+                <ref name='backupAttr'/>
+                <attribute name='type'>
+                  <value>file</value>
+                </attribute>
+                <interleave>
+                  <optional>
+                    <element name='target'>
+                      <attribute name='file'>
+                        <ref name='absFilePath'/>
+                      </attribute>
+                      <zeroOrMore>
+                        <ref name='devSeclabel'/>
+                      </zeroOrMore>
+                    </element>
+                  </optional>
+                  <ref name='backupPushDriver'/>
+                </interleave>
+              </group>
+              <group>
+                <ref name='backupAttr'/>
+                <attribute name='type'>
+                  <value>block</value>
+                </attribute>
+                <interleave>
+                  <optional>
+                    <element name='target'>
+                      <attribute name='dev'>
+                        <ref name='absFilePath'/>
+                      </attribute>
+                      <zeroOrMore>
+                        <ref name='devSeclabel'/>
+                      </zeroOrMore>
+                    </element>
+                  </optional>
+                  <ref name='backupPushDriver'/>
+                </interleave>
+              </group>
+            </choice>
+          </element>
+        </oneOrMore>
+      </element>
+    </optional>
+  </define>
+
+  <define name='backupDisksPull'>
+    <optional>
+      <element name='disks'>
+        <oneOrMore>
+          <element name='disk'>
+            <attribute name='name'>
+              <ref name='diskTarget'/>
+            </attribute>
+            <optional>
+              <attribute name='exportname'>
+                <text/>
+              </attribute>
+              <attribute name='exportbitmap'>
+                <text/>
+              </attribute>
+            </optional>
+            <choice>
+              <group>
+                <attribute name='backup'>
+                  <value>no</value>
+                </attribute>
+              </group>
+              <group>
+                <optional>
+                  <ref name='backupAttr'/>
+                  <attribute name='type'>
+                    <value>file</value>
+                  </attribute>
+                </optional>
+                <optional>
+                  <interleave>
+                    <element name='scratch'>
+                      <attribute name='file'>
+                        <ref name='absFilePath'/>
+                      </attribute>
+                      <zeroOrMore>
+                        <ref name='devSeclabel'/>
+                      </zeroOrMore>
+                    </element>
+                    <ref name='backupPullDriver'/>
+                  </interleave>
+                </optional>
+              </group>
+              <group>
+                <ref name='backupAttr'/>
+                <attribute name='type'>
+                  <value>block</value>
+                </attribute>
+                <interleave>
+                  <element name='scratch'>
+                    <attribute name='dev'>
+                      <ref name='absFilePath'/>
+                    </attribute>
+                    <zeroOrMore>
+                      <ref name='devSeclabel'/>
+                    </zeroOrMore>
+                  </element>
+                  <ref name='backupPullDriver'/>
+                </interleave>
+              </group>
+            </choice>
+          </element>
+        </oneOrMore>
+      </element>
+    </optional>
+  </define>
+
+</grammar>
--- a/docs/schemas/domaincaps.rng
+++ b/docs/schemas/domaincaps.rng
@@ -210,6 +210,9 @@
      <optional>
        <ref name='backingStoreInput'/>
      </optional>
+      <optional>
+        <ref name='backup'/>
+      </optional>
      <optional>
        <ref name='sev'/>
      </optional>
@@ -241,6 +244,12 @@
    </element>
  </define>

+  <define name='backup'>
+    <element name='backup'>
+      <ref name='supported'/>
+    </element>
+  </define>
+
  <define name='sev'>
    <element name='sev'>
      <ref name='supported'/>
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -216,7 +216,7 @@
        <value>vmware</value>
        <value>hyperv</value>
        <value>vbox</value>
-        <value>phyp</value>
+        <value>phyp</value> <!-- NOT USED ANYMORE -->
        <value>vz</value>
        <value>bhyve</value>
      </choice>
@@ -980,41 +980,41 @@
            <attribute name="vcpus">
              <ref name='cpuset'/>
            </attribute>
-            <zeroOrMore>
-              <element name="cache">
-                <attribute name="id">
-                  <ref name='unsignedInt'/>
-                </attribute>
-                <attribute name="level">
-                  <ref name='unsignedInt'/>
-                </attribute>
-                <attribute name="type">
-                  <choice>
-                    <value>both</value>
-                    <value>code</value>
-                    <value>data</value>
-                  </choice>
-                </attribute>
-                <attribute name="size">
-                  <ref name='unsignedLong'/>
-                </attribute>
-                <optional>
-                  <attribute name='unit'>
-                    <ref name='unit'/>
+            <oneOrMore>
+              <choice>
+                <element name="cache">
+                  <attribute name="id">
+                    <ref name='unsignedInt'/>
                  </attribute>
-                </optional>
-              </element>
-            </zeroOrMore>
-            <zeroOrMore>
-              <element name="monitor">
-                <attribute name="level">
-                  <ref name='unsignedInt'/>
-                </attribute>
-                <attribute name="vcpus">
-                  <ref name='cpuset'/>
-                </attribute>
-              </element>
-            </zeroOrMore>
+                  <attribute name="level">
+                    <ref name='unsignedInt'/>
+                  </attribute>
+                  <attribute name="type">
+                    <choice>
+                      <value>both</value>
+                      <value>code</value>
+                      <value>data</value>
+                    </choice>
+                  </attribute>
+                  <attribute name="size">
+                    <ref name='unsignedLong'/>
+                  </attribute>
+                  <optional>
+                    <attribute name='unit'>
+                      <ref name='unit'/>
+                    </attribute>
+                  </optional>
+                </element>
+                <element name="monitor">
+                  <attribute name="level">
+                    <ref name='unsignedInt'/>
+                  </attribute>
+                  <attribute name="vcpus">
+                    <ref name='cpuset'/>
+                  </attribute>
+                </element>
+              </choice>
+            </oneOrMore>
          </element>
        </zeroOrMore>
        <zeroOrMore>
@@ -1023,14 +1023,21 @@
              <ref name='cpuset'/>
            </attribute>
            <oneOrMore>
-              <element name="node">
-                <attribute name="id">
-                  <ref name='unsignedInt'/>
-                </attribute>
-                <attribute name="bandwidth">
-                  <ref name='unsignedInt'/>
-                </attribute>
-              </element>
+              <choice>
+                <element name="node">
+                  <attribute name="id">
+                    <ref name='unsignedInt'/>
+                  </attribute>
+                  <attribute name="bandwidth">
+                    <ref name='unsignedInt'/>
+                  </attribute>
+                </element>
+                <element name="monitor">
+                  <attribute name="vcpus">
+                    <ref name='cpuset'/>
+                  </attribute>
+                </element>
+              </choice>
            </oneOrMore>
          </element>
        </zeroOrMore>
@@ -1232,6 +1239,7 @@
            <choice>
              <value>hpet</value>
              <value>pit</value>
+              <value>armvtimer</value>
            </choice>
          </attribute>
          <optional>
@@ -1588,12 +1596,31 @@
    </optional>
  </define>

+  <define name="diskSourceSlice">
+    <attribute name='offset'>
+      <ref name="positiveInteger"/>
+    </attribute>
+    <attribute name='size'>
+      <ref name="positiveInteger"/>
+    </attribute>
+  </define>
+
  <define name="diskSourceCommon">
    <optional>
      <attribute name="index">
        <ref name="positiveInteger"/>
      </attribute>
    </optional>
+    <optional>
+      <element name='slices'>
+        <element name='slice'>
+          <attribute name='type'>
+            <value>storage</value>
+          </attribute>
+          <ref name="diskSourceSlice"/>
+        </element>
+      </element>
+    </optional>
  </define>

  <define name="diskSource">
@@ -1603,6 +1630,7 @@
      <ref name="diskSourceDir"/>
      <ref name="diskSourceNetwork"/>
      <ref name="diskSourceVolume"/>
+      <ref name="diskSourceNvme"/>
    </choice>
  </define>

@@ -1614,21 +1642,23 @@
    </optional>
    <optional>
      <element name="source">
-        <optional>
-          <attribute name="file">
-            <ref name="absFilePath"/>
-          </attribute>
-        </optional>
-        <ref name="diskSourceCommon"/>
-        <optional>
-          <ref name="storageStartupPolicy"/>
-        </optional>
-        <optional>
-          <ref name="encryption"/>
-        </optional>
-        <zeroOrMore>
-          <ref name='devSeclabel'/>
-        </zeroOrMore>
+        <interleave>
+          <optional>
+            <attribute name="file">
+              <ref name="absFilePath"/>
+            </attribute>
+          </optional>
+          <ref name="diskSourceCommon"/>
+          <optional>
+            <ref name="storageStartupPolicy"/>
+          </optional>
+          <optional>
+            <ref name="encryption"/>
+          </optional>
+          <zeroOrMore>
+            <ref name='devSeclabel'/>
+          </zeroOrMore>
+        </interleave>
      </element>
    </optional>
  </define>
@@ -1639,24 +1669,26 @@
    </attribute>
    <optional>
      <element name="source">
-        <optional>
-          <attribute name="dev">
-            <ref name="absFilePath"/>
-          </attribute>
-        </optional>
-        <ref name="diskSourceCommon"/>
-        <optional>
-          <ref name="storageStartupPolicy"/>
-        </optional>
-        <optional>
-          <ref name="encryption"/>
-        </optional>
-        <optional>
-          <ref name="reservations"/>
-        </optional>
-        <zeroOrMore>
-          <ref name='devSeclabel'/>
-        </zeroOrMore>
+        <interleave>
+          <optional>
+            <attribute name="dev">
+              <ref name="absFilePath"/>
+            </attribute>
+          </optional>
+          <ref name="diskSourceCommon"/>
+          <optional>
+            <ref name="storageStartupPolicy"/>
+          </optional>
+          <optional>
+            <ref name="encryption"/>
+          </optional>
+          <optional>
+            <ref name="reservations"/>
+          </optional>
+          <zeroOrMore>
+            <ref name='devSeclabel'/>
+          </zeroOrMore>
+        </interleave>
      </element>
    </optional>
  </define>
@@ -1667,17 +1699,19 @@
    </attribute>
    <optional>
      <element name="source">
-        <attribute name="dir">
-          <ref name="absFilePath"/>
-        </attribute>
-        <ref name="diskSourceCommon"/>
-        <optional>
-          <ref name="storageStartupPolicy"/>
-        </optional>
-        <optional>
-          <ref name="encryption"/>
-        </optional>
-        <empty/>
+        <interleave>
+          <attribute name="dir">
+            <ref name="absFilePath"/>
+          </attribute>
+          <ref name="diskSourceCommon"/>
+          <optional>
+            <ref name="storageStartupPolicy"/>
+          </optional>
+          <optional>
+            <ref name="encryption"/>
+          </optional>
+          <empty/>
+        </interleave>
      </element>
    </optional>
  </define>
@@ -1764,108 +1798,216 @@
        <value>iscsi</value>
      </attribute>
      <attribute name="name"/>
-      <ref name="diskSourceCommon"/>
-      <ref name="diskSourceNetworkHost"/>
-      <optional>
-        <ref name="diskAuth"/>
-      </optional>
-      <optional>
-        <ref name="encryption"/>
-      </optional>
-      <optional>
-        <ref name="initiatorinfo"/>
-      </optional>
+      <interleave>
+        <ref name="diskSourceCommon"/>
+        <ref name="diskSourceNetworkHost"/>
+        <optional>
+          <ref name="diskAuth"/>
+        </optional>
+        <optional>
+          <ref name="encryption"/>
+        </optional>
+        <optional>
+          <ref name="initiatorinfo"/>
+        </optional>
+      </interleave>
+    </element>
+  </define>
+
+  <define name="diskSourceNetworkProtocolPropsCommon">
+    <optional>
+      <element name="readahead">
+        <attribute name="size">
+          <ref name="positiveInteger"/>
+        </attribute>
+        <empty/>
+      </element>
+    </optional>
+    <optional>
+      <element name="timeout">
+        <attribute name="seconds">
+          <ref name="positiveInteger"/>
+        </attribute>
+        <empty/>
+      </element>
+    </optional>
+  </define>
+
+  <define name="diskSourceNetworkProtocolSSLVerify">
+    <element name="ssl">
+      <attribute name="verify">
+        <ref name="virYesNo"/>
+      </attribute>
+      <empty/>
+    </element>
+  </define>
+
+  <define name="diskSourceNetworkProtocolHTTPCookies">
+    <element name="cookies">
+      <oneOrMore>
+        <element name="cookie">
+          <attribute name="name">
+            <data type="string">
+              <param name="pattern">[!#$%&amp;'*+\-.0-9A-Z\^_`a-z|~]+</param>
+            </data>
+          </attribute>
+          <data type="string">
+            <param name="pattern">"?[!#$%&amp;'()*+\-./0-9:&gt;=&lt;?@A-Z\^_`\[\]a-z|~]+"?</param>
+          </data>
+        </element>
+      </oneOrMore>
+      <empty/>
+    </element>
+  </define>
+
+  <define name="diskSourceNetworkProtocolHTTPS">
+    <element name="source">
+      <interleave>
+        <attribute name="protocol">
+          <choice>
+            <value>https</value>
+          </choice>
+        </attribute>
+        <attribute name="name"/>
+        <ref name="diskSourceCommon"/>
+        <ref name="diskSourceNetworkHost"/>
+        <optional>
+          <ref name="encryption"/>
+        </optional>
+        <optional>
+          <ref name="diskSourceNetworkProtocolSSLVerify"/>
+        </optional>
+        <optional>
+          <ref name="diskSourceNetworkProtocolHTTPCookies"/>
+        </optional>
+        <ref name="diskSourceNetworkProtocolPropsCommon"/>
+        </interleave>
    </element>
  </define>

  <define name="diskSourceNetworkProtocolHTTP">
    <element name="source">
-      <attribute name="protocol">
-        <choice>
-          <value>http</value>
-          <value>https</value>
-        </choice>
-      </attribute>
-      <attribute name="name"/>
-      <ref name="diskSourceCommon"/>
-      <ref name="diskSourceNetworkHost"/>
-      <optional>
-        <ref name="encryption"/>
-      </optional>
+      <interleave>
+        <attribute name="protocol">
+          <choice>
+            <value>http</value>
+          </choice>
+        </attribute>
+        <attribute name="name"/>
+        <ref name="diskSourceCommon"/>
+        <ref name="diskSourceNetworkHost"/>
+        <optional>
+          <ref name="encryption"/>
+        </optional>
+        <optional>
+          <ref name="diskSourceNetworkProtocolHTTPCookies"/>
+        </optional>
+        <ref name="diskSourceNetworkProtocolPropsCommon"/>
+      </interleave>
+    </element>
+  </define>
+
+  <define name="diskSourceNetworkProtocolFTPS">
+    <element name="source">
+      <interleave>
+        <attribute name="protocol">
+          <choice>
+            <value>ftps</value>
+          </choice>
+        </attribute>
+        <attribute name="name"/>
+        <ref name="diskSourceCommon"/>
+        <ref name="diskSourceNetworkHost"/>
+        <optional>
+          <ref name="encryption"/>
+        </optional>
+        <optional>
+          <ref name="diskSourceNetworkProtocolSSLVerify"/>
+        </optional>
+        <ref name="diskSourceNetworkProtocolPropsCommon"/>
+      </interleave>
    </element>
  </define>

  <define name="diskSourceNetworkProtocolSimple">
    <element name="source">
-      <attribute name="protocol">
-        <choice>
-          <value>sheepdog</value>
-          <value>ftp</value>
-          <value>ftps</value>
-          <value>tftp</value>
-        </choice>
-      </attribute>
-      <attribute name="name"/>
-      <ref name="diskSourceCommon"/>
-      <ref name="diskSourceNetworkHost"/>
-      <optional>
-        <ref name="encryption"/>
-      </optional>
+      <interleave>
+        <attribute name="protocol">
+          <choice>
+            <value>sheepdog</value>
+            <value>ftp</value>
+            <value>tftp</value>
+          </choice>
+        </attribute>
+        <attribute name="name"/>
+        <ref name="diskSourceCommon"/>
+        <ref name="diskSourceNetworkHost"/>
+        <optional>
+          <ref name="encryption"/>
+        </optional>
+        <ref name="diskSourceNetworkProtocolPropsCommon"/>
+      </interleave>
    </element>
  </define>

  <define name="diskSourceNetworkProtocolNBD">
    <element name="source">
-      <attribute name="protocol">
-        <value>nbd</value>
-      </attribute>
-      <optional>
-        <attribute name="name"/>
-      </optional>
-      <optional>
-        <attribute name="tls">
-          <ref name="virYesNo"/>
+      <interleave>
+        <attribute name="protocol">
+          <value>nbd</value>
        </attribute>
-      </optional>
-      <ref name="diskSourceCommon"/>
-      <ref name="diskSourceNetworkHost"/>
-      <optional>
-        <ref name="encryption"/>
-      </optional>
+        <optional>
+          <attribute name="name"/>
+        </optional>
+        <optional>
+          <attribute name="tls">
+            <ref name="virYesNo"/>
+          </attribute>
+        </optional>
+        <ref name="diskSourceCommon"/>
+        <ref name="diskSourceNetworkHost"/>
+        <optional>
+          <ref name="encryption"/>
+        </optional>
+      </interleave>
    </element>
  </define>

  <define name="diskSourceNetworkProtocolGluster">
    <element name="source">
-      <attribute name="protocol">
-        <value>gluster</value>
-      </attribute>
-      <attribute name="name"/>
-      <ref name="diskSourceCommon"/>
-      <oneOrMore>
-        <ref name="diskSourceNetworkHost"/>
-      </oneOrMore>
-      <optional>
-        <ref name="encryption"/>
-      </optional>
+      <interleave>
+        <attribute name="protocol">
+          <value>gluster</value>
+        </attribute>
+        <attribute name="name"/>
+        <ref name="diskSourceCommon"/>
+        <oneOrMore>
+          <ref name="diskSourceNetworkHost"/>
+        </oneOrMore>
+        <optional>
+          <ref name="encryption"/>
+        </optional>
+      </interleave>
    </element>
  </define>

  <define name="diskSourceNetworkProtocolVxHS">
    <element name="source">
-      <attribute name="protocol">
-        <choice>
-          <value>vxhs</value>
-        </choice>
-      </attribute>
-      <attribute name="name"/>
-      <ref name="diskSourceCommon"/>
-      <optional>
-        <attribute name="tls">
-          <ref name="virYesNo"/>
+      <interleave>
+        <attribute name="protocol">
+          <choice>
+            <value>vxhs</value>
+          </choice>
        </attribute>
-      </optional>
-      <ref name="diskSourceNetworkHost"/>
+        <attribute name="name"/>
+        <ref name="diskSourceCommon"/>
+        <optional>
+          <attribute name="tls">
+            <ref name="virYesNo"/>
+          </attribute>
+        </optional>
+        <ref name="diskSourceNetworkHost"/>
+      </interleave>
    </element>
  </define>

@@ -1879,6 +2021,8 @@
      <ref name="diskSourceNetworkProtocolRBD"/>
      <ref name="diskSourceNetworkProtocolISCSI"/>
      <ref name="diskSourceNetworkProtocolHTTP"/>
+      <ref name="diskSourceNetworkProtocolHTTPS"/>
+      <ref name="diskSourceNetworkProtocolFTPS"/>
      <ref name="diskSourceNetworkProtocolSimple"/>
      <ref name="diskSourceNetworkProtocolVxHS"/>
    </choice>
@@ -1890,30 +2034,65 @@
    </attribute>
    <optional>
      <element name="source">
-        <attribute name="pool">
-          <ref name="poolName"/>
-        </attribute>
-        <attribute name="volume">
-          <ref name="volName"/>
-        </attribute>
-        <optional>
-          <attribute name="mode">
-            <choice>
-              <value>host</value>
-              <value>direct</value>
-            </choice>
+        <interleave>
+          <attribute name="pool">
+            <ref name="poolName"/>
          </attribute>
-        </optional>
-        <ref name="diskSourceCommon"/>
-        <optional>
-          <ref name="storageStartupPolicy"/>
-        </optional>
-        <optional>
-          <ref name="encryption"/>
-        </optional>
-        <zeroOrMore>
-          <ref name='devSeclabel'/>
-        </zeroOrMore>
+          <attribute name="volume">
+            <ref name="volName"/>
+          </attribute>
+          <optional>
+            <attribute name="mode">
+              <choice>
+                <value>host</value>
+                <value>direct</value>
+              </choice>
+            </attribute>
+          </optional>
+          <ref name="diskSourceCommon"/>
+          <optional>
+            <ref name="storageStartupPolicy"/>
+          </optional>
+          <optional>
+            <ref name="encryption"/>
+          </optional>
+          <zeroOrMore>
+            <ref name='devSeclabel'/>
+          </zeroOrMore>
+        </interleave>
+      </element>
+    </optional>
+  </define>
+
+  <define name="diskSourceNvme">
+    <attribute name="type">
+      <value>nvme</value>
+    </attribute>
+    <optional>
+      <element name="source">
+        <interleave>
+          <attribute name="type">
+            <value>pci</value>
+          </attribute>
+          <attribute name="namespace">
+            <ref name="uint32"/>
+          </attribute>
+          <optional>
+            <attribute name="managed">
+              <ref name="virYesNo"/>
+            </attribute>
+          </optional>
+          <element name="address">
+            <ref name="pciaddress"/>
+          </element>
+          <ref name="diskSourceCommon"/>
+          <optional>
+            <ref name="storageStartupPolicy"/>
+          </optional>
+          <optional>
+            <ref name="encryption"/>
+          </optional>
+        </interleave>
      </element>
    </optional>
  </define>
@@ -2439,6 +2618,9 @@
          <optional>
            <ref name="fsDriver"/>
          </optional>
+          <optional>
+            <ref name="fsBinary"/>
+          </optional>
          <interleave>
            <element name="source">
              <attribute name="dir">
@@ -2559,29 +2741,84 @@
           for this kind of info, and 'type' for the
           storage format. We need the latter too, so
           had to invent a new attribute name -->
+      <choice>
+        <group>
+          <optional>
+            <attribute name="type">
+              <choice>
+                <value>path</value>
+                <value>handle</value>
+                <value>loop</value>
+                <value>nbd</value>
+                <value>ploop</value>
+              </choice>
+            </attribute>
+          </optional>
+          <optional>
+            <attribute name="format">
+              <ref name="storageFormat"/>
+            </attribute>
+          </optional>
+          <optional>
+            <attribute name="wrpolicy">
+              <value>immediate</value>
+            </attribute>
+          </optional>
+          <ref name='virtioOptions'/>
+        </group>
+        <group>
+          <attribute name="type">
+            <value>virtiofs</value>
+          </attribute>
+          <optional>
+            <attribute name="queue">
+              <ref name="unsignedInt"/>
+            </attribute>
+          </optional>
+          <ref name='virtioOptions'/>
+        </group>
+        <empty/>
+      </choice>
+    </element>
+  </define>
+  <define name="fsBinary">
+    <element name="binary">
      <optional>
-        <attribute name="type">
-          <choice>
-            <value>path</value>
-            <value>handle</value>
-            <value>loop</value>
-            <value>nbd</value>
-            <value>ploop</value>
-          </choice>
+        <attribute name="path">
+          <ref name="absFilePath"/>
        </attribute>
      </optional>
      <optional>
-        <attribute name="format">
-          <ref name="storageFormat"/>
+        <attribute name="xattr">
+          <ref name="virOnOff"/>
        </attribute>
      </optional>
      <optional>
-        <attribute name="wrpolicy">
-          <value>immediate</value>
-        </attribute>
+        <element name="cache">
+          <optional>
+            <attribute name="mode">
+              <choice>
+                <value>none</value>
+                <value>always</value>
+              </choice>
+            </attribute>
+          </optional>
+        </element>
+      </optional>
+      <optional>
+        <element name="lock">
+          <optional>
+            <attribute name="posix">
+              <ref name="virOnOff"/>
+            </attribute>
+          </optional>
+          <optional>
+            <attribute name="flock">
+              <ref name="virOnOff"/>
+            </attribute>
+          </optional>
+        </element>
      </optional>
-      <ref name='virtioOptions'/>
-      <empty/>
    </element>
  </define>

@@ -3117,6 +3354,28 @@
      <optional>
        <ref name="vlan"/>
      </optional>
+      <optional>
+        <ref name="portOptions"/>
+      </optional>
+      <optional>
+        <element name="teaming">
+          <choice>
+            <group>
+              <attribute name="type">
+                <value>persistent</value>
+              </attribute>
+            </group>
+            <group>
+              <attribute name="type">
+                <value>transient</value>
+              </attribute>
+              <attribute name="persistent">
+                <ref name="aliasName"/>
+              </attribute>
+            </group>
+          </choice>
+        </element>
+      </optional>
    </interleave>
  </define>

@@ -4323,6 +4582,7 @@
          <choice>
            <value>tpm-tis</value>
            <value>tpm-crb</value>
+            <value>tpm-spapr</value>
          </choice>
        </attribute>
      </optional>
@@ -4330,6 +4590,9 @@
      <optional>
        <ref name="alias"/>
      </optional>
+      <optional>
+        <ref name="address"/>
+      </optional>
    </element>
  </define>

@@ -4926,7 +5189,7 @@
    </optional>
    <optional>
      <attribute name="port">
-        <ref name="driveUnit"/>
+        <ref name="virtioserialPort"/>
      </attribute>
    </optional>
  </define>
@@ -4936,7 +5199,7 @@
    </attribute>
    <optional>
      <attribute name="slot">
-        <ref name="driveUnit"/>
+        <ref name="ccidSlot"/>
      </attribute>
    </optional>
  </define>
@@ -5463,6 +5726,11 @@
          </attribute>
          <ref name="dimmaddress"/>
        </group>
+        <group>
+          <attribute name="type">
+            <value>unassigned</value>
+          </attribute>
+        </group>
      </choice>
    </element>
  </define>
@@ -5510,6 +5778,11 @@
        </attribute>
      </optional>
      <interleave>
+        <optional>
+          <element name="uuid">
+            <ref name="UUID"/>
+          </element>
+        </optional>
        <optional>
          <ref name="memorydev-source"/>
        </optional>
@@ -5637,6 +5910,12 @@
          <ref name="qemucdevSrcType"/>
          <ref name="qemucdevSrcDef"/>
        </group>
+        <group>
+          <attribute name="model">
+            <value>builtin</value>
+          </attribute>
+          <empty/>
+        </group>
      </choice>
    </element>
  </define>
@@ -6251,37 +6530,41 @@
    -->
  <define name="qemucmdline">
    <element name="commandline" ns="http://libvirt.org/schemas/domain/qemu/1.0">
-      <zeroOrMore>
-        <element name="arg">
-          <attribute name='value'/>
-        </element>
-      </zeroOrMore>
-      <zeroOrMore>
-        <element name="env">
-          <attribute name='name'>
-            <ref name="filter-param-name"/>
-          </attribute>
-          <optional>
+      <interleave>
+        <zeroOrMore>
+          <element name="arg">
            <attribute name='value'/>
-          </optional>
-          <empty/>
-        </element>
-      </zeroOrMore>
+          </element>
+        </zeroOrMore>
+        <zeroOrMore>
+          <element name="env">
+            <attribute name='name'>
+              <ref name="filter-param-name"/>
+            </attribute>
+            <optional>
+              <attribute name='value'/>
+            </optional>
+            <empty/>
+          </element>
+        </zeroOrMore>
+      </interleave>
    </element>
  </define>

  <define name="qemucapabilities">
    <element name="capabilities" ns="http://libvirt.org/schemas/domain/qemu/1.0">
-      <zeroOrMore>
-        <element name="add">
-          <attribute name="capability"/>
-        </element>
-      </zeroOrMore>
-      <zeroOrMore>
-        <element name="del">
-          <attribute name="capability"/>
-        </element>
-      </zeroOrMore>
+      <interleave>
+        <zeroOrMore>
+          <element name="add">
+            <attribute name="capability"/>
+          </element>
+        </zeroOrMore>
+        <zeroOrMore>
+          <element name="del">
+            <attribute name="capability"/>
+          </element>
+        </zeroOrMore>
+      </interleave>
    </element>
  </define>

@@ -6460,7 +6743,7 @@
  </define>
  <define name="driveUnit">
    <data type="string">
-      <param name="pattern">[0-9]{1,2}</param>
+      <param name="pattern">[0-9]{1,5}</param>
    </data>
  </define>
  <define name="driveSCSIUnit">
@@ -6488,6 +6771,16 @@
      <param name="pattern">[a-zA-Z0-9_\-.]+</param>
    </data>
  </define>
+  <define name="virtioserialPort">
+    <data type="string">
+      <param name="pattern">[0-9]{1,2}</param>
+    </data>
+  </define>
+  <define name="ccidSlot">
+    <data type="string">
+      <param name="pattern">[0-9]{1,2}</param>
+    </data>
+  </define>
  <define name='alias'>
    <element name='alias'>
      <attribute name='name'>
--- a/docs/schemas/network.rng
+++ b/docs/schemas/network.rng
@@ -237,9 +237,9 @@
              <optional>
                <ref name="bandwidth"/>
              </optional>
-            <optional>
-              <ref name="vlan"/>
-            </optional>
+              <optional>
+                <ref name="vlan"/>
+              </optional>
            </interleave>
          </element>
        </zeroOrMore>
@@ -332,6 +332,9 @@
        <optional>
          <ref name="vlan"/>
        </optional>
+        <optional>
+          <ref name="portOptions"/>
+        </optional>

        <!-- <ip> element -->
        <zeroOrMore>
--- a/docs/schemas/networkcommon.rng
+++ b/docs/schemas/networkcommon.rng
@@ -280,4 +280,15 @@
      </attribute>
    </element>
  </define>
+
+  <define name="portOptions">
+    <element name="port">
+      <optional>
+        <attribute name="isolated">
+          <ref name="virYesNo"/>
+        </attribute>
+      </optional>
+    </element>
+  </define>
+
 </grammar>
--- a/docs/schemas/networkport.rng
+++ b/docs/schemas/networkport.rng
@@ -29,6 +29,12 @@
        <optional>
          <ref name="bandwidth"/>
        </optional>
+        <optional>
+          <ref name="vlan"/>
+        </optional>
+        <optional>
+          <ref name="portOptions"/>
+        </optional>
        <optional>
          <ref name="plug"/>
        </optional>
--- a/docs/schemas/storagepool.rng
+++ b/docs/schemas/storagepool.rng
@@ -451,6 +451,7 @@
            <value>hfs+</value>
            <value>xfs</value>
            <value>ocfs2</value>
+            <value>vmfs</value>
          </choice>
        </attribute>
      </element>
--- a/docs/schemas/storagevol.rng
+++ b/docs/schemas/storagevol.rng
@@ -194,6 +194,7 @@
      <value>hfs+</value>
      <value>xfs</value>
      <value>ocfs2</value>
+      <value>vmfs</value>
    </choice>
  </define>

--- a/Show More
+++ b/Show More