Release of libvirt-5.6.0

* docs/news.xml: updated for release

Signed-off-by: Daniel Veillard <veillard@redhat.com>

.ctags.d/libvirt.ctags

@@ -0,0 +1 @@
+../.ctags

.gitignore

@@ -37,7 +37,6 @@
 .sc-start-sc_*
 .ycm_extra_conf.py
 /AUTHORS
-/ChangeLog
 /GNUmakefile
 /INSTALL
 /NEWS
@@ -45,6 +44,7 @@
 /autom4te.cache
 /build-aux/*
 /build/
+/ci-tree/
 /confdefs.h
 /config.cache
 /config.guess
@@ -67,23 +67,22 @@
 /docs/libvirt-qemu-*.xml
 /docs/libvirt-refs.xml
 /docs/news.html.in
-/docs/search.php
 /docs/todo.html.in
-/examples/admin/client_close
-/examples/admin/client_info
-/examples/admin/client_limits
-/examples/admin/list_clients
-/examples/admin/list_servers
-/examples/admin/logging
-/examples/admin/threadpool_params
-/examples/object-events/event-test
-/examples/dominfo/info1
-/examples/domsuspend/suspend
-/examples/dommigrate/dommigrate
-/examples/domtop/domtop
-/examples/hellolibvirt/hellolibvirt
-/examples/openauth/openauth
-/examples/rename/rename
+/examples/c/admin/client_close
+/examples/c/admin/client_info
+/examples/c/admin/client_limits
+/examples/c/admin/list_clients
+/examples/c/admin/list_servers
+/examples/c/admin/logging
+/examples/c/admin/threadpool_params
+/examples/c/domain/dommigrate
+/examples/c/domain/domtop
+/examples/c/domain/info1
+/examples/c/domain/rename
+/examples/c/domain/suspend
+/examples/c/misc/event-test
+/examples/c/misc/hellolibvirt
+/examples/c/misc/openauth
 /gnulib/lib/*
 /gnulib/m4/*
 /gnulib/tests/*

.gitlab-ci.yml

@@ -0,0 +1,46 @@
+.job_template: &job_definition
+  script:
+    - mkdir build
+    - cd build
+    - ../autogen.sh $CONFIGURE_OPTS || (cat config.log && exit 1)
+    - make -j $(getconf _NPROCESSORS_ONLN)
+
+# We could run every arch on every versions, but it is a little
+# overkill. Instead we split jobs evenly across 9, 10 and sid
+# to achieve reasonable cross-coverage.
+
+debian-9-cross-armv6l:
+  <<: *job_definition
+  image: quay.io/libvirt/buildenv-debian-9-cross-armv6l:latest
+
+debian-9-cross-mips64el:
+  <<: *job_definition
+  image: quay.io/libvirt/buildenv-debian-9-cross-mips64el:latest
+
+debian-9-cross-mipsel:
+  <<: *job_definition
+  image: quay.io/libvirt/buildenv-debian-9-cross-mipsel:latest
+
+debian-10-cross-aarch64:
+  <<: *job_definition
+  image: quay.io/libvirt/buildenv-debian-10-cross-aarch64:latest
+
+debian-10-cross-ppc64le:
+  <<: *job_definition
+  image: quay.io/libvirt/buildenv-debian-10-cross-ppc64le:latest
+
+debian-10-cross-s390x:
+  <<: *job_definition
+  image: quay.io/libvirt/buildenv-debian-10-cross-s390x:latest
+
+debian-sid-cross-armv7l:
+  <<: *job_definition
+  image: quay.io/libvirt/buildenv-debian-sid-cross-armv7l:latest
+
+debian-sid-cross-i686:
+  <<: *job_definition
+  image: quay.io/libvirt/buildenv-debian-sid-cross-i686:latest
+
+debian-sid-cross-mips:
+  <<: *job_definition
+  image: quay.io/libvirt/buildenv-debian-sid-cross-mips:latest

.mailmap

@@ -43,6 +43,10 @@
 <nshirokovskiy@virtuozzo.com> <nshirokovskiy@parallels.com>
 <jyang@redhat.com> <osier@yunify.com>
 <kkoukiou@redhat.com> <k.koukiou@googlemail.com>
+<intrigeri@boum.org> <intrigeri+libvirt@boum.org>
+<fidencio@redhat.com> <fabiano@fidencio.org>
+<shi_lei@massclouds.com> <shilei.massclouds@gmx.com>
+<adrian.brzezinski@eo.pl> <redhat@adrb.pl>
 
 # Name consolidation:
 # Preferred author spelling <preferred email>

.travis.yml

@@ -5,92 +5,58 @@ branches:
   except:
     - /^.*-maint$/
 
+addons:
+  homebrew:
+    update: true
+    packages:
+      - ccache
+      - rpcgen
+      - xz
+      - yajl
+
 matrix:
   include:
     - services:
         - docker
       env:
         - IMAGE="ubuntu-18"
-        - DOCKER_CMD="$LINUX_CMD"
+        - MAKE_ARGS="syntax-check distcheck"
+      script:
+        - make -f Makefile.ci ci-build@$IMAGE CI_MAKE_ARGS="$MAKE_ARGS"
     - services:
         - docker
       env:
         - IMAGE="centos-7"
-        - DOCKER_CMD="$LINUX_CMD"
+        - MAKE_ARGS="syntax-check distcheck"
+      script:
+        - make -f Makefile.ci ci-build@$IMAGE CI_MAKE_ARGS="$MAKE_ARGS"
     - services:
         - docker
       env:
         - IMAGE="fedora-rawhide"
         - MINGW="mingw32"
-        - DOCKER_CMD="$MINGW_CMD"
+      script:
+        - make -f Makefile.ci ci-build@$IMAGE CI_CONFIGURE="$MINGW-configure"
     - services:
         - docker
       env:
         - IMAGE="fedora-rawhide"
         - MINGW="mingw64"
-        - DOCKER_CMD="$MINGW_CMD"
+      script:
+        - make -f Makefile.ci ci-build@$IMAGE CI_CONFIGURE="$MINGW-configure"
     - compiler: clang
       language: c
       os: osx
       env:
         - PATH="/usr/local/opt/gettext/bin:/usr/local/opt/ccache/libexec:/usr/local/opt/rpcgen/bin:$PATH"
       script:
-        /bin/sh -xc "$MACOS_CMD"
-
-script:
-  - docker run
-      -v $(pwd):/build
-      -w /build
-      -e VIR_TEST_DEBUG="$VIR_TEST_DEBUG"
-      -e MINGW="$MINGW"
-      "quay.io/libvirt/buildenv-$IMAGE:master"
-      /bin/sh -xc "$DOCKER_CMD"
+        # We can't run 'distcheck' or 'syntax-check' because they fail on
+        # macOS, but doing 'install' and 'dist' gives us some useful coverage
+        - ./autogen.sh --prefix=$(pwd)/install-root && make -j3 && make -j3 install && make -j3 dist
 
 git:
   submodules: true
 
-env:
-  global:
-    - VIR_TEST_DEBUG=1
-    - LINUX_CMD="
-        ./autogen.sh &&
-        make -j3 syntax-check &&
-        make -j3 distcheck ||
-        (
-          echo '=== LOG FILE(S) START ===';
-          find -name test-suite.log | xargs cat;
-          echo '=== LOG FILE(S) END ===';
-          exit 1
-        )
-      "
-    - MINGW_CMD="
-        NOCONFIGURE=1 ./autogen.sh &&
-        \$MINGW-configure &&
-        make -j3 ||
-        (
-          echo '=== LOG FILE(S) START ===';
-          find -name test-suite.log | xargs cat;
-          echo '=== LOG FILE(S) END ===';
-          exit 1
-        )
-      "
-    # We can't run 'distcheck' or 'syntax-check' because they fail on
-    # macOS, but doing 'install' and 'dist' gives us some useful coverage
-    - MACOS_CMD="
-        brew update &&
-        brew install ccache rpcgen xz yajl &&
-        ./autogen.sh --prefix=\$(pwd)/install-root &&
-        make -j3 &&
-        make -j3 install &&
-        make -j3 dist ||
-        (
-          echo '=== LOG FILE(S) START ===';
-          find -name test-suite.log | xargs cat;
-          echo '=== LOG FILE(S) END ===';
-          exit 1
-        )
-      "
-
 notifications:
   irc:
     # The channel name "irc.oftc.net#virt" is encrypted against libvirt/libvirt

ChangeLog

@@ -0,0 +1,15 @@
+libvirt ChangeLog
+=================
+
+The libvirt project doesn't include a detailed ChangeLog in its release
+archives.
+
+If you're interested in the full list of changes made to libvirt since
+the project was started, you can clone the git repository from
+
+  https://libvirt.org/git/libvirt.git
+
+and browse them locally using your favorite git history viewer or,
+alternatively, browse them online at
+
+  https://libvirt.org/git/?p=libvirt.git;a=log

Makefile.am

@@ -29,19 +29,29 @@ ACLOCAL_AMFLAGS = -I m4
 
 EXTRA_DIST = \
   config-post.h \
-  ChangeLog-old \
   libvirt.spec libvirt.spec.in \
   mingw-libvirt.spec.in \
   libvirt.pc.in \
   libvirt-qemu.pc.in \
   libvirt-lxc.pc.in \
   libvirt-admin.pc.in \
+  Makefile.ci \
   Makefile.nonreentrant \
   autogen.sh \
   cfg.mk \
   run.in \
   README.md \
-  AUTHORS.in
+  AUTHORS.in \
+  build-aux/augeas-gentest.pl \
+  build-aux/check-spacing.pl \
+  build-aux/gitlog-to-changelog \
+  build-aux/header-ifdef.pl \
+  build-aux/minimize-po.pl \
+  build-aux/mock-noinline.pl \
+  build-aux/prohibit-duplicate-header.pl \
+  build-aux/useless-if-before-free \
+  build-aux/vc-list-files \
+  $(NULL)
 
 pkgconfigdir = $(libdir)/pkgconfig
 pkgconfig_DATA = libvirt.pc libvirt-qemu.pc libvirt-lxc.pc libvirt-admin.pc
@@ -74,24 +84,12 @@ srpm: clean
 
 check-local: all tests
 
-check-access:
+check-access: all
 	@($(MAKE) $(AM_MAKEFLAGS) -C tests check-access)
 
 MAINTAINERCLEANFILES = .git-module-status
 
-dist-hook: gen-ChangeLog gen-AUTHORS
-
-# Generate the ChangeLog file (with all entries since the switch to git)
-# and insert it into the directory we're about to use to create a tarball.
-gen_start_date = 2009-07-04
-.PHONY: gen-ChangeLog
-gen-ChangeLog:
-	$(AM_V_GEN)if test -d .git; then \
-	  $(top_srcdir)/build-aux/gitlog-to-changelog \
-	    --since=$(gen_start_date) > $(distdir)/cl-t; \
-	  rm -f $(distdir)/ChangeLog; \
-	  mv $(distdir)/cl-t $(distdir)/ChangeLog; \
-	fi
+dist-hook: gen-AUTHORS
 
 .PHONY: gen-AUTHORS
 gen-AUTHORS:
@@ -109,3 +107,6 @@ gen-AUTHORS:
 	  mv -f $(distdir)/AUTHORS-tmp $(distdir)/AUTHORS && \
 	  rm -f all.list maint.list contrib.list; \
 	fi
+
+ci-%:
+	$(MAKE) -f Makefile.ci $@

Makefile.ci

@@ -0,0 +1,271 @@
+# -*- makefile -*-
+# vim: filetype=make
+
+# Figure out name and path to this file. This isn't
+# portable but we only care for modern GNU make
+CI_MAKEFILE = $(abspath $(firstword $(MAKEFILE_LIST)))
+
+# The directory holding content on the host that we will
+# expose to the container.
+CI_SCRATCHDIR = $(shell pwd)/ci-tree
+
+# The root directory of the libvirt.git checkout
+CI_GIT_ROOT = $(shell git rev-parse --show-toplevel)
+
+# The directory holding the clone of the git repo that
+# we will expose to the container
+CI_HOST_SRCDIR = $(CI_SCRATCHDIR)/src
+
+# The directory holding the source inside the
+# container, i.e. where we want to expose
+# the $(CI_HOST_SRCDIR) directory from the host
+CI_CONT_SRCDIR = /src
+
+# Relative directory to perform the build in. This
+# defaults to using a separate build dir, but can be
+# set to empty string for an in-source tree build.
+CI_VPATH = build
+
+# The directory holding the build output inside the
+# container.
+CI_CONT_BUILDDIR = $(CI_CONT_SRCDIR)/$(CI_VPATH)
+
+# Can be overridden with mingw{32,64}-configure if desired
+CI_CONFIGURE = $(CI_CONT_SRCDIR)/configure
+
+# Default to using all possible CPUs
+CI_SMP = $(shell getconf _NPROCESSORS_ONLN)
+
+# Any extra arguments to pass to make
+CI_MAKE_ARGS =
+
+# Any extra arguments to pass to configure
+CI_CONFIGURE_ARGS =
+
+# Avoid pulling submodules over the network by locally
+# cloning them
+CI_SUBMODULES = $(shell git submodule | awk '{ print $$2 }')
+
+# Location of the container images we're going to pull
+# Can be useful to overridde to use a locally built
+# image instead
+CI_IMAGE_PREFIX = quay.io/libvirt/buildenv-
+
+# The default tag is ':latest' but if the container
+# repo above uses different conventions this can override it
+CI_IMAGE_TAG = :latest
+
+# We delete the virtual root after completion, set
+# to 0 if you need to keep it around for debugging
+CI_CLEAN = 1
+
+# We'll always freshly clone the virtual root each
+# time in case it was not cleaned up before. Set
+# to 1 if you want to try restarting a previously
+# preserved env
+CI_REUSE = 0
+
+# We need the container process to run with current host IDs
+# so that it can access the passed in build directory
+CI_UID = $(shell id -u)
+CI_GID = $(shell id -g)
+
+CI_ENGINE = auto
+# Container engine we are going to use, can be overridden per make
+# invocation, if it is not we try podman and then default to docker.
+ifeq ($(CI_ENGINE),auto)
+	override CI_ENGINE = $(shell podman version >/dev/null 2>&1 && echo podman || echo docker)
+endif
+
+# IDs you run as do not need to exist in
+# the container's /etc/passwd & /etc/group files, but
+# if they do not, then libvirt's 'make check' will fail
+# many tests.
+
+# We do not directly mount /etc/{passwd,group} as Docker
+# is liable to mess with SELinux labelling which will
+# then prevent the host accessing them. And podman cannot
+# relabel the files due to it running rootless. So
+# copying them first is safer and error-prone.
+CI_PWDB_MOUNTS = \
+	--volume $(CI_SCRATCHDIR)/group:/etc/group:ro,z \
+	--volume $(CI_SCRATCHDIR)/passwd:/etc/passwd:ro,z \
+	$(NULL)
+
+# Docker containers can have very large ulimits
+# for nofiles - as much as 1048576. This makes
+# libvirt very slow at exec'ing programs.
+CI_ULIMIT_FILES = 1024
+
+ifeq ($(CI_ENGINE),podman)
+	# Podman cannot reuse host namespace when running non-root containers.  Until
+	# support for --keep-uid is added we can just create another mapping that will
+	# do that for us.  Beware, that in {uid,git}map=container_id:host_id:range,
+	# the host_id does actually refer to the uid in the first mapping where 0
+	# (root) is mapped to the current user and rest is offset.
+
+	# In order to set up this mapping, we need to keep all the user IDs to prevent
+	# possible errors as some images might expect UIDs up to 90000 (looking at you
+	# fedora), so we don't want the overflowuid to be used for them.  For mapping
+	# all the other users properly ther eneeds to be some math done.  Don't worry,
+	# it's just addition and subtraction.
+
+	# 65536 ought to be enough (tm), but for really rare cases the maximums might
+	# need to be higher, but that only happens when your /etc/sub{u,g}id allow
+	# users to have more IDs.  Unless --keep-uid is supported, let's do this in a
+	# way that should work for everyone.
+	CI_MAX_UID = $(shell sed -n "s/^$USER:[^:]\+://p" /etc/subuid)
+	CI_MAX_GID = $(shell sed -n "s/^$USER:[^:]\+://p" /etc/subgid)
+	ifeq ($(CI_MAX_UID),)
+		CI_MAX_UID = 65536
+	endif
+	ifeq ($(CI_MAX_GID),)
+		CI_MAX_GID = 65536
+	endif
+	CI_UID_OTHER = $(shell echo $$(($(CI_UID)+1)))
+	CI_GID_OTHER = $(shell echo $$(($(CI_GID)+1)))
+	CI_UID_OTHER_RANGE = $(shell echo $$(($(CI_MAX_UID)-$(CI_UID))))
+	CI_GID_OTHER_RANGE = $(shell echo $$(($(CI_MAX_GID)-$(CI_GID))))
+
+	CI_PODMAN_ARGS = \
+		--uidmap 0:1:$(CI_UID) \
+		--uidmap $(CI_UID):0:1 \
+		--uidmap $(CI_UID_OTHER):$(CI_UID_OTHER):$(CI_UID_OTHER_RANGE) \
+		--gidmap 0:1:$(CI_GID) \
+		--gidmap $(CI_GID):0:1 \
+		--gidmap $(CI_GID_OTHER):$(CI_GID_OTHER):$(CI_GID_OTHER_RANGE) \
+		$(NULL)
+endif
+
+# Args to use when cloning a git repo.
+#  -c  stop it complaining about checking out a random hash
+#  -q  stop it displaying progress info for local clone
+#  --local ensure we don't actually copy files
+CI_GIT_ARGS = \
+	-c advice.detachedHead=false \
+	-q \
+	--local  \
+	$(NULL)
+
+# Args to use when running the container
+#   --rm      stop inactive containers getting left behind
+#   --user    we execute as the same user & group account
+#             as dev so that file ownership matches host
+#             instead of root:root
+#   --volume  to pass in the cloned git repo & config
+#   --workdir to set cwd to vpath build location
+#   --ulimit  lower files limit for performance reasons
+#   --interactive
+#   --tty     Ensure we have ability to Ctrl-C the build
+CI_ENGINE_ARGS = \
+	--rm \
+	--user $(CI_UID):$(CI_GID) \
+	--interactive \
+	--tty \
+	$(CI_PODMAN_ARGS) \
+	$(CI_PWDB_MOUNTS) \
+	--volume $(CI_HOST_SRCDIR):$(CI_CONT_SRCDIR):z \
+	--workdir $(CI_CONT_SRCDIR) \
+	--ulimit nofile=$(CI_ULIMIT_FILES):$(CI_ULIMIT_FILES) \
+	$(NULL)
+
+ci-check-engine:
+	@echo -n "Checking if $(CI_ENGINE) is available..." && \
+	$(CI_ENGINE) version 1>/dev/null && echo "yes"
+
+ci-prepare-tree: ci-check-engine
+	@test "$(CI_REUSE)" != "1" && rm -rf $(CI_SCRATCHDIR) || :
+	@if ! test -d $(CI_SCRATCHDIR) ; then \
+		mkdir -p $(CI_SCRATCHDIR); \
+		cp /etc/passwd $(CI_SCRATCHDIR); \
+		cp /etc/group $(CI_SCRATCHDIR); \
+		echo "Cloning $(CI_GIT_ROOT) to $(CI_HOST_SRCDIR)"; \
+		git clone $(CI_GIT_ARGS) $(CI_GIT_ROOT) $(CI_HOST_SRCDIR) || exit 1; \
+		for mod in $(CI_SUBMODULES) ; \
+		do \
+			test -f $(CI_GIT_ROOT)/$$mod/.git || continue ; \
+			echo "Cloning $(CI_GIT_ROOT)/$$mod to $(CI_HOST_SRCDIR)/$$mod"; \
+			git clone $(CI_GIT_ARGS) $(CI_GIT_ROOT)/$$mod $(CI_HOST_SRCDIR)/$$mod || exit 1; \
+		done ; \
+	fi
+
+# $CONFIGURE_OPTS is a env that can optionally be set in the container,
+# populated at build time from the Dockerfile. A typical use case would
+# be to pass --host/--target args to trigger cross-compilation
+#
+# This can be augmented by make local args in $(CI_CONFIGURE_ARGS)
+#
+# gl_public_submodule_commit= to disable gnulib's submodule check
+# which breaks due to way we clone the submodules
+ci-build@%: ci-prepare-tree
+	$(CI_ENGINE) run $(CI_ENGINE_ARGS) $(CI_IMAGE_PREFIX)$*$(CI_IMAGE_TAG) \
+		/bin/bash -c '\
+		mkdir -p $(CI_CONT_BUILDDIR) || exit 1 ; \
+		cd $(CI_CONT_BUILDDIR) ; \
+		NOCONFIGURE=1 $(CI_CONT_SRCDIR)/autogen.sh || exit 1 ; \
+		$(CI_CONFIGURE) $${CONFIGURE_OPTS} $(CI_CONFIGURE_ARGS) ; \
+		if test $$? != 0 ; \
+		then \
+			test -f config.log && cat config.log ; \
+			exit 1 ; \
+		fi; \
+		find -name test-suite.log -delete ; \
+		export VIR_TEST_DEBUG=1 ; \
+		make -j$(CI_SMP) gl_public_submodule_commit= $(CI_MAKE_ARGS) ; \
+		if test $$? != 0 ; then \
+			LOGS=`find -name test-suite.log` ; \
+			if test "$${LOGS}" != "" ; then \
+				echo "=== LOG FILE(S) START ===" ; \
+				cat $${LOGS} ; \
+				echo "=== LOG FILE(S) END ===" ; \
+			fi ; \
+			exit 1 ;\
+		fi'
+	@test "$(CI_CLEAN)" = "1" && rm -rf $(CI_SCRATCHDIR) || :
+
+ci-check@%:
+	$(MAKE) -f $(CI_MAKEFILE) ci-build@$* CI_MAKE_ARGS="check"
+
+ci-shell@%: ci-prepare-tree
+	$(CI_ENGINE) run $(CI_ENGINE_ARGS) $(CI_IMAGE_PREFIX)$*$(CI_IMAGE_TAG) /bin/bash
+	@test "$(CI_CLEAN)" = "1" && rm -rf $(CI_SCRATCHDIR) || :
+
+ci-help:
+	@echo "Build libvirt inside containers used for CI"
+	@echo
+	@echo "Available targets:"
+	@echo
+	@echo "    ci-build@\$$IMAGE - run a default 'make'"
+	@echo "    ci-check@\$$IMAGE - run a 'make check'"
+	@echo "    ci-shell@\$$IMAGE - run an interactive shell"
+	@echo
+	@echo "Available x86 container images:"
+	@echo
+	@echo "    centos-7"
+	@echo "    debian-9"
+	@echo "    debian-10"
+	@echo "    debian-sid"
+	@echo "    fedora-29"
+	@echo "    fedora-30"
+	@echo "    fedora-rawhide"
+	@echo "    ubuntu-16"
+	@echo "    ubuntu-18"
+	@echo
+	@echo "Available cross-compiler container images:"
+	@echo
+	@echo "    debian-{9,10,sid}-cross-aarch64"
+	@echo "    debian-{9,10,sid}-cross-armv6l"
+	@echo "    debian-{9,10,sid}-cross-armv7l"
+	@echo "    debian-{10,sid}-cross-i686"
+	@echo "    debian-{9,10,sid}-cross-mips64el"
+	@echo "    debian-{9,10,sid}-cross-mips"
+	@echo "    debian-{9,10,sid}-cross-mipsel"
+	@echo "    debian-{9,10,sid}-cross-ppc64le"
+	@echo "    debian-{9,10,sid}-cross-s390x"
+	@echo
+	@echo "Available make variables:"
+	@echo
+	@echo "    CI_CLEAN=0     - do not delete '$(CI_SCRATCHDIR)' after completion"
+	@echo "    CI_REUSE=1     - re-use existing '$(CI_SCRATCHDIR)' content"
+	@echo "    CI_ENGINE=auto - container engine to use (podman, docker)"
+	@echo

README.md

@@ -30,7 +30,7 @@ License
 The libvirt C API is distributed under the terms of GNU Lesser General
 Public License, version 2.1 (or later). Some parts of the code that are
 not part of the C library may have the more restrictive GNU General
-Public License, version 2.1 (or later). See the files `COPYING.LESSER`
+Public License, version 2.0 (or later). See the files `COPYING.LESSER`
 and `COPYING` for full license terms & conditions.
 
 

bootstrap.conf

@@ -176,8 +176,8 @@ xmllint	   -
 xsltproc   -
 "
 
-# Automake requires that ChangeLog and AUTHORS exist.
-touch AUTHORS ChangeLog || exit 1
+# Automake requires that AUTHORS exist.
+touch AUTHORS || exit 1
 
 # Override bootstrap's list - we don't use mdate-sh or texinfo.tex.
 gnulib_extra_files="

build-aux/header-ifdef.pl

@@ -6,18 +6,26 @@
 #  ...copyright header...
 #  */
 # <one blank line>
-# #ifndef SYMBOL
-# # define SYMBOL
+# #pragma once
 # ....content....
-# #endif /* SYMBOL */
 #
-# For any file ending priv.h, before the #ifndef
+#---
+#
+# For any file ending priv.h, before the #pragma once
 # We will have a further section
 #
 # #ifndef SYMBOL_ALLOW
 # # error ....
 # #endif /* SYMBOL_ALLOW */
 # <one blank line>
+#
+#---
+#
+# For public headers (files in include/), use the standard header guard instead of #pragma once:
+# #ifndef SYMBOL
+# # define SYMBOL
+# ....content....
+# #endif /* SYMBOL */
 
 use strict;
 use warnings;
@@ -32,11 +40,13 @@ my $STATE_GUARD_START = 6;
 my $STATE_GUARD_DEFINE = 7;
 my $STATE_GUARD_END = 8;
 my $STATE_EOF = 9;
+my $STATE_PRAGMA = 10;
 
 my $file = " ";
 my $ret = 0;
 my $ifdef = "";
 my $ifdefpriv = "";
+my $publicheader = 0;
 
 my $state = $STATE_EOF;
 my $mistake = 0;
@@ -63,7 +73,11 @@ while (<>) {
         } elsif ($state == $STATE_PRIV_BLANK) {
             &mistake("$file: missing blank line after priv header check");
         } elsif ($state == $STATE_GUARD_START) {
-            &mistake("$file: missing '#ifndef $ifdef'");
+            if ($publicheader) {
+                &mistake("$file: missing '#ifndef $ifdef'");
+            } else {
+                &mistake("$file: missing '#pragma once' header guard");
+            }
         } elsif ($state == $STATE_GUARD_DEFINE) {
             &mistake("$file: missing '# define $ifdef'");
         } elsif ($state == $STATE_GUARD_END) {
@@ -82,6 +96,7 @@ while (<>) {
         $file = $ARGV;
         $state = $STATE_COPYRIGHT_COMMENT;
         $mistake = 0;
+        $publicheader = ($ARGV =~ /include\//);
     }
 
     if ($mistake ||
@@ -106,7 +121,7 @@ while (<>) {
         }
     } elsif ($state == $STATE_PRIV_START) {
         if (/^$/) {
-            &mistake("$file: too many blank lines after coyright header");
+            &mistake("$file: too many blank lines after copyright header");
         } elsif (/#ifndef $ifdefpriv$/) {
             $state = $STATE_PRIV_ERROR;
         } else {
@@ -116,7 +131,7 @@ while (<>) {
         if (/# error ".*"$/) {
             $state = $STATE_PRIV_END;
         } else {
-            &mistake("$file: missing '#error ...priv allow...'");
+            &mistake("$file: missing '# error ...priv allow...'");
         }
     } elsif ($state == $STATE_PRIV_END) {
         if (m,#endif /\* $ifdefpriv \*/,) {
@@ -131,11 +146,20 @@ while (<>) {
         $state = $STATE_GUARD_START;
     } elsif ($state == $STATE_GUARD_START) {
         if (/^$/) {
-            &mistake("$file: too many blank lines after coyright header");
-        } elsif (/#ifndef $ifdef$/) {
-            $state = $STATE_GUARD_DEFINE;
+            &mistake("$file: too many blank lines after copyright header");
+        }
+        if ($publicheader) {
+            if (/#ifndef $ifdef$/) {
+                $state = $STATE_GUARD_DEFINE;
+            } else {
+                &mistake("$file: missing '#ifndef $ifdef'");
+            }
         } else {
-            &mistake("$file: missing '#ifndef $ifdef'");
+            if (/#pragma once/) {
+                $state = $STATE_PRAGMA;
+            } else {
+                &mistake("$file: missing '#pragma once' header guard");
+            }
         }
     } elsif ($state == $STATE_GUARD_DEFINE) {
         if (/# define $ifdef$/) {
@@ -147,6 +171,8 @@ while (<>) {
         if (m,#endif /\* $ifdef \*/$,) {
             $state = $STATE_EOF;
         }
+    } elsif ($state == $STATE_PRAGMA) {
+        next;
     } elsif ($state == $STATE_EOF) {
         die "$file: unexpected content after '#endif /* $ifdef */'";
     } else {

build-aux/mock-noinline.pl

@@ -6,6 +6,9 @@ my %mocked;
 # Functions in public header don't get the noinline annotation
 # so whitelist them here
 $noninlined{"virEventAddTimeout"} = 1;
+# This one confuses the script as its defined in the mock file
+# but is actually just a local helper
+$noninlined{"virMockStatRedirect"} = 1;
 
 foreach my $arg (@ARGV) {
     if ($arg =~ /\.h$/) {

cfg.mk

@@ -133,7 +133,6 @@ useless_free_options = \
   --name=virDomainNetDefFree \
   --name=virDomainObjFree \
   --name=virDomainSmartcardDefFree \
-  --name=virDomainSnapshotDefFree \
   --name=virDomainSnapshotObjFree \
   --name=virDomainSoundDefFree \
   --name=virDomainVideoDefFree \
@@ -147,9 +146,6 @@ useless_free_options = \
   --name=virJSONValueFree \
   --name=virLastErrFreeData \
   --name=virNetMessageFree \
-  --name=virNetServerMDNSFree \
-  --name=virNetServerMDNSEntryFree \
-  --name=virNetServerMDNSGroupFree \
   --name=virNWFilterDefFree \
   --name=virNWFilterEntryFree \
   --name=virNWFilterHashTableFree \
@@ -211,7 +207,6 @@ useless_free_options = \
 # y virDomainInputDefFree
 # y virDomainNetDefFree
 # y virDomainObjFree
-# y virDomainSnapshotDefFree
 # n virDomainSnapshotFree (returns int)
 # n virDomainSnapshotFreeName (returns int)
 # y virDomainSnapshotObjFree
@@ -616,6 +611,7 @@ msg_gen_function += virReportError
 msg_gen_function += virReportErrorHelper
 msg_gen_function += virReportSystemError
 msg_gen_function += xenapiSessionErrorHandler
+msg_gen_function += virLastErrorPrefixMessage
 
 # Uncomment the following and run "make syntax-check" to see diagnostics
 # that are not yet marked for translation, but that need to be rewritten
@@ -809,11 +805,11 @@ sc_prohibit_cross_inclusion:
 sc_require_enum_last_marker:
 	@$(VC_LIST_EXCEPT) | xargs \
 		$(GREP) -A1 -nE '^[^#]*VIR_ENUM_IMPL *\(' /dev/null \
-	   | $(SED) -ne '/VIR_ENUM_IMPL[^,]*,$$/N' \
-	     -e '/VIR_ENUM_IMPL[^,]*,[^,]*[^_,][^L,][^A,][^S,][^T,],/p' \
+	   | $(SED) -ne '/VIR_ENUM_IMPL.*,$$/N' \
+	     -e '/VIR_ENUM_IMPL[^,]*,[^,]*,[^,]*[^_,][^L,][^A,][^S,][^T,],/p' \
 	     -e '/VIR_ENUM_IMPL[^,]*,[^,]\{0,4\},/p' \
 	   | $(GREP) . && \
-	  { echo '$(ME): enum impl needs to use _LAST marker' 1>&2; \
+	  { echo '$(ME): enum impl needs _LAST marker on second line' 1>&2; \
 	    exit 1; } || :
 
 # In Python files we don't want to end lines with a semicolon like in C
@@ -1083,6 +1079,19 @@ sc_prohibit_class:
 	halt='use klass instead of class or _class' \
 	  $(_sc_search_regexp)
 
+# The dirent "d_type" field is non-portable and even when it
+# exists some filesystems will only ever return DT_UNKNOWN.
+# This field should only be used by code which is exclusively
+# run platforms supporting "d_type" and must expect DT_UNKNOWN.
+# We blacklist it to discourage accidental usage which has
+# happened many times. Add an exclude rule if it is genuinely
+# needed and the above restrictions are acceptable.
+sc_prohibit_dirent_d_type:
+	@prohibit='(->|\.)d_type' \
+	in_vc_files='\.[chx]$$' \
+	halt='do not use the d_type field in "struct dirent"' \
+	  $(_sc_search_regexp)
+
 
 # We don't use this feature of maint.mk.
 prev_version_file = /dev/null
@@ -1113,7 +1122,7 @@ maint.mk Makefile: _autogen_error
   # though, as it would be quite pointless
   ifeq (2,$(_dry_run_result)$(_clean_requested))
     $(info INFO: running autogen.sh is required, running it now...)
-    $(shell touch $(srcdir)/AUTHORS $(srcdir)/ChangeLog)
+    $(shell touch $(srcdir)/AUTHORS)
 maint.mk Makefile: _autogen
   endif
 endif
@@ -1134,6 +1143,11 @@ ifneq ($(_gl-Makefile),)
 syntax-check: spacing-check test-wrap-argv \
 	prohibit-duplicate-header mock-noinline group-qemu-caps \
         header-ifdef
+	@if ! cppi --version >/dev/null 2>&1; then \
+		echo "*****************************************************" >&2; \
+		echo "* cppi not installed, some checks have been skipped *" >&2; \
+		echo "*****************************************************" >&2; \
+	fi
 endif
 
 # Don't include duplicate header in the source (either *.c or *.h)
@@ -1242,7 +1256,7 @@ exclude_file_name_regexp--sc_prohibit_newline_at_end_of_diagnostic = \
   ^src/rpc/gendispatch\.pl$$
 
 exclude_file_name_regexp--sc_prohibit_nonreentrant = \
-  ^((po|tests|examples/admin)/|docs/.*(py|js|html\.in)|run.in$$|tools/wireshark/util/genxdrstub\.pl$$)
+  ^((po|tests|examples)/|docs/.*(py|js|html\.in)|run.in$$|tools/wireshark/util/genxdrstub\.pl$$)
 
 exclude_file_name_regexp--sc_prohibit_select = \
 	^cfg\.mk$$
@@ -1272,10 +1286,10 @@ exclude_file_name_regexp--sc_prohibit_xmlURI = ^src/util/viruri\.c$$
 exclude_file_name_regexp--sc_prohibit_return_as_function = \.py$$
 
 exclude_file_name_regexp--sc_require_config_h = \
-	^(examples/|tools/virsh-edit\.c$$)
+	^(examples/|tools/virsh-edit\.c$$|tests/virmockstathelpers.c)
 
 exclude_file_name_regexp--sc_require_config_h_first = \
-	^(examples/|tools/virsh-edit\.c$$)
+	^(examples/|tools/virsh-edit\.c$$|tests/virmockstathelpers.c)
 
 exclude_file_name_regexp--sc_trailing_blank = \
   /sysinfodata/.*\.data|/virhostcpudata/.*\.cpuinfo|^gnulib/local/.*/.*diff$$
@@ -1337,3 +1351,6 @@ exclude_file_name_regexp--sc_prohibit_readdir = \
 
 exclude_file_name_regexp--sc_prohibit_cross_inclusion = \
   ^(src/util/virclosecallbacks\.h|src/util/virhostdev\.h)$$
+
+exclude_file_name_regexp--sc_prohibit_dirent_d_type = \
+  ^(src/util/vircgroup.c)$

config-post.h

@@ -44,7 +44,6 @@
 # undef WITH_SYSTEMD_DAEMON
 # undef WITH_VIRTUALPORT
 # undef WITH_YAJL
-# undef WITH_YAJL2
 #endif
 
 /*

configure.ac

@@ -16,15 +16,21 @@ dnl You should have received a copy of the GNU Lesser General Public
 dnl License along with this library.  If not, see
 dnl <http://www.gnu.org/licenses/>.
 
-AC_INIT([libvirt], [5.2.0], [libvir-list@redhat.com], [], [https://libvirt.org])
+AC_INIT([libvirt], [5.6.0], [libvir-list@redhat.com], [], [https://libvirt.org])
 AC_CONFIG_SRCDIR([src/libvirt.c])
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_HEADERS([config.h])
 AH_BOTTOM([#include <config-post.h>])
 AC_CONFIG_MACRO_DIR([m4])
-dnl Make automake keep quiet about wildcards & other GNUmake-isms; also keep
-dnl quiet about the fact that we intentionally cater to automake 1.9
-AM_INIT_AUTOMAKE([-Wno-portability -Wno-obsolete tar-pax no-dist-gzip dist-xz subdir-objects])
+dnl Make automake keep quiet about wildcards & other GNUmake-isms
+AM_INIT_AUTOMAKE([
+    foreign
+    -Wno-portability
+    tar-pax
+    no-dist-gzip
+    dist-xz
+    subdir-objects
+    ])
 dnl older automake's default of ARFLAGS=cru is noisy on newer binutils;
 dnl we don't really need the 'u' even in older toolchains.  Then there is
 dnl older libtool, which spelled it AR_FLAGS
@@ -174,13 +180,13 @@ want_ifconfig=no
 dnl Make some notes about which OS we're compiling for, as the lxc and qemu
 dnl drivers require linux headers, and storage_mpath, dtrace, and nwfilter
 dnl are also linux specific.  The "network" and storage_fs drivers are known
-dnl to not work on MacOS X presently, so we also make a note if compiling
+dnl to not work on macOS presently, so we also make a note if compiling
 dnl for that
 
-with_linux=no with_osx=no with_freebsd=no with_win=no with_cygwin=no
+with_linux=no with_macos=no with_freebsd=no with_win=no with_cygwin=no
 case $host in
   *-*-linux*) with_linux=yes ;;
-  *-*-darwin*) with_osx=yes ;;
+  *-*-darwin*) with_macos=yes ;;
   *-*-freebsd*) with_freebsd=yes ;;
   *-*-mingw* | *-*-msvc* ) with_win=yes ;;
   *-*-cygwin*) with_cygwin=yes ;;
@@ -239,7 +245,6 @@ LIBVIRT_LINKER_NO_UNDEFINED
 LIBVIRT_ARG_APPARMOR
 LIBVIRT_ARG_ATTR
 LIBVIRT_ARG_AUDIT
-LIBVIRT_ARG_AVAHI
 LIBVIRT_ARG_BASH_COMPLETION
 LIBVIRT_ARG_BLKID
 LIBVIRT_ARG_CAPNG
@@ -278,7 +283,6 @@ LIBVIRT_CHECK_APPARMOR
 LIBVIRT_CHECK_ATOMIC
 LIBVIRT_CHECK_ATTR
 LIBVIRT_CHECK_AUDIT
-LIBVIRT_CHECK_AVAHI
 LIBVIRT_CHECK_BASH_COMPLETION
 LIBVIRT_CHECK_BLKID
 LIBVIRT_CHECK_CAPNG
@@ -408,19 +412,6 @@ dnl
 
 LIBVIRT_CHECK_EXTERNAL_PROGRAMS
 
-
-dnl Specific dir for HTML output ?
-LIBVIRT_ARG_WITH([HTML_DIR], [path to base html directory],
-                 ['$(datadir)/doc'])
-LIBVIRT_ARG_WITH([HTML_SUBDIR], [directory used under html-dir],
-                 ['$(PACKAGE)-$(VERSION)/html'])
-if test "x$with_html_subdir" != "x" ; then
-  HTML_DIR="$with_html_dir/$with_html_subdir"
-else
-  HTML_DIR="$with_html_dir"
-fi
-AC_SUBST([HTML_DIR])
-
 dnl if --prefix is /usr, don't use /usr/var for localstatedir
 dnl or /usr/etc for sysconfdir
 dnl as this makes a lot of things break in testing situations
@@ -621,9 +612,9 @@ if test "$with_libvirtd" = "no"; then
   with_storage_vstorage=no
 fi
 
-dnl storage-fs does not work on MacOS X
+dnl storage-fs does not work on macOS
 
-if test "$with_osx" = "yes"; then
+if test "$with_macos" = "yes"; then
   with_storage_fs=no
 fi
 
@@ -977,7 +968,6 @@ LIBVIRT_RESULT_ACL
 LIBVIRT_RESULT_APPARMOR
 LIBVIRT_RESULT_ATTR
 LIBVIRT_RESULT_AUDIT
-LIBVIRT_RESULT_AVAHI
 LIBVIRT_RESULT_BASH_COMPLETION
 LIBVIRT_RESULT_BLKID
 LIBVIRT_RESULT_CAPNG

docs/Makefile.am

@@ -16,26 +16,33 @@
 ## License along with this library.  If not, see
 ## <http://www.gnu.org/licenses/>.
 
+HTML_DIR = $(docdir)/html
 DEVHELP_DIR=$(datadir)/gtk-doc/html/libvirt
 
+modules = \
+	libvirt-common \
+	libvirt-domain \
+	libvirt-domain-checkpoint \
+	libvirt-domain-snapshot \
+	libvirt-event \
+	libvirt-host \
+	libvirt-interface \
+	libvirt-network \
+	libvirt-nodedev \
+	libvirt-nwfilter \
+	libvirt-secret \
+	libvirt-storage \
+	libvirt-stream \
+	virterror \
+	$(NULL)
+
 apihtml = \
   html/index.html \
   $(apihtml_generated)
 
 apihtml_generated = \
-  html/libvirt-libvirt-common.html \
-  html/libvirt-libvirt-domain.html \
-  html/libvirt-libvirt-domain-snapshot.html \
-  html/libvirt-libvirt-event.html \
-  html/libvirt-libvirt-host.html \
-  html/libvirt-libvirt-interface.html \
-  html/libvirt-libvirt-network.html \
-  html/libvirt-libvirt-nodedev.html \
-  html/libvirt-libvirt-nwfilter.html \
-  html/libvirt-libvirt-secret.html \
-  html/libvirt-libvirt-storage.html \
-  html/libvirt-libvirt-stream.html \
-  html/libvirt-virterror.html
+	$(addprefix html/libvirt-,$(addsuffix .html,$(modules))) \
+	$(NULL)
 
 apipng = \
   html/left.png \
@@ -47,7 +54,11 @@ devhelphtml = \
   devhelp/libvirt.devhelp \
   devhelp/index.html \
   devhelp/general.html \
-  devhelp/libvirt-virterror.html
+  $(devhelphtml_generated)
+
+devhelphtml_generated = \
+	$(addprefix devhelp/libvirt-,$(addsuffix .html,$(modules))) \
+	$(NULL)
 
 css = \
   generic.css \
@@ -55,6 +66,10 @@ css = \
   mobile.css \
   main.css
 
+javascript = \
+  js/main.js \
+  $(NULL)
+
 fonts = \
   fonts/LICENSE.md \
   fonts/stylesheet.css \
@@ -118,6 +133,10 @@ internals_html_in = \
   $(patsubst $(srcdir)/%,%,$(wildcard $(srcdir)/internals/*.html.in))
 internals_html = $(internals_html_in:%.html.in=%.html)
 
+kbase_html_in = \
+  $(patsubst $(srcdir)/%,%,$(wildcard $(srcdir)/kbase/*.html.in))
+kbase_html = $(kbase_html_in:%.html.in=%.html)
+
 # Since we ship pre-built html in the tarball, we must also
 # ship the sources, even when those sources are themselves
 # generated.
@@ -128,10 +147,6 @@ dot_html_in = \
   $(notdir $(wildcard $(srcdir)/*.html.in))
 dot_html = $(dot_html_in:%.html.in=%.html)
 
-dot_php_in = $(notdir $(wildcard $(srcdir)/*.php.in))
-dot_php_code_in = $(dot_php_in:%.php.in=%.php.code.in)
-dot_php = $(dot_php_in:%.php.in=%.php)
-
 xml = \
   libvirt-api.xml \
   libvirt-refs.xml
@@ -175,8 +190,9 @@ EXTRA_DIST= \
   $(dot_html) $(dot_html_in) $(gif) $(apihtml) $(apipng) \
   $(devhelphtml) $(devhelppng) $(devhelpcss) $(devhelpxsl) \
   $(xml) $(qemu_xml) $(lxc_xml) $(admin_xml) $(fig) $(png) $(css) \
-  $(logofiles) $(dot_php_in) $(dot_php_code_in) $(dot_php)\
+  $(javascript) $(logofiles) \
   $(internals_html_in) $(internals_html) $(fonts) \
+  $(kbase_html_in) $(kbase_html) \
   aclperms.htmlinc \
   hvsupport.pl \
   $(schema_DATA)
@@ -192,7 +208,7 @@ MAINTAINERCLEANFILES = \
   $(addprefix $(srcdir)/,$(apihtml)) \
   $(addprefix $(srcdir)/,$(devhelphtml)) \
   $(addprefix $(srcdir)/,$(internals_html)) \
-  $(addprefix $(srcdir)/,$(dot_php)) \
+  $(addprefix $(srcdir)/,$(kbase_html)) \
   $(srcdir)/hvsupport.html.in $(srcdir)/aclperms.htmlinc
 
 timestamp="$(shell if test -n "$$SOURCE_DATE_EPOCH"; \
@@ -209,8 +225,8 @@ qemu_api: $(srcdir)/libvirt-qemu-api.xml $(srcdir)/libvirt-qemu-refs.xml
 lxc_api: $(srcdir)/libvirt-lxc-api.xml $(srcdir)/libvirt-lxc-refs.xml
 admin_api: $(srcdir)/libvirt-admin-api.xml $(srcdir)/libvirt-admin-refs.xml
 
-web: $(dot_html) $(internals_html) html/index.html devhelp/index.html \
-  $(dot_php)
+web: $(dot_html) $(internals_html) $(kbase_html) \
+	html/index.html devhelp/index.html
 
 hvsupport.html: $(srcdir)/hvsupport.html.in
 
@@ -221,20 +237,14 @@ $(srcdir)/hvsupport.html.in: $(srcdir)/hvsupport.pl $(api_DATA) \
 	$(AM_V_GEN)$(PERL) $(srcdir)/hvsupport.pl $(top_srcdir)/src > $@ \
 		|| { rm $@ && exit 1; }
 
-# xsltproc seems to add the xmlns="" attribute to random output elements:
-# use sed to strip it out, as leaving it there triggers XML errors during
-# further transformation steps
 news.html.in: \
 	  $(srcdir)/news.xml \
 	  $(srcdir)/news-html.xsl
 	$(AM_V_GEN)$(XSLTPROC) --nonet \
 	    $(srcdir)/news-html.xsl \
 	    $(srcdir)/news.xml \
-	  >$@-tmp \
-	    || { rm -f $@-tmp; exit 1; }; \
-	  sed 's/ xmlns=""//g' $@-tmp >$@ \
-	    || { rm -f $@-tmp; exit 1; }; \
-	  rm -f $@-tmp
+	  >$@ \
+	    || { rm -f $@; exit 1; };
 EXTRA_DIST += \
 	$(srcdir)/news.xml \
 	$(srcdir)/news.rng \
@@ -265,18 +275,6 @@ MAINTAINERCLEANFILES += \
 	$(AM_V_GEN)$(XMLLINT) --nonet --format $< > $(srcdir)/$@ \
 	  || { rm $(srcdir)/$@ && exit 1; }
 
-%.php.tmp: %.php.in site.xsl page.xsl
-	$(AM_V_GEN)$(XSLTPROC) --stringparam pagename $(@:.tmp=) \
-	    --stringparam timestamp $(timestamp) --nonet \
-	    $(top_srcdir)/docs/site.xsl $< > $@ \
-	    || { rm $@ && exit 1; }
-
-%.php: %.php.tmp %.php.code.in
-	$(AM_V_GEN)sed \
-	    -e '/<span id="php_placeholder"><\/span>/r '"$(srcdir)/$@.code.in" \
-	    -e /php_placeholder/d < $@.tmp > $(srcdir)/$@ \
-	    || { rm $(srcdir)/$@ && exit 1; }
-
 $(apihtml_generated): html/index.html
 
 html/index.html: libvirt-api.xml newapi.xsl page.xsl $(APIBUILD_STAMP)
@@ -316,6 +314,7 @@ $(python_generated_files): $(APIBUILD_STAMP)
 $(APIBUILD_STAMP): $(srcdir)/apibuild.py \
 		$(top_srcdir)/include/libvirt/libvirt.h \
 		$(top_srcdir)/include/libvirt/libvirt-common.h.in \
+		$(top_srcdir)/include/libvirt/libvirt-domain-checkpoint.h \
 		$(top_srcdir)/include/libvirt/libvirt-domain-snapshot.h \
 		$(top_srcdir)/include/libvirt/libvirt-domain.h \
 		$(top_srcdir)/include/libvirt/libvirt-event.h \
@@ -332,6 +331,7 @@ $(APIBUILD_STAMP): $(srcdir)/apibuild.py \
 		$(top_srcdir)/include/libvirt/libvirt-admin.h \
 		$(top_srcdir)/include/libvirt/virterror.h \
 		$(top_srcdir)/src/libvirt.c \
+		$(top_srcdir)/src/libvirt-domain-checkpoint.c \
 		$(top_srcdir)/src/libvirt-domain-snapshot.c \
 		$(top_srcdir)/src/libvirt-domain.c \
 		$(top_srcdir)/src/libvirt-host.c \
@@ -371,6 +371,9 @@ install-data-local:
 	$(mkinstalldirs) $(DESTDIR)$(HTML_DIR)
 	for f in $(css) $(dot_html) $(gif) $(png); do \
 	  $(INSTALL) -m 0644 $(srcdir)/$$f $(DESTDIR)$(HTML_DIR); done
+	$(mkinstalldirs) $(DESTDIR)$(HTML_DIR)/js
+	for f in $(javascript); do \
+	  $(INSTALL) -m 0644 $(srcdir)/$$f $(DESTDIR)$(HTML_DIR)/js/; done
 	$(mkinstalldirs) $(DESTDIR)$(HTML_DIR)/logos
 	for f in $(logofiles); do \
 	  $(INSTALL) -m 0644 $(srcdir)/$$f $(DESTDIR)$(HTML_DIR)/logos; done
@@ -382,6 +385,9 @@ install-data-local:
 	$(mkinstalldirs) $(DESTDIR)$(HTML_DIR)/internals
 	for f in $(internals_html); do \
 	  $(INSTALL) -m 0644 $(srcdir)/$$f $(DESTDIR)$(HTML_DIR)/internals; done
+	$(mkinstalldirs) $(DESTDIR)$(HTML_DIR)/kbase
+	for f in $(kbase_html); do \
+	  $(INSTALL) -m 0644 $(srcdir)/$$f $(DESTDIR)$(HTML_DIR)/kbase; done
 	$(mkinstalldirs) $(DESTDIR)$(DEVHELP_DIR)
 	for file in $(devhelphtml) $(devhelppng) $(devhelpcss); do \
 	    $(INSTALL) -m 0644 $(srcdir)/$${file} $(DESTDIR)$(DEVHELP_DIR) ; \
@@ -398,11 +404,17 @@ uninstall-local:
 	for f in $(logofiles); do \
 	  rm -f $(DESTDIR)$(HTML_DIR)/$$f; \
 	done
+	for f in $(javascript); do \
+	  rm -f $(DESTDIR)$(HTML_DIR)/$$f; \
+	done
 	for h in $(apihtml); do rm -f $(DESTDIR)$(HTML_DIR)/$$h; done
 	for p in $(apipng); do rm -f $(DESTDIR)$(HTML_DIR)/$$p; done
 	for f in $(internals_html); do \
 	  rm -f $(DESTDIR)$(HTML_DIR)/$$f; \
 	done
+	for f in $(kbase_html); do \
+	  rm -f $(DESTDIR)$(HTML_DIR)/$$f; \
+	done
 	for f in $(devhelphtml) $(devhelppng) $(devhelpcss); do \
 	  rm -f $(DESTDIR)$(DEVHELP_DIR)/$$(basename $$f); \
 	done

docs/api_extension.html.in

@@ -229,8 +229,8 @@
     <h3><a name='rpcclient'>Implement the RPC client</a></h3>
 
     <p>
-      Implementing the uses the rpcgen generated .h files.  The remote
-      method calls go in:
+      Implementing the RPC client uses the rpcgen generated .h files.
+      The remote method calls go in:
     </p>
 
     <p><code>src/remote/remote_driver.c</code></p>
@@ -256,7 +256,7 @@
       The server side dispatchers are implemented in:
     </p>
 
-    <p><code>src/remote/daemon_dispatch.c</code></p>
+    <p><code>src/remote/remote_daemon_dispatch.c</code></p>
 
     <p>Again, this step uses the .h files generated by make rpcgen.</p>
 

docs/apibuild.py

@@ -26,6 +26,7 @@ debugsym = None
 included_files = {
   "libvirt-common.h": "header with general libvirt API definitions",
   "libvirt-domain.h": "header with general libvirt API definitions",
+  "libvirt-domain-checkpoint.h": "header with general libvirt API definitions",
   "libvirt-domain-snapshot.h": "header with general libvirt API definitions",
   "libvirt-event.h": "header with general libvirt API definitions",
   "libvirt-host.h": "header with general libvirt API definitions",
@@ -39,6 +40,7 @@ included_files = {
   "virterror.h": "header with error specific API definitions",
   "libvirt.c": "Main interfaces for the libvirt library",
   "libvirt-domain.c": "Domain interfaces for the libvirt library",
+  "libvirt-domain-checkpoint.c": "Domain checkpoint interfaces for the libvirt library",
   "libvirt-domain-snapshot.c": "Domain snapshot interfaces for the libvirt library",
   "libvirt-host.c": "Host interfaces for the libvirt library",
   "libvirt-interface.c": "Interface interfaces for the libvirt library",

docs/apps.html.in

@@ -30,26 +30,6 @@
       <img src="logos/logo-square-powered-256.png" alt="libvirt powered"/>
     </p>
 
-    <h2><a id="clientserver">Client/Server applications</a></h2>
-
-    <dl>
-      <dt><a href="http://archipelproject.org">Archipel</a></dt>
-      <dd>
-        Archipel is a libvirt-based solution to manage and supervise virtual
-        machines.  It uses XMPP for all communication. There is no web
-        service or custom protocol.  You just need at least one XMPP server,
-        like eJabberd, to start playing with it.  This allows Archipel to
-        work completely real time.  You never have to refresh the user
-        interface, you'll be notified as soon as something happens. You can
-        even use your favorite chat clients to command your infrastructure.
-      </dd>
-      <dd>
-        Isn't it great to be able to open a chat conversation with your
-        virtual machine and say things like "How are you today?" or "Hey,
-        please reboot"?
-      </dd>
-    </dl>
-
     <h2><a id="command">Command line tools</a></h2>
 
     <dl>
@@ -119,6 +99,12 @@
         machines. It is a command line tool for developers that makes it very
         fast and easy to deploy and re-deploy an environment of vm's.
       </dd>
+      <dt><a href="https://github.com/virt-lightning/virt-lightning">virt-lightning</a></dt>
+      <dd>
+        Virt-Lightning uses libvirt, cloud-init and libguestfs to allow anyone
+        to quickly start a new VM. Very much like a container CLI, but with a
+        virtual machine.
+      </dd>
     </dl>
 
     <h2><a id="configmgmt">Configuration Management</a></h2>
@@ -142,7 +128,7 @@
     <h2><a id="continuousintegration">Continuous Integration</a></h2>
 
     <dl>
-      <dt><a href="https://buildbot.net/buildbot/docs/current/Libvirt.html">BuildBot</a></dt>
+      <dt><a href="http://docs.buildbot.net/latest/manual/configuration/workers-libvirt.html">BuildBot</a></dt>
       <dd>
         BuildBot is a system to automate the compile/test cycle required
         by most software projects.  CVS commits trigger new builds, run on
@@ -373,12 +359,6 @@
         metrics. It supports pCPU, vCPU, memory, block device, network interface,
         and performance event metrics for each virtual guest.
       </dd>
-      <dt><a href="https://community.zenoss.org/docs/DOC-4687">Zenoss</a></dt>
-      <dd>
-        The Zenoss libvirt Zenpack adds support for monitoring virtualization
-        servers.  It has been tested with KVM, QEMU, VMware ESX, and VMware
-        GSX.
-      </dd>
     </dl>
 
     <h2><a id="provisioning">Provisioning</a></h2>
@@ -483,17 +463,6 @@
       </dd>
     </dl>
 
-    <h2><a id="mobile">Mobile applications</a></h2>
-
-    <dl>
-      <dt><a href="https://market.android.com/details?id=vm.manager">VM Manager</a></dt>
-      <dd>
-        VM Manager is VM (libvirt) manager (over SSH) application. VM Manager
-        is an application for libvirt VM / Domain management over SSH.
-        Please keep in mind that this software is under heavy development.
-      </dd>
-    </dl>
-
     <h2><a id="other">Other</a></h2>
 
     <dl>

docs/devhelp/html.xsl

@@ -565,10 +565,6 @@ by a Linux instance. The library aim at providing long term stable C API
 initially for the <a href="http://www.cl.cam.ac.uk/Research/SRG/netos/xen/index.html">Xen
 paravirtualization</a> but should be able to integrate other virtualization
 mechanisms if needed.</p>
-<p> If you get lost searching for some specific API use, try
-<a href="https://libvirt.org/search.php">the online search
-engine</a> hosted on <a href="https://libvirt.org/">libvirt.org</a>
-it indexes the project page, the APIs as well as the mailing-list archives. </p>
 	</body>
       </html>
     </xsl:document>

docs/docs.html.in

@@ -72,6 +72,7 @@
         <dd>Description of the XML schemas for
           <a href="formatdomain.html">domains</a>,
           <a href="formatnetwork.html">networks</a>,
+          <a href="formatnetworkport.html">network ports</a>,
           <a href="formatnwfilter.html">network filtering</a>,
           <a href="formatstorage.html">storage</a>,
           <a href="formatstorageencryption.html">storage encryption</a>,
@@ -80,16 +81,12 @@
           <a href="formatstoragecaps.html">storage pool capabilities</a>,
           <a href="formatnode.html">node devices</a>,
           <a href="formatsecret.html">secrets</a>,
-          <a href="formatsnapshot.html">snapshots</a></dd>
+          <a href="formatsnapshot.html">snapshots</a>,
+          <a href="formatcheckpoint.html">checkpoints</a></dd>
 
         <dt><a href="uri.html">URI format</a></dt>
         <dd>The URI formats used for connecting to libvirt</dd>
 
-        <dt><a href="locking.html">Disk locking</a></dt>
-        <dd>Ensuring exclusive guest access to disks with
-          <a href="locking-lockd.html">virtlockd</a> or
-          <a href="locking-sanlock.html">Sanlock</a></dd>
-
         <dt><a href="cgroups.html">CGroups</a></dt>
         <dd>Control groups integration</dd>
 
@@ -97,6 +94,7 @@
         <dd>Reference manual for the C public API, split in
           <a href="html/libvirt-libvirt-common.html">common</a>,
           <a href="html/libvirt-libvirt-domain.html">domain</a>,
+          <a href="html/libvirt-libvirt-domain-checkpoint.html">domain checkpoint</a>,
           <a href="html/libvirt-libvirt-domain-snapshot.html">domain snapshot</a>,
           <a href="html/libvirt-virterror.html">error</a>,
           <a href="html/libvirt-libvirt-event.html">event</a>,
@@ -119,8 +117,8 @@
         <dt><a href="hvsupport.html">Driver support</a></dt>
         <dd>matrix of API support per hypervisor per release</dd>
 
-        <dt><a href="secureusage.html">Secure usage</a></dt>
-        <dd>Secure usage of the libvirt APIs</dd>
+        <dt><a href="kbase.html">Knowledge Base</a></dt>
+        <dd>Task oriented guides to key features</dd>
       </dl>
     </div>
 

docs/downloads.html.in

@@ -27,8 +27,7 @@
         <tr>
           <td>libvirt</td>
           <td>
-            <a href="ftp://libvirt.org/libvirt/">ftp</a>
-            <a href="https://libvirt.org/sources/">https</a>
+            <a href="https://libvirt.org/sources/">libvirt</a>
           </td>
           <td>
             <a href="https://libvirt.org/git/?p=libvirt.git;a=summary">libvirt</a>
@@ -48,8 +47,7 @@
         <tr>
           <td>C#</td>
           <td>
-            <a href="ftp://libvirt.org/libvirt/csharp/">ftp</a>
-            <a href="https://libvirt.org/sources/csharp/">https</a>
+            <a href="https://libvirt.org/sources/csharp/">libvirt</a>
           </td>
           <td>
             <a href="https://libvirt.org/git/?p=libvirt-csharp.git;a=summary">libvirt</a>
@@ -63,8 +61,7 @@
         <tr>
           <td>Go</td>
           <td>
-            <a href="ftp://libvirt.org/libvirt/go/">ftp</a>
-            <a href="https://libvirt.org/sources/go/">https</a>
+            <a href="https://libvirt.org/sources/go/">libvirt</a>
           </td>
           <td>
             <a href="https://libvirt.org/git/?p=libvirt-go.git;a=summary">libvirt</a>
@@ -80,8 +77,7 @@
         <tr>
           <td>Java</td>
           <td>
-            <a href="ftp://libvirt.org/libvirt/java/">ftp</a>
-            <a href="https://libvirt.org/sources/java/">https</a>
+            <a href="https://libvirt.org/sources/java/">libvirt</a>
           </td>
           <td>
             <a href="https://libvirt.org/git/?p=libvirt-java.git;a=summary">libvirt</a>
@@ -95,8 +91,7 @@
         <tr>
           <td>OCaml</td>
           <td>
-            <a href="ftp://libvirt.org/libvirt/ocaml/">ftp</a>
-            <a href="https://libvirt.org/sources/ocaml/">https</a>
+            <a href="https://libvirt.org/sources/ocaml/">libvirt</a>
           </td>
           <td>
             <a href="https://libvirt.org/git/?p=libvirt-ocaml.git;a=summary">libvirt</a>
@@ -110,7 +105,7 @@
         <tr>
           <td>Perl (Sys::Virt)</td>
           <td>
-            <a href="http://search.cpan.org/dist/Sys-Virt/">cpan</a>
+            <a href="https://metacpan.org/release/Sys-Virt/">cpan</a>
           </td>
           <td>
             <a href="https://libvirt.org/git/?p=libvirt-perl.git;a=summary">libvirt</a>
@@ -120,15 +115,14 @@
             <a href="https://github.com/libvirt/libvirt-perl">github</a>
           </td>
           <td>
-            <a href="http://search.cpan.org/dist/Sys-Virt/">api ref</a>
+            <a href="https://metacpan.org/release/Sys-Virt/">api ref</a>
             <a href="https://libvirt.org/git/?p=libvirt-perl.git;a=blob;f=Changes;hb=HEAD">changes</a>
           </td>
         </tr>
         <tr>
           <td>PHP</td>
           <td>
-            <a href="ftp://libvirt.org/libvirt/php/">ftp</a>
-            <a href="https://libvirt.org/sources/php/">https</a>
+            <a href="https://libvirt.org/sources/php/">libvirt</a>
           </td>
           <td>
             <a href="https://libvirt.org/git/?p=libvirt-php.git;a=summary">libvirt</a>
@@ -142,8 +136,7 @@
         <tr>
           <td>Python</td>
           <td>
-            <a href="ftp://libvirt.org/libvirt/python/">ftp</a>
-            <a href="https://libvirt.org/sources/python/">https</a>
+            <a href="https://libvirt.org/sources/python/">libvirt</a>
             <a href="https://pypi.python.org/pypi/libvirt-python">pypi</a>
           </td>
           <td>
@@ -158,8 +151,7 @@
         <tr>
           <td>Ruby</td>
           <td>
-            <a href="ftp://libvirt.org/libvirt/ruby/">ftp</a>
-            <a href="https://libvirt.org/sources/ruby/">https</a>
+            <a href="https://libvirt.org/sources/ruby/">libvirt</a>
           </td>
           <td>
             <a href="https://libvirt.org/git/?p=ruby-libvirt.git;a=summary">libvirt</a>
@@ -173,8 +165,7 @@
         <tr>
           <td>Rust</td>
           <td>
-            <a href="ftp://libvirt.org/libvirt/rust/">ftp</a>
-            <a href="https://libvirt.org/sources/rust/">https</a>
+            <a href="https://libvirt.org/sources/rust/">libvirt</a>
           </td>
           <td>
             <a href="https://libvirt.org/git/?p=libvirt-rust.git;a=summary">libvirt</a>
@@ -191,8 +182,7 @@
         <tr>
           <td>GLib / GConfig / GObject</td>
           <td>
-            <a href="ftp://libvirt.org/libvirt/glib/">ftp</a>
-            <a href="https://libvirt.org/sources/glib/">https</a>
+            <a href="https://libvirt.org/sources/glib/">libvirt</a>
           </td>
           <td>
             <a href="https://libvirt.org/git/?p=libvirt-glib.git;a=summary">libvirt</a>
@@ -206,8 +196,7 @@
         <tr>
           <td>Go XML</td>
           <td>
-            <a href="ftp://libvirt.org/libvirt/go/">ftp</a>
-            <a href="https://libvirt.org/sources/go/">https</a>
+            <a href="https://libvirt.org/sources/go/">libvirt</a>
           </td>
           <td>
             <a href="https://libvirt.org/git/?p=libvirt-go-xml.git;a=summary">libvirt</a>
@@ -223,8 +212,7 @@
         <tr>
           <td>D-Bus</td>
           <td>
-            <a href="ftp://libvirt.org/libvirt/dbus/">ftp</a>
-            <a href="https://libvirt.org/sources/dbus/">https</a>
+            <a href="https://libvirt.org/sources/dbus/">libvirt</a>
           </td>
           <td>
             <a href="https://libvirt.org/git/?p=libvirt-dbus.git;a=summary">libvirt</a>
@@ -238,8 +226,7 @@
         <tr>
           <td>Console Proxy</td>
           <td>
-            <a href="ftp://libvirt.org/libvirt/consoleproxy/">ftp</a>
-            <a href="https://libvirt.org/sources/consoleproxy/">https</a>
+            <a href="https://libvirt.org/sources/consoleproxy/">libvirt</a>
           </td>
           <td>
             <a href="https://libvirt.org/git/?p=libvirt-console-proxy.git;a=summary">libvirt</a>
@@ -253,8 +240,7 @@
         <tr>
           <td>CIM provider</td>
           <td>
-            <a href="ftp://libvirt.org/libvirt/CIM/">ftp</a>
-            <a href="https://libvirt.org/sources/CIM/">https</a>
+            <a href="https://libvirt.org/sources/CIM/">libvirt</a>
           </td>
           <td>
             <a href="https://libvirt.org/git/?p=libvirt-cim.git;a=summary">libvirt</a>
@@ -268,8 +254,7 @@
         <tr>
           <td>CIM utils</td>
           <td>
-            <a href="ftp://libvirt.org/libvirt/CIM/">ftp</a>
-            <a href="https://libvirt.org/sources/CIM/">https</a>
+            <a href="https://libvirt.org/sources/CIM/">libvirt</a>
           </td>
           <td>
             <a href="https://libvirt.org/git/?p=libcmpiutil.git;a=summary">libvirt</a>
@@ -283,8 +268,7 @@
         <tr>
           <td>SNMP</td>
           <td>
-            <a href="ftp://libvirt.org/libvirt/snmp/">ftp</a>
-            <a href="https://libvirt.org/sources/snmp/">https</a>
+            <a href="https://libvirt.org/sources/snmp/">libvirt</a>
           </td>
           <td>
             <a href="https://libvirt.org/git/?p=libvirt-snmp.git;a=summary">libvirt</a>
@@ -298,8 +282,7 @@
         <tr>
           <td>Application Sandbox</td>
           <td>
-            <a href="ftp://libvirt.org/libvirt/sandbox/">ftp</a>
-            <a href="https://libvirt.org/sources/sandbox/">https</a>
+            <a href="https://libvirt.org/sources/sandbox/">libvirt</a>
           </td>
           <td>
             <a href="https://libvirt.org/git/?p=libvirt-sandbox.git;a=summary">libvirt</a>
@@ -316,8 +299,7 @@
         <tr>
           <td>TCK</td>
           <td>
-            <a href="ftp://libvirt.org/libvirt/tck/">ftp</a>
-            <a href="https://libvirt.org/sources/tck/">https</a>
+            <a href="https://libvirt.org/sources/tck/">libvirt</a>
           </td>
           <td>
             <a href="https://libvirt.org/git/?p=libvirt-tck.git;a=summary">libvirt</a>
@@ -422,14 +404,11 @@
 
     <p>
       Most modules have releases made available for download on the project
-      site, via FTP, HTTP or HTTPS. Some modules are instead made available
-      at alternative locations, for example, the Perl binding is made
-      available only on CPAN.
+      site via HTTPS. Some modules are instead made available at alternative
+      locations, for example, the Perl binding is made available only on CPAN.
     </p>
 
     <ul>
-      <li><a href="ftp://libvirt.org/libvirt/">libvirt.org FTP server</a></li>
-      <li><a href="https://libvirt.org/sources/">libvirt.org HTTP server</a></li>
       <li><a href="https://libvirt.org/sources/">libvirt.org HTTPS server</a></li>
     </ul>
 

docs/drivers.html.in

@@ -6,7 +6,7 @@
 
     <ul>
       <li><a href="#hypervisor">Hypervisor drivers</a></li>
-      <li><a href="#storage">Storage drivers</a></li>
+      <li><a href="storage.html">Storage drivers</a></li>
       <li><a href="drvnodedev.html">Node device driver</a></li>
     </ul>
 
@@ -39,19 +39,5 @@
       <li><strong><a href="drvbhyve.html">Bhyve</a></strong> - The BSD Hypervisor</li>
     </ul>
 
-    <h2><a id="storage">Storage drivers</a></h2>
-
-    <ul>
-      <li><strong><a href="storage.html#StorageBackendDir">Directory backend</a></strong></li>
-      <li><strong><a href="storage.html#StorageBackendFS">Local filesystem backend</a></strong></li>
-      <li><strong><a href="storage.html#StorageBackendNetFS">Network filesystem backend</a></strong></li>
-      <li><strong><a href="storage.html#StorageBackendLogical">Logical Volume Manager (LVM) backend</a></strong></li>
-      <li><strong><a href="storage.html#StorageBackendDisk">Disk backend</a></strong></li>
-      <li><strong><a href="storage.html#StorageBackendISCSI">iSCSI backend</a></strong></li>
-      <li><strong><a href="storage.html#StorageBackendSCSI">SCSI backend</a></strong></li>
-      <li><strong><a href="storage.html#StorageBackendMultipath">Multipath backend</a></strong></li>
-      <li><strong><a href="storage.html#StorageBackendRBD">RBD (RADOS Block Device) backend</a></strong></li>
-      <li><strong><a href="storage.html#StorageBackendSheepdog">Sheepdog backend</a></strong></li>
-    </ul>
   </body>
 </html>

docs/drvqemu.html.in

@@ -38,7 +38,7 @@
       <li>
         <strong>KVM hypervisor</strong>: The driver will probe <code>/usr/bin</code>
         for the presence of <code>qemu-kvm</code> and <code>/dev/kvm</code> device
-        node. If both are found, then KVM fullyvirtualized, hardware accelerated
+        node. If both are found, then KVM fully virtualized, hardware accelerated
         guests will be available.
       </li>
     </ul>
@@ -376,7 +376,7 @@ chmod o+x /path/to/directory
     <h3><a id="securityacl">Cgroups device ACLs</a></h3>
 
     <p>
-      Recent Linux kernels have a capability known as "cgroups" which is used
+      Linux kernels have a capability known as "cgroups" which is used
       for resource management. It is implemented via a number of "controllers",
       each controller covering a specific task/functional area. One of the
       available controllers is the "devices" controller, which is able to
@@ -426,6 +426,10 @@ mount -t cgroup none /dev/cgroup -o devices
 
     <h3><a id="xmlimport">Converting from QEMU args to domain XML</a></h3>
 
+    <p>
+      <b>Note:</b> this operation is <span class="removed"> deleted as of
+        5.5.0</span> and will return an error.
+    </p>
     <p>
       The <code>virsh domxml-from-native</code> provides a way to
       convert an existing set of QEMU args into a guest description
@@ -439,82 +443,17 @@ mount -t cgroup none /dev/cgroup -o devices
       examples) or by manually crafting XML to pass to virsh.
     </p>
 
-    <pre>$ cat &gt; demo.args &lt;&lt;EOF
-LC_ALL=C PATH=/bin HOME=/home/test USER=test \
-LOGNAME=test /usr/bin/qemu -S -M pc -m 214 -smp 1 \
--nographic -monitor pty -no-acpi -boot c -hda \
-/dev/HostVG/QEMUGuest1 -net none -serial none \
--parallel none -usb
-EOF
-
-$ virsh domxml-from-native qemu-argv demo.args
-&lt;domain type='qemu'&gt;
-  &lt;uuid&gt;00000000-0000-0000-0000-000000000000&lt;/uuid&gt;
-  &lt;memory&gt;219136&lt;/memory&gt;
-  &lt;currentMemory&gt;219136&lt;/currentMemory&gt;
-  &lt;vcpu&gt;1&lt;/vcpu&gt;
-  &lt;os&gt;
-    &lt;type arch='i686' machine='pc'&gt;hvm&lt;/type&gt;
-    &lt;boot dev='hd'/&gt;
-  &lt;/os&gt;
-  &lt;clock offset='utc'/&gt;
-  &lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;
-  &lt;on_reboot&gt;restart&lt;/on_reboot&gt;
-  &lt;on_crash&gt;destroy&lt;/on_crash&gt;
-  &lt;devices&gt;
-    &lt;emulator&gt;/usr/bin/qemu&lt;/emulator&gt;
-    &lt;disk type='block' device='disk'&gt;
-      &lt;source dev='/dev/HostVG/QEMUGuest1'/&gt;
-      &lt;target dev='hda' bus='ide'/&gt;
-    &lt;/disk&gt;
-  &lt;/devices&gt;
-&lt;/domain&gt;
-</pre>
-
-    <p>NB, don't include the literal \ in the args, put everything on one line</p>
-
     <h3><a id="xmlexport">Converting from domain XML to QEMU args</a></h3>
 
     <p>
       The <code>virsh domxml-to-native</code> provides a way to convert a
       guest description using libvirt Domain XML, into a set of QEMU args
-      that can be run manually.
+      that can be run manually. Note that currently the command line formatted
+      by libvirt is no longer suited for manually running qemu as the
+      configuration expects various resources and open file descriptors passed
+      to the process which are usually prepared by libvirtd.
     </p>
 
-    <pre>$ cat &gt; demo.xml &lt;&lt;EOF
-&lt;domain type='qemu'&gt;
-  &lt;name&gt;QEMUGuest1&lt;/name&gt;
-  &lt;uuid&gt;c7a5fdbd-edaf-9455-926a-d65c16db1809&lt;/uuid&gt;
-  &lt;memory&gt;219200&lt;/memory&gt;
-  &lt;currentMemory&gt;219200&lt;/currentMemory&gt;
-  &lt;vcpu&gt;1&lt;/vcpu&gt;
-  &lt;os&gt;
-    &lt;type arch='i686' machine='pc'&gt;hvm&lt;/type&gt;
-    &lt;boot dev='hd'/&gt;
-  &lt;/os&gt;
-  &lt;clock offset='utc'/&gt;
-  &lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;
-  &lt;on_reboot&gt;restart&lt;/on_reboot&gt;
-  &lt;on_crash&gt;destroy&lt;/on_crash&gt;
-  &lt;devices&gt;
-    &lt;emulator&gt;/usr/bin/qemu&lt;/emulator&gt;
-    &lt;disk type='block' device='disk'&gt;
-      &lt;source dev='/dev/HostVG/QEMUGuest1'/&gt;
-      &lt;target dev='hda' bus='ide'/&gt;
-    &lt;/disk&gt;
-  &lt;/devices&gt;
-&lt;/domain&gt;
-EOF
-
-$ virsh domxml-to-native qemu-argv demo.xml
-  LC_ALL=C PATH=/usr/bin:/bin HOME=/home/test \
-  USER=test LOGNAME=test /usr/bin/qemu -S -M pc \
-  -no-kqemu -m 214 -smp 1 -name QEMUGuest1 -nographic \
-  -monitor pty -no-acpi -boot c -drive \
-  file=/dev/HostVG/QEMUGuest1,if=ide,index=0 -net none \
-  -serial none -parallel none -usb
-</pre>
-
     <h2><a id="qemucommand">Pass-through of arbitrary qemu
     commands</a></h2>
 
@@ -539,7 +478,8 @@ $ virsh domxml-to-native qemu-argv demo.xml
       qemu guest (<span class="since">Since 0.8.3</span>),
       and <code>virDomainQemuAttach</code>, for registering a qemu
       domain that was manually started so that it can then be managed
-      by libvirtd (<span class="since">Since 0.9.4</span>).
+      by libvirtd (<span class="since">Since 0.9.4</span>,
+      <span class="removed">removed as of 5.5.0</span>).
     </p>
     <p>Additionally, the following XML additions allow fine-tuning of
       the command line given to qemu when starting a domain
@@ -580,6 +520,36 @@ $ virsh domxml-to-native qemu-argv demo.xml
     &lt;qemu:env name='QEMU_ENV' value='VAL'/&gt;
   &lt;/qemu:commandline&gt;
 &lt;/domain&gt;
+</pre>
+
+    <h2><a id="xmlnsfeatures">QEMU feature configuration for testing</a></h2>
+
+      <p>
+        In some cases e.g. when developing a new feature or for testing it may
+        be required to control a given qemu feature (or qemu capability) to test
+        it before it's complete or disable it for debugging purposes.
+        <span class="since">Since 5.5.0</span> it's possible to use the same
+        special qemu namespace as above
+        (<code>http://libvirt.org/schemas/domain/qemu/1.0</code>) and use
+        <code>&lt;qemu:capabilities&gt;</code> element to add
+        (<code>&lt;qemu:add capability="capname"/&gt;</code>) or remove
+        (<code>&lt;qemu:del capability="capname"/&gt;</code>) capability bits.
+        The naming of the feature bits is the same libvirt uses in the status
+        XML. Note that this feature is meant for experiments only and should
+        _not_ be used in production.
+      </p>
+
+      <p>Example:</p><pre>
+&lt;domain type='qemu' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'&gt;
+  &lt;name&gt;testvm&lt;/name&gt;
+
+   [...]
+
+  &lt;qemu:capabilities&gt;
+    &lt;qemu:add capability='blockdev'/&gt;
+    &lt;qemu:del capability='drive'/&gt;
+  &lt;/qemu:capabilities&gt;
+&lt;/domain&gt;
 </pre>
 
     <h2><a id="xmlconfig">Example domain XML config</a></h2>

docs/drvxen.html.in

@@ -58,8 +58,7 @@ xen+ssh://root@example.com/system (remote access, SSH tunnelled)
       original Xen virtual machine config format used by the legacy
       xm/xend toolstack. The second, known as <code>xen-sxpr</code>,
       is also one of the original formats that was used by xend's
-      legacy HTTP RPC service. For compatibility, import and export
-      of these legacy formats is supported by the libxl driver.
+      legacy HTTP RPC service (<span class='removed'>removed in 5.6.0</span>)
     </p>
 
     <p>

docs/format.html.in

@@ -17,6 +17,7 @@
       <li><a href="formatdomain.html">Domains</a></li>
       <li><a href="formatnetwork.html">Networks</a></li>
       <li><a href="formatnwfilter.html">Network filtering</a></li>
+      <li><a href="formatnetworkport.html">Network ports</a></li>
       <li><a href="formatstorage.html">Storage</a></li>
       <li><a href="formatstorageencryption.html">Storage encryption</a></li>
       <li><a href="formatcaps.html">Capabilities</a></li>
@@ -25,6 +26,7 @@
       <li><a href="formatnode.html">Node devices</a></li>
       <li><a href="formatsecret.html">Secrets</a></li>
       <li><a href="formatsnapshot.html">Snapshots</a></li>
+      <li><a href="formatcheckpoint.html">Checkpoints</a></li>
     </ul>
 
     <h2>Command line validation</h2>

docs/formatcheckpoint.html.in

@@ -0,0 +1,198 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+    <h1>Checkpoint XML format</h1>
+
+    <ul id="toc"></ul>
+
+    <h2><a id="CheckpointAttributes">Checkpoint XML</a></h2>
+
+    <p>
+      One method of capturing domain disk backups is via the use of
+      incremental backups. Right now, incremental backups are only
+      supported for the QEMU hypervisor when using qcow2 disks at the
+      active layer; if other disk formats are in use, capturing disk
+      backups requires different libvirt APIs
+      (see <a href="kbase/domainstatecapture.html">domain state
+      capture</a> for a comparison between APIs).
+    </p>
+    <p>
+      Libvirt is able to facilitate incremental backups by tracking
+      disk checkpoints, which are points in time against which it is
+      easy to compute which portion of the disk has changed. Given a
+      full backup (a backup created from the creation of the disk to a
+      given point in time), coupled with the creation of a disk
+      checkpoint at that time, and an incremental backup (a backup
+      created from just the dirty portion of the disk between the
+      first checkpoint and the second backup operation), it is
+      possible to do an offline reconstruction of the state of the
+      disk at the time of the second backup without having to copy as
+      much data as a second full backup would require.  Future API
+      additions will make it possible to create checkpoints in
+      conjunction with a backup
+      via <code>virDomainBackupBegin()</code> or with an external
+      snapshot via <code>virDomainSnapshotCreateXML2</code>; but for
+      now, libvirt exposes enough support to create disk checkpoints
+      independently from a backup operation
+      via <code>virDomainCheckpointCreateXML()</code> <span class="since">since
+      5.6.0</span>.  Likewise, the creation of checkpoints when
+      external snapshots exist is currently forbidden, although future
+      work will make it possible to integrate these two concepts.
+    </p>
+    <p>
+      Attributes of libvirt checkpoints are stored as child elements
+      of the <code>domaincheckpoint</code> element. At checkpoint
+      creation time, normally only
+      the <code>name</code>, <code>description</code>,
+      and <code>disks</code> elements are settable. The rest of the
+      fields are ignored on creation and will be filled in by libvirt
+      in for informational purposes
+      by <code>virDomainCheckpointGetXMLDesc()</code>. However, when
+      redefining a checkpoint, with
+      the <code>VIR_DOMAIN_CHECKPOINT_CREATE_REDEFINE</code> flag
+      of <code>virDomainCheckpointCreateXML()</code>, all of the XML
+      fields described here are relevant on input, even the fields
+      that are normally described as readonly for output.
+    </p>
+    <p>
+      The top-level <code>domaincheckpoint</code> element may contain
+      the following elements:
+    </p>
+    <dl>
+      <dt><code>name</code></dt>
+      <dd>The optional name for this checkpoint. If the name is
+        omitted, libvirt will create a name based on the time of the
+        creation.
+      </dd>
+      <dt><code>description</code></dt>
+      <dd>An optional human-readable description of the checkpoint.
+        If the description is omitted when initially creating the
+        checkpoint, then this field will be empty.
+      </dd>
+      <dt><code>disks</code></dt>
+      <dd>On input, this is an optional listing of specific
+        instructions for disk checkpoints; it is needed when making a
+        checkpoint on only a subset of the disks associated with a
+        domain. In particular, since QEMU checkpoints require qcow2
+        disks, this element may be needed on input for excluding guest
+        disks that are not in qcow2 format. If the entire element was
+        omitted on input, then all disks participate in the
+        checkpoint, otherwise, only the disks explicitly listed which
+        do not also use <code>checkpoint='no'</code> will
+        participate. On output, this is the checkpoint state of each
+        of the domain's disks.
+        <dl>
+          <dt><code>disk</code></dt>
+          <dd>This sub-element describes the checkpoint properties of
+            a specific disk with the following attributes:
+            <dl>
+              <dt><code>name</code></dt>
+              <dd>A mandatory attribute which must match either
+                the <code>&lt;target dev='name'/&gt;</code> or an
+                unambiguous <code>&lt;source file='name'/&gt;</code>
+                of one of
+                the <a href="formatdomain.html#elementsDisks">disk
+                devices</a> specified for the domain at the time of
+                the checkpoint.</dd>
+              <dt><code>checkpoint</code></dt>
+              <dd>An optional attribute; possible values
+                are <code>no</code> when the disk does not participate
+                in this checkpoint; or <code>bitmap</code> if the disk
+                will track all changes since the creation of this
+                checkpoint via a bitmap.</dd>
+              <dt><code>bitmap</code></dt>
+              <dd>The attribute <code>bitmap</code> is only valid
+                if <code>checkpoint='bitmap'</code>; it describes the
+                name of the tracking bitmap (defaulting to the
+                checkpoint name).</dd>
+              <dt><code>size</code></dt>
+              <dd>The attribute <code>size</code> is ignored on input;
+                on output, it is only present if
+                the <code>VIR_DOMAIN_CHECKPOINT_XML_SIZE</code> flag
+                was used to perform a dynamic query of the estimated
+                size in bytes of the changes made since the checkpoint
+                was created.</dd>
+            </dl>
+          </dd>
+        </dl>
+      </dd>
+      <dt><code>creationTime</code></dt>
+      <dd>A readonly representation of the time this checkpoint was
+        created. The time is specified in seconds since the Epoch,
+        UTC (i.e. Unix time).
+      </dd>
+      <dt><code>parent</code></dt>
+      <dd>Readonly, present if this checkpoint has a parent. The
+        parent name is given by the sub-element <code>name</code>. The
+        parent relationship allows tracking a list of related checkpoints.
+      </dd>
+      <dt><code>domain</code></dt>
+      <dd>A readonly representation of the
+        inactive <a href="formatdomain.html">domain configuration</a>
+        at the time the checkpoint was created. This element may be
+        omitted for output brevity by supplying
+        the <code>VIR_DOMAIN_CHECKPOINT_XML_NO_DOMAIN</code> flag, but
+        the resulting XML is no longer viable for use with
+        the <code>VIR_DOMAIN_CHECKPOINT_CREATE_REDEFINE</code> flag
+        of <code>virDomainCheckpointCreateXML()</code>. The domain
+        will have security-sensitive information omitted unless the
+        flag <code>VIR_DOMAIN_CHECKPOINT_XML_SECURE</code> is provided
+        on a read-write connection.
+      </dd>
+    </dl>
+
+    <h2><a id="example">Examples</a></h2>
+
+    <p>Using this XML to create a checkpoint of just vda on a qemu
+      domain with two disks and a prior checkpoint:</p>
+    <pre>
+&lt;domaincheckpoint&gt;
+  &lt;description&gt;Completion of updates after OS install&lt;/description&gt;
+  &lt;disks&gt;
+    &lt;disk name='vda' checkpoint='bitmap'/&gt;
+    &lt;disk name='vdb' checkpoint='no'/&gt;
+  &lt;/disks&gt;
+&lt;/domaincheckpoint&gt;</pre>
+
+    <p>will result in XML similar to this from
+      <code>virDomainCheckpointGetXMLDesc()</code>:</p>
+    <pre>
+&lt;domaincheckpoint&gt;
+  &lt;name&gt;1525889631&lt;/name&gt;
+  &lt;description&gt;Completion of updates after OS install&lt;/description&gt;
+  &lt;parent&gt;
+    &lt;name&gt;1525111885&lt;/name&gt;
+  &lt;/parent&gt;
+  &lt;creationTime&gt;1525889631&lt;/creationTime&gt;
+  &lt;disks&gt;
+    &lt;disk name='vda' checkpoint='bitmap' bitmap='1525889631'/&gt;
+    &lt;disk name='vdb' checkpoint='no'/&gt;
+  &lt;/disks&gt;
+  &lt;domain type='qemu'&gt;
+    &lt;name&gt;fedora&lt;/name&gt;
+    &lt;uuid&gt;93a5c045-6457-2c09-e56c-927cdf34e178&lt;/uuid&gt;
+    &lt;memory&gt;1048576&lt;/memory&gt;
+    ...
+    &lt;devices&gt;
+      &lt;disk type='file' device='disk'&gt;
+        &lt;driver name='qemu' type='qcow2'/&gt;
+        &lt;source file='/path/to/file1'/&gt;
+        &lt;target dev='vda' bus='virtio'/&gt;
+      &lt;/disk&gt;
+      &lt;disk type='file' device='disk' snapshot='external'&gt;
+        &lt;driver name='qemu' type='raw'/&gt;
+        &lt;source file='/path/to/file2'/&gt;
+        &lt;target dev='vdb' bus='virtio'/&gt;
+      &lt;/disk&gt;
+      ...
+    &lt;/devices&gt;
+  &lt;/domain&gt;
+&lt;/domaincheckpoint&gt;</pre>
+
+    <p>With that checkpoint created, the qcow2 image is now tracking
+      all changes that occur in the image since the checkpoint via
+      the persistent bitmap named <code>1525889631</code>.
+    </p>
+  </body>
+</html>

docs/formatdomain.html.in

@@ -128,7 +128,7 @@
 
 <pre>
 ...
-&lt;os firmware='uefi'&gt;
+&lt;os firmware='efi'&gt;
   &lt;type&gt;hvm&lt;/type&gt;
   &lt;loader readonly='yes' secure='no' type='rom'&gt;/usr/lib/xen/boot/hvmloader&lt;/loader&gt;
   &lt;nvram template='/usr/share/OVMF/OVMF_VARS.fd'&gt;/var/lib/libvirt/nvram/guest_VARS.fd&lt;/nvram&gt;
@@ -159,7 +159,10 @@
         For more information refer to firmware metadata specification as
         described in <code>docs/interop/firmware.json</code> in QEMU
         repository. Regular users do not need to bother.
-        <span class="since">Since 5.2.0 (QEMU and KVM only)</span>
+        <span class="since">Since 5.2.0 (QEMU and KVM only)</span><br/>
+        For VMware guests, this is set to <code>efi</code> when the guest
+        uses UEFI, and it is not set when using BIOS.
+        <span class="since">Since 5.3.0 (VMware ESX and Workstation/Player)</span>
       </dd>
       <dt><code>type</code></dt>
       <dd>The content of the <code>type</code> element specifies the
@@ -935,16 +938,22 @@
         <span class="since">Only QEMU driver support since 2.1.0</span>
       </dd>
 
-      <dt><code>vcpusched</code> and <code>iothreadsched</code></dt>
+      <dt><code>vcpusched</code>, <code>iothreadsched</code>
+      and <code>emulatorsched</code></dt>
       <dd>
-        The optional <code>vcpusched</code> elements specifies the scheduler
-        type (values <code>batch</code>, <code>idle</code>, <code>fifo</code>,
-        <code>rr</code>) for particular vCPU/IOThread threads (based on
-        <code>vcpus</code> and <code>iothreads</code>, leaving out
-        <code>vcpus</code>/<code>iothreads</code> sets the default). Valid
-        <code>vcpus</code> values start at 0 through one less than the
-        number of vCPU's defined for the domain. Valid <code>iothreads</code>
-        values are described in the <code>iothreadids</code>
+        The optional
+        <code>vcpusched</code>, <code>iothreadsched</code>
+        and <code>emulatorsched</code> elements specify the scheduler type
+        (values <code>batch</code>, <code>idle</code>, <code>fifo</code>,
+        <code>rr</code>) for particular vCPU, IOThread and emulator threads
+        respecively.  For <code>vcpusched</code> and <code>iothreadsched</code>
+        the attributes <code>vcpus</code> and <code>iothreads</code> select
+        which vCPUs/IOThreads this setting applies to, leaving them out sets the
+        default.  The element <code>emulatorsched</code> does not have that
+        attribute. Valid <code>vcpus</code> values start at 0 through one less
+        than the number of vCPU's defined for the
+        domain. Valid <code>iothreads</code> values are described in
+        the <code>iothreadids</code>
         <a href="#elementsIOThreadsAllocation"><code>description</code></a>.
         If no <code>iothreadids</code> are defined, then libvirt numbers
         IOThreads from 1 to the number of <code>iothreads</code> available
@@ -953,6 +962,7 @@
         well (and is ignored for non-real-time ones). The value range
         for the priority depends on the host kernel (usually 1-99).
         <span class="since">Since 1.2.13</span>
+        <code>emulatorsched</code> <span class="since">since 5.3.0</span>
       </dd>
 
       <dt><code>cachetune</code><span class="since">Since 4.1.0</span></dt>
@@ -1949,7 +1959,7 @@
       <span class="since">Since 3.9.0</span>, the lifecycle events can
       be configured via the
       <a href="html/libvirt-libvirt-domain.html#virDomainSetLifecycleAction">
-        <code>virDomainSetLifecycleAction</code></a> API.
+        <code>virDomainSetLifecycleAction</code></a> API.
     </p>
 
     <p>
@@ -2023,6 +2033,7 @@
     &lt;vpindex state='on'/&gt;
     &lt;runtime state='on'/&gt;
     &lt;synic state='on'/&gt;
+    &lt;stimer state='on'/&gt;
     &lt;reset state='on'/&gt;
     &lt;vendor_id state='on' value='KVM Hv'/&gt;
     &lt;frequencies state='on'/&gt;
@@ -2030,7 +2041,6 @@
     &lt;tlbflush state='on'/&gt;
     &lt;ipi state='on'/&gt;
     &lt;evmcs state='on'/&gt;
-    &lt;msrs unknown='ignore'/&gt;
   &lt;/hyperv&gt;
   &lt;kvm&gt;
     &lt;hidden state='on'/&gt;
@@ -2046,6 +2056,7 @@
     &lt;tseg unit='MiB'&gt;48&lt;/tseg&gt;
   &lt;/smm&gt;
   &lt;htm state='on'/&gt;
+  &lt;msrs unknown='ignore'/&gt;
 &lt;/features&gt;
 ...</pre>
 
@@ -2131,13 +2142,13 @@
         </tr>
         <tr>
           <td>synic</td>
-          <td>Enable Synthetic Interrupt Controller (SyNIC)</td>
+          <td>Enable Synthetic Interrupt Controller (SynIC)</td>
           <td>on, off</td>
           <td><span class="since">1.3.3 (QEMU 2.6)</span></td>
         </tr>
         <tr>
           <td>stimer</td>
-          <td>Enable SyNIC timers</td>
+          <td>Enable SynIC timers</td>
           <td>on, off</td>
           <td><span class="since">1.3.3 (QEMU 2.6)</span></td>
         </tr>
@@ -2429,7 +2440,9 @@
             being modified, and can be one of
             "platform" (currently unsupported),
             "hpet" (libxl, xen, qemu), "kvmclock" (qemu),
-            "pit" (qemu), "rtc" (qemu), "tsc" (libxl) or "hypervclock"
+            "pit" (qemu), "rtc" (qemu), "tsc" (libxl, qemu -
+            <span class="since">since 3.2.0</span>)
+            or "hypervclock"
             (qemu - <span class="since">since 1.2.2</span>).
 
             The <code>hypervclock</code> timer adds support for the
@@ -4066,9 +4079,9 @@
       </dd>
       <dt><code>spapr-vio</code></dt>
       <dd>On PowerPC pseries guests, devices can be assigned to the
-        SPAPR-VIO bus.  It has a flat 64-bit address space; by
+        SPAPR-VIO bus.  It has a flat 32-bit address space; by
         convention, devices are generally assigned at a non-zero
-        multiple of 0x1000, but other addresses are valid and
+        multiple of 0x00001000, but other addresses are valid and
         permitted by libvirt.  Each address has the following
         additional attribute: <code>reg</code> (the hex value address
         of the starting register).  <span class="since">Since
@@ -4404,7 +4417,7 @@
       subelement <code>&lt;model&gt;</code> with an attribute
       <code>name</code>. The name attribute holds the name of the
       specific device that qemu is emulating (e.g. "i82801b11-bridge")
-      rather than simply the class of device ("dmi-to-pci-bridge",
+      rather than simply the class of device ("pcie-to-pci-bridge",
       "pci-bridge"), which is set in the controller element's
       model <b>attribute</b>.  In almost all cases, you should not
       manually add a <code>&lt;model&gt;</code> subelement to a
@@ -4593,11 +4606,11 @@
 ...
 &lt;devices&gt;
   &lt;controller type='pci' index='0' model='pcie-root'/&gt;
-  &lt;controller type='pci' index='1' model='dmi-to-pci-bridge'&gt;
-    &lt;address type='pci' domain='0' bus='0' slot='0xe' function='0'/&gt;
+  &lt;controller type='pci' index='1' model='pcie-root-port'&gt;
+    &lt;address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/&gt;
   &lt;/controller&gt;
-  &lt;controller type='pci' index='2' model='pci-bridge'&gt;
-    &lt;address type='pci' domain='0' bus='1' slot='1' function='0'/&gt;
+  &lt;controller type='pci' index='2' model='pcie-to-pci-bridge'&gt;
+    &lt;address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/&gt;
   &lt;/controller&gt;
 &lt;/devices&gt;
 ...</pre>
@@ -5299,6 +5312,14 @@
       information for different classes of network
       connections. <span class="since">Since 0.9.4</span>.
     </p>
+    <p>
+      When a guest is running an interface of type <code>network</code>
+      may include a <code>portid</code> attribute. This provides the UUID
+      of an associated virNetworkPortPtr object that records the association
+      between the domain interface and the network. This attribute is
+      read-only since port objects are create and deleted automatically
+      during startup and shutdown. <span class="since">Since 5.1.0</span>
+    </p>
     <p>
       Also, similar to <code>direct</code> network connections
       (described below), a connection of type <code>network</code> may
@@ -6972,8 +6993,9 @@ qemu-kvm -net nic,model=? /dev/null
           attribute which takes the value "vga", "cirrus", "vmvga", "xen",
           "vbox", "qxl" (<span class="since">since 0.8.6</span>),
           "virtio" (<span class="since">since 1.3.0</span>),
-          "gop" (<span class="since">since 3.2.0</span>), or
-          "none" (<span class="since">since 4.6.0</span>)
+          "gop" (<span class="since">since 3.2.0</span>),
+          "none" (<span class="since">since 4.6.0</span>, or "bochs"
+          (<span class="since">since 5.6.0</span>)
           depending on the hypervisor features available.
           The purpose of the type <code>none</code> is to instruct libvirt not
           to add a default video device in the guest (see the paragraph above).
@@ -8194,6 +8216,9 @@ qemu-kvm -net nic,model=? /dev/null
       TPM functionality for each VM. QEMU talks to it over a Unix socket. With
       the emulator device type each guest gets its own private TPM.
       <span class="since">'emulator' since 4.5.0</span>
+      The state of the TPM emulator can be encrypted by providing an
+      <code>encryption</code> element.
+      <span class="since">'encryption' since 5.6.0</span>
     </p>
     <p>
      Example: usage of the TPM Emulator
@@ -8203,6 +8228,7 @@ qemu-kvm -net nic,model=? /dev/null
   &lt;devices&gt;
     &lt;tpm model='tpm-tis'&gt;
       &lt;backend type='emulator' version='2.0'&gt;
+        &lt;encryption secret='6dd3e4a5-1d76-44ce-961f-f119f5aad935'/&gt;
       &lt;/backend&gt;
     &lt;/tpm&gt;
   &lt;/devices&gt;
@@ -8265,6 +8291,14 @@ qemu-kvm -net nic,model=? /dev/null
           <li>'2.0' : creates a TPM 2.0</li>
         </ul>
       </dd>
+      <dt><code>encryption</code></dt>
+      <dd>
+        <p>
+          The <code>encryption</code> element allows the state of a TPM emulator
+          to be encrypted. The <code>secret</code> must reference a secret object
+          that holds the passphrase from which the encryption key will be derived.
+        </p>
+      </dd>
     </dl>
 
     <h4><a id="elementsNVRAM">NVRAM device</a></h4>
@@ -8281,7 +8315,7 @@ qemu-kvm -net nic,model=? /dev/null
 ...
 &lt;devices&gt;
   &lt;nvram&gt;
-    &lt;address type='spapr-vio' reg='0x3000'/&gt;
+    &lt;address type='spapr-vio' reg='0x00003000'/&gt;
   &lt;/nvram&gt;
 &lt;/devices&gt;
 ...
@@ -8665,14 +8699,17 @@ qemu-kvm -net nic,model=? /dev/null
       <dt><code>model</code></dt>
       <dd>
         <p>
-          Currently only the <code>intel</code> model is supported.
+          Supported values are <code>intel</code> (for Q35 guests) and,
+          <span class="since">since 5.5.0</span>, <code>smmuv3</code> (for
+          ARM virt guests).
         </p>
       </dd>
       <dt><code>driver</code></dt>
       <dd>
         <p>
           The <code>driver</code> subelement can be used to configure
-          additional options:
+          additional options, some of which might only be available for
+          certain IOMMU models:
         </p>
         <dl>
           <dt><code>intremap</code></dt>
@@ -8914,7 +8951,7 @@ qemu-kvm -net nic,model=? /dev/null
 
     <p>Note: DEA/TDEA is synonymous with DES/TDES.</p>
 
-    <h3><a id="sev">Launch Security</a></h3>
+    <h3><a id="launchSecurity">Launch Security</a></h3>
 
     <p>
        The contents of the <code>&lt;launchSecurity type='sev'&gt;</code> element

docs/formatdomaincaps.html.in

@@ -119,6 +119,10 @@
 <domainCapabilities>
   ...
   <os supported='yes'>
+    <enum name='firmware'>
+      <value>bios</value>
+      <value>efi</value>
+    </enum>
     <loader supported='yes'>
       <value>/usr/share/OVMF/OVMF_CODE.fd</value>
       <enum name='type'>
@@ -129,12 +133,26 @@
         <value>yes</value>
         <value>no</value>
       </enum>
+      <enum name='secure'>
+        <value>yes</value>
+        <value>no</value>
+      </enum>
     </loader>
   </os>
   ...
 <domainCapabilities>
 </pre>
 
+    <p>The <code>firmware</code> enum corresponds to
+      <code>firmware</code> attribute of the <code>os</code> element.
+      Plain presence of this enum means that libvirt is capable of so
+      called firmware auto selection. The listed values then represent
+      accepted values for the domain attribute. Only values for which
+      there exists a firmware descriptor that matches machine type and
+      architecture are listed, i.e. those which won't cause a failure
+      on domain startup.
+    </p>
+
     <p>For the <code>loader</code> element, the following can occur:</p>
 
     <dl>
@@ -152,6 +170,11 @@
       <dt><code>readonly</code></dt>
       <dd>Options for the <code>readonly</code> attribute of the
       &lt;loader/&gt; element.</dd>
+
+      <dt><code>secure</code></dt>
+      <dd>Options for the <code>secure</code> attribute of the
+      &lt;loader/&gt; element. Note, that <code>yes</code> is listed
+      only if there is a firmware that supports it.</dd>
     </dl>
 
     <h3><a id="elementsCPU">CPU configuration</a></h3>
@@ -491,10 +514,9 @@
     encrypted with a key unique to that VM.</p>
 
     <p>
-    For more details on SEV feature see:
-      <a href="https://support.amd.com/TechDocs/55766_SEV-KM_API_Specification.pdf">
-        SEV API spec</a> and <a href="http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf">
-        SEV White Paper</a>
+      For more details on the SEV feature, please follow resources in the
+      AMD developer's document store. In order to use SEV with libvirt have
+      a look at <a href="formatdomain.html#launchSecurity">SEV in domain XML</a>
     </p>
 
     <dl>

docs/formatnetwork.html.in

@@ -1096,6 +1096,28 @@
       </dd>
     </dl>
 
+    <h3><a id="elementsNamespaces">Network namespaces</a></h3>
+
+    <p>
+      A special XML namespace is available for passing options directly to the
+      underlying dnsmasq configuration file. Usage of XML namespaces comes with no
+      support guarantees, so use at your own risk.
+    </p>
+
+    <p>
+      This example XML will pass the option strings <code>foo=bar</code> and
+      <code>cname=*.foo.example.com,master.example.com</code> directly to the
+      underlying dnsmasq instance.
+      <pre>
+&lt;network xmlns:dnsmasq='http://libvirt.org/schemas/network/dnsmasq/1.0'&gt;
+  ...
+  &lt;dnsmasq:options&gt;
+    &lt;dnsmasq:option value="foo=bar"/&gt;
+    &lt;dnsmasq:option value="cname=*.foo.example.com,master.example.com"/&gt;
+  &lt;/dnsmasq:options&gt;
+&lt;/network&gt;</pre>
+    </p>
+
     <h2><a id="examples">Example configuration</a></h2>
 
     <h3><a id="examplesNAT">NAT based network</a></h3>

docs/formatnetworkport.html.in

@@ -0,0 +1,212 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+    <h1>Network XML format</h1>
+
+    <ul id="toc">
+    </ul>
+
+    <p>
+      This page provides an introduction to the network port XML format.
+      This stores information about the connection between a virtual
+      interface of a virtual domain, and the virtual network it is
+      attached to.
+    </p>
+
+    <h2><a id="elements">Element and attribute overview</a></h2>
+
+    <p>
+      The root element required for all virtual network ports is
+      named <code>networkport</code> and has no configurable attributes
+      The network port XML format is available <span class="since">since
+      5.5.0</span>
+    </p>
+
+    <h3><a id="elementsMetadata">General metadata</a></h3>
+
+    <p>
+      The first elements provide basic metadata about the virtual
+      network port.
+    </p>
+
+    <pre>
+&lt;networkport
+  &lt;uuid&gt;7ae63b5f-fe96-4af0-a7c3-da04ba1b3f54&lt;/uuid&gt;
+  &lt;owner&gt;
+    &lt;uuid&gt;06578fc1-c686-46fa-bc2c-220893b466a6&lt;/uuid&gt;
+    &lt;name&gt;myguest&lt;name&gt;
+  &lt;/owner&gt;
+  &lt;group&gt;webfront&lt;group&gt;
+  &lt;mac address='52:54:0:7b:35:93'/&gt;
+  ...</pre>
+
+    <dl>
+      <dt><code>uuid</code></dt>
+      <dd>The content of the <code>uuid</code> element provides
+        a globally unique identifier for the virtual network port.
+        The format must be RFC 4122 compliant, eg <code>3e3fce45-4f53-4fa7-bb32-11f34168b82b</code>.
+        If omitted when defining/creating a new network port, a random
+        UUID is generated.</dd>
+      <dd>The <code>owner</code> node records the domain object that
+        is the owner of the network port. It contains two child nodes:
+        <dl>
+          <dt><code>uuid</code></dt>
+          <dd>The content of the <code>uuid</code> element provides
+            a globally unique identifier for the virtual domain.</dd>
+          <dt><code>name</code></dt>
+          <dd>The unique name of the virtual domain</dd>
+        </dl>
+      </dd>
+      <dt><code>group</code></dt>
+      <dd>The port group in the virtual network to which the
+        port belongs. Can be omitted if no port groups are
+        defined on the network.</dd>
+      <dt><code>mac</code></dt>
+      <dd>The <code>address</code> attribute provides the MAC
+        address of the virtual port that will be see by the
+        guest. The MAC address must not start with 0xFE as this
+        byte is reserved for use on the host side of the port.
+      </dd>
+    </dl>
+
+    <h3><a id="elementsCommon">Common elements</a></h3>
+
+    <p>
+      The following elements are common to one or more of the plug
+      types listed later
+    </p>
+
+    <pre>
+  ...
+  &lt;bandwidth&gt;
+    &lt;inbound average='1000' peak='5000' floor='200' burst='1024'/&gt;
+    &lt;outbound average='128' peak='256' burst='256'/&gt;
+  &lt;/bandwidth&gt;
+  &lt;rxfilters trustGuest='yes'/&gt;
+  &lt;virtualport type='802.1Qbg'&gt;
+    &lt;parameters managerid='11' typeid='1193047' typeidversion='2'/&gt;
+  &lt;/virtualport&gt;
+  ...</pre>
+
+    <dl>
+      <dt><code>bandwidth</code></dt>
+      <dd>This part of the network port XML provides setting quality of service.
+        Incoming and outgoing traffic can be shaped independently.
+        The <code>bandwidth</code> element and its child elements are described
+        in the <a href="formatnetwork.html#elementQoS">QoS</a> section of
+        the Network XML. In addition the <code>classID</code> attribute may
+        exist to provide the ID of the traffic shaping class that is active.
+      </dd>
+      <dt><code>rxfilters</code></dt>
+      <dd>The <code>rxfilters</code> element property
+        <code>trustGuest</code> provides the
+        capability for the host to detect and trust reports from the
+        guest regarding changes to the interface mac address and receive
+        filters by setting the attribute to <code>yes</code>. The default
+        setting for the attribute is <code>no</code> for security
+        reasons and support depends on the guest network device model as
+        well as the type of connection on the host - currently it is
+        only supported for the virtio device model and for macvtap
+        connections on the host.
+      </dd>
+      <dt><code>virtualport</code></dt>
+      <dd>The <code>virtualport</code> element describes metadata that
+        needs to be provided to the underlying network subsystem. It
+        is described in the domain XML
+        <a href="formatdomain.html#elementsNICS">interface documentation</a>.
+      </dd>
+    </dl>
+
+
+    <h3><a id="elementsPlug">Plugs</a></h3>
+
+    <p>
+      The <code>plug</code> element has varying content depending
+      on the value of the <code>type</code> attribute.
+    </p>
+
+    <h4><a id="elementsPlugNetwork">Network</a></h4>
+
+    <p>
+      The <code>network</code> plug type refers to a managed virtual
+      network plug that is based on a traditional software bridge
+      device privately managed by libvirt.
+    </p>
+
+    <pre>
+  ...
+  &lt;plug type='network' bridge='virbr0'/&gt;
+  ...</pre>
+
+    <p>
+      The <code>bridge</code> attribute provides the name of the
+      privately managed bridge device associated with the virtual
+      network.
+    </p>
+
+    <h4><a id="elementsPlugNetwork">Bridge</a></h4>
+
+    <p>
+      The <code>bridge</code> plug type refers to an externally
+      managed traditional software bridge.
+    </p>
+
+    <pre>
+  ...
+  &lt;plug type='bridge' bridge='br2'/&gt;
+  ...</pre>
+
+    <p>
+      The <code>bridge</code> attribute provides the name of the
+      externally managed bridge device associated with the virtual
+      network.
+    </p>
+
+    <h4><a id="elementsPlugNetwork">Direct</a></h4>
+
+    <p>
+      The <code>direct</code> plug type refers to a connection
+      directly to a physical network interface.
+    </p>
+
+    <pre>
+  ...
+  &lt;plug type='direct' dev='ens3' mode='vepa'/&gt;
+  ...</pre>
+
+    <p>
+      The <code>dev</code> attribute provides the name of the
+      physical network interface to which the port will be
+      connected. The <code>mode</code> attribute describes
+      how the connection will be setup and takes the same
+      values described in the
+      <a href="formatdomain.html#elementsNICSDirect">domain XML</a>.
+    </p>
+
+    <h4><a id="elementsPlugNetwork">Host PCI</a></h4>
+
+    <p>
+      The <code>hostdev-pci</code> plug type refers to the
+      passthrough of a physical PCI device rather than emulation.
+    </p>
+
+    <pre>
+  ...
+  &lt;plug type='hostdev-pci' managed='yes'&gt;
+    &lt;driver name='vfio'/&gt;
+    &lt;address domain='0x0001' bus='0x02' slot='0x03' function='0x4'/&gt;
+  &lt;/plug&gt;
+  ...</pre>
+
+    <p>
+      The <code>managed</code> attribute indicates who is responsible for
+      managing the PCI device in the host. When set to the value <code>yes</code>
+      libvirt is responsible for automatically detaching the device from host
+      drivers and resetting it if needed. If the value is <code>no</code>,
+      some other party must ensure the device is not attached to any
+      host drivers.
+    </p>
+
+  </body>
+</html>

docs/formatsecret.html.in

@@ -42,8 +42,8 @@
         Specifies what this secret is used for.  A mandatory
         <code>type</code> attribute specifies the usage category, currently
         only <code>volume</code>, <code>ceph</code>, <code>iscsi</code>,
-        and <code>tls</code> are defined. Specific usage categories
-        are described below.
+        <code>tls</code>, and <code>vtpm</code> are defined. Specific usage
+        categories are described below.
       </dd>
     </dl>
 
@@ -322,6 +322,63 @@ Secret 718c71bd-67b5-4a2b-87ec-a24e8ca200dc created
     <pre>
 # MYSECRET=`printf %s "letmein" | base64`
 # virsh secret-set-value 718c71bd-67b5-4a2b-87ec-a24e8ca200dc $MYSECRET
+Secret value set
+
+    </pre>
+
+    <h3><a id="vTPMUsageType">Usage type "vtpm"</a></h3>
+
+    <p>
+      This secret is associated with a virtualized TPM (vTPM) and serves
+      as a passphrase for deriving a key from for encrypting the state
+      of the vTPM.
+      The <code>&lt;usage type='vtpm'&gt;</code> element must contain
+      a single <code>name</code> element that specifies a usage name
+      for the secret.  The vTPM secret can then be used by UUID or by
+      this usage name via the <code>&lt;encryption&gt;</code> element of
+      a <a href="formatdomain.html#elementsTpm">tpm</a> when using an
+      emulator.
+      <span class="since">Since 5.6.0</span>. The following is an example
+      of the steps to be taken.  First create a vtpm-secret.xml file:    </p>
+
+    <pre>
+# cat vtpm-secret.xml
+&lt;secret ephemeral='no' private='yes'&gt;
+   &lt;description&gt;sample vTPM secret&lt;/description&gt;
+   &lt;usage type='vtpm'&gt;
+      &lt;name&gt;VTPM_example&lt;/name&gt;
+   &lt;/usage&gt;
+&lt;/secret&gt;
+
+# virsh secret-define vtpm-secret.xml
+Secret 6dd3e4a5-1d76-44ce-961f-f119f5aad935 created
+
+# virsh secret-list
+ UUID                                   Usage
+----------------------------------------------------------------------------------------
+ 6dd3e4a5-1d76-44ce-961f-f119f5aad935   vtpm VTPM_example
+
+#
+
+    </pre>
+
+    <p>
+      A secret may also be defined via the
+      <a href="html/libvirt-libvirt-secret.html#virSecretDefineXML">
+       <code>virSecretDefineXML</code></a> API.
+
+      Once the secret is defined, a secret value will need to be set. The
+      secret would be the passphrase used to decrypt the vTPM state.
+      The following is a simple example of using
+      <code>virsh secret-set-value</code> to set the secret value. The
+      <a href="html/libvirt-libvirt-secret.html#virSecretSetValue">
+      <code>virSecretSetValue</code></a> API may also be used to set
+      a more secure secret without using printable/readable characters.
+    </p>
+
+    <pre>
+# MYSECRET=`printf %s "open sesame" | base64`
+# virsh secret-set-value 6dd3e4a5-1d76-44ce-961f-f119f5aad935 $MYSECRET
 Secret value set
 
     </pre>

docs/formatsnapshot.html.in

@@ -9,7 +9,9 @@
     <h2><a id="SnapshotAttributes">Snapshot XML</a></h2>
 
     <p>
-      There are several types of snapshots:
+      Snapshots are one form
+      of <a href="kbase/domainstatecapture.html">domain state
+      capture</a>.  There are several types of snapshots:
     </p>
     <dl>
       <dt>disk snapshot</dt>
@@ -91,7 +93,9 @@
       sets that snapshot as current, and the prior current snapshot is
       the parent of the new snapshot.  Branches in the hierarchy can
       be formed by reverting to a snapshot with a child, then creating
-      another snapshot.
+      another snapshot.  For now, the creation of external snapshots
+      when checkpoints exist is forbidden, although future work will
+      make it possible to integrate these two concepts.
     </p>
     <p>
       The top-level <code>domainsnapshot</code> element may contain
@@ -140,8 +144,8 @@
           <dd>This sub-element describes the snapshot properties of a
             specific disk.  The attribute <code>name</code> is
             mandatory, and must match either the <code>&lt;target
-            dev='name'/&gt;</code> or an unambiguous <code>&lt;source
-            file='name'/&gt;</code> of one of
+            dev='name'/&gt;</code> (recommended) or an unambiguous
+            <code>&lt;source file='name'/&gt;</code> of one of
             the <a href="formatdomain.html#elementsDisks">disk
             devices</a> specified for the domain at the time of the
             snapshot.  The attribute <code>snapshot</code> is
@@ -170,6 +174,12 @@
               snapshots, the original file name becomes the read-only
               snapshot, and the new file name contains the read-write
               delta of all disk changes since the snapshot.
+              <p/>
+              The <code>source</code> element also may contain the
+              <code>seclabel</code> element (described in the
+              <a href="formatdomain.html#seclabel">domain XML documentation</a>)
+              which can be used to override the domain security labeling policy
+              for <code>source</code>.
               </dd>
               <dt><code>driver</code></dt>
               <dd>An optional sub-element <code>driver</code>,
@@ -177,6 +187,7 @@
               as qcow2), of the new file created by the external
               snapshot of the new file.
               </dd>
+              <dt><code>seclabel</code></dt>
             </dl>
 
             <span class="since">Since 1.2.2</span> the <code>disk</code> element
@@ -216,11 +227,9 @@
         guest.
       </dd>
       <dt><code>parent</code></dt>
-      <dd>An optional readonly representation of the parent of this
-        snapshot.  If present, this element contains exactly one child
-        element, <code>name</code>.  This specifies the name of the
-        parent snapshot of this snapshot, and is used to represent
-        trees of snapshots.
+      <dd>Readonly, present only if this snapshot has a parent. The
+        parent name is given by the sub-element <code>name</code>. The
+        parent relationship allows tracking a tree of related snapshots.
       </dd>
       <dt><code>domain</code></dt>
       <dd>A readonly representation of the domain that this snapshot
@@ -255,10 +264,15 @@
 &lt;domainsnapshot&gt;
   &lt;description&gt;Snapshot of OS install and updates&lt;/description&gt;
   &lt;disks&gt;
-    &lt;disk name='/path/to/old'&gt;
+    &lt;disk name='vda'&gt;
       &lt;source file='/path/to/new'/&gt;
     &lt;/disk&gt;
     &lt;disk name='vdb' snapshot='no'/&gt;
+    &lt;disk name='vdc'&gt;
+      &lt;source file='/path/to/newc'&gt;
+        &lt;seclabel model='dac' relabel='no'/&gt;
+      &lt;/source&gt;
+    &lt;/disk&gt;
   &lt;/disks&gt;
 &lt;/domainsnapshot&gt;</pre>
 

docs/genaclperms.pl

@@ -22,7 +22,8 @@ use warnings;
 
 my @objects = (
     "CONNECT", "DOMAIN", "INTERFACE",
-    "NETWORK","NODE_DEVICE", "NWFILTER",
+    "NETWORK_PORT", "NETWORK", "NODE_DEVICE",
+    "NWFILTER_BINDING", "NWFILTER",
      "SECRET", "STORAGE_POOL", "STORAGE_VOL",
     );
 

docs/gitdm/aliases

@@ -0,0 +1,25 @@
+# Silly mistakes, mostly found in S-o-b or R-b tags.
+
+"jdenemar redhat com" jdenemar@redhat.com
+"pkrempa@redhat st.com" pkrempa@redhat.com
+jyang@redhat jyang@redhat.com
+wangjie88.huawei.com wangjie88@huawei.com
+
+# This is information that's already present in .mailmap, and having to
+# duplicate it is annoying. Unfortunately gitdm doesn't parse .mailmap
+# and the format is different, so we can't just point it to the file
+# either.
+
+cedric.bosdonnat@free.fr cbosdonnat@suse.com
+dan@berrange.com berrange@redhat.com
+fabiano@fidencio.org fidencio@redhat.com
+intrigeri+libvirt@boum.org intrigeri@boum.org
+jim@meyering.net meyering@redhat.com
+laine@laine.org laine@redhat.com
+redhat@adrb.pl adrian.brzezinski@eo.pl
+shilei.massclouds@gmx.com shi_lei@massclouds.com
+
+# This deviates from what's found in .mailmap, but it makes more sense as
+# far as gitdm is concerned since Jim was employed by Novell at the time.
+
+jfehlig@linux-ypgk.site jfehlig@novell.com

docs/gitdm/companies/canonical

@@ -0,0 +1,11 @@
+canonical.com
+
+# Having an @ubuntu.com email address doesn't necessarily imply you're
+# a Canonical employee; these people, however, seem to have been employed
+# by Canonical at the time they contributed to libvirt.
+
+jamie@ubuntu.com
+serge.hallyn@ubuntu.com
+smoser@ubuntu.com
+soren@ubuntu.com
+wgrant@ubuntu.com

docs/gitdm/companies/datto

@@ -0,0 +1,2 @@
+datto.com
+dattobackup.com

docs/gitdm/companies/dreamhost

@@ -0,0 +1,4 @@
+dreamhost.com
+dreamhost.net
+newdream.com
+newdream.net

docs/gitdm/companies/nec

@@ -0,0 +1,2 @@
+nec.co.jp
+nec.com

docs/gitdm/companies/others

@@ -0,0 +1,101 @@
+6wind.com 6WIND
+active.by ActiveCloud
+aero.org Aerospace
+akamai.com Akamai
+amd.com AMD
+anchor.net.au Anchor
+aristanetworks.com Arista Networks
+arpnetworks.com ARP Networks
+av-test.de AV-TEST
+b1-systems.de B1 Systems
+brightbox.co.uk Brightbox
+cisco.com Cisco
+citrix.com Citrix
+cloudwatt.com Cloudwatt
+codethink.co.uk Codethink
+cumulusnetworks.com Cumulus Networks
+dataductus.se Data Ductus
+datagravity.com DataGravity
+dell.com Dell
+diateam.net DIATEAM
+eldorado.org.br ELDORADO
+endocode.com Endocode
+eo.pl eo Networks
+ericsson.com Ericsson
+fb.com Facebook
+firewall-services.com Firewall-Services
+freescale.com Freescale
+fujitsu.com Fujitsu
+gluster.com Gluster
+gridcentric.ca Gridcentric
+h3c.com H3C
+hde.co.jp HDE
+hds.com Hitachi Data Systems
+hitachi.com Hitachi
+hoster-ok.com hoster-ok.com
+hp.com HP
+huawei.com Huawei
+ibm.com IBM
+inktank.com Inktank Storage
+intel.com Intel
+intellilink.co.jp NTT DATA INTELLILINK
+invisiblethingslab.com Invisible Things Lab
+jtan.com JTAN
+juniper.net Juniper Networks
+laposte.net La Poste
+le.com Le.com
+linaro.org Linaro
+linutronix.de Linutronix
+linux2go.dk Linux2Go
+liquidweb.com Liquid Web
+massclouds.com MassClouds
+designassembly.de Coffee-Break-Games
+mellanox.com Mellanox
+midokura.com Midokura
+mirantis.com Mirantis
+munzinger.de Munzinger Archiv
+netease.com NetEase
+netzquadrat.de [netzquadrat]
+nicira.com Nicira
+nimboxx.com NIMBOXX
+novell.com Novell
+ntt.co.jp NTT Group
+ohmu.fi OHMU
+open-minds.org OpenThink
+oracle.com Oracle
+os-t.de OpenSource Training
+otb.bg Open Technologies Bulgaria
+outscale.com OUTSCALE
+parallels.com Parallels
+petalogix.com PetaLogix
+quobyte.com Quobyte
+ravellosystems.com Ravello Systems
+samsung.com Samsung
+sde.cz SDE
+semihalf.com Semihalf
+siemens.com Siemens
+smartjog.com SmartJog
+solarflare.com Solarflare
+ssatr.ch Swiss Satellite Radio
+sun.com Sun Microsystems
+taobao.com Taobao
+tdf.fr TDF
+tencent.com Tencent
+transip.nl TransIP
+tresys.com Tresys
+uniudc.com Tsinghua Uniudc
+univention.de Univention
+veritas.com Veritas
+vhgroup.net VHGroup
+virtualopensystems.com Virtual Open Systems
+websense.com Websense
+wiktel.com Wikstrom Telephone Company
+windriver.com Wind River
+winhong.com Winhong
+xmission.com XMission
+xs4all.nl XS4ALL
+yadro.com YADRO
+yandex.ru Yandex
+yunify.com Yunify
+zstack.io ZStack
+zte.com.cn ZTE

docs/gitdm/companies/redhat

@@ -0,0 +1,6 @@
+redhat.com
+
+# These Red Hat employees used their personal email address when contributing
+# to libvirt and we don't have the corresponding @redhat.com address on file.
+
+lkundrak@v3.sk

docs/gitdm/companies/suse

@@ -0,0 +1,7 @@
+suse.com
+suse.de
+
+# These SUSE employees used their personal email address when contributing
+# to libvirt and we don't have the corresponding @suse.com address on file.
+
+olaf@aepfle.de

docs/gitdm/companies/virtuozzo

@@ -0,0 +1,2 @@
+openvz.org
+virtuozzo.com

docs/gitdm/groups/education

@@ -0,0 +1,17 @@
+byu.net
+csiro.au
+epita.fr
+hibikino.ne.jp
+infn.it
+inria.fr
+isi.edu
+nict.go.jp
+parisdescartes.fr
+telecom-bretagne.eu
+tu-berlin.de
+tu-dresden.de
+ucla.edu
+upc.edu
+utah.edu
+uvt.ro
+wide.ad.jp

docs/gitdm/groups/opensource

@@ -0,0 +1,12 @@
+alpinelinux.org
+debian.org
+fedoraproject.org
+fsf.org
+gentoo.org
+gnome.org
+gnu.org
+kernel.org
+linux.com
+openbsd.org
+salasaga.org
+samba.org

docs/gitdm/groups/unaffiliated

@@ -0,0 +1,83 @@
+# These are all domains you can get a personal email address from, so it's
+# fair to assume people using such addresses are contributing in their spare
+# time rather than on behalf of their respective employers.
+
+126.com
+gmail.com
+gmx.com
+googlemail.com
+hotmail.com
+mail.ru
+pobox.com
+riseup.net
+web.de
+yahoo.com
+
+# Same as the above, but for domains that don't generally allow random
+# people to sign up for an email address. In this case we list the email
+# addresses directly rather than just the domain, because we can't really
+# consider the domain itself one way or the other.
+
+adam@pandorasboxen.com
+agx@sigxcpu.org
+alexander.nusov@nfvexpress.com
+andres@lagarcavilla.org
+asad.saeed@acidseed.com
+atler@pld-linux.org
+benoar@dolka.fr
+beorn@binaries.fr
+bigon@bigon.be
+bugzilla.redhat.simon@arlott.org
+cardoe@cardoe.com
+charles@dyfis.net
+d.herrendoerfer@herrendoerfer.name
+dan@danny.cz
+debfx@fobos.de
+eike@sf-mail.de
+exo@tty.sk
+fritz@fritz-elfert.de
+gene@czarc.net
+gordon@dragonsdawn.net
+heathpetersen@kandre.com
+ibaldo@adinet.com.uy
+igor47@moomers.org
+infos@nafets.de
+intrigeri@boum.org
+james410@cowgill.org.uk
+james@shubin.ca
+jasper@humppa.nl
+jeremy@goop.org
+jk@ozlabs.org
+jwm@horde.net
+klaus@ethgen.de
+lacos@caesar.elte.hu
+lenaic@lhuard.fr.eu.org
+libvirt@dunquino.com
+lists@egidy.de
+marti@juffo.org
+max@rfc2324.org
+michael@ellerman.id.au
+mike@very.puzzling.org
+n0ano@n0ano.com
+neil@aldur.co.uk
+nobody@nowhere.ws
+peter@kieser.ca
+pieter@hollants.com
+raimue@codingfarm.de
+richard@nod.at
+rmy@tigress.co.uk
+ruben@rubenkerkhof.com
+rufo@rufoa.com
+slawek@kaplonski.pl
+soulxu@soulxu-thinkpad-t410.(none)
+stybla@turnovfree.net
+tai@rakugaki.org
+thomas@scripty.at
+v.tolstov@selfip.ru
+ville.skytta@iki.fi
+vincent@bernat.im
+wido@widodh.nl
+wiedi@frubar.net
+wongc-redhat@hoku.net
+xschen@tnsoft.com.cn
+yurchor@ukr.net

docs/hacking.html.in

@@ -826,6 +826,39 @@
   }
 </pre>
 
+    <h2><a id="conditions">Conditional expressions</a></h2>
+      <p>For readability reasons new code should avoid shortening comparisons
+        to 0 for numeric types. Boolean and pointer comparisions may be
+        shortened. All long forms are okay:
+      </p>
+<pre>
+   virFooPtr foos = NULL;
+   size nfoos = 0;
+   bool hasFoos = false;
+
+GOOD:
+    if (!foos)
+    if (!hasFoos)
+    if (nfoos == 0)
+    if (foos == NULL)
+    if (hasFoos == true)
+
+BAD:
+    if (!nfoos)
+    if (nfoos)
+</pre>
+      <p>New code should avoid the ternary operator as much as possible.
+        Specifically it must never span more than one line or nest:
+      </p>
+<pre>
+BAD:
+    char *foo = baz ?
+                virDoSomethingReallyComplex(driver, vm, something, baz->foo) :
+                NULL;
+
+    char *foo = bar ? bar->baz ? bar->baz->foo : "nobaz" : "nobar";
+</pre>
+
     <h2><a id="preprocessor">Preprocessor</a></h2>
 
     <p>Macros defined with an ALL_CAPS name should generally be
@@ -1284,6 +1317,34 @@
       does for snprintf.
     </p>
 
+    <h2><a id="errors">Error message format</a></h2>
+
+    <p>
+      Error messages visible to the user should be short and descriptive.  All
+      error messages are translated using gettext and thus must be wrapped in
+      <code>_()</code> macro.  To simplify the translation work, the error message
+      must not be concatenated from various parts.  To simplify searching for
+      the error message in the code the strings should not be broken even
+      if they result into a line longer than 80 columns and any formatting
+      modifier should be enclosed by quotes or other obvious separator.
+      If a string used with <code>%s</code> can be NULL the NULLSTR macro must
+      be used.
+    </p>
+
+<pre>
+  GOOD: virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("Failed to connect to remote host '%s'"), hostname)
+
+  BAD: virReportError(VIR_ERR_INTERNAL_ERROR,
+                      _("Failed to %s to remote host '%s'"),
+                      "connect", hostname);
+
+  BAD: virReportError(VIR_ERR_INTERNAL_ERROR,
+                      _("Failed to connect "
+                      "to remote host '%s'),
+                      hostname);
+</pre>
+
     <h2><a id="goto">Use of goto</a></h2>
 
     <p>

docs/hooks.html.in

@@ -91,10 +91,8 @@
   </network>
 &lt;/hookData&gt;</pre>
 
-    <p>In the case of an interface
-       being plugged/unplugged to/from the network, the network XML will be
-       followed with the full XML description of the domain containing the
-       interface that is being plugged/unplugged:</p>
+    <p>In the case of an network port being created / deleted, the network
+       XML will be followed with the full XML description of the port:</p>
 
 <pre>&lt;hookData&gt;
   &lt;network&gt;
@@ -102,11 +100,11 @@
      &lt;uuid&gt;afca425a-2c3a-420c-b2fb-dd7b4950d722&lt;/uuid&gt;
      ...
   &lt;/network&gt;
-  &lt;domain type='$domain_type' id='$domain_id'&gt;
-     &lt;name&gt;$domain_name&lt;/name&gt;
-     &lt;uuid&gt;afca425a-2c3a-420c-b2fb-dd7b4950d722&lt;/uuid&gt;
-     ...
-  &lt;/domain&gt;
+  &lt;networkport&gt;
+    &lt;uuid&gt;5d744f21-ba4a-4d6e-bdb2-30a35ff3207d&lt;/uuid&gt;
+    ...
+    &lt;plug type='direct' dev='ens3' mode='vepa'/&gt;
+  &lt;/networkport&gt;
 &lt;/hookData&gt;</pre>
 
     <p>Please note that this approach is different from other cases such as
@@ -296,15 +294,15 @@
           <pre>/etc/libvirt/hooks/network network_name stopped end -</pre></li>
       <li>Later, when network is started and there's an interface from a
         domain to be plugged into the network, the hook script is called as:<br/>
-          <pre>/etc/libvirt/hooks/network network_name plugged begin -</pre>
+          <pre>/etc/libvirt/hooks/network network_name port-created begin -</pre>
         Please note, that in this case, the script is passed both network and
-        domain XMLs on its stdin.</li>
+        port XMLs on its stdin.</li>
       <li>When network is updated, the hook script is called as:<br/>
           <pre>/etc/libvirt/hooks/network network_name updated begin -</pre></li>
       <li>When the domain from previous case is shutting down, the interface
         is unplugged. This leads to another script invocation:<br/>
-          <pre>/etc/libvirt/hooks/network network_name unplugged begin -</pre>
-        And again, as in previous case, both network and domain XMLs are passed
+          <pre>/etc/libvirt/hooks/network network_name port-deleted begin -</pre>
+        And again, as in previous case, both network and port XMLs are passed
         onto script's stdin.</li>
     </ul>
 

docs/hvsupport.pl

@@ -234,16 +234,22 @@ foreach my $src (@srcs) {
             }
 
         } else {
-            if ($line =~ m!\s*\.(\w+)\s*=\s*(\w+)\s*,?\s*(?:/\*\s*(\d+\.\d+\.\d+)\s*\*/\s*)?$!) {
+            if ($line =~ m!\s*\.(\w+)\s*=\s*(\w+)\s*,?\s*(?:/\*\s*(\d+\.\d+\.\d+)\s*(?:-\s*(\d+\.\d+\.\d+))?\s*\*/\s*)?$!) {
                 my $api = $1;
                 my $meth = $2;
                 my $vers = $3;
+                my $deleted = $4;
 
                 next if $api eq "no" || $api eq "name";
 
-                die "Method $meth in $src is missing version" unless defined $vers || $api eq "connectURIProbe";
+                if ($meth eq "NULL" && !defined $deleted) {
+                    die "Method impl for $api is NULL, but no deleted version is provided";
+                }
+                if ($meth ne "NULL" && defined $deleted) {
+                    die "Method impl for $api is non-NULL, but deleted version is provided";
+                }
 
-                die "Driver method for $api is NULL in $src" if $meth eq "NULL";
+                die "Method $meth in $src is missing version" unless defined $vers || $api eq "connectURIProbe";
 
                 if (!exists($groups{$ingrp}->{apis}->{$api})) {
                     next if $api =~ /\w(Open|Close|URIProbe)/;
@@ -251,12 +257,16 @@ foreach my $src (@srcs) {
                     die "Found unexpected method $api in $ingrp\n";
                 }
 
-                $groups{$ingrp}->{drivers}->{$impl}->{$api} = $vers;
+                $groups{$ingrp}->{drivers}->{$impl}->{$api} = {};
+                $groups{$ingrp}->{drivers}->{$impl}->{$api}->{vers} = $vers;
+                $groups{$ingrp}->{drivers}->{$impl}->{$api}->{deleted}  = $deleted;
                 if ($api eq "domainMigratePrepare" ||
                     $api eq "domainMigratePrepare2" ||
                     $api eq "domainMigratePrepare3") {
-                    $groups{$ingrp}->{drivers}->{$impl}->{"domainMigrate"} = $vers
-                        unless $groups{$ingrp}->{drivers}->{$impl}->{"domainMigrate"};
+                    if (!$groups{$ingrp}->{drivers}->{$impl}->{"domainMigrate"}) {
+                        $groups{$ingrp}->{drivers}->{$impl}->{"domainMigrate"} = {};
+                        $groups{$ingrp}->{drivers}->{$impl}->{"domainMigrate"}->{vers} = $vers;
+                    }
                 }
 
             } elsif ($line =~ /}/) {
@@ -280,7 +290,7 @@ $groups{virHypervisorDriver}->{apis}->{"domainMigrate"} = "virDomainMigrate";
 my $openAuthVers = (0 * 1000 * 1000) + (4 * 1000) + 0;
 
 foreach my $drv (keys %{$groups{"virHypervisorDriver"}->{drivers}}) {
-    my $openVersStr = $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpen"};
+    my $openVersStr = $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpen"}->{vers};
     my $openVers;
     if ($openVersStr =~ /(\d+)\.(\d+)\.(\d+)/) {
         $openVers = ($1 * 1000 * 1000) + ($2 * 1000) + $3;
@@ -290,14 +300,16 @@ foreach my $drv (keys %{$groups{"virHypervisorDriver"}->{drivers}}) {
     $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpenReadOnly"} =
         $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpen"};
 
+    $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpenAuth"} = {};
+
     # virConnectOpenAuth is always 0.4.0 if the driver existed
     # before this time, otherwise it matches the version of
     # the driver's virConnectOpen entry
     if ($openVersStr eq "Y" ||
         $openVers >= $openAuthVers) {
-        $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpenAuth"} = $openVersStr;
+        $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpenAuth"}->{vers} = $openVersStr;
     } else {
-        $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpenAuth"} = "0.4.0";
+        $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpenAuth"}->{vers} = "0.4.0";
     }
 }
 
@@ -309,21 +321,23 @@ $groups{virHypervisorDriver}->{apis}->{"domainCreateLinux"} = "virDomainCreateLi
 my $createAPIVers = (0 * 1000 * 1000) + (0 * 1000) + 3;
 
 foreach my $drv (keys %{$groups{"virHypervisorDriver"}->{drivers}}) {
-    my $createVersStr = $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"domainCreateXML"};
+    my $createVersStr = $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"domainCreateXML"}->{vers};
     next unless defined $createVersStr;
     my $createVers;
     if ($createVersStr =~ /(\d+)\.(\d+)\.(\d+)/) {
         $createVers = ($1 * 1000 * 1000) + ($2 * 1000) + $3;
     }
 
+    $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"domainCreateLinux"} = {};
+
     # virCreateLinux is always 0.0.3 if the driver existed
     # before this time, otherwise it matches the version of
     # the driver's virCreateXML entry
     if ($createVersStr eq "Y" ||
         $createVers >= $createAPIVers) {
-        $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"domainCreateLinux"} = $createVersStr;
+        $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"domainCreateLinux"}->{vers} = $createVersStr;
     } else {
-        $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"domainCreateLinux"} = "0.0.3";
+        $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"domainCreateLinux"}->{vers} = "0.0.3";
     }
 }
 
@@ -342,7 +356,9 @@ print <<EOF;
 <p>
 This page documents which <a href="html/">libvirt calls</a> work on
 which libvirt drivers / hypervisors, and which version the API appeared
-in.
+in. If a hypervisor driver later dropped support for the API, the version
+when it was removed is also mentioned (highlighted in
+<span class="removedhv">dark red</span>).
 </p>
 
 EOF
@@ -395,11 +411,16 @@ EOF
 EOF
 
         foreach my $drv (sort {$a cmp $b } keys %{$groups{$grp}->{drivers}}) {
+            print "<td>";
             if (exists $groups{$grp}->{drivers}->{$drv}->{$field}) {
-                print "<td>", $groups{$grp}->{drivers}->{$drv}->{$field}, "</td>\n";
-            } else {
-                print "<td></td>\n";
+                if ($groups{$grp}->{drivers}->{$drv}->{$field}->{vers}) {
+                    print $groups{$grp}->{drivers}->{$drv}->{$field}->{vers};
+                }
+                if ($groups{$grp}->{drivers}->{$drv}->{$field}->{deleted}) {
+                    print " - <span class=\"removedhv\">", $groups{$grp}->{drivers}->{$drv}->{$field}->{deleted}, "</span>";
+                }
             }
+            print "</td>\n";
         }
 
         print <<EOF;

docs/index.html.in

@@ -2,20 +2,9 @@
 <!DOCTYPE html>
 <html xmlns="http://www.w3.org/1999/xhtml">
   <head>
-    <script type="text/javascript" src="js/jquery-3.1.1.min.js"> </script>
-    <script type="text/javascript" src="js/moment.min.js"> </script>
-    <script type="text/javascript" src="js/jquery.rss.min.js"> </script>
-
     <script type="text/javascript">
       <!--
-      jQuery(function($) {
-        $("#planet").rss("http://planet.virt-tools.org/atom.xml", {
-          ssl: true,
-          layoutTemplate: '<dl>{entries}</dl>',
-          entryTemplate: '<dt><a href="{url}">{title}</a></dt><dd>by {author} on {date}</li>',
-          dateFormat: 'DD MMM YYYY'
-        })
-      })
+      window.addEventListener("load", function() { fetchRSS() });
       // -->
     </script>
   </head>
@@ -69,7 +58,8 @@
           <a href="formatstoragecaps.html">storage pool capabilities</a>,
           <a href="formatnode.html">node devices</a>,
           <a href="formatsecret.html">secrets</a>,
-          <a href="formatsnapshot.html">snapshots</a></dd>
+          <a href="formatsnapshot.html">snapshots</a>,
+          <a href="formatcheckpoint.html">checkpoints</a></dd>
         <dt><a href="http://wiki.libvirt.org">Wiki</a></dt>
         <dd>Read further community contributed content</dd>
       </dl>

docs/internals/rpc.html.in

@@ -539,13 +539,6 @@ C <--  |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo |  <-- S  (reply)
         be part of the underlying server.
       </dd>
 
-      <dt><code>virNetServerMDNSPtr</code> (virnetservermdns.h)</dt>
-      <dd>The virNetServerMDNS APIs are used to advertise a server
-        across the local network, enabling clients to automatically
-        detect the existence of remote services. This is done by
-        interfacing with the Avahi mDNS advertisement service.
-      </dd>
-
       <dt><code>virNetServerClientPtr</code> (virnetserverclient.h)</dt>
       <dd>The virNetServerClient APIs are used to manage I/O related
         to a single client network connection. It handles initial

docs/js/jquery.rss.min.js

@@ -1,11 +0,0 @@
-(function(d){var e=function(a,b,c,f){this.target=a;this.url=b;this.html=[];this.effectQueue=[];this.options=d.extend({ssl:!1,host:"www.feedrapp.info",limit:null,key:null,layoutTemplate:"<ul>{entries}</ul>",entryTemplate:'<li><a href="{url}">[{author}@{date}] {title}</a><br/>{shortBodyPlain}</li>',tokens:{},outputMode:"json",dateFormat:"dddd MMM Do",dateLocale:"en",effect:"show",offsetStart:!1,offsetEnd:!1,error:function(){console.log("jQuery RSS: url doesn't link to RSS-Feed")},onData:function(){},
-success:function(){}},c||{});this.options.ssl&&"www.feedrapp.info"===this.options.host&&(this.options.host="feedrapp.herokuapp.com");this.callback=f||this.options.success};e.htmlTags="doctype,html,head,title,base,link,meta,style,script,noscript,body,article,nav,aside,section,header,footer,h1-h6,hgroup,address,p,hr,pre,blockquote,ol,ul,li,dl,dt,dd,figure,figcaption,div,table,caption,thead,tbody,tfoot,tr,th,td,col,colgroup,form,fieldset,legend,label,input,button,select,datalist,optgroup,option,textarea,keygen,output,progress,meter,details,summary,command,menu,del,ins,img,iframe,embed,object,param,video,audio,source,canvas,track,map,area,a,em,strong,i,b,u,s,small,abbr,q,cite,dfn,sub,sup,time,code,kbd,samp,var,mark,bdi,bdo,ruby,rt,rp,span,br,wbr".split(",");
-e.prototype.load=function(a){var b="http"+(this.options.ssl?"s":"")+"://"+this.options.host+"?callback=?&q="+encodeURIComponent(this.url);this.options.offsetStart&&this.options.offsetEnd&&(this.options.limit=this.options.offsetEnd);null!==this.options.limit&&(b+="&num="+this.options.limit);null!==this.options.key&&(b+="&key="+this.options.key);d.getJSON(b,a)};e.prototype.render=function(){var a=this;this.load(function(b){try{a.feed=b.responseData.feed,a.entries=b.responseData.feed.entries}catch(c){return a.entries=
-[],a.feed=null,a.options.error.call(a)}b=a.generateHTMLForEntries();a.target.append(b.layout);if(0!==b.entries.length){d.isFunction(a.options.onData)&&a.options.onData.call(a);var f=d(b.layout).is("entries")?b.layout:d("entries",b.layout);a.appendEntriesAndApplyEffects(f,b.entries)}0<a.effectQueue.length?a.executeEffectQueue(a.callback):d.isFunction(a.callback)&&a.callback.call(a)})};e.prototype.appendEntriesAndApplyEffects=function(a,b){var c=this;d.each(b,function(b,e){var d=c.wrapContent(e);"show"===
-c.options.effect?a.before(d):(d.css({display:"none"}),a.before(d),c.applyEffect(d,c.options.effect))});a.remove()};e.prototype.generateHTMLForEntries=function(){var a=this,b={entries:[],layout:null};d(this.entries).each(function(){var c=a.options.offsetStart,f=a.options.offsetEnd;c&&f?index>=c&&index<=f&&a.isRelevant(this,b.entries)&&(c=a.evaluateStringForEntry(a.options.entryTemplate,this),b.entries.push(c)):a.isRelevant(this,b.entries)&&(c=a.evaluateStringForEntry(a.options.entryTemplate,this),
-b.entries.push(c))});b.layout=this.options.entryTemplate?this.wrapContent(this.options.layoutTemplate.replace("{entries}","<entries></entries>")):this.wrapContent("<div><entries></entries></div>");return b};e.prototype.wrapContent=function(a){return 0!==d.trim(a).indexOf("<")?d("<div>"+a+"</div>"):d(a)};e.prototype.applyEffect=function(a,b,c){switch(b){case "slide":a.slideDown("slow",c);break;case "slideFast":a.slideDown(c);break;case "slideSynced":this.effectQueue.push({element:a,effect:"slide"});
-break;case "slideFastSynced":this.effectQueue.push({element:a,effect:"slideFast"})}};e.prototype.executeEffectQueue=function(a){var b=this;this.effectQueue.reverse();var c=function(){var f=b.effectQueue.pop();f?b.applyEffect(f.element,f.effect,c):a&&a()};c()};e.prototype.evaluateStringForEntry=function(a,b){var c=a,f=this;d(a.match(/(\{.*?\})/g)).each(function(){var a=this.toString();c=c.replace(a,f.getValueForToken(a,b))});return c};e.prototype.isRelevant=function(a,b){var c=this.getTokenMap(a);
-return this.options.filter?this.options.filterLimit&&this.options.filterLimit===b.length?!1:this.options.filter(a,c):!0};e.prototype.getFormattedDate=function(a){if(this.options.dateFormatFunction)return this.options.dateFormatFunction(a);return"undefined"!==typeof moment?(a=moment(new Date(a)),a=a.locale?a.locale(this.options.dateLocale):a.lang(this.options.dateLocale),a.format(this.options.dateFormat)):a};e.prototype.getTokenMap=function(a){if(!this.feedTokens){var b=JSON.parse(JSON.stringify(this.feed));
-delete b.entries;this.feedTokens=b}return d.extend({feed:this.feedTokens,url:a.link,author:a.author,date:this.getFormattedDate(a.publishedDate),title:a.title,body:a.content,shortBody:a.contentSnippet,bodyPlain:function(a){for(var a=a.content.replace(/<script[\\r\\\s\S]*<\/script>/mgi,"").replace(/<\/?[^>]+>/gi,""),b=0;b<e.htmlTags.length;b++)a=a.replace(RegExp("<"+e.htmlTags[b],"gi"),"");return a}(a),shortBodyPlain:a.contentSnippet.replace(/<\/?[^>]+>/gi,""),index:d.inArray(a,this.entries),totalEntries:this.entries.length,
-teaserImage:function(a){try{return a.content.match(/(<img.*?>)/gi)[0]}catch(b){return""}}(a),teaserImageUrl:function(a){try{return a.content.match(/(<img.*?>)/gi)[0].match(/src="(.*?)"/)[1]}catch(b){return""}}(a)},this.options.tokens)};e.prototype.getValueForToken=function(a,b){var c=this.getTokenMap(b),d=a.replace(/[\{\}]/g,""),d=c[d];if("undefined"!==typeof d)return"function"===typeof d?d(b,c):d;throw Error("Unknown token: "+a+", url:"+this.url);};d.fn.rss=function(a,b,c){(new e(this,a,b,c)).render();
-return this}})(jQuery);

docs/js/main.js

@@ -0,0 +1,141 @@
+"use strict";
+
+function pageload() {
+    window.addEventListener("scroll", function(e){
+        var distanceY = window.pageYOffset || document.documentElement.scrollTop;
+        var shrinkOn = 94;
+        var home = document.getElementById("home");
+        var links = document.getElementById("jumplinks");
+        var search = document.getElementById("search");
+        var body = document.getElementById("body");
+        if (distanceY > shrinkOn) {
+            if (home.className != "navhide") {
+                body.className = "navhide";
+                home.className = "navhide";
+                links.className = "navhide";
+                search.className = "navhide";
+            }
+        } else {
+            if (home.className == "navhide") {
+                body.className = "";
+                home.className = "";
+                links.className = "";
+                search.className = "";
+            }
+        }
+    });
+
+    /* Setting this class makes the advanced search options visible */
+    var advancedSearch = document.getElementById("advancedsearch");
+    advancedSearch.className = "advancedsearch";
+
+    var simpleSearch = document.getElementById("simplesearch");
+    simpleSearch.addEventListener("submit", advancedsearch);
+}
+
+function advancedsearch(e) {
+    e.preventDefault();
+    e.stopPropagation();
+
+    var form = document.createElement("form");
+    form.setAttribute("method", "get");
+
+    var newq = document.createElement("input");
+    newq.setAttribute("type", "hidden");
+    form.appendChild(newq);
+
+    var q = document.getElementById("searchq");
+    var whats = document.getElementsByName("what");
+    var what = "website";
+    for (var i = 0; i < whats.length; i++) {
+        if (whats[i].checked) {
+            what = whats[i].value;
+            break;
+        }
+    }
+
+    if (what == "website") {
+        form.setAttribute("action", "https://google.com/search");
+        newq.setAttribute("name", "q");
+        newq.value = "site:libvirt.org " + q.value;
+    } else if (what == "wiki") {
+        form.setAttribute("action", "https://wiki.libvirt.org/index.php");
+        newq.setAttribute("name", "search");
+        newq.value = q.value;
+    } else if (what == "devs") {
+        form.setAttribute("action", "https://google.com/search");
+        newq.setAttribute("name", "q");
+        newq.value = "site:redhat.com/archives/libvir-list " + q.value;
+    } else if (what == "users") {
+        form.setAttribute("action", "https://google.com/search");
+        newq.setAttribute("name", "q");
+        newq.value = "site:redhat.com/archives/libvirt-users " + q.value;
+    }
+
+    document.body.appendChild(form);
+    form.submit();
+
+    return false;
+}
+
+function fetchRSS() {
+    if (document.location.protocol == "file:")
+        return;
+
+    var planet = document.getElementById("planet");
+    if (planet === null)
+        return;
+
+    var req = new XMLHttpRequest();
+    req.open("GET", "https://planet.virt-tools.org/atom.xml");
+    req.setRequestHeader("Accept", "application/atom+xml, text/xml");
+    req.onerror = function(e) {
+        if (this.statusText != "")
+            console.error(this);
+    };
+    req.onload = function(e) {
+        if (this.readyState !== 4)
+            return;
+
+        if (this.status != 200) {
+            console.error(this.statusText);
+            return;
+        }
+
+        if (this.responseXML === null) {
+            console.error("Atom response is not an XML");
+            return;
+        }
+
+        var dl = document.createElement("dl");
+        var dateOpts = { day: "numeric", month: "short", year: "numeric"};
+
+        var entries = this.responseXML.querySelectorAll("feed > entry:not(:nth-of-type(1n+5))");
+
+        entries.forEach(function(e) {
+            var name = e.querySelector("author > name").textContent;
+            var title = e.querySelector("title").textContent;
+            var updated = e.querySelector("updated").textContent;
+            var link = e.querySelector("link").attributes.href.textContent;
+
+            var a = document.createElement("a");
+            a.href = link;
+            a.innerText = title;
+
+            var dt = document.createElement("dt");
+            dt.appendChild(a);
+            dl.appendChild(dt);
+
+            var date = new Date(updated);
+            date = date.toLocaleDateString("default", dateOpts);
+
+            var dd = document.createElement("dd");
+            dd.innerText = ` by ${name} on ${date}`;
+
+            dl.appendChild(dd);
+        });
+
+        planet.appendChild(dl);
+    };
+    req.send();
+}

docs/kbase.html.in

@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body class="docs">
+    <h2>Knowledge base</h2>
+
+    <div class="panel">
+      <dl>
+        <dt><a href="kbase/locking.html">Disk locking</a></dt>
+        <dd>Ensuring exclusive guest access to disks with
+          <a href="kbase/locking-lockd.html">virtlockd</a> or
+          <a href="kbase/locking-sanlock.html">Sanlock</a></dd>
+
+        <dt><a href="kbase/secureusage.html">Secure usage</a></dt>
+        <dd>Secure usage of the libvirt APIs</dd>
+
+        <dt><a href="kbase/launch_security_sev.html">Launch security</a></dt>
+        <dd>Securely launching VMs with AMD SEV</dd>
+
+        <dt><a href="kbase/domainstatecapture.html">Domain state
+            capture</a></dt>
+        <dd>Comparison between different methods of capturing domain
+          state</dd>
+      </dl>
+    </div>
+
+    <br class="clear"/>
+
+  </body>
+</html>

docs/kbase/domainstatecapture.html.in

@@ -0,0 +1,303 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+
+    <h1>Domain state capture using Libvirt</h1>
+
+    <ul id="toc"></ul>
+
+    <p>
+      In order to aid application developers to choose which
+      operations best suit their needs, this page compares the
+      different means for capturing state related to a domain managed
+      by libvirt.
+    </p>
+
+    <p>
+      The information here is primarily geared towards capturing the
+      state of an active domain. Capturing the state of an inactive
+      domain essentially amounts to copying the contents of guest
+      disks, followed by a fresh boot of the same domain configuration
+      with disks restored back to that saved state.
+    </p>
+
+    <h2><a id="definitions">State capture trade-offs</a></h2>
+
+    <p>One of the features made possible with virtual machines is live
+      migration -- transferring all state related to the guest from
+      one host to another with minimal interruption to the guest's
+      activity. In this case, state includes domain memory (including
+      register and device contents), and domain storage (whether the
+      guest's view of the disks are backed by local storage on the
+      host, or by the hypervisor accessing shared storage over a
+      network).  A clever observer will then note that if all state is
+      available for live migration, then there is nothing stopping a
+      user from saving some or all of that state at a given point of
+      time in order to be able to later rewind guest execution back to
+      the state it previously had. The astute reader will also realize
+      that state capture at any level requires that the data must be
+      stored and managed by some mechanism. This processing might fit
+      in a single file, or more likely require a chain of related
+      files, and may require synchronization with third-party tools
+      built around managing the amount of data resulting from
+      capturing the state of multiple guests that each use multiple
+      disks.
+    </p>
+
+    <p>
+      There are several libvirt APIs associated with capturing the
+      state of a guest, which can later be used to rewind that guest
+      to the conditions it was in earlier.  The following is a list of
+      trade-offs and differences between the various facets that
+      affect capturing domain state for active domains:
+    </p>
+
+    <dl>
+      <dt>Duration</dt>
+      <dd>Capturing state can be a lengthy process, so while the
+        captured state ideally represents an atomic point in time
+        corresponding to something the guest was actually executing,
+        capturing state tends to focus on minimizing guest downtime
+        while performing the rest of the state capture in parallel
+        with guest execution.  Some interfaces require up-front
+        preparation (the state captured is not complete until the API
+        ends, which may be some time after the command was first
+        started), while other interfaces track the state when the
+        command was first issued, regardless of the time spent in
+        capturing the rest of the state.  Also, time spent in state
+        capture may be longer than the time required for live
+        migration, when state must be duplicated rather than shared.
+      </dd>
+
+      <dt>Amount of state</dt>
+      <dd>For an online guest, there is a choice between capturing the
+        guest's memory (all that is needed during live migration when
+        the storage is already shared between source and destination),
+        the guest's disk state (all that is needed if there are no
+        pending guest I/O transactions that would be lost without the
+        corresponding memory state), or both together.  Reverting to
+        partial state may still be viable, but typically, booting from
+        captured disk state without corresponding memory is comparable
+        to rebooting a machine that had power cut before I/O could be
+        flushed. Guests may need to use proper journaling methods to
+        avoid problems when booting from partial state.
+      </dd>
+
+      <dt>Quiescing of data</dt>
+      <dd>Even if a guest has no pending I/O, capturing disk state may
+        catch the guest at a time when the contents of the disk are
+        inconsistent. Cooperating with the guest to perform data
+        quiescing is an optional step to ensure that captured disk
+        state is fully consistent without requiring additional memory
+        state, rather than just crash-consistent.  But guest
+        cooperation may also have time constraints, where the guest
+        can rightfully panic if there is too much downtime while I/O
+        is frozen.
+      </dd>
+
+      <dt>Quantity of files</dt>
+      <dd>When capturing state, some approaches store all state within
+        the same file (internal), while others expand a chain of
+        related files that must be used together (external), for more
+        files that a management application must track.
+      </dd>
+
+      <dt>Impact to guest definition</dt>
+      <dd>Capturing state may require temporary changes to the guest
+        definition, such as associating new files into the domain
+        definition. While state capture should never impact the
+        running guest, a change to the domain's active XML may have
+        impact on other host operations being performed on the domain.
+      </dd>
+
+      <dt>Third-party integration</dt>
+      <dd>When capturing state, there are tradeoffs to how much of the
+        process must be done directly by the hypervisor, and how much
+        can be off-loaded to third-party software.  Since capturing
+        state is not instantaneous, it is essential that any
+        third-party integration see consistent data even if the
+        running guest continues to modify that data after the point in
+        time of the capture.</dd>
+
+      <dt>Full vs. incremental</dt>
+      <dd>When periodically repeating the action of state capture, it
+        is useful to minimize the amount of state that must be
+        captured by exploiting the relation to a previous capture,
+        such as focusing only on the portions of the disk that the
+        guest has modified in the meantime.  Some approaches are able
+        to take advantage of checkpoints to provide an incremental
+        backup, while others are only capable of a full backup even if
+        that means re-capturing unchanged portions of the disk.</dd>
+
+      <dt>Local vs. remote</dt>
+      <dd>Domains that completely use remote storage may only need
+        some mechanism to keep track of guest memory state while using
+        external means to manage storage. Still, hypervisor and guest
+        cooperation to ensure points in time when no I/O is in flight
+        across the network can be important for properly capturing
+        disk state.</dd>
+
+      <dt>Network latency</dt>
+      <dd>Whether it's domain storage or saving domain state into
+        remote storage, network latency has an impact on snapshot
+        data. Having dedicated network capacity, bandwidth, or quality
+        of service levels may play a role, as well as planning for how
+        much of the backup process needs to be local.</dd>
+    </dl>
+
+    <p>
+      An example of the various facets in action is migration of a
+      running guest. In order for the guest to be able to resume on
+      the destination at the same place it left off at the source, the
+      hypervisor has to get to a point where execution on the source
+      is stopped, the last remaining changes occurring since the
+      migration started are then transferred, and the guest is started
+      on the target. The management software thus must keep track of
+      the starting point and any changes since the starting
+      point. These last changes are often referred to as dirty page
+      tracking or dirty disk block bitmaps. At some point in time
+      during the migration, the management software must freeze the
+      source guest, transfer the dirty data, and then start the guest
+      on the target. This period of time must be minimal. To minimize
+      overall migration time, one is advised to use a dedicated
+      network connection with a high quality of service. Alternatively
+      saving the current state of the running guest can just be a
+      point in time type operation which doesn't require updating the
+      "last vestiges" of state prior to writing out the saved state
+      file. The state file is the point in time of whatever is current
+      and may contain incomplete data which if used to restart the
+      guest could cause confusion or problems because some operation
+      wasn't completed depending upon where in time the operation was
+      commenced.
+    </p>
+
+    <h2><a id="apis">State capture APIs</a></h2>
+    <p>With those definitions, the following libvirt APIs related to
+      state capture have these properties:</p>
+    <dl>
+      <dt><a href="html/libvirt-libvirt-domain.html#virDomainManagedSave"><code>virDomainManagedSave</code></a></dt>
+      <dd>This API saves guest memory, with libvirt managing all of
+        the saved state, then stops the guest. While stopped, the
+        disks can be copied by a third party.  However, since any
+        subsequent restart of the guest by libvirt API will restore
+        the memory state (which typically only works if the disk state
+        is unchanged in the meantime), and since it is not possible to
+        get at the memory state that libvirt is managing, this is not
+        viable as a means for rolling back to earlier saved states,
+        but is rather more suited to situations such as suspending a
+        guest prior to rebooting the host in order to resume the guest
+        when the host is back up. This API also has a drawback of
+        potentially long guest downtime, and therefore does not lend
+        itself well to live backups.</dd>
+
+      <dt><a href="html/libvirt-libvirt-domain.html#virDomainSave"><code>virDomainSave</code></a></dt>
+      <dd>This API is similar to virDomainManagedSave(), but moves the
+        burden on managing the stored memory state to the user. As
+        such, the user can now couple saved state with copies of the
+        disks to perform a revert to an arbitrary earlier saved state.
+        However, changing who manages the memory state does not change
+        the drawback of potentially long guest downtime when capturing
+        state.</dd>
+
+      <dt><a href="html/libvirt-libvirt-domain-snapshot.html#virDomainSnapshotCreateXML"><code>virDomainSnapshotCreateXML</code></a></dt>
+      <dd>This API wraps several approaches for capturing guest state,
+        with a general premise of creating a snapshot (where the
+        current guest resources are frozen in time and a new wrapper
+        layer is opened for tracking subsequent guest changes).  It
+        can operate on both offline and running guests, can choose
+        whether to capture the state of memory, disk, or both when
+        used on a running guest, and can choose between internal and
+        external storage for captured state.  However, it is geared
+        towards post-event captures (when capturing both memory and
+        disk state, the disk state is not captured until all memory
+        state has been collected first).  Using QEMU as the
+        hypervisor, internal snapshots currently have lengthy downtime
+        that is incompatible with freezing guest I/O, but external
+        snapshots are quick when memory contents are not also saved.
+        Since creating an external snapshot changes which disk image
+        resource is in use by the guest, this API can be coupled
+        with <a href="html/libvirt-libvirt-domain.html#virDomainBlockCommit"><code>virDomainBlockCommit()</code></a>
+        to restore things back to the guest using its original disk
+        image, where a third-party tool can read the backing file
+        prior to the live commit.  See also
+        the <a href="formatsnapshot.html">XML details</a> used with
+        this command.</dd>
+
+      <dt><a href="html/libvirt-libvirt-domain.html#virDomainFSFreeze"><code>virDomainFSFreeze</code></a>, <a href="html/libvirt-libvirt-domain.html#virDomainFSThaw"><code>virDomainFSThaw</code></a></dt>
+      <dd>This pair of APIs does not directly capture guest state, but
+        can be used to coordinate with a trusted live guest that state
+        capture is about to happen, and therefore guest I/O should be
+        quiesced so that the state capture is fully consistent, rather
+        than merely crash consistent.  Some APIs are able to
+        automatically perform a freeze and thaw via a flags parameter,
+        rather than having to make separate calls to these
+        functions. Also, note that freezing guest I/O is only possible
+        with trusted guests running a guest agent, and that some
+        guests place maximum time limits on how long I/O can be
+        frozen.</dd>
+
+      <dt><a href="html/libvirt-libvirt-domain-checkpoint.html#virDomainCheckpointCreateXML"><code>virDomainCheckpointCreateXML</code></a></dt>
+      <dd>This API does not actually capture guest state, rather it
+        makes it possible to track which portions of guest disks have
+        changed between a checkpoint and the current live execution of
+        the guest.  However, while it is possible use this API to
+        create checkpoints in isolation, it is more typical to create
+        a checkpoint as a side-effect of starting a new incremental
+        backup with <code>virDomainBackupBegin()</code> or at the
+        creation of an external snapshot
+        with <code>virDomainSnapshotCreateXML2()</code>, since a
+        second incremental backup is most useful when using the
+        checkpoint created during the first.  See also
+        the <a href="formatcheckpoint.html">XML details</a> used with
+        this command.</dd>
+
+      <dt><a href="html/libvirt-libvirt-domain.html#virDomainBackupBegin"><code>virDomainBackupBegin</code></a>, <a href="html/libvirt-libvirt-domain.html#virDomainBackupEnd"><code>virDomainBackupEnd</code></a></dt>
+      <dd>This API wraps approaches for capturing the state of disks
+        of a running guest, but does not track accompanying guest
+        memory state.  The capture is consistent to the start of the
+        operation, where the captured state is stored independently
+        from the disk image in use with the guest and where it can be
+        easily integrated with a third-party for capturing the disk
+        state.  Since the backup operation is stored externally from
+        the guest resources, there is no need to commit data back in
+        at the completion of the operation.  When coupled with
+        checkpoints, this can be used to capture incremental backups
+        instead of full.</dd>
+    </dl>
+
+    <h2><a id="examples">Examples</a></h2>
+    <p>The following two sequences both accomplish the task of
+      capturing the disk state of a running guest, then wrapping
+      things up so that the guest is still running with the same file
+      as its disk image as before the sequence of operations began.
+      The difference between the two sequences boils down to the
+      impact of an unexpected interruption made at any point in the
+      middle of the sequence: with such an interruption, the first
+      example leaves the guest tied to a temporary wrapper file rather
+      than the original disk, and requires manual clean up of the
+      domain definition; while the second example has no impact to the
+      domain definition.</p>
+
+    <p>1. Backup via temporary snapshot
+      <pre>
+virDomainFSFreeze()
+virDomainSnapshotCreateXML(VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY)
+virDomainFSThaw()
+third-party copy the backing file to backup storage # most time spent here
+virDomainBlockCommit(VIR_DOMAIN_BLOCK_COMMIT_ACTIVE) per disk
+wait for commit ready event per disk
+virDomainBlockJobAbort() per disk
+      </pre></p>
+
+    <p>2. Direct backup
+      <pre>
+virDomainFSFreeze()
+virDomainBackupBegin()
+virDomainFSThaw()
+wait for push mode event, or pull data over NBD # most time spent here
+virDomainBackupEnd()
+    </pre></p>
+
+  </body>
+</html>

docs/kbase/launch_security_sev.html.in

@@ -0,0 +1,521 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+    <h1>Launch security with AMD SEV</h1>
+
+    <ul id="toc"></ul>
+
+    <p>
+        Storage encryption in modern public cloud computing is a common practice.
+        However, from the point of view of a user of these cloud workloads, a
+        significant amount of trust needs to be put in the cloud platform security as
+        well as integrity (was the hypervisor tampered?). For this reason there's ever
+        rising demand for securing data in use, i.e. memory encryption.
+        One of the solutions addressing this matter is AMD SEV.
+    </p>
+
+    <h2>AMD SEV</h2>
+    <p>
+        SEV (Secure Encrypted Virtualization) is a feature extension of AMD's SME (Secure
+        Memory Encryption) intended for KVM virtual machines which is supported
+        primarily on AMD's EPYC CPU line. In contrast to SME, SEV uses a unique memory encryption
+        key for each VM. The whole encryption of memory pages is completely transparent
+        to the hypervisor and happens inside dedicated hardware in the on-die memory controller.
+        Each controller includes a high-performance Advanced Encryption Standard
+        (AES) engine that encrypts data when it is written to DRAM and decrypts it
+        when read.
+
+        For more details about the technology itself, you can visit
+      <a href="https://developer.amd.com/sev/">AMD's developer portal</a>.
+    </p>
+
+    <h2><a id="Host">Enabling SEV on the host</a></h2>
+      <p>
+          Before VMs can make use of the SEV feature you need to make sure your
+          AMD CPU does support SEV. You can check whether SEV is among the CPU
+          flags with:
+      </p>
+
+      <pre>
+$ cat /proc/cpuinfo | grep sev
+...
+sme ssbd sev ibpb</pre>
+
+      <p>
+          Next step is to enable SEV in the kernel, because it is disabled by default.
+          This is done by putting the following onto the kernel command line:
+      </p>
+
+      <pre>
+mem_encrypt=on kvm_amd.sev=1
+      </pre>
+
+      <p>
+          To make the changes persistent, append the above to the variable holding
+          parameters of the kernel command line in
+          <code>/etc/default/grub</code> to preserve SEV settings across reboots
+      </p>
+
+      <pre>
+$ cat /etc/default/grub
+...
+GRUB_CMDLINE_LINUX="... mem_encrypt=on kvm_amd.sev=1"
+$ grub2-mkconfig -o /boot/efi/EFI/&lt;distro&gt;/grub.cfg</pre>
+
+      <p>
+        <code>mem_encrypt=on</code> turns on the SME memory encryption feature on
+        the host which protects against the physical attack on the hypervisor
+        memory. The <code>kvm_amd.sev</code> parameter actually enables SEV in
+        the kvm module. It can be set on the command line alongside
+        <code>mem_encrypt</code> like shown above, or it can be put into a
+        module config under <code>/etc/modprobe.d/</code>
+      </p>
+
+      <pre>
+$ cat /etc/modprobe.d/sev.conf
+options kvm_amd sev=1
+      </pre>
+
+      <p>
+          After rebooting the host, you should see SEV being enabled in the kernel:
+      </p>
+
+      <pre>
+$ cat /sys/module/kvm_amd/parameters/sev
+1
+      </pre>
+
+      <h2><a id="Virt">Checking SEV support in the virt stack</a></h2>
+      <p>
+        <b>Note: All of the commands bellow need to be run with root privileges.</b>
+      </p>
+
+      <p>
+          First make sure you have the following packages in the specified versions:
+      </p>
+
+      <ul>
+        <li>
+            libvirt >= 4.5.0 (>5.1.0 recommended due to additional SEV bugfixes)
+        </li>
+        <li>
+            QEMU >= 2.12.0
+        </li>
+      </ul>
+      <p>
+          To confirm that the virtualization stack supports SEV, run the following:
+      </p>
+
+      <pre>
+# virsh domcapabilities
+&lt;domainCapabilities&gt;
+...
+  &lt;features&gt;
+    ...
+    &lt;sev supported='yes'&gt;
+      &lt;cbitpos&gt;47&lt;/cbitpos&gt;
+      &lt;reducedPhysBits&gt;1&lt;/reducedPhysBits&gt;
+    &lt;/sev&gt;
+    ...
+  &lt;/features&gt;
+&lt;/domainCapabilities&gt;</pre>
+      <p>
+          Note that if libvirt was already installed and libvirtd running before enabling SEV in the kernel followed by the host reboot you need to force libvirtd
+          to re-probe both the host and QEMU capabilities. First stop libvirtd:
+      </p>
+
+      <pre>
+# systemctl stop libvirtd.service
+      </pre>
+
+      <p>
+          Now you need to clean the capabilities cache:
+      </p>
+
+      <pre>
+# rm -f /var/cache/libvirt/qemu/capabilities/*
+      </pre>
+
+      <p>
+          If you now restart libvirtd, it will re-probe the capabilities and if
+          you now run:
+      </p>
+
+      <pre>
+# virsh domcapabilities
+      </pre>
+
+      <p>
+          SEV should be listed as supported. If you still see:
+      </p>
+
+      <pre>
+&lt;sev supported='no'/&gt;
+      </pre>
+
+      <p>
+          it means one of two things:
+        <ol>
+          <li>
+              libvirt does support SEV, but either QEMU or the host does not
+          </li>
+          <li>
+            you have libvirt &lt;=5.1.0 which suffered from getting a
+            <code>'Permission denied'</code> on <code>/dev/sev</code> because
+            of the default permissions on the character device which prevented
+            QEMU from opening it during capabilities probing - you can either
+            manually tweak the permissions so that QEMU has access to it or
+            preferably install libvirt 5.1.0 or higher
+          </li>
+        </ol>
+      </p>
+
+    <h2><a id="Configuration">VM Configuration</a></h2>
+    <p>
+        SEV is enabled in the XML by specifying the
+      <a href="https://libvirt.org/formatdomain.html#launchSecurity">&lt;launchSecurity&gt; </a> element. However, specifying <code>launchSecurity</code> isn't
+        enough to boot an SEV VM. Further configuration requirements are discussed
+          below.
+      </p>
+
+      <h3><a id="Machine">Machine type</a></h3>
+      <p>
+          Even though both Q35 and legacy PC machine types (for PC see also
+          "virtio") can be used with SEV, usage of the legacy PC machine type is
+          strongly discouraged, since depending on how your OVMF package was
+          built (e.g. including features like SecureBoot or SMM) Q35 may even be
+          required.
+      </p>
+
+      <h5>Q35</h5>
+<pre>
+...
+&lt;os&gt;
+  &lt;type arch='x86_64' machine='pc-q35-3.0'&gt;hvm&lt;/type&gt;
+  ...
+&lt;/os&gt;
+...</pre>
+
+      <h5>i440fx (discouraged)</h5>
+      <pre>
+...
+&lt;os&gt;
+  &lt;type arch='x86_64' machine='pc-i440fx-3.0'&gt;hvm&lt;/type&gt;
+  ...
+&lt;/os&gt;
+...
+      </pre>
+
+      <h3><a id="Boot">Boot loader</a></h3>
+      <p>
+          SEV is only going to work with OVMF (UEFI), so you'll need to point libvirt to
+          the correct OVMF binary.
+      </p>
+      <pre>
+...
+&lt;os&gt;
+  &lt;type arch='x86_64' machine='pc-q35-3.0'&gt;hvm&lt;/type&gt;
+  &lt;loader readonly='yes' type='pflash'&gt;/usr/share/edk2/ovmf/OVMF_CODE.fd&lt;/loader&gt;
+&lt;/os&gt;
+...</pre>
+
+      <h3><a id="Memory">Memory</a></h3>
+      <p>
+          Internally, SEV expects that the encrypted memory pages won't be swapped out or move
+          around so the VM memory needs to be pinned in physical RAM which will be
+          handled by QEMU. Apart from that, certain memory regions allocated by QEMU
+          itself (UEFI pflash, device ROMs, video RAM, etc.) have to be encrypted as
+          well. This causes a conflict in how libvirt tries to protect the host.
+          By default, libvirt enforces a memory hard limit on each VM's cgroup in order
+          to protect the host from malicious QEMU to allocate and lock all the available
+          memory. This limit corresponds to the total memory allocation for the VM given
+          by <code>&lt;currentMemory&gt;</code> element. However, trying to account for the additional
+          memory regions QEMU allocates when calculating the limit in an automated manner
+          is non-deterministic. One way to resolve this is to set the hard limit manually.
+
+        <p>
+          Note: Figuring out the right number so that your guest boots and isn't killed is
+          challenging, but 256MiB extra memory over the total guest RAM should suffice for
+          most workloads and may serve as a good starting point.
+
+          For example, a domain with 4GB memory with a 256MiB extra hard limit would look
+          like this:
+        </p>
+      </p>
+
+      <pre>
+# virsh edit &lt;domain&gt;
+&lt;domain&gt;
+  ...
+  &lt;currentMemory unit='KiB'&gt;4194304&lt;/currentMemory&gt;
+  &lt;memtune&gt;
+    &lt;hard_limit unit='KiB'&gt;4456448&lt;/hard_limit&gt;
+  &lt;/memtune&gt;
+  ...
+&lt;/domain&gt;</pre>
+      <p>
+          There's another, preferred method of taking care of the limits by
+          using the<code>&lt;memoryBacking&gt;</code> element along with the
+          <code>&lt;locked/&gt;</code> subelement:
+        </p>
+
+      <pre>
+&lt;domain&gt;
+  ...
+  &lt;memoryBacking&gt;
+    &lt;locked/&gt;
+  &lt;/memoryBacking&gt;
+  ...
+&lt;/domain&gt;</pre>
+
+      <p>
+          What that does is that it tells libvirt not to force any hard limit (well,
+          unlimited) upon the VM cgroup. The obvious advantage is that one doesn't need
+          to determine the hard limit for every single SEV-enabled VM. However, there is
+          a significant security-related drawback to this approach. Since no hard limit
+          is applied, a malicious QEMU could perform a DoS attack by locking all of the
+          host's available memory. The way to avoid this issue and to protect the host is
+          to enforce a bigger hard limit on the master cgroup containing all of the VMs
+          - on systemd this is <code>machine.slice</code>.
+      </p>
+
+      <pre>
+# systemctl set-property machine.slice MemoryHigh=&lt;value&gt;</pre>
+
+      <p>
+          To put even stricter measures in place which would involve the OOM killer, use
+        <pre>
+# systemctl set-property machine.slice MemoryMax=&lt;value&gt;</pre>
+          instead. Alternatively, you can create a systemd config (don't forget
+          to reload systemd configuration in this case):
+        <pre>
+# cat &lt;&lt; EOF &gt; /etc/systemd/system.control/machine.slice.d/90-MemoryMax.conf
+MemoryMax=&lt;value&gt;
+EOF</pre>
+          The trade-off to keep in mind with the second approach is that the VMs
+          can still perform DoS on each other.
+      </p>
+
+      <h3><a id="Virtio">Virtio</a></h3>
+      <p>
+          In order to make virtio devices work, we need to enable emulated IOMMU
+          on the devices so that virtual DMA can work.
+      </p>
+
+      <pre>
+# virsh edit &lt;domain&gt;
+&lt;domain&gt;
+  ...
+  &lt;controller type='virtio-serial' index='0'&gt;
+    &lt;driver iommu='on'/&gt;
+  &lt;/controller&gt;
+  &lt;controller type='scsi' index='0' model='virtio-scsi'&gt;
+    &lt;driver iommu='on'/&gt;
+  &lt;/controller&gt;
+  ...
+  &lt;memballoon model='virtio'&gt;
+    &lt;driver iommu='on'/&gt;
+  &lt;/memballoon&gt;
+  &lt;rng model='virtio'&gt;
+    &lt;backend model='random'&gt;/dev/urandom&lt;/backend&gt;
+    &lt;driver iommu='on'/&gt;
+  &lt;/rng&gt;
+  ...
+&lt;domain&gt;</pre>
+
+    <p>
+        If you for some reason want to use the legacy PC machine type, further changes
+        to the virtio
+        configuration is required, because SEV will not work with Virtio &lt;1.0. In
+        libvirt, this is handled by using the virtio-non-transitional device model
+        (libvirt &gt;= 5.2.0 required).
+
+      <p>
+        Note: some devices like video devices don't
+          support non-transitional model, which means that virtio GPU cannot be used.
+      </p>
+    </p>
+
+    <pre>
+&lt;domain&gt;
+  ...
+  &lt;devices&gt;
+    ...
+    &lt;memballoon model='virtio-non-transitional'&gt;
+      &lt;driver iommu='on'/&gt;
+    &lt;/memballoon&gt;
+  &lt;/devices&gt;
+  ...
+&lt;/domain&gt;</pre>
+
+    <h2><a id="Limitations">Limitations</a></h2>
+    <p>
+        Currently, the boot disk cannot be of type virtio-blk, instead, virtio-scsi
+        needs to be used if virtio is desired. This limitation is expected to be lifted
+        with future releases of kernel (the kernel used at the time of writing the
+        article is 5.0.14).
+        If you still cannot start an SEV VM, it could be because of wrong SELinux label on the <code>/dev/sev</code> device with selinux-policy &lt;3.14.2.40 which prevents QEMU from touching the device. This can be resolved by upgrading the package, tuning the selinux policy rules manually to allow svirt_t to access the device (see <code>audit2allow</code> on how to do that) or putting SELinux into permissive mode (discouraged).
+    </p>
+
+    <h2><a id="Examples">Full domain XML examples</a></h2>
+
+    <h5>Q35 machine</h5>
+    <pre>
+&lt;domain type='kvm'&gt;
+  &lt;name&gt;sev-dummy&lt;/name&gt;
+  &lt;memory unit='KiB'&gt;4194304&lt;/memory&gt;
+  &lt;currentMemory unit='KiB'&gt;4194304&lt;/currentMemory&gt;
+  &lt;memoryBacking&gt;
+    &lt;locked/&gt;
+  &lt;/memoryBacking&gt;
+  &lt;vcpu placement='static'&gt;4&lt;/vcpu&gt;
+  &lt;os&gt;
+    &lt;type arch='x86_64' machine='pc-q35-3.0'&gt;hvm&lt;/type&gt;
+    &lt;loader readonly='yes' type='pflash'&gt;/usr/share/edk2/ovmf/OVMF_CODE.fd&lt;/loader&gt;
+    &lt;nvram&gt;/var/lib/libvirt/qemu/nvram/sev-dummy_VARS.fd&lt;/nvram&gt;
+  &lt;/os&gt;
+  &lt;features&gt;
+    &lt;acpi/&gt;
+    &lt;apic/&gt;
+    &lt;vmport state='off'/&gt;
+  &lt;/features&gt;
+  &lt;cpu mode='host-model' check='partial'&gt;
+    &lt;model fallback='allow'/&gt;
+  &lt;/cpu&gt;
+  &lt;clock offset='utc'&gt;
+    &lt;timer name='rtc' tickpolicy='catchup'/&gt;
+    &lt;timer name='pit' tickpolicy='delay'/&gt;
+    &lt;timer name='hpet' present='no'/&gt;
+  &lt;/clock&gt;
+  &lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;
+  &lt;on_reboot&gt;restart&lt;/on_reboot&gt;
+  &lt;on_crash&gt;destroy&lt;/on_crash&gt;
+  &lt;pm&gt;
+    &lt;suspend-to-mem enabled='no'/&gt;
+    &lt;suspend-to-disk enabled='no'/&gt;
+  &lt;/pm&gt;
+  &lt;devices&gt;
+    &lt;emulator&gt;/usr/bin/qemu-kvm&lt;/emulator&gt;
+    &lt;disk type='file' device='disk'&gt;
+      &lt;driver name='qemu' type='qcow2'/&gt;
+      &lt;source file='/var/lib/libvirt/images/sev-dummy.qcow2'/&gt;
+      &lt;target dev='sda' bus='scsi'/&gt;
+      &lt;boot order='1'/&gt;
+    &lt;/disk&gt;
+    &lt;controller type='virtio-serial' index='0'&gt;
+      &lt;driver iommu='on'/&gt;
+    &lt;/controller&gt;
+    &lt;controller type='scsi' index='0' model='virtio-scsi'&gt;
+      &lt;driver iommu='on'/&gt;
+    &lt;/controller&gt;
+    &lt;interface type='network'&gt;
+      &lt;mac address='52:54:00:cc:56:90'/&gt;
+      &lt;source network='default'/&gt;
+      &lt;model type='virtio'/&gt;
+      &lt;driver iommu='on'/&gt;
+    &lt;/interface&gt;
+    &lt;graphics type='spice' autoport='yes'&gt;
+      &lt;listen type='address'/&gt;
+      &lt;gl enable='no'/&gt;
+    &lt;/graphics&gt;
+    &lt;video&gt;
+      &lt;model type='qxl'/&gt;
+    &lt;/video&gt;
+    &lt;memballoon model='virtio'&gt;
+      &lt;driver iommu='on'/&gt;
+    &lt;/memballoon&gt;
+    &lt;rng model='virtio'&gt;
+      &lt;driver iommu='on'/&gt;
+    &lt;/rng&gt;
+  &lt;/devices&gt;
+  &lt;launchSecurity type='sev'&gt;
+    &lt;cbitpos&gt;47&lt;/cbitpos&gt;
+    &lt;reducedPhysBits&gt;1&lt;/reducedPhysBits&gt;
+    &lt;policy&gt;0x0003&lt;/policy&gt;
+  &lt;/launchSecurity&gt;
+&lt;/domain&gt;</pre>
+
+    <h5>PC-i440fx machine:</h5>
+    <pre>
+&lt;domain type='kvm'&gt;
+  &lt;name&gt;sev-dummy-legacy&lt;/name&gt;
+  &lt;memory unit='KiB'&gt;4194304&lt;/memory&gt;
+  &lt;currentMemory unit='KiB'&gt;4194304&lt;/currentMemory&gt;
+  &lt;memtune&gt;
+    &lt;hard_limit unit='KiB'&gt;5242880&lt;/hard_limit&gt;
+  &lt;/memtune&gt;
+  &lt;vcpu placement='static'&gt;4&lt;/vcpu&gt;
+  &lt;os&gt;
+    &lt;type arch='x86_64' machine='pc-i440fx-3.0'&gt;hvm&lt;/type&gt;
+    &lt;loader readonly='yes' type='pflash'&gt;/usr/share/edk2/ovmf/OVMF_CODE.fd&lt;/loader&gt;
+    &lt;nvram&gt;/var/lib/libvirt/qemu/nvram/sev-dummy_VARS.fd&lt;/nvram&gt;
+    &lt;boot dev='hd'/&gt;
+  &lt;/os&gt;
+  &lt;features&gt;
+  &lt;acpi/&gt;
+  &lt;apic/&gt;
+  &lt;vmport state='off'/&gt;
+  &lt;/features&gt;
+  &lt;cpu mode='host-model' check='partial'&gt;
+    &lt;model fallback='allow'/&gt;
+  &lt;/cpu&gt;
+  &lt;clock offset='utc'&gt;
+    &lt;timer name='rtc' tickpolicy='catchup'/&gt;
+    &lt;timer name='pit' tickpolicy='delay'/&gt;
+    &lt;timer name='hpet' present='no'/&gt;
+  &lt;/clock&gt;
+  &lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;
+  &lt;on_reboot&gt;restart&lt;/on_reboot&gt;
+  &lt;on_crash&gt;destroy&lt;/on_crash&gt;
+  &lt;pm&gt;
+    &lt;suspend-to-mem enabled='no'/&gt;
+    &lt;suspend-to-disk enabled='no'/&gt;
+  &lt;/pm&gt;
+  &lt;devices&gt;
+    &lt;emulator&gt;/usr/bin/qemu-kvm&lt;/emulator&gt;
+    &lt;disk type='file' device='disk'&gt;
+      &lt;driver name='qemu' type='qcow2'/&gt;
+      &lt;source file='/var/lib/libvirt/images/sev-dummy-seabios.qcow2'/&gt;
+      &lt;target dev='sda' bus='sata'/&gt;
+    &lt;/disk&gt;
+    &lt;interface type='network'&gt;
+      &lt;mac address='52:54:00:d8:96:c8'/&gt;
+      &lt;source network='default'/&gt;
+      &lt;model type='virtio-non-transitional'/&gt;
+    &lt;/interface&gt;
+    &lt;serial type='pty'&gt;
+      &lt;target type='isa-serial' port='0'&gt;
+        &lt;model name='isa-serial'/&gt;
+      &lt;/target&gt;
+    &lt;/serial&gt;
+    &lt;console type='pty'&gt;
+      &lt;target type='serial' port='0'/&gt;
+    &lt;/console&gt;
+    &lt;input type='tablet' bus='usb'&gt;
+      &lt;address type='usb' bus='0' port='1'/&gt;
+    &lt;/input&gt;
+    &lt;input type='mouse' bus='ps2'/&gt;
+    &lt;input type='keyboard' bus='ps2'/&gt;
+    &lt;graphics type='spice' autoport='yes'&gt;
+      &lt;listen type='address'/&gt;
+      &lt;gl enable='no'/&gt;
+    &lt;/graphics&gt;
+    &lt;video&gt;
+      &lt;model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/&gt;
+    &lt;/video&gt;
+    &lt;memballoon model='virtio-non-transitional'&gt;
+      &lt;driver iommu='on'/&gt;
+    &lt;/memballoon&gt;
+      &lt;rng model='virtio-non-transitional'&gt;
+    &lt;driver iommu='on'/&gt;
+    &lt;/rng&gt;
+  &lt;/devices&gt;
+  &lt;launchSecurity type='sev'&gt;
+    &lt;cbitpos&gt;47&lt;/cbitpos&gt;
+    &lt;reducedPhysBits&gt;1&lt;/reducedPhysBits&gt;
+    &lt;policy&gt;0x0003&lt;/policy&gt;
+  &lt;/launchSecurity&gt;
+&lt;/domain&gt;</pre>
+  </body>
+</html>

docs/libvirt.css

@@ -274,6 +274,12 @@ span.since {
     font-weight: bold;
 }
 
+span.removed {
+    color: darkred;
+    font-style: italic;
+    font-weight: bold;
+}
+
 img.diagram {
     background: rgb(230,230,230);
     border: 2px dotted rgb(178,178,178);
@@ -542,3 +548,61 @@ dl.mail dt a:hover {
 td.enumvalue {
     white-space: nowrap;
 }
+
+#advancedsearch {
+    display: none;
+    vertical-align: bottom;
+    position: absolute;
+    padding: 1em;
+    padding-top: 0em;
+    margin-top: 0em;
+    top: 100px;
+    right: 0px;
+    width: 13em;
+    text-align: left;
+    color: white;
+    background: rgb(0, 95, 97);
+    border-left: 3px solid rgb(60, 133, 124);
+    border-bottom: 3px solid rgb(60, 133, 124);
+}
+
+/* Use div.advancedsearch, not #advancedsearch because the
+ * 'advancedsearch' class is set dynamically when javascript
+ * loads. This ensures that the advancedsearch options are
+ * not displayed when javascript is disabled.
+*/
+#search:hover div.advancedsearch {
+    display: table;
+}
+
+#advancedsearch span {
+    display: block;
+}
+
+#advancedsearch input[type=radio] {
+    height: inherit;
+    display: inline;
+}
+
+#advancedsearch label {
+    display: inline;
+}
+
+.removedhv {
+    color: darkred;
+}
+
+ul.news-section-content {
+    margin-top: 0.5em;
+}
+
+ul.news-section-content li dl dt {
+    margin: 0;
+}
+
+ul.news-section-content li dl dd {
+    margin-left: 1em;
+    margin-right: 0;
+    margin-top: 0.5em;
+    margin-bottom: 0.5em;
+}

docs/mobile.css

@@ -15,6 +15,7 @@
 	margin: 0px;
 	background: white;
 	padding: 0px;
+	height: 2em;
     }
     #search form {
 	padding: 5px;
@@ -91,4 +92,10 @@
 	float: none;
 	margin-bottom: 2em;
     }
+    #advancedsearch {
+	margin-top: 4em;
+	border: 0px;
+	background: white;
+	color: black;
+    }
 }

docs/news-2014.html.in

@@ -2041,7 +2041,7 @@
       build: avoid compiler warning on shadowed name (Jean-Baptiste Rouault),<br/>
       tests: link against libxml2 (Guido Günther),<br/>
       tests: build viridentitytest only WITH_ATTR. (Jincheng Miao),<br/>
-      maint: Correctly detect wether "gluster" cli tool is accessible (Peter Krempa),<br/>
+      maint: Correctly detect whether "gluster" cli tool is accessible (Peter Krempa),<br/>
       libvirt-guests: avoid bashism (Guido Günther),<br/>
       Use the force flag for mkfs -t xfs (Ján Tomko)<br/>
       </li>

docs/news-ascii.xsl

@@ -15,7 +15,8 @@
     <xsl:text>
 ==============================================================================
 Older libvirt releases didn't have proper release notes: if you are interested
-in changes between them, you should check out ChangeLog* and docs/news-*.html.
+in changes between them, you should check out docs/news-*.html or the full git
+log (see instructions in ChangeLog).
 </xsl:text>
   </xsl:template>
 

docs/news-html.xsl

@@ -1,5 +1,7 @@
 <?xml version="1.0"?>
-<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:stylesheet version="1.0"
+                xmlns="http://www.w3.org/1999/xhtml"
+                xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
   <xsl:output method="xml" indent="yes" encoding="UTF-8"/>
 
   <!-- This XSLT stylesheet can be applied to the XML version of the release
@@ -39,12 +41,17 @@
   <!-- Release -->
   <xsl:template match="release">
     <h3>
-      <strong>
-        <xsl:value-of select="@version"/>
-        <xsl:text> (</xsl:text>
-        <xsl:value-of select="@date"/>
-        <xsl:text>)</xsl:text>
-      </strong>
+      <a>
+        <xsl:attribute name="id">
+          <xsl:value-of select="@version"/>
+        </xsl:attribute>
+        <strong>
+          <xsl:value-of select="@version"/>
+          <xsl:text> (</xsl:text>
+          <xsl:value-of select="@date"/>
+          <xsl:text>)</xsl:text>
+        </strong>
+      </a>
     </h3>
     <ul>
       <xsl:apply-templates select="section"/>
@@ -58,7 +65,7 @@
         <xsl:value-of select="@title"/>
       </strong>
       <xsl:if test="*">
-        <ul>
+        <ul class="news-section-content">
           <xsl:apply-templates select="change"/>
         </ul>
       </xsl:if>
@@ -68,8 +75,14 @@
   <!-- Change -->
   <xsl:template match="change">
     <li>
-      <xsl:apply-templates select="summary"/>
-      <xsl:apply-templates select="description"/>
+      <dl>
+        <dt>
+          <xsl:apply-templates select="summary"/>
+        </dt>
+        <dd>
+          <xsl:apply-templates select="description"/>
+        </dd>
+      </dl>
     </li>
   </xsl:template>
 
@@ -80,7 +93,6 @@
 
   <!-- Change description -->
   <xsl:template match="description">
-    <br/>
     <xsl:apply-templates/>
   </xsl:template>
 

docs/news.xml

@@ -25,15 +25,473 @@
     <section title="New features">
     </section>
     <section title="Improvements">
+      <change>
+        <summary>
+          Remember original owners and SELinux labels of files
+        </summary>
+        <description>
+          When a domain is starting up libvirt changes DAC and
+          SELinux labels so that domain can access it. However,
+          it never remembered the original labels and therefore
+          the file was returned back to <code>root:root</code>.
+          With this release, the original labels are remembered
+          and restored properly.
+        </description>
+      </change>
     </section>
     <section title="Bug fixes">
     </section>
   </release>
 
+    If relevant for a given release, add a section for removed
+    features too
+
+    <section title="Removed features">
+    </section>
+
      -->
 
 <libvirt>
-  <release version="v5.2.0" date="unreleased">
+  <release version="v5.6.0" date="2019-08-05">
+    <section title="New features">
+      <change>
+        <summary>
+          qemu: Introduce a new video model of type 'bochs'
+        </summary>
+        <description>
+          Introduce a new video model type that supports the
+          <code>bochs-display</code> device that was added in qemu version 3.0.
+        </description>
+      </change>
+      <change>
+        <summary>
+          api: new virDomainCheckpoint APIs
+        </summary>
+        <description>
+          Introduce several new APIs for creating and managing
+          checkpoints in the test and qemu drivers (the latter
+          requires qcow2 images). Checkpoints serve as a way to tell
+          which portions of a disk have changed since a point in time.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Add support for overriding max threads per process limit
+        </summary>
+        <description>
+          systemd-based systems impose a limit on the number of threads a
+          process can spawn, which in some cases can be exceeded by QEMU
+          processes running VMs. Add a <code>max_threads_per_process</code>
+          option to qemu.conf to override the system default.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Remember original owners and SELinux labels of files
+        </summary>
+        <description>
+          When a domain is starting up libvirt changes DAC and
+          SELinux labels so that domain can access it. However,
+          it never remembered the original labels and therefore
+          the file was returned back to <code>root:root</code>.
+          With this release, the original labels are remembered
+          and restored properly.
+        </description>
+      </change>
+      <change>
+        <summary>
+          network: Allow passing arbitrary options to dnsmasq
+        </summary>
+        <description>
+          This works similarly to the existing support for passing arbitary
+          options to QEMU, and just like that feature it comes with no
+          support guarantees.
+        </description>
+      </change>
+    </section>
+    <section title="Removed features">
+      <change>
+        <summary>
+          xen: Remove sxpr config support
+        </summary>
+        <description>
+          Remove the sxpr style config parser and formatter a year after the
+          xend driver was removed.
+        </description>
+      </change>
+    </section>
+    <section title="Improvements">
+      <change>
+        <summary>
+          qemu: Allow XML validation for snapshot creation
+        </summary>
+        <description>
+          Add flag <code>VIR_DOMAIN_SNAPSHOT_CREATE_VALIDATE</code> to validate
+          snapshot input XML. For virsh, users can use it as <code>virsh
+          snapshot-create --validate</code>.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Support encrypted soft TPM
+        </summary>
+        <description>
+          A soft TPM backend could be encrypted with passphrase. Now libvirt
+          supports using a <code>secret</code> object to hold the passphrase,
+          and referring to it via the <code>encryption</code> element of the
+          TPM device.
+        </description>
+      </change>
+      <change>
+        <summary>
+          test driver: Expand API coverage
+        </summary>
+        <description>
+          Additional APIs have been implemented in the test driver.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Implement per-driver locking
+        </summary>
+        <description>
+          Drivers now acquire a lock when they're loaded, ensuring that there
+          can never be two instances of the same driver active at a time.
+        </description>
+      </change>
+      <change>
+        <summary>
+          nss: Report newer addresses first
+        </summary>
+        <description>
+          In some cases, a guest might be assigned a new IP address by DHCP
+          before the previous lease has expired, in which case the NSS plugin
+          will correctly report both addresses; many applications, however,
+          ignore all addresses but the first, and may thus end up trying to
+          connect using a stale address. To prevent that from happening, the
+          NSS plugin will now always report the newest address first.
+        </description>
+      </change>
+      <change>
+        <summary>
+          util: Optimize mass closing of FDs when spawning child processes
+        </summary>
+        <description>
+          When the limit on the number of FDs is very high, closing all
+          unwanted FDs after calling <code>fork()</code> can take a lot of
+          time and delay the start of the child process. libvirt will now
+          use an optimized algorithm that minimizes such delays.
+        </description>
+      </change>
+    </section>
+    <section title="Bug fixes">
+      <change>
+        <summary>
+          logging: Ensure virtlogd rollover takes priority over logrotate
+        </summary>
+        <description>
+          virtlogd implements its own rollover mechanism, but until now
+          logrotate could end up acting on the logs before virtlogd had a
+          chance to do so itself.
+        </description>
+      </change>
+    </section>
+  </release>
+  <release version="v5.5.0" date="2019-07-02">
+    <section title="Security">
+      <change>
+        <summary>
+          api: Prevent access to several APIs over read-only connections
+        </summary>
+        <description>
+          Certain APIs give root-equivalent access to the host, and as such
+          should be limited to privileged users. CVE-2019-10161,
+          CVE-2019-10166, CVE-2019-10167, CVE-2019-10168.
+        </description>
+      </change>
+    </section>
+    <section title="New features">
+      <change>
+        <summary>
+          qemu: Support SMMUv3 IOMMU
+        </summary>
+        <description>
+          SMMUv3 is an IOMMU implementation for ARM virt guests.
+        </description>
+      </change>
+      <change>
+        <summary>
+          network: Introduce the network port API
+        </summary>
+        <description>
+          This new public API can be used by virtualization drivers to
+          manage network resources associated with guests, and is a further
+          step towards splitting libvirtd into multiple daemons.
+        </description>
+      </change>
+    </section>
+    <section title="Removed features">
+      <change>
+        <summary>
+          qemu: Remove support for virDomainQemuAttach and virConnectDomainXMLFromNative APIs
+        </summary>
+        <description>
+          The qemu implementations for the APIs mentioned above were removed
+          and the APIs now return an error. The implementation was stale for a
+          long time and did not work with modern QEMU command lines, generated
+          from libvirt or otherwise.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Stop supporting migration of config files from pre-XDG layout
+        </summary>
+        <description>
+          The new layout was introduced with libvirt 0.9.13 (Jul 2012).
+        </description>
+      </change>
+      <change>
+        <summary>
+          Remove Avahi mDNS support
+        </summary>
+        <description>
+          This feature was never used outside of virt-manager, which has
+          itself stopped using it a while ago.
+        </description>
+      </change>
+    </section>
+    <section title="Improvements">
+      <change>
+        <summary>
+          sysinfo: Report SMBIOS information on aarch64
+        </summary>
+        <description>
+          While SMBIOS support has historically been limited to x86_64, modern
+          aarch64 machines often offer access to the same information as well,
+          and libvirt now exposes it to the user when that's the case.
+        </description>
+      </change>
+      <change>
+        <summary>
+          test driver: Expand API coverage
+        </summary>
+        <description>
+          Even more APIs that were missing from the test driver have now been
+          implemented.
+        </description>
+      </change>
+      <change>
+        <summary>
+          virt-xml-validate: Allow input to be read from stdin
+        </summary>
+      </change>
+      <change>
+        <summary>
+          qemu: Validate spapr-vio addresses as 32-bit
+        </summary>
+        <description>
+          libvirt has always considered these addresses (used for pSeries
+          guests) as 64-bit, but the sPAPR specification says that they're
+          32-bit instead.
+        </description>
+      </change>
+    </section>
+    <section title="Bug fixes">
+      <change>
+        <summary>
+          qemu: Set process affinity correctly when using &lt;numatune&gt;
+        </summary>
+        <description>
+          libvirt would mistakenly interpret the <code>nodeset</code>
+          attribute as a list of CPUs instead of as a list of NUMA node, and
+          the process affinity would be set incorrectly as a result; this has
+          now been fixed.
+        </description>
+      </change>
+    </section>
+  </release>
+  <release version="v5.4.0" date="2019-06-03">
+    <section title="Security">
+      <change>
+        <summary>
+          cpu: Introduce support for the md-clear CPUID bit
+        </summary>
+        <description>
+          This bit is set when microcode provides the mechanism to invoke a
+          flush of various exploitable CPU buffers by invoking the x86
+          <code>VERW</code> instruction. CVE-2018-12126, CVE-2018-12127,
+          CVE-2018-12130, CVE-2019-11091.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Restrict user access to virt-admin, virtlogd and virtlockd
+        </summary>
+        <description>
+          The intended users for these facilities are the <code>root</code>
+          user and the <code>libvirtd</code> service respectively, but these
+          restrictions were not enforced correctly. CVE-2019-10132.
+        </description>
+      </change>
+    </section>
+    <section title="Improvements">
+      <change>
+        <summary>
+          test driver: Expand API coverage
+        </summary>
+        <description>
+          Several APIs that were missing from the test driver have now been
+          implemented.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Avoid unnecessary static linking
+        </summary>
+        <description>
+          Most binaries shipped as part of libvirt, for example
+          <code>virtlogd</code> and <code>libvirt_iohelper</code>, were
+          embedding parts of the library even though they also linked against
+          the <code>libvirt.so</code> dynamic library. This is no longer the
+          case, which results in both the disk and memory footprint being
+          reduced.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Report stat-htlb-pgalloc and stat-htlb-pgfail balloon stats
+        </summary>
+        <description>
+          These stats have been introduced in QEMU 3.0.
+        </description>
+      </change>
+    </section>
+    <section title="Bug fixes">
+      <change>
+        <summary>
+          qemu: Fix emulator scheduler support
+        </summary>
+        <description>
+          Setting the scheduler for QEMU's main thread before QEMU had a chance
+          to start up other threads was misleading as it would affect other
+          threads (vCPU and I/O) as well.  In some particular situations this
+          could also lead to an error when the thread for vCPU #0 was being
+          moved to its cpu,cpuacct cgroup.  This was fixed so that the
+          scheduler for the main thread is set after QEMU starts.
+        </description>
+      </change>
+      <change>
+        <summary>
+          apparmor: Allow hotplug of vhost-scsi devices
+        </summary>
+      </change>
+    </section>
+  </release>
+  <release version="v5.3.0" date="2019-05-04">
+    <section title="New features">
+      <change>
+        <summary>
+          qemu: Add support for setting the emulator scheduler parameters
+        </summary>
+        <description>
+          I/O threads and vCPU threads already support setting schedulers, but
+          until now it was impossible to do so for the main QEMU thread
+          (emulator thread in the libvirt naming).  This is, however, requested
+          for some very specific scenarios, for example when vCPU threads are
+          running at such priority that could starve the main thread.
+        </description>
+      </change>
+    </section>
+    <section title="Removed features">
+      <change>
+        <summary>
+          vbox: Drop support for VirtualBox 4.x releases
+        </summary>
+        <description>
+          Support for all the 4.x releases was ended by
+          VirtualBox maintainers in December 2015. Therefore,
+          libvirt support for these releases is dropped.
+        </description>
+      </change>
+    </section>
+    <section title="Improvements">
+      <change>
+        <summary>
+          qemu: Use PCI by default for RISC-V guests
+        </summary>
+        <description>
+          PCI support for RISC-V guests was already available in libvirt
+          5.1.0, but it required the user to opt-in by manually assigning
+          PCI addresses: with this release, RISC-V guests will use PCI
+          automatically when running against a recent enough (4.0.0+) QEMU
+          release.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Advertise firmware autoselection in domain capabilities
+        </summary>
+        <description>
+          The firmware autoselection feature is now exposed in
+          domain capabilities and management applications can
+          query for accepted values, i.e. values that are accepted
+          and for which libvirt found firmware descriptor files.
+          Firmware Secure Boot support is also advertised.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Drop YAJL 1 support
+        </summary>
+        <description>
+          YAJL 2 is widely adopted and maintaining side by side
+          support for two versions is unnecessary.
+        </description>
+      </change>
+    </section>
+    <section title="Bug fixes">
+      <change>
+        <summary>
+          rpc: cleanup in virNetTLSContextNew
+        </summary>
+        <description>
+          Failed new gnutls context allocations in virNetTLSContextNew
+          function results in double free and segfault. Occasional memory
+          leaks may also occur.
+        </description>
+      </change>
+      <change>
+        <summary>
+          virsh: various completers fixes
+        </summary>
+        <description>
+          There were some possible crashers, memory leaks, etc.
+          which are now fixed.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Make hugepages work with memfd backend
+        </summary>
+        <description>
+          Due to a bug in command line generation libvirt did not
+          honor hugepages setting with memfd backend.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Enforce ACL write permission for getting guest time &amp; hostname
+        </summary>
+        <description>
+          Getting the guest time and hostname both require use of
+          guest agent commands. These must not be allowed for
+          read-only users, so the permissions check must validate
+          "write" permission not "read".
+        </description>
+      </change>
+    </section>
+  </release>
+  <release version="v5.2.0" date="2019-04-03">
     <section title="New features">
       <change>
         <summary>
@@ -148,8 +606,45 @@
           tables are not required.
         </description>
       </change>
+      <change>
+        <summary>
+          Don't default to building the QEMU driver
+        </summary>
+        <description>
+          Historically, the QEMU driver has been special in that it was
+          enabled by default, with the option to explicitly opt-out of it;
+          starting now, we're enabling it opportunistically if we detect that
+          all requirements are available, just like we do with other drivers.
+        </description>
+      </change>
     </section>
     <section title="Bug fixes">
+      <change>
+        <summary>
+          virt-host-validate: Fix IOMMU check on s390x
+        </summary>
+      </change>
+      <change>
+        <summary>
+          qemu: Allow creating pSeries guests with graphics and no USB mouse
+        </summary>
+        <description>
+          It's now possible to prevent libvirt from automatically adding a
+          USB mouse to pSeries guests by including a USB tablet in the input
+          XML: doing so is desiderable as using a tablet results in a much
+          better user experience when working with GUIs.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Set $HOME and XGD variables for qemu:///system guests
+        </summary>
+        <description>
+          This avoids files being accidentally created under <code>/</code> or
+          the guests not being able to start because they lack the necessary
+          permissions to write to that location.
+        </description>
+      </change>
     </section>
   </release>
   <release version="v5.1.0" date="2019-03-04">
@@ -644,8 +1139,6 @@
         </description>
       </change>
     </section>
-    <section title="Improvements">
-    </section>
     <section title="Bug fixes">
       <change>
         <summary>
@@ -953,8 +1446,6 @@
         </description>
       </change>
     </section>
-    <section title="Bug fixes">
-    </section>
   </release>
   <release version="v4.5.0" date="2018-07-02">
     <section title="New features">
@@ -1268,8 +1759,6 @@
         </description>
       </change>
     </section>
-    <section title="Bug fixes">
-    </section>
   </release>
   <release version="v4.3.0" date="2018-05-02">
     <section title="New features">

docs/page.xsl

@@ -99,40 +99,11 @@
         <meta name="description" content="libvirt, virtualization, virtualization API"/>
         <xsl:apply-templates select="/html:html/html:head/*" mode="content"/>
 
-        <script type="text/javascript">
-          <xsl:comment>
-          <![CDATA[
-      function init() {
-          window.addEventListener('scroll', function(e){
-              var distanceY = window.pageYOffset || document.documentElement.scrollTop,
-              shrinkOn = 94
-              home = document.getElementById("home");
-              links = document.getElementById("jumplinks");
-              search = document.getElementById("search");
-              body = document.getElementById("body");
-              if (distanceY > shrinkOn) {
-                  if (home.className != "navhide") {
-                      body.className = "navhide"
-                      home.className = "navhide"
-                      links.className = "navhide"
-                      search.className = "navhide"
-                  }
-              } else {
-                  if (home.className == "navhide") {
-                      body.className = ""
-                      home.className = ""
-                      links.className = ""
-                      search.className = ""
-                  }
-              }
-          });
-      }
-      window.onload = init();
-           ]]>
-          </xsl:comment>
+        <script type="text/javascript" src="{$href_base}js/main.js">
+          <xsl:comment>// forces non-empty element</xsl:comment>
         </script>
       </head>
-      <body>
+      <body onload="pageload()">
         <xsl:if test="html:html/html:body/@class">
           <xsl:attribute name="class">
             <xsl:value-of select="html:html/html:body/@class"/>
@@ -155,12 +126,19 @@
             </ul>
           </div>
           <div id="search">
-            <form action="{$href_base}search.php" enctype="application/x-www-form-urlencoded" method="get">
+            <form id="simplesearch" action="https://www.google.com/search" enctype="application/x-www-form-urlencoded" method="get">
               <div>
-                <input name="query" type="text" size="12" value=""/>
+                <input id="searchsite" name="sitesearch" type="hidden" value="libvirt.org"/>
+                <input id="searchq" name="q" type="text" size="12" value=""/>
                 <input name="submit" type="submit" value="Go"/>
               </div>
             </form>
+            <div id="advancedsearch">
+              <span><input type="radio" name="what" id="whatwebsite" checked="checked" value="website"/><label for="whatwebsite">Website</label></span>
+              <span><input type="radio" name="what" id="whatwiki" value="wiki"/><label for="whatwiki">Wiki</label></span>
+              <span><input type="radio" name="what" id="whatdevs" value="devs"/><label for="whatdevs">Developers list</label></span>
+              <span><input type="radio" name="what" id="whatusers" value="users"/><label for="whatusers">Users list</label></span>
+            </div>
           </div>
         </div>
         <div id="footer">

docs/pci-hotplug.html.in

@@ -99,13 +99,12 @@
     </p>
 
 <pre>
-&lt;controller type='pci' model='dmi-to-pci-bridge'/&gt;
-&lt;controller type='pci' model='pci-bridge'/&gt;</pre>
+&lt;controller type='pci' model='pcie-to-pci-bridge'/&gt;</pre>
 
     <p>
       and you'll be able to hotplug up to 31 legacy PCI devices,
       either emulated or assigned from the host, in the slots
-      from 0x01 to 0x1f of the <code>pci-bridge</code> controller.
+      from 0x01 to 0x1f of the <code>pcie-to-pci-bridge</code> controller.
     </p>
 
     <h3><a id="x86_64-i440fx">i440fx (pc) machine type</a></h3>

docs/remote.html.in

@@ -821,23 +821,6 @@ Blank lines and comments beginning with <code>#</code> are ignored.
         <td> "16509" </td>
         <td>
   The port number or service name to listen on for unencrypted TCP connections.
-</td>
-      </tr>
-      <tr>
-        <td> mdns_adv <i>[0|1]</i> </td>
-        <td> 0 (advertise with mDNS) </td>
-        <td>
-  If set to 1 then the virtualization service will be advertised over
-  mDNS to hosts on the local LAN segment.
-</td>
-      </tr>
-      <tr>
-        <td> mdns_name <i>"name"</i> </td>
-        <td> "Virtualization Host HOSTNAME" </td>
-        <td>
-  The name to advertise for this host with Avahi mDNS. The default
-  includes the machine's short hostname. This must be unique to the
-  local LAN segment.
 </td>
       </tr>
       <tr>

docs/schemas/basictypes.rng

@@ -2,7 +2,7 @@
 <!-- network-related definitions used in multiple grammars -->
 <grammar xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
 
-  <!-- Our unsignedInt doesn"t allow a leading "+" in its lexical form -->
+  <!-- Our unsignedInt doesn't allow a leading "+" in its lexical form -->
   <define name="unsignedInt">
     <data type="unsignedInt">
       <param name="pattern">[0-9]+</param>

docs/schemas/domaincaps.rng

@@ -77,6 +77,7 @@
     <element name='os'>
       <interleave>
         <ref name='supported'/>
+        <ref name='enum'/>
         <optional>
           <ref name='loader'/>
         </optional>

docs/schemas/domaincheckpoint.rng

@@ -0,0 +1,94 @@
+<?xml version='1.0'?>
+<!-- A Relax NG schema for the libvirt domain checkpoint properties XML format -->
+<grammar xmlns='http://relaxng.org/ns/structure/1.0' datatypeLibrary='http://www.w3.org/2001/XMLSchema-datatypes'>
+  <start>
+    <ref name='domaincheckpoint'/>
+  </start>
+
+  <include href='domaincommon.rng'/>
+
+  <define name='domaincheckpoint'>
+    <element name='domaincheckpoint'>
+      <interleave>
+        <optional>
+          <element name='name'>
+            <ref name='checkpointName'/>
+          </element>
+        </optional>
+        <optional>
+          <element name='description'>
+            <text/>
+          </element>
+        </optional>
+        <optional>
+          <element name='creationTime'>
+            <ref name='unsignedLong'/>
+          </element>
+        </optional>
+        <optional>
+          <element name='disks'>
+            <oneOrMore>
+              <ref name='diskcheckpoint'/>
+            </oneOrMore>
+          </element>
+        </optional>
+        <optional>
+          <!-- Nested grammar ensures that any of our overrides of
+               storagecommon/domaincommon defines do not conflict
+               with any domain.rng overrides.  -->
+          <grammar>
+            <include href='domain.rng'/>
+          </grammar>
+        </optional>
+        <optional>
+          <element name='parent'>
+            <element name='name'>
+              <ref name='checkpointName'/>
+            </element>
+          </element>
+        </optional>
+      </interleave>
+    </element>
+  </define>
+
+  <define name='diskcheckpoint'>
+    <element name='disk'>
+      <attribute name='name'>
+        <choice>
+          <ref name='diskTarget'/>
+          <ref name='absFilePath'/>
+        </choice>
+      </attribute>
+      <choice>
+        <attribute name='checkpoint'>
+          <value>no</value>
+        </attribute>
+        <group>
+          <optional>
+            <attribute name='checkpoint'>
+              <value>bitmap</value>
+            </attribute>
+          </optional>
+          <optional>
+            <attribute name='bitmap'>
+              <text/>
+            </attribute>
+          </optional>
+          <optional>
+            <attribute name='size'>
+              <ref name='unsignedLong'/>
+            </attribute>
+          </optional>
+        </group>
+      </choice>
+    </element>
+  </define>
+
+  <define name='checkpointName'>
+    <data type='string'>
+      <!-- Notably: no leading '.' and no embedded '/' or newline -->
+      <param name='pattern'>[a-zA-Z0-9_\-][a-zA-Z0-9_\-.]*</param>
+    </data>
+  </define>
+
+</grammar>

docs/schemas/domaincommon.rng

@@ -72,6 +72,9 @@
         <optional>
           <ref name='qemucmdline'/>
         </optional>
+        <optional>
+          <ref name='qemucapabilities'/>
+        </optional>
         <optional>
           <ref name='lxcsharens'/>
         </optional>
@@ -967,6 +970,11 @@
             <ref name="schedparam"/>
           </element>
         </zeroOrMore>
+        <optional>
+          <element name="emulatorsched">
+            <ref name="schedparam"/>
+          </element>
+        </optional>
         <zeroOrMore>
           <element name="cachetune">
             <attribute name="vcpus">
@@ -2586,6 +2594,11 @@
         <ref name="deviceName"/>
       </attribute>
     </optional>
+    <optional>
+      <attribute name="portid">
+        <ref name="UUID"/>
+      </attribute>
+    </optional>
   </define>
 
   <define name="interface-bridge-attributes">
@@ -3571,6 +3584,7 @@
                 <value>virtio</value>
                 <value>gop</value>
                 <value>none</value>
+                <value>bochs</value>
               </choice>
             </attribute>
             <group>
@@ -4303,6 +4317,7 @@
           <attribute name="type">
              <value>emulator</value>
           </attribute>
+          <ref name="tpm-backend-emulator-encryption"/>
         </group>
       </choice>
       <choice>
@@ -4332,6 +4347,16 @@
     </optional>
   </define>
 
+  <define name="tpm-backend-emulator-encryption">
+    <optional>
+      <element name="encryption">
+        <attribute name="secret">
+          <ref name="UUID"/>
+        </attribute>
+      </element>
+    </optional>
+  </define>
+
   <define name="vsock">
     <element name="vsock">
       <optional>
@@ -4370,7 +4395,10 @@
   <define name="iommu">
     <element name="iommu">
       <attribute name="model">
-        <value>intel</value>
+        <choice>
+          <value>intel</value>
+          <value>smmuv3</value>
+        </choice>
       </attribute>
       <optional>
         <element name="driver">
@@ -5676,6 +5704,7 @@
           </choice>
         </attribute>
       </optional>
+      <ref name="diskBackingChain"/>
     </element>
   </define>
   <define name="diskAuth">
@@ -6183,6 +6212,22 @@
     </element>
   </define>
 
+  <define name="qemucapabilities">
+    <element name="capabilities" ns="http://libvirt.org/schemas/domain/qemu/1.0">
+      <zeroOrMore>
+        <element name="add">
+          <attribute name="capability"/>
+        </element>
+      </zeroOrMore>
+      <zeroOrMore>
+        <element name="del">
+          <attribute name="capability"/>
+        </element>
+      </zeroOrMore>
+    </element>
+  </define>
+
+
   <!--
        Optional hypervisor extensions in their own namespace:
        LXC
@@ -6377,7 +6422,7 @@
   </define>
   <define name="spaprvioReg">
     <data type="string">
-      <param name="pattern">(0x)?[0-9a-fA-F]{1,16}</param>
+      <param name="pattern">(0x)?[0-9a-fA-F]{1,8}</param>
     </data>
   </define>
   <define name='aliasName'>

docs/schemas/domainsnapshot.rng

@@ -103,7 +103,6 @@
 
   <define name='state'>
     <choice>
-      <value>nostate</value>
       <value>running</value>
       <value>blocked</value>
       <value>paused</value>
@@ -158,6 +157,9 @@
                     <optional>
                       <ref name='storageStartupPolicy'/>
                     </optional>
+                    <zeroOrMore>
+                      <ref name='devSeclabel'/>
+                    </zeroOrMore>
                     <empty/>
                   </element>
                 </optional>
@@ -174,6 +176,9 @@
                     <attribute name="dev">
                       <ref name="absFilePath"/>
                     </attribute>
+                    <zeroOrMore>
+                      <ref name='devSeclabel'/>
+                    </zeroOrMore>
                     <empty/>
                   </element>
                 </optional>

docs/schemas/network.rng

@@ -405,6 +405,17 @@
         <zeroOrMore>
           <ref name="route"/>
         </zeroOrMore>
+
+      <!-- <dnsmasq:options> -->
+      <optional>
+        <element name="options" ns="http://libvirt.org/schemas/network/dnsmasq/1.0">
+          <zeroOrMore>
+            <element name="option">
+              <attribute name='value'/>
+            </element>
+          </zeroOrMore>
+        </element>
+      </optional>
       </interleave>
     </element>
   </define>

docs/schemas/networkcommon.rng

@@ -134,6 +134,11 @@
 
   <define name="bandwidth">
     <element name="bandwidth">
+      <optional>
+        <attribute name="classID">
+          <ref name="positiveInteger"/>
+        </attribute>
+      </optional>
       <interleave>
         <optional>
           <element name="inbound">

docs/schemas/networkport.rng

@@ -0,0 +1,154 @@
+<?xml version="1.0"?>
+<!-- A Relax NG schema for the libvirt network port XML format -->
+<grammar xmlns="http://relaxng.org/ns/structure/1.0"
+         datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
+  <include href='basictypes.rng'/>
+  <include href='networkcommon.rng'/>
+
+  <start>
+    <ref name="networkport"/>
+  </start>
+
+  <define name="networkport">
+    <element name="networkport">
+      <interleave>
+        <element name="uuid">
+          <ref name="UUID"/>
+        </element>
+        <ref name="owner"/>
+        <ref name="mac"/>
+        <optional>
+          <ref name="group"/>
+        </optional>
+        <optional>
+          <ref name="rxfilters"/>
+        </optional>
+        <optional>
+          <ref name="virtualPortProfile"/>
+        </optional>
+        <optional>
+          <ref name="bandwidth"/>
+        </optional>
+        <optional>
+          <ref name="plug"/>
+        </optional>
+      </interleave>
+    </element>
+  </define>
+
+  <define name="owner">
+    <element name="owner">
+      <element name="name">
+        <text/>
+      </element>
+      <element name="uuid">
+        <ref name="UUID"/>
+      </element>
+    </element>
+  </define>
+
+  <define name="mac">
+    <element name="mac">
+      <attribute name="address">
+        <ref name="uniMacAddr"/>
+      </attribute>
+      <empty/>
+    </element>
+  </define>
+
+  <define name="group">
+    <element name="group">
+      <ref name="deviceName"/>
+    </element>
+  </define>
+
+  <define name="rxfilters">
+    <element name="rxfilters">
+      <attribute name="trustGuest">
+        <ref name="virYesNo"/>
+      </attribute>
+    </element>
+  </define>
+
+  <define name="plug">
+    <element name="plug">
+      <choice>
+        <ref name="plugnetwork"/>
+        <ref name="plugbridge"/>
+        <ref name="plugdirect"/>
+        <ref name="plughostdevpci"/>
+      </choice>
+    </element>
+  </define>
+
+  <define name="plugnetwork">
+    <attribute name="type">
+      <value>network</value>
+    </attribute>
+    <attribute name="bridge">
+      <ref name="deviceName"/>
+    </attribute>
+    <optional>
+      <attribute name="macTableManager">
+        <ref name="macTableManager"/>
+      </attribute>
+    </optional>
+  </define>
+
+  <define name="plugbridge">
+    <attribute name="type">
+      <value>bridge</value>
+    </attribute>
+    <attribute name="bridge">
+      <ref name="deviceName"/>
+    </attribute>
+    <optional>
+      <attribute name="macTableManager">
+        <ref name="macTableManager"/>
+      </attribute>
+    </optional>
+  </define>
+
+  <define name="plugdirect">
+    <attribute name="type">
+      <value>direct</value>
+    </attribute>
+    <attribute name="dev">
+      <ref name="deviceName"/>
+    </attribute>
+    <attribute name="mode">
+      <choice>
+        <value>bridge</value>
+        <value>passthrough</value>
+        <value>private</value>
+        <value>vepa</value>
+      </choice>
+    </attribute>
+  </define>
+
+  <define name="plughostdevpci">
+    <attribute name="type">
+      <value>hostdev-pci</value>
+    </attribute>
+    <optional>
+      <attribute name="managed">
+        <ref name="virYesNo"/>
+      </attribute>
+    </optional>
+    <optional>
+      <element name="driver">
+        <attribute name="name">
+          <choice>
+            <value>kvm</value>
+            <value>vfio</value>
+          </choice>
+        </attribute>
+        <empty/>
+      </element>
+    </optional>
+    <element name='address'>
+      <ref name="pciaddress"/>
+    </element>
+  </define>
+
+</grammar>

docs/schemas/secret.rng

@@ -37,6 +37,7 @@
               <ref name='usageceph'/>
               <ref name='usageiscsi'/>
               <ref name='usagetls'/>
+              <ref name='usagevtpm'/>
               <!-- More choices later -->
             </choice>
           </element>
@@ -81,4 +82,13 @@
     </element>
   </define>
 
+  <define name='usagevtpm'>
+    <attribute name='type'>
+      <value>vtpm</value>
+    </attribute>
+    <element name='name'>
+      <ref name='genericName'/>
+    </element>
+  </define>
+
 </grammar>

docs/schemas/storagepool.rng

@@ -305,7 +305,10 @@
     <oneOrMore>
       <element name='host'>
         <attribute name='name'>
-          <text/>
+          <choice>
+            <ref name="dnsName"/>
+            <ref name="ipAddr"/>
+          </choice>
         </attribute>
         <optional>
           <attribute name='port'>

docs/search.php.code.in

@@ -1,225 +0,0 @@
-<?php
-    $query = $_GET['query'];
-    // We handle only the first argument so far
-    $query = ltrim ($query);
-
-    $scope = $_GET['scope'];
-    if ($scope == NULL)
-        $scope = "any";
-    $scope = ltrim ($scope);
-    if ($scope == "")
-        $scope = "any";
-    $querystr = htmlspecialchars($query, ENT_QUOTES, 'UTF-8');
-?>
-
-<form action="<?php echo htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8'), "?query=", rawurlencode($query) ?>"
-      enctype="application/x-www-form-urlencoded" method="get">
-  <input name="query" type="text" size="50" value="<?php echo $querystr ?>"/>
-  <select name="scope">
-    <option value="any">Search All</option>
-    <option value="API" <?php if ($scope == 'API') print "selected='selected'"?>>Only the APIs</option>
-    <option value="DOCS" <?php if ($scope == 'DOCS') print "selected='selected'"?>>Only the Documentation</option>
-    <option value="LISTS" <?php if ($scope == 'LISTS') print "selected='selected'"?>>Only the lists archives</option>
-  </select>
-  <input name="submit" type="submit" value="Search ..."/>
-</form>
-
-<?php
-    function logQueryWord($word) {
-        $result = mysql_query ("SELECT ID,Count FROM Queries WHERE Value='$word'");
-        if ($result) {
-            $i = mysql_num_rows($result);
-            if ($i == 0) {
-                mysql_free_result($result);
-                mysql_query ("INSERT INTO Queries (Value,Count) VALUES ('$word',1)");
-            } else {
-                $id = mysql_result($result, 0, 0);
-                $count = mysql_result($result, 0, 1);
-                $count ++;
-                mysql_query ("UPDATE Queries SET Count=$count WHERE ID=$id");
-            }
-        } else {
-            mysql_query ("INSERT INTO Queries (Value,Count) VALUES ('$word',1)");
-        }
-    }
-    function queryWord($word) {
-        $result = NULL;
-        $j = 0;
-        if ($word) {
-            $result = mysql_query ("SELECT words.relevance, symbols.name, symbols.type, symbols.module, symbols.descr FROM words, symbols WHERE LCASE(words.name) LIKE LCASE('$word') and words.symbol = symbols.name ORDER BY words.relevance DESC LIMIT 75");
-            if ($result) {
-                $j = mysql_num_rows($result);
-                if ($j == 0)
-                    mysql_free_result($result);
-            }
-            logQueryWord($word);
-        }
-        return array($result, $j);
-    }
-    function queryHTMLWord($word) {
-        $result = NULL;
-        $j = 0;
-        if ($word) {
-            $result = mysql_query ("SELECT relevance, name, id, resource, section FROM wordsHTML WHERE LCASE(name) LIKE LCASE('$word') ORDER BY relevance DESC LIMIT 75");
-            if ($result) {
-                $j = mysql_num_rows($result);
-                if ($j == 0)
-                    mysql_free_result($result);
-            }
-            logQueryWord($word);
-        }
-        return array($result, $j);
-    }
-    function queryArchiveWord($word) {
-        $result = NULL;
-        $j = 0;
-        if ($word) {
-            $result = mysql_query ("SELECT wordsArchive.relevance, wordsArchive.name, 'libvir-list', archives.resource, archives.title FROM wordsArchive, archives WHERE LCASE(wordsArchive.name) LIKE LCASE('$word') and wordsArchive.ID = archives.ID ORDER BY relevance DESC LIMIT 75");
-            if ($result) {
-                $j = mysql_num_rows($result);
-                if ($j == 0)
-                    mysql_free_result($result);
-            }
-            logQueryWord($word);
-        }
-        return array($result, $j);
-    }
-    function resSort ($a, $b) {
-        list($ra,$ta,$ma,$na,$da) = $a;
-        list($rb,$tb,$mb,$nb,$db) = $b;
-        if ($ra == $rb) return 0;
-        return ($ra > $rb) ? -1 : 1;
-    }
-    if (($query) && (strlen($query) <= 50)) {
-        $link = mysql_connect ("localhost", "nobody");
-        if (!$link) {
-            echo "<p> Could not connect to the database: ", mysql_error();
-        } else {
-            mysql_select_db("libvir", $link);
-            $list = explode (" ", $query);
-            $results = array();
-            $number = 0;
-            for ($number = 0;$number < count($list);$number++) {
-
-                $word = $list[$number];
-                if (($scope == 'any') || ($scope == 'API')) {
-                    list($result, $j) = queryWord($word);
-                    if ($j > 0) {
-                        for ($i = 0; $i < $j; $i++) {
-                            $relevance = mysql_result($result, $i, 0);
-                            $name = mysql_result($result, $i, 1);
-                            $type = mysql_result($result, $i, 2);
-                            $module = mysql_result($result, $i, 3);
-                            $desc = mysql_result($result, $i, 4);
-                            if (array_key_exists($name, $results)) {
-                                list($r,$t,$m,$d,$w,$u) = $results[$name];
-                                $results[$name] = array(($r + $relevance) * 2,
-                                                        $t,$m,$d,$w,$u);
-                            } else {
-                                $id = $name;
-                                $m = strtolower($module);
-                                $url = "html/libvirt-$module.html#$id";
-                                $results[$name] = array($relevance,$type,
-                                                $module, $desc, $name, $url);
-                            }
-                        }
-                        mysql_free_result($result);
-                    }
-                }
-                if (($scope == 'any') || ($scope == 'DOCS')) {
-                    list($result, $k) = queryHTMLWord($word);
-                    if ($k > 0) {
-                        for ($i = 0; $i < $k; $i++) {
-                            $relevance = mysql_result($result, $i, 0);
-                            $name = mysql_result($result, $i, 1);
-                            $id = mysql_result($result, $i, 2);
-                            $module = mysql_result($result, $i, 3);
-                            $desc = mysql_result($result, $i, 4);
-                            $url = $module;
-                            if ($id != "") {
-                                $url = $url + "#$id";
-                            }
-                            $results["$name _html_ $number _ $i"] =
-                                          array($relevance, "XML docs",
-                                                $module, $desc, $name, $url);
-                        }
-                        mysql_free_result($result);
-                    }
-                }
-                if (($scope == 'any') || ($scope == 'LISTS')) {
-                    list($result, $j) = queryArchiveWord($word);
-                    if ($j > 0) {
-                        for ($i = 0; $i < $j; $i++) {
-                            $relevance = mysql_result($result, $i, 0);
-                            $name = mysql_result($result, $i, 1);
-                            $type = mysql_result($result, $i, 2);
-                            $url = mysql_result($result, $i, 3);
-                            $desc = mysql_result($result, $i, 4);
-                            if (array_key_exists($url, $results)) {
-                                list($r,$t,$m,$d,$w,$u) = $results[$url];
-                                $results[$name] = array(($r + $relevance) * 2,
-                                                        $t,$m,$d,$w,$u);
-                            } else {
-                                $id = $name;
-                                $m = strtolower($module);
-                                $u = str_replace(
-                        "http://www.redhat.com/archives/libvir-list/", "", $url);
-                                $results[$url] = array($relevance,$type,
-                                                $u, $desc, $name, $url);
-                            }
-                        }
-                        mysql_free_result($result);
-                    }
-                }
-            }
-            if ((count($results) == 0) && (count($list) == 1)) {
-                $word = $list[0];
-                if (($scope == 'any') || ($scope == 'XMLAPI')) {
-                    list($result, $j) = queryWord("vir$word");
-                    if ($j > 0) {
-                        for ($i = 0; $i < $j; $i++) {
-                            $relevance = mysql_result($result, $i, 0);
-                            $name = mysql_result($result, $i, 1);
-                            $type = mysql_result($result, $i, 2);
-                            $module = mysql_result($result, $i, 3);
-                            $desc = mysql_result($result, $i, 4);
-                            if (array_key_exists($name, $results)) {
-                                list($r,$t,$m,$d,$w,$u) = $results[$name];
-                                $results[$name] = array(($r + $relevance) * 2,
-                                                        $t,$m,$d,$w,$u);
-                            } else {
-                                $id = $name;
-                                $m = strtolower($module);
-                                $url = "html/libvirt-$module.html#$id";
-                                $results[$name] = array($relevance,$type,
-                                                $module, $desc, $name, $url);
-                            }
-                        }
-                        mysql_free_result($result);
-                    }
-                }
-            }
-            mysql_close($link);
-            $nb = count($results);
-            echo "<h3 align='center'>Found $nb results for query $querystr</h3>\n";
-            usort($results, "resSort");
-
-            if ($nb > 0) {
-                printf("<table><tbody>\n");
-                printf("<tr><td>Quality</td><td>Symbol</td><td>Type</td><td>module</td><td>Description</td></tr>\n");
-                $i = 0;
-                while (list ($name, $val) = each ($results)) {
-                    list($r,$t,$m,$d,$s,$u) = $val;
-                    $m = str_replace("<", "&lt;", $m);
-                    $s = str_replace("<", "&lt;", $s);
-                    $d = str_replace("<", "&lt;", $d);
-                    echo "<tr><td>$r</td><td><a href='$u'>$s</a></td><td>$t</td><td>$m</td><td>$d</td></tr>";
-                    $i = $i + 1;
-                    if ($i > 75)
-                        break;
-                }
-                printf("</tbody></table>\n");
-            }
-        }
-    }
-?>

docs/search.php.in

@@ -1,16 +0,0 @@
-<?xml version="1.0"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Search the documentation on Libvirt.org</h1>
-
-    <p>
-      The search service indexes the libvirt APIs and documentation as
-    well as the libvir-list@redhat.com mailing-list archives. To use
-    it simply provide a set of keywords:
-    </p>
-
-<span id="php_placeholder"/>
-
-  </body>
-</html>

docs/storage.html.in

@@ -90,10 +90,10 @@
       A pool with a type of <code>dir</code> provides the means to manage
       files within a directory. The files can be fully allocated raw files,
       sparsely allocated raw files, or one of the special disk formats
-      such as <code>qcow</code>,<code>qcow2</code>,<code>vmdk</code>,
-      <code>cow</code>, etc as supported  by the <code>qemu-img</code>
-      program. If the directory does not exist at the time the pool is
-      defined, the <code>build</code> operation can be used to create it.
+      such as <code>qcow2</code>, <code>vmdk</code>, etc as supported
+      by the <code>qemu-img</code> program. If the directory does not exist
+      at the time the pool is defined, the <code>build</code>
+      operation can be used to create it.
     </p>
 
     <h3>Example pool input definition</h3>
@@ -132,9 +132,8 @@
       natively. When creating new volumes, only a subset may be
       available. The <code>raw</code> type is guaranteed always
       available. The <code>qcow2</code> type can be created if
-      either <code>qemu-img</code> or <code>qcow-create</code> tools
-      are present. The others are dependent on support of the
-      <code>qemu-img</code> tool.
+      the <code>qemu-img</code> tool is present. The others are
+      dependent on support of the <code>qemu-img</code> tool.
 
     </p>
 
@@ -309,7 +308,7 @@
       by adding partitions to the disk. Disk pools have constraints
       on the size and placement of volumes. The 'free extents'
       information will detail the regions which are available for creating
-      new volumes. A volume cannot span across 2 different free extents.
+      new volumes. A volume cannot span across two different free extents.
       It will default to using <code>dos</code> as the pool source format.
     </p>
 
@@ -360,7 +359,16 @@
       The formats <code>dos</code> ("msdos" in parted terminology,
       good for BIOS systems) or <code>gpt</code> (good for UEFI
       systems) are recommended for best portability - the latter is
-      needed for disks larger than 2TB.
+      needed for disks larger than 2TB. Note that the <code>lvm2</code>
+      format refers to the physical volume format (i.e. the whole
+      disk is a physical volume - not the usual usage of LVM where
+      physical volumes are partitions). This is not really
+      a partition table and such pool cannot be built by libvirt,
+      only detected.
+    </p>
+    <p>
+      Building a pool of a certain format depends on its availability
+      in <code>parted</code>.
     </p>
 
     <h3>Valid volume format types</h3>
@@ -600,7 +608,7 @@
 
     <h3>Valid volume format types</h3>
     <p>
-      The RBD pool does not use the volume format type element.
+      Only raw volumes are supported.
     </p>
 
     <h2><a id="StorageBackendSheepdog">Sheepdog pool</a></h2>

docs/windows.html.in

@@ -182,7 +182,6 @@
 <pre>
 ./configure \
   --without-sasl \
-  --without-avahi \
   --without-polkit \
   --without-python \
   --without-libxl \

examples/Makefile.am

@@ -18,71 +18,128 @@
 
 FILTERS = $(wildcard $(srcdir)/xml/nwfilter/*.xml)
 
-EXTRA_DIST = \
-	lxcconvert/virt-lxc-convert \
-	polkit/libvirt-acl.rules \
-	$(wildcard $(srcdir)/systemtap/*.stp) \
-	$(FILTERS) \
-	$(wildcard $(srcdir)/xml/storage/*.xml) \
-	$(wildcard $(srcdir)/xml/test/*.xml)
+ADMIN_EXAMPLES = \
+	$(wildcard $(srcdir)/c/admin/*.c) \
+	$(NULL)
 
+DOMAIN_EXAMPLES = \
+	$(wildcard $(srcdir)/c/domain/*.c) \
+	$(NULL)
+
+MISC_EXAMPLES = \
+	$(wildcard $(srcdir)/c/misc/*.c) \
+	$(NULL)
+
+POLKIT_EXAMPLES = \
+	$(wildcard $(srcdir)/polkit/*.rules) \
+	$(NULL)
+
+SH_EXAMPLES = \
+	$(wildcard $(srcdir)/sh/*) \
+	$(NULL)
+
+STORAGE_XML_EXAMPLES = \
+	$(wildcard $(srcdir)/xml/storage/*.xml) \
+	$(NULL)
+
+SYSTEMTAP_EXAMPLES = \
+	$(wildcard $(srcdir)/systemtap/*.stp) \
+	$(NULL)
+
+TEST_XML_EXAMPLES = \
+	$(wildcard $(srcdir)/xml/test/*.xml) \
+	$(NULL)
+
+EXTRA_DIST = \
+	$(POLKIT_EXAMPLES) \
+	$(SH_EXAMPLES) \
+	$(STORAGE_XML_EXAMPLES) \
+	$(SYSTEMTAP_EXAMPLES) \
+	$(TEST_XML_EXAMPLES) \
+	$(FILTERS) \
+	$(NULL)
 
 AM_CPPFLAGS = \
-	-I$(top_builddir)/include -I$(top_srcdir)/include -I$(top_srcdir)
-LDADD = $(STATIC_BINARIES) $(WARN_CFLAGS) \
+	-I$(top_builddir)/include \
+	-I$(top_srcdir)/include \
+	$(NULL)
+
+AM_CFLAGS = \
+	$(WARN_CFLAGS) \
+	$(NULL)
+
+AM_LDFLAGS = \
+	$(STATIC_BINARIES) \
+	$(NULL)
+
+LDADD = \
 	$(top_builddir)/src/libvirt.la \
-	$(top_builddir)/src/libvirt-admin.la
+	$(top_builddir)/src/libvirt-admin.la \
+	$(NULL)
 
-noinst_PROGRAMS=dominfo/info1 dommigrate/dommigrate domsuspend/suspend \
-	domtop/domtop hellolibvirt/hellolibvirt object-events/event-test \
-	openauth/openauth rename/rename admin/list_servers admin/list_clients \
-	admin/threadpool_params admin/client_limits admin/client_info \
-	admin/client_close admin/logging
+noinst_PROGRAMS = \
+	c/admin/client_close \
+	c/admin/client_info \
+	c/admin/client_limits \
+	c/admin/list_clients \
+	c/admin/list_servers \
+	c/admin/logging \
+	c/admin/threadpool_params \
+	c/domain/dommigrate \
+	c/domain/domtop \
+	c/domain/info1 \
+	c/domain/rename \
+	c/domain/suspend \
+	c/misc/event-test \
+	c/misc/hellolibvirt \
+	c/misc/openauth \
+	$(NULL)
 
-dominfo_info1_SOURCES = dominfo/info1.c
-dommigrate_dommigrate_SOURCES = dommigrate/dommigrate.c
-domsuspend_suspend_SOURCES = domsuspend/suspend.c
-domtop_domtop_SOURCES = domtop/domtop.c
-hellolibvirt_hellolibvirt_SOURCES = hellolibvirt/hellolibvirt.c
-
-object_events_event_test_CFLAGS = \
-		$(WARN_CFLAGS) \
-		$(NULL)
-object_events_event_test_SOURCES = object-events/event-test.c
-
-openauth_openauth_SOURCES = openauth/openauth.c
-rename_rename_SOURCES = rename/rename.c
-
-admin_list_servers_SOURCES = admin/list_servers.c
-admin_list_clients_SOURCES = admin/list_clients.c
-admin_threadpool_params_SOURCES = admin/threadpool_params.c
-admin_client_limits_SOURCES = admin/client_limits.c
-admin_client_info_SOURCES = admin/client_info.c
-admin_client_close_SOURCES = admin/client_close.c
-admin_logging_SOURCES = admin/logging.c
-
-INSTALL_DATA_LOCAL =
-UNINSTALL_LOCAL =
+c_admin_client_close_SOURCES = c/admin/client_close.c
+c_admin_client_info_SOURCES = c/admin/client_info.c
+c_admin_client_limits_SOURCES = c/admin/client_limits.c
+c_admin_list_clients_SOURCES = c/admin/list_clients.c
+c_admin_list_servers_SOURCES = c/admin/list_servers.c
+c_admin_logging_SOURCES = c/admin/logging.c
+c_admin_threadpool_params_SOURCES = c/admin/threadpool_params.c
+c_domain_dommigrate_SOURCES = c/domain/dommigrate.c
+c_domain_domtop_SOURCES = c/domain/domtop.c
+c_domain_info1_SOURCES = c/domain/info1.c
+c_domain_rename_SOURCES = c/domain/rename.c
+c_domain_suspend_SOURCES = c/domain/suspend.c
+c_misc_event_test_SOURCES = c/misc/event-test.c
+c_misc_hellolibvirt_SOURCES = c/misc/hellolibvirt.c
+c_misc_openauth_SOURCES = c/misc/openauth.c
 
 if WITH_NWFILTER
-NWFILTER_DIR = "$(DESTDIR)$(sysconfdir)/libvirt/nwfilter"
 
-install-nwfilter-local:
-	$(MKDIR_P) "$(NWFILTER_DIR)"
-	for f in $(FILTERS); do \
-		$(INSTALL_DATA) $$f "$(NWFILTER_DIR)"; \
-	done
+nwfilterdir = $(sysconfdir)/libvirt/nwfilter
+nwfilter_DATA = $(FILTERS)
 
-uninstall-nwfilter-local::
-	for f in $(FILTERS); do \
-		rm -f "$(NWFILTER_DIR)/`basename $$f`"; \
-	done
-	-test -z "$(shell ls $(NWFILTER_DIR))" || rmdir $(NWFILTER_DIR)
-
-INSTALL_DATA_LOCAL += install-nwfilter-local
-UNINSTALL_LOCAL += uninstall-nwfilter-local
 endif WITH_NWFILTER
 
-install-data-local: $(INSTALL_DATA_LOCAL)
+examplesdir = $(docdir)/examples
 
-uninstall-local: $(UNINSTALL_LOCAL)
+adminexamplesdir = $(examplesdir)/c/admin
+adminexamples_DATA = $(ADMIN_EXAMPLES)
+
+domainexamplesdir = $(examplesdir)/c/domain
+domainexamples_DATA = $(DOMAIN_EXAMPLES)
+
+miscexamplesdir = $(examplesdir)/c/misc
+miscexamples_DATA = $(MISC_EXAMPLES)
+
+polkitexamplesdir = $(examplesdir)/polkit
+polkitexamples_DATA = $(POLKIT_EXAMPLES)
+
+shexamplesdir = $(examplesdir)/sh
+shexamples_DATA = $(SH_EXAMPLES)
+
+storagexmlexamplesdir = $(examplesdir)/xml/storage
+storagexmlexamples_DATA = $(STORAGE_XML_EXAMPLES)
+
+systemtapexamplesdir = $(examplesdir)/systemtap
+systemtapexamples_DATA = $(SYSTEMTAP_EXAMPLES)
+
+testxmlexamplesdir = $(examplesdir)/xml/test
+testxmlexamples_DATA = $(TEST_XML_EXAMPLES)

examples/c/admin/client_info.c

@@ -3,6 +3,7 @@
 #include <stdlib.h>
 #include <time.h>
 #include <string.h>
+#include <inttypes.h>
 #include <libvirt/libvirt-admin.h>
 
 static const char *
@@ -66,11 +67,11 @@ exampleGetTypedParamValue(virTypedParameterPtr item)
         break;
 
     case VIR_TYPED_PARAM_LLONG:
-        ret = asprintf(&str, "%lld", item->value.l);
+        ret = asprintf(&str, "%" PRId64, (int64_t)item->value.l);
         break;
 
     case VIR_TYPED_PARAM_ULLONG:
-        ret = asprintf(&str, "%llu", item->value.ul);
+        ret = asprintf(&str, "%" PRIu64, (uint64_t)item->value.ul);
         break;
 
     case VIR_TYPED_PARAM_DOUBLE:
@@ -143,7 +144,7 @@ int main(int argc, char **argv)
     if (!(timestr = exampleGetTimeStr(virAdmClientGetTimestamp(clnt))))
         goto cleanup;
 
-    printf("%-15s: %llu\n", "id", virAdmClientGetID(clnt));
+    printf("%-15s: %" PRIu64 "\n", "id", (uint64_t)virAdmClientGetID(clnt));
     printf("%-15s: %s\n", "connection_time", timestr);
     printf("%-15s: %s\n", "transport",
              exampleTransportToString(virAdmClientGetTransport(clnt)));

examples/c/admin/client_limits.c

@@ -9,6 +9,7 @@ int main(int argc, char **argv)
     virAdmServerPtr srv = NULL;     /* which server to work with */
     virTypedParameterPtr params = NULL;
     int nparams = 0;
+    int maxparams = 0;
     ssize_t i;
 
     if (argc != 2) {
@@ -39,7 +40,6 @@ int main(int argc, char **argv)
     nparams = 0;
 
     /* set nclients_max to 100 and nclients_unauth_max to 20 */
-    int maxparams = 0;
     if (virTypedParamsAddUInt(&params, &nparams, &maxparams,
                               VIR_SERVER_CLIENTS_MAX, 100) < 0 ||
         virTypedParamsAddUInt(&params, &nparams, &maxparams,

examples/c/admin/list_clients.c

@@ -1,6 +1,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
+#include <inttypes.h>
 #include <libvirt/libvirt-admin.h>
 
 static const char *
@@ -96,7 +97,7 @@ int main(int argc, char **argv)
                 exampleGetTimeStr(virAdmClientGetTimestamp(client))))
             goto cleanup;
 
-        printf(" %-5llu %-15s %-15s\n", id,
+        printf(" %-5" PRIu64 " %-15s %-15s\n", (uint64_t)id,
                exampleTransportToString(transport), timestr);
         free(timestr);
     }

examples/c/admin/threadpool_params.c

@@ -9,6 +9,7 @@ int main(int argc, char **argv)
     virAdmServerPtr srv = NULL;     /* which server to work with */
     virTypedParameterPtr params = NULL;
     int nparams = 0;
+    int maxparams = 0;
     ssize_t i;
 
     if (argc != 2) {
@@ -39,7 +40,6 @@ int main(int argc, char **argv)
     nparams = 0;
 
     /* let's set minWorkers to 10, maxWorkers to 15 and prioWorkers to 10 */
-    int maxparams = 0;
     if (virTypedParamsAddUInt(&params, &nparams, &maxparams,
                               VIR_THREADPOOL_WORKERS_MIN, 10) < 0 ||
         virTypedParamsAddUInt(&params, &nparams, &maxparams,

examples/c/domain/domtop.c

@@ -29,6 +29,7 @@
 #include <string.h>
 #include <sys/time.h>
 #include <unistd.h>
+#include <inttypes.h>
 
 static bool debug;
 static bool run_top;
@@ -185,8 +186,7 @@ fetch_domains(virConnectPtr conn)
 }
 
 static void
-print_cpu_usage(const char *dom_name,
-                size_t cpu,
+print_cpu_usage(size_t cpu,
                 size_t ncpus,
                 unsigned long long then,
                 virTypedParameterPtr then_params,
@@ -206,7 +206,7 @@ print_cpu_usage(const char *dom_name,
     }
 
     for (i = 0; i < ncpus; i++) {
-        size_t pos;
+        size_t pos = 0;
         double usage;
 
         /* check if the vCPU is in the maps */
@@ -226,8 +226,11 @@ print_cpu_usage(const char *dom_name,
             return;
         }
 
-        DEBUG("now_params=%llu then_params=%llu now=%llu then=%llu",
-              now_params[pos].value.ul, then_params[pos].value.ul, now, then);
+        DEBUG("now_params=%" PRIu64 " then_params=%" PRIu64
+              " now=%" PRIu64 " then=%" PRIu64,
+              (uint64_t)now_params[pos].value.ul,
+              (uint64_t)then_params[pos].value.ul,
+              (uint64_t)now, (uint64_t)then);
 
         /* @now_params and @then_params are in nanoseconds, @now and @then are
          * in microseconds. In ideal world, we would translate them both into
@@ -329,7 +332,7 @@ do_top(virConnectPtr conn,
             goto cleanup;
         }
 
-        print_cpu_usage(dom_name, 0, max_id,
+        print_cpu_usage(0, max_id,
                         then.tv_sec * 1000000 + then.tv_usec,
                         then_params, then_nparams,
                         now.tv_sec * 1000000 + now.tv_usec,

examples/c/domain/info1.c

@@ -13,40 +13,39 @@
 
 /**
  * getDomainInfo:
- * @id: the id of the domain
+ * @name: the name of the domain
  *
  * extract the domain 0 information
  */
 static void
-getDomainInfo(int id)
+getDomainInfo(const char *uri, const char *name)
 {
     virConnectPtr conn = NULL; /* the hypervisor connection */
     virDomainPtr dom = NULL;   /* the domain being checked */
     virDomainInfo info;        /* the information being fetched */
     int ret;
 
-    /* NULL means connect to local Xen hypervisor */
-    conn = virConnectOpenReadOnly(NULL);
+    conn = virConnectOpenReadOnly(uri);
     if (conn == NULL) {
         fprintf(stderr, "Failed to connect to hypervisor\n");
         goto error;
     }
 
-    /* Find the domain of the given id */
-    dom = virDomainLookupByID(conn, id);
+    /* Find the domain of the given name */
+    dom = virDomainLookupByName(conn, name);
     if (dom == NULL) {
-        fprintf(stderr, "Failed to find Domain %d\n", id);
+        fprintf(stderr, "Failed to find Domain %s\n", name);
         goto error;
     }
 
     /* Get the information */
     ret = virDomainGetInfo(dom, &info);
     if (ret < 0) {
-        fprintf(stderr, "Failed to get information for Domain %d\n", id);
+        fprintf(stderr, "Failed to get information for Domain %s\n", name);
         goto error;
     }
 
-    printf("Domains %d: %d CPUs\n", id, info.nrVirtCpu);
+    printf("Domain %s: %d CPUs\n", name, info.nrVirtCpu);
 
  error:
     if (dom != NULL)
@@ -55,9 +54,13 @@ getDomainInfo(int id)
         virConnectClose(conn);
 }
 
-int main()
+int main(int argc, char **argv)
 {
-    getDomainInfo(0);
+    if (argc != 3) {
+        fprintf(stderr, "syntax: %s: URI NAME\n", argv[0]);
+        return 1;
+    }
+    getDomainInfo(argv[1], argv[2]);
 
     return 0;
 }